leftypol
/
leftypol
4
5
Fork 2
Code Issues 51 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Fixed major security bug and image deleting

pull/40/head
Savetheinternet 13 years ago
parent
2179b03980
commit
e401668732
5 changed files with 64 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      inc/config.php
  2. 50
      inc/display.php
  3. 8
      inc/functions.php
  4. 5
      inc/mod.php
  5. 26
      mod.php

6
inc/config.php
View File

@ -99,6 +99,8 @@
*/ */
define('ALLOW_ZIP', false, true); define('ALLOW_ZIP', false, true);
define('ZIP_IMAGE', 'static/zip.png', true); define('ZIP_IMAGE', 'static/zip.png', true);
define('DELETED_IMAGE', 'static/deleted.png', true);
/** /**
Redraw the image using GD functions to strip any excess data (commonly ZIP archives) Redraw the image using GD functions to strip any excess data (commonly ZIP archives)
@ -131,6 +133,7 @@
define('POST_URL', ROOT . 'post.php', true); define('POST_URL', ROOT . 'post.php', true);
define('FILE_INDEX', 'index.html', true); define('FILE_INDEX', 'index.html', true);
define('FILE_PAGE', '%d.html', true); define('FILE_PAGE', '%d.html', true);
define('FILE_MOD', 'mod.php', true);
// Multi-board (%s is board abbreviation) // Multi-board (%s is board abbreviation)
define('BOARD_PATH', '%s/', true); define('BOARD_PATH', '%s/', true);
@ -232,6 +235,9 @@
'|' . '|' .
str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) . str_replace('%s', '\w{1,8}', preg_quote(BOARD_PATH, '/')) .
str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) . str_replace('%d', '\d+', preg_quote(FILE_PAGE, '/')) .
'|' .
preg_quote(FILE_MOD, '/') .
'\?\/.+' .
')$/i', true); ')$/i', true);
if(ROOT_FILE) { if(ROOT_FILE) {

50
inc/display.php
View File

@ -49,7 +49,7 @@
} }
class Post { class Post {
public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT) { public function __construct($id, $thread, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $root=ROOT, $mod=false) {
$this->id = $id; $this->id = $id;
$this->thread = $thread; $this->thread = $thread;
$this->subject = utf8tohtml($subject); $this->subject = utf8tohtml($subject);
@ -68,34 +68,33 @@
$this->filename = $filename; $this->filename = $filename;
$this->ip = $ip; $this->ip = $ip;
$this->root = $root; $this->root = $root;
$this->mod = $mod;
} }
public function postControls() { public function postControls() {
global $mod;
$built = ''; $built = '';
if($mod) { if($this->mod) {
// Mod controls (on posts) // Mod controls (on posts)
$built .= '<span class="controls">'; $built .= '<span class="controls">';
// Delete // Delete
if($mod['type'] >= MOD_DELETE) if($this->mod['type'] >= MOD_DELETE)
$built .= ' <a title="Delete" href="?/b/delete/' . $this->id . '">' . MOD_LINK_DELETE . '</a>'; $built .= ' <a title="Delete" href="?/b/delete/' . $this->id . '">' . MOD_LINK_DELETE . '</a>';
// Delete all posts by IP // Delete all posts by IP
if($mod['type'] >= MOD_DELETEBYIP) if($this->mod['type'] >= MOD_DELETEBYIP)
$built .= ' <a title="Delete all posts by IP" href="?/b/deletebyip/' . $this->id . '">' . MOD_LINK_DELETEBYIP . '</a>'; $built .= ' <a title="Delete all posts by IP" href="?/b/deletebyip/' . $this->id . '">' . MOD_LINK_DELETEBYIP . '</a>';
// Ban // Ban
if($mod['type'] >= MOD_BAN) if($this->mod['type'] >= MOD_BAN)
$built .= ' <a title="Ban" href="?/b/ban/' . $this->id . '">' . MOD_LINK_BAN . '</a>'; $built .= ' <a title="Ban" href="?/b/ban/' . $this->id . '">' . MOD_LINK_BAN . '</a>';
// Ban & Delete // Ban & Delete
if($mod['type'] >= MOD_BANDELETE) if($this->mod['type'] >= MOD_BANDELETE)
$built .= ' <a title="Ban & Delete" href="?/b/ban&amp;delete/' . $this->id . '">' . MOD_LINK_BANDELETE . '</a>'; $built .= ' <a title="Ban & Delete" href="?/b/ban&amp;delete/' . $this->id . '">' . MOD_LINK_BANDELETE . '</a>';
// Delete file (keep post) // Delete file (keep post)
if(!empty($this->file) && $mod['type'] >= MOD_DELETEFILE) if(!empty($this->file) && $this->mod['type'] >= MOD_DELETEFILE)
$built .= ' <a title="Remove file" href="?/b/file/' . $this->id . '">' . MOD_LINK_DELETEFILE . '</a>'; $built .= ' <a title="Remove file" href="?/b/deletefile/' . $this->id . '">' . MOD_LINK_DELETEFILE . '</a>';
$built .= '</span>'; $built .= '</span>';
} }
@ -103,7 +102,7 @@
} }
public function build($index=false) { public function build($index=false) {
global $board, $mod; global $board;
$built = '<div class="post reply"' . (!$index?' id="reply_' . $this->id . '"':'') . '>' . $built = '<div class="post reply"' . (!$index?' id="reply_' . $this->id . '"':'') . '>' .
'<p class="intro"' . (!$index?' id="' . $this->id . '"':'') . '>'; '<p class="intro"' . (!$index?' id="' . $this->id . '"':'') . '>';
@ -120,7 +119,7 @@
. (!empty($this->trip) ? ' <span class="trip">'.$this->trip.'</span>':''); . (!empty($this->trip) ? ' <span class="trip">'.$this->trip.'</span>':'');
// IP Address // IP Address
if($mod && $mod['type'] >= MOD_SHOW_IP) { if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) {
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]'; $built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
} }
@ -140,7 +139,7 @@
'</p>'; '</p>';
// File info // File info
if(!empty($this->file)) { if(!empty($this->file) && $this->file != 'deleted') {
$built .= '<p class="fileinfo">File: <a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' . $built .= '<p class="fileinfo">File: <a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize // Filesize
format_bytes($this->filesize) . ', ' . format_bytes($this->filesize) . ', ' .
@ -156,6 +155,8 @@
// Thumbnail // Thumbnail
'<a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file.'"><img src="' . ROOT . $board['dir'] . DIR_THUMB . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" /></a>'; '<a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file.'"><img src="' . ROOT . $board['dir'] . DIR_THUMB . $this->thumb.'" style="width:'.$this->thumbx.'px;height:'.$this->thumby.'px;" /></a>';
} elseif($this->file == 'deleted') {
$built .= '<img src="' . ROOT . DELETED_IMAGE . '" />';
} }
$built .= $this->postControls(); $built .= $this->postControls();
@ -169,7 +170,7 @@
class Thread { class Thread {
public $omitted = 0; public $omitted = 0;
public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $root=ROOT) { public function __construct($id, $subject, $email, $name, $trip, $body, $time, $thumb, $thumbx, $thumby, $file, $filex, $filey, $filesize, $filename, $ip, $sticky, $root=ROOT, $mod=false) {
$this->id = $id; $this->id = $id;
$this->subject = utf8tohtml($subject); $this->subject = utf8tohtml($subject);
$this->email = $email; $this->email = $email;
@ -190,36 +191,35 @@
$this->ip = $ip; $this->ip = $ip;
$this->sticky = $sticky; $this->sticky = $sticky;
$this->root = $root; $this->root = $root;
$this->mod = $mod;
} }
public function add(Post $post) { public function add(Post $post) {
$this->posts[] = $post; $this->posts[] = $post;
} }
public function postControls() { public function postControls() {
global $mod;
$built = ''; $built = '';
if($mod) { if($this->mod) {
// Mod controls (on posts) // Mod controls (on posts)
$built .= '<span class="controls op">'; $built .= '<span class="controls op">';
// Delete // Delete
if($mod['type'] >= MOD_DELETE) if($this->mod['type'] >= MOD_DELETE)
$built .= ' <a title="Delete" href="?/b/delete/' . $this->id . '">' . MOD_LINK_DELETE . '</a>'; $built .= ' <a title="Delete" href="?/b/delete/' . $this->id . '">' . MOD_LINK_DELETE . '</a>';
// Delete all posts by IP // Delete all posts by IP
if($mod['type'] >= MOD_DELETEBYIP) if($this->mod['type'] >= MOD_DELETEBYIP)
$built .= ' <a title="Delete all posts by IP" href="?/b/deletebyip/' . $this->id . '">' . MOD_LINK_DELETEBYIP . '</a>'; $built .= ' <a title="Delete all posts by IP" href="?/b/deletebyip/' . $this->id . '">' . MOD_LINK_DELETEBYIP . '</a>';
// Ban // Ban
if($mod['type'] >= MOD_BAN) if($this->mod['type'] >= MOD_BAN)
$built .= ' <a title="Ban" href="?/b/ban/' . $this->id . '">' . MOD_LINK_BAN . '</a>'; $built .= ' <a title="Ban" href="?/b/ban/' . $this->id . '">' . MOD_LINK_BAN . '</a>';
// Ban & Delete // Ban & Delete
if($mod['type'] >= MOD_BANDELETE) if($this->mod['type'] >= MOD_BANDELETE)
$built .= ' <a title="Ban & Delete" href="?/b/ban&amp;delete/' . $this->id . '">' . MOD_LINK_BANDELETE . '</a>'; $built .= ' <a title="Ban & Delete" href="?/b/ban&amp;delete/' . $this->id . '">' . MOD_LINK_BANDELETE . '</a>';
// Delete file (keep post) // Delete file (keep post)
if($mod['type'] >= MOD_STICKY) if($this->mod['type'] >= MOD_STICKY)
if($this->sticky) if($this->sticky)
$built .= ' <a title="Make thread not sticky" href="?/b/unsticky/' . $this->id . '">' . MOD_LINK_DESTICKY . '</a>'; $built .= ' <a title="Make thread not sticky" href="?/b/unsticky/' . $this->id . '">' . MOD_LINK_DESTICKY . '</a>';
else else
@ -231,7 +231,7 @@
} }
public function build($index=false) { public function build($index=false) {
global $board, $mod; global $board;
$built = '<p class="fileinfo">File: <a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' . $built = '<p class="fileinfo">File: <a href="' . ROOT . $board['dir'] . DIR_IMG . $this->file .'">' . $this->file . '</a> <span class="unimportant">(' .
// Filesize // Filesize
@ -262,7 +262,7 @@
. (!empty($this->trip) ? ' <span class="trip">'.$this->trip.'</span>':''); . (!empty($this->trip) ? ' <span class="trip">'.$this->trip.'</span>':'');
// IP Address // IP Address
if($mod && $mod['type'] >= MOD_SHOW_IP) { if($this->mod && $this->mod['type'] >= MOD_SHOW_IP) {
$built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]'; $built .= ' [<a style="margin:0;" href="?/IP/' . $this->ip . '">' . $this->ip . '</a>]';
} }

8
inc/functions.php
View File

@ -131,7 +131,7 @@
if($query->rowcount() < 1 && $page > 1) return false; if($query->rowcount() < 1 && $page > 1) return false;
while($th = $query->fetch()) { while($th = $query->fetch()) {
$thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT); $thread = new Thread($th['id'], $th['subject'], $th['email'], $th['name'], $th['trip'], $th['body'], $th['time'], $th['thumb'], $th['thumbwidth'], $th['thumbheight'], $th['file'], $th['filewidth'], $th['fileheight'], $th['filesize'], $th['filename'], $th['ip'], $th['sticky'], $mod ? '?/' : ROOT, $mod);
$posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri'])); $posts = prepare(sprintf("SELECT `id`, `subject`, `email`, `name`, `trip`, `body`, `time`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`,`ip` FROM `posts_%s` WHERE `thread` = ? ORDER BY `time` DESC LIMIT ?", $board['uri']));
$posts->bindValue(1, $th['id']); $posts->bindValue(1, $th['id']);
@ -151,7 +151,7 @@
} }
while($po = $posts->fetch()) { while($po = $posts->fetch()) {
$thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT)); $thread->add(new Post($po['id'], $th['id'], $po['subject'], $po['email'], $po['name'], $po['trip'], $po['body'], $po['time'], $po['thumb'], $po['thumbwidth'], $po['thumbheight'], $po['file'], $po['filewidth'], $po['fileheight'], $po['filesize'], $po['filename'], $po['ip'], $mod ? '?/' : ROOT, $mod));
} }
$thread->posts = array_reverse($thread->posts); $thread->posts = array_reverse($thread->posts);
@ -319,9 +319,9 @@
while($post = $query->fetch()) { while($post = $query->fetch()) {
if(!isset($thread)) { if(!isset($thread)) {
$thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT); $thread = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $mod ? '?/' : ROOT, $mod);
} else { } else {
$thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT)); $thread->add(new Post($post['id'], $thread->id, $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $mod ? '?/' : ROOT, $mod));
} }
} }

5
inc/mod.php
View File

@ -159,7 +159,12 @@
// Delete file // Delete file
@unlink($board['dir'] . DIR_IMG . $post['file']); @unlink($board['dir'] . DIR_IMG . $post['file']);
// Update database
$query = prepare(sprintf("UPDATE `posts_%s` SET `thumb` = NULL, `thumbwidth` = NULL, `thumbheight` = NULL, `filewidth` = NULL, `fileheight` = NULL, `filesize` = NULL, `filename` = NULL, `filehash` = NULL, `file` = 'deleted' WHERE `id` = :id OR `thread` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
buildThread($post['thread']);
} }
// Delete a post (reply or thread) // Delete a post (reply or thread)

26
mod.php
View File

@ -219,7 +219,7 @@
if(!openBoard($boardName)) if(!openBoard($boardName))
error(ERROR_NOBOARD); error(ERROR_NOBOARD);
if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], true)) { if(!$page = index(empty($matches[2]) || $matches[2] == FILE_INDEX ? 1 : $matches[2], $mod)) {
error(ERROR_404); error(ERROR_404);
} }
$page['pages'] = getPages(true); $page['pages'] = getPages(true);
@ -235,9 +235,31 @@
if(!openBoard($boardName)) if(!openBoard($boardName))
error(ERROR_NOBOARD); error(ERROR_NOBOARD);
$page = buildThread($thread, true, true); $page = buildThread($thread, true, $mod);
echo $page; echo $page;
} elseif(preg_match('/^\/' . $regex['board'] . 'deletefile\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_DELETEFILE) error(ERROR_NOACCESS);
// Delete file from post
$boardName = $matches[1];
$post = $matches[2];
// Open board
if(!openBoard($boardName))
error(ERROR_NOBOARD);
// Delete post
deleteFile($post);
// Rebuild board
buildIndex();
// Redirect
if(isset($_SERVER['HTTP_REFERER']))
header('Location: ' . $_SERVER['HTTP_REFERER'], true, REDIRECT_HTTP);
else
header('Location: ?/' . sprintf(BOARD_PATH, $boardName) . FILE_INDEX, true, REDIRECT_HTTP);
} elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) { } elseif(preg_match('/^\/' . $regex['board'] . 'delete\/(\d+)$/', $query, $matches)) {
if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS); if($mod['type'] < MOD_DELETE) error(ERROR_NOACCESS);
// Delete post // Delete post

Write Preview
Loading…
Cancel
Save