|
|
@ -64,6 +64,22 @@ function strip_markup($post_body) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* Inserts a new ban appeal into the database. |
|
|
|
* |
|
|
|
* @param int $ban_id Ban id. |
|
|
|
* @param string $appeal_message Appeal message. |
|
|
|
* @return void |
|
|
|
*/ |
|
|
|
function query_insert_ban_appeal($ban_id, $appeal_message) |
|
|
|
{ |
|
|
|
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)"); |
|
|
|
$query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT); |
|
|
|
$query->bindValue(':time', time(), PDO::PARAM_INT); |
|
|
|
$query->bindValue(':message', $appeal_message); |
|
|
|
$query->execute() or error(db_error($query)); |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* Method handling functions |
|
|
|
*/ |
|
|
@ -537,8 +553,9 @@ function handle_post() |
|
|
|
$_POST['subject'] = ''; |
|
|
|
} |
|
|
|
|
|
|
|
if (!isset($_POST['password'])) |
|
|
|
if (!isset($_POST['password'])) { |
|
|
|
$_POST['password'] = ''; |
|
|
|
} |
|
|
|
|
|
|
|
if (isset($_POST['thread'])) { |
|
|
|
$post['op'] = false; |
|
|
@ -549,7 +566,7 @@ function handle_post() |
|
|
|
|
|
|
|
|
|
|
|
if (!$dropped_post) { |
|
|
|
// Check for CAPTCHA right after opening the board so the "return" link is in there |
|
|
|
// Check for CAPTCHA right after opening the board so the "return" link is in there. |
|
|
|
if ($config['recaptcha']) { |
|
|
|
if (!isset($_POST['g-recaptcha-response'])) |
|
|
|
error($config['error']['bot']); |
|
|
@ -1521,8 +1538,9 @@ function handle_post() |
|
|
|
function handle_appeal() |
|
|
|
{ |
|
|
|
global $config; |
|
|
|
if (!isset($_POST['ban_id'])) |
|
|
|
if (!isset($_POST['ban_id'])) { |
|
|
|
error($config['error']['bot']); |
|
|
|
} |
|
|
|
|
|
|
|
$ban_id = (int) $_POST['ban_id']; |
|
|
|
|
|
|
@ -1559,11 +1577,9 @@ function handle_appeal() |
|
|
|
error($config['error']['toolongappeal']); |
|
|
|
} |
|
|
|
|
|
|
|
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)"); |
|
|
|
$query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT); |
|
|
|
$query->bindValue(':time', time(), PDO::PARAM_INT); |
|
|
|
$query->bindValue(':message', $_POST['appeal']); |
|
|
|
$query->execute() or error(db_error($query)); |
|
|
|
// Sanitize away eventual Cross Site Scripting funkyness. |
|
|
|
$appeal_msg = htmlspecialchars($_POST['appeal']); |
|
|
|
query_insert_ban_appeal($ban_id, $appeal_msg); |
|
|
|
|
|
|
|
displayBan($ban); |
|
|
|
} |
|
|
|