From 6ca99d189dd64ec83385dc6361f5b62f768162bf Mon Sep 17 00:00:00 2001
From: Savetheinternet <savetheinternet@tinyboard.org>
Date: Sun, 19 Jun 2011 11:26:26 +1000
Subject: [PATCH] we shouldn't be redirecting to the referer'

---
 mod.php | 38 +++++++++-----------------------------
 1 file changed, 9 insertions(+), 29 deletions(-)
 mode change 100644 => 100755 mod.php

diff --git a/mod.php b/mod.php
old mode 100644
new mode 100755
index 4159ed84..4a3c8985
--- a/mod.php
+++ b/mod.php
@@ -1257,10 +1257,7 @@
 			}
 			
 			// Redirect
-			if(isset($_SERVER['HTTP_REFERER']))
-				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
-			else
-				header('Location: ?/reports', true, $config['redirect_http']);
+			header('Location: ?/reports', true, $config['redirect_http']);
 		} elseif(preg_match('/^\/board\/(\w+)(\/delete)?$/', $query, $matches)) {
 			if($mod['type'] < $config['mod']['manageboards']) error($config['error']['noaccess']);
 			
@@ -1700,10 +1697,7 @@
 			
 			
 			// Redirect
-			if(isset($_SERVER['HTTP_REFERER']))
-				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
-			else
-				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
 		} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
 			if($mod['type'] < $config['mod']['delete']) error($config['error']['noaccess']);
 			// Delete post
@@ -1724,10 +1718,7 @@
 			buildIndex();
 			
 			// Redirect
-			if(isset($_SERVER['HTTP_REFERER']))
-				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
-			else
-				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
 		} elseif(preg_match('/^\/' . $regex['board'] . '(un)?sticky\/(\d+)$/', $query, $matches)) {
 			if($mod['type'] < $config['mod']['sticky']) error($config['error']['noaccess']);
 			// Add/remove sticky
@@ -1758,10 +1749,7 @@
 			
 			
 			// Redirect
-			if(isset($_SERVER['HTTP_REFERER']))
-				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
-			else
-				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
 		} elseif(preg_match('/^\/' . $regex['board'] . '(un)?lock\/(\d+)$/', $query, $matches)) {
 			if($mod['type'] < $config['mod']['lock']) error($config['error']['noaccess']);
 			// Lock/Unlock
@@ -1792,10 +1780,7 @@
 			
 			
 			// Redirect
-			if(isset($_SERVER['HTTP_REFERER']))
-				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
-			else
-				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
 		} elseif(preg_match('/^\/' . $regex['board'] . 'deletebyip\/(\d+)$/', $query, $matches)) {
 			// Delete all posts by an IP
 			
@@ -1830,10 +1815,7 @@
 			
 			buildIndex();
 			
-			if(isset($_SERVER['HTTP_REFERER']))
-				header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
-			else
-				header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
+			header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
 		} elseif(preg_match('/^\/ban$/', $query)) {
 			if($mod['type'] < $config['mod']['ban']) error($config['error']['noaccess']);
 			// Ban page
@@ -1952,8 +1934,6 @@
 					header('Location: ' . $_POST['continue'], true, $config['redirect_http']);
 				elseif(isset($board))
 					header('Location: ?/' . sprintf($config['board_path'], $boardName) . $config['file_index'], true, $config['redirect_http']);
-				elseif(isset($_SERVER['HTTP_REFERER']))
-					header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
 				else
 					header('Location: ?/', true, $config['redirect_http']);
 			}
@@ -1980,7 +1960,7 @@
 		
 			$post = $query->fetch();
 			
-			$body = form_newBan($post['ip'], null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false, $post['id'], $boardName, !$delete);
+			$body = form_newBan($post['ip'], null, '?/' . sprintf($config['board_path'], $board['uri']) . $config['file_index'], $post['id'], $boardName, !$delete);
 			
 			echo Element('page.html', Array(
 				'config'=>$config,
@@ -1993,7 +1973,7 @@
 			if($mod['type'] < $config['mod']['remove_notes']) error($config['error']['noaccess']);
 			
 			$ip = $matches[1];
-			$id = $matches['id'];
+			$id = $matches['id'];
 
 			$query = prepare("DELETE FROM `ip_notes` WHERE `ip` = :ip AND `id` = :id");
 			$query->bindValue(':ip', $ip);
@@ -2183,7 +2163,7 @@
 			}
 			
 			if($mod['type'] >= $config['mod']['ip_banform'])
-				$body .= form_newBan($ip, null, isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : false);
+				$body .= form_newBan($ip, null, '?/IP/' . $ip);
 			
 			echo Element('page.html', Array(
 				'config'=>$config,