From 7e3a531aa54f1843ed1af546f9b2faa8e509ba20 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 15 Mar 2024 14:34:17 +0100 Subject: [PATCH 1/4] Add source IP to ban_appeals table --- inc/mod/pages.php | 2 +- install.sql | 1 + post.php | 10 ++++++---- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index b4d3b544..31f76133 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1066,7 +1066,7 @@ function mod_ban_appeals() { return; } - $query = query("SELECT *, ``ban_appeals``.`id` AS `id` FROM ``ban_appeals`` + $query = query("SELECT *, ``ban_appeals``.`id` AS `id`, ``ban_appeals``.`source_ip` AS `source_ip` FROM ``ban_appeals`` LEFT JOIN ``bans`` ON `ban_id` = ``bans``.`id` LEFT JOIN ``mods`` ON ``bans``.`creator` = ``mods``.`id` WHERE `denied` != 1 ORDER BY `time`") or error(db_error()); diff --git a/install.sql b/install.sql index 7c234cc5..a394dcc3 100644 --- a/install.sql +++ b/install.sql @@ -290,6 +290,7 @@ CREATE TABLE IF NOT EXISTS `flood` ( CREATE TABLE IF NOT EXISTS `ban_appeals` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `ban_id` int(10) unsigned NOT NULL, + `source_ip` varbinary(16) DEFAULT NULL, `time` int(10) unsigned NOT NULL, `message` text NOT NULL, `denied` tinyint(1) NOT NULL, diff --git a/post.php b/post.php index bf143c2c..df720733 100644 --- a/post.php +++ b/post.php @@ -170,10 +170,11 @@ function db_insert_report($ip, $board, $post_id, $reason) * @param string $appeal_message Appeal message. * @return void */ -function db_insert_ban_appeal($ban_id, $appeal_message) +function db_insert_ban_appeal($ban_id, $source_ip, $appeal_message) { - $query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)"); + $query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :source_ip, :time, :message, 0)"); $query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT); + $query->bindValue(':source_ip', $source_ip); $query->bindValue(':time', time(), PDO::PARAM_INT); $query->bindValue(':message', $appeal_message); $query->execute() or error(db_error($query)); @@ -1659,7 +1660,8 @@ function handle_appeal() // Doubles as sanitization against SQL injection. $ban_id = (int) $_POST['ban_id']; - $bans = Bans::find($_SERVER['REMOTE_ADDR']); + $source_ip = $_SERVER['REMOTE_ADDR']; + $bans = Bans::find($source_ip); foreach ($bans as $_ban) { if ($_ban['id'] == $ban_id) { $ban = $_ban; @@ -1693,7 +1695,7 @@ function handle_appeal() // Sanitize away eventual Cross Site Scripting funkyness. $appeal_msg = htmlspecialchars($_POST['appeal']); - db_insert_ban_appeal($ban_id, $appeal_msg); + db_insert_ban_appeal($ban_id, $source_ip, $appeal_msg); displayBan($ban); } From 0b7161a588dfd754e37fe8f8668956ed2b1f2ce4 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 15 Mar 2024 14:48:45 +0100 Subject: [PATCH 2/4] ban_appeals.html: trim --- templates/mod/ban_appeals.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/mod/ban_appeals.html b/templates/mod/ban_appeals.html index 53588daf..fa386747 100644 --- a/templates/mod/ban_appeals.html +++ b/templates/mod/ban_appeals.html @@ -89,13 +89,13 @@ {% trans 'Action' %} - + {% endif %} - + {% if ban.post %}
{{ ban.post.build(true) }} From a8ff6055717c0e4730257af3176a6d9f9ff1f4ed Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 15 Mar 2024 14:52:16 +0100 Subject: [PATCH 3/4] Display split ban mask and appeal IP --- inc/mod/pages.php | 2 +- templates/mod/ban_appeals.html | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 31f76133..5b1ceb06 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -858,7 +858,7 @@ function mod_page_ip($ip) { if (filter_var($ip, FILTER_VALIDATE_IP) === false) error("Invalid IP address."); - if (isset($_POST['ban_id'], $_POST['unban'])) { + if (isset($_POST['ban_id'], $_POST['unban_mask'])) { if (!hasPermission($config['mod']['unban'])) error($config['error']['noaccess']); diff --git a/templates/mod/ban_appeals.html b/templates/mod/ban_appeals.html index fa386747..ee3a85ec 100644 --- a/templates/mod/ban_appeals.html +++ b/templates/mod/ban_appeals.html @@ -15,9 +15,13 @@ {% if mod|hasPermission(config.mod.show_ip, board.uri) %} - {% trans 'IP' %} + {% trans 'Ban mask' %} {{ ban.mask }} + + {% trans 'Appeal IP' %} + {{ ban.source_ip }} + {% endif %} {% trans 'Reason' %} @@ -89,7 +93,7 @@ {% trans 'Action' %} - + From e8f589f6c16a2a51df19d85e63f135bf8fbee268 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 15 Mar 2024 16:44:44 +0100 Subject: [PATCH 4/4] ban_appeals.html: do not display the source ip row if there is none --- templates/mod/ban_appeals.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/mod/ban_appeals.html b/templates/mod/ban_appeals.html index ee3a85ec..08995e10 100644 --- a/templates/mod/ban_appeals.html +++ b/templates/mod/ban_appeals.html @@ -18,10 +18,12 @@ {% trans 'Ban mask' %} {{ ban.mask }} + {% if ban.source_ip %} {% trans 'Appeal IP' %} {{ ban.source_ip }} + {% endif %} {% endif %} {% trans 'Reason' %}