|
|
@ -170,10 +170,11 @@ function db_insert_report($ip, $board, $post_id, $reason) |
|
|
|
* @param string $appeal_message Appeal message. |
|
|
|
* @return void |
|
|
|
*/ |
|
|
|
function db_insert_ban_appeal($ban_id, $appeal_message) |
|
|
|
function db_insert_ban_appeal($ban_id, $source_ip, $appeal_message) |
|
|
|
{ |
|
|
|
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)"); |
|
|
|
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :source_ip, :time, :message, 0)"); |
|
|
|
$query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT); |
|
|
|
$query->bindValue(':source_ip', $source_ip); |
|
|
|
$query->bindValue(':time', time(), PDO::PARAM_INT); |
|
|
|
$query->bindValue(':message', $appeal_message); |
|
|
|
$query->execute() or error(db_error($query)); |
|
|
@ -1659,7 +1660,8 @@ function handle_appeal() |
|
|
|
// Doubles as sanitization against SQL injection. |
|
|
|
$ban_id = (int) $_POST['ban_id']; |
|
|
|
|
|
|
|
$bans = Bans::find($_SERVER['REMOTE_ADDR']); |
|
|
|
$source_ip = $_SERVER['REMOTE_ADDR']; |
|
|
|
$bans = Bans::find($source_ip); |
|
|
|
foreach ($bans as $_ban) { |
|
|
|
if ($_ban['id'] == $ban_id) { |
|
|
|
$ban = $_ban; |
|
|
@ -1693,7 +1695,7 @@ function handle_appeal() |
|
|
|
|
|
|
|
// Sanitize away eventual Cross Site Scripting funkyness. |
|
|
|
$appeal_msg = htmlspecialchars($_POST['appeal']); |
|
|
|
db_insert_ban_appeal($ban_id, $appeal_msg); |
|
|
|
db_insert_ban_appeal($ban_id, $source_ip, $appeal_msg); |
|
|
|
|
|
|
|
displayBan($ban); |
|
|
|
} |
|
|
|