From e496fb10a5dec9469796edfbb1f1de54ef2ffdb3 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Mon, 1 Apr 2024 19:20:23 +0200 Subject: [PATCH] Handle reporting non-existing posts. Fix #96 --- inc/config.php | 16 ++++++++-------- post.php | 28 +++++++++++++++++----------- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/inc/config.php b/inc/config.php index 0f17bc5b..10d7a1e3 100644 --- a/inc/config.php +++ b/inc/config.php @@ -112,7 +112,7 @@ /* * On top of the static file caching system, you can enable the additional caching system which is - * designed to minimize SQL queries and can significantly increase speed when posting or using the + * designed to minimize SQL queries and can significantly increase speed when posting or using the * moderator interface. APC is the recommended method of caching. * * http://tinyboard.org/docs/index.php?p=Config/Cache @@ -209,22 +209,22 @@ // http://www.projecthoneypot.org/httpbl.php // $config['dnsbl'][] = array('.%.dnsbl.httpbl.org', function($ip) { // $octets = explode('.', $ip); - // + // // // days since last activity // if ($octets[1] > 14) // return false; - // + // // // "threat score" (http://www.projecthoneypot.org/threat_info.php) // if ($octets[2] < 5) // return false; - // + // // return true; // }, 'dnsbl.httpbl.org'); // hide our access key // Skip checking certain IP addresses against blacklists (for troubleshooting or whatever) $config['dnsbl_exceptions'][] = '127.0.0.1'; - // To prevent bump atacks; returns the thread to last position after the last post is deleted. + // To prevent bump atacks; returns the thread to last position after the last post is deleted. $config['anti_bump_flood'] = false; /* @@ -768,7 +768,7 @@ * 'gd' PHP GD (default). Only handles the most basic image formats (GIF, JPEG, PNG). * GD is a prerequisite for Tinyboard no matter what method you choose. * - * 'imagick' PHP's ImageMagick bindings. Fast and efficient, supporting many image formats. + * 'imagick' PHP's ImageMagick bindings. Fast and efficient, supporting many image formats. * A few minor bugs. http://pecl.php.net/package/imagick * * 'convert' The command line version of ImageMagick (`convert`). Fixes most of the bugs in @@ -1170,6 +1170,7 @@ $config['error']['fileext'] = _('Unsupported image format.'); $config['error']['noboard'] = _('Invalid board!'); $config['error']['nonexistant'] = _('Thread specified does not exist.'); + $config['error']['nopost'] = _('Post specified does not exist.'); $config['error']['locked'] = _('Thread locked. You may not reply at this time.'); $config['error']['reply_hard_limit'] = _('Thread has reached its maximum reply limit.'); $config['error']['image_hard_limit'] = _('Thread has reached its maximum image limit.'); @@ -1776,7 +1777,7 @@ // event_handler('post', function($post) { // // do something else - // + // // // return an error (reject post) // return 'Sorry, you cannot post that!'; // }); @@ -1991,4 +1992,3 @@ //Logo location for themes $config['logo'] = 'static/logo.png'; - diff --git a/post.php b/post.php index bf143c2c..e975e5c0 100644 --- a/post.php +++ b/post.php @@ -123,24 +123,24 @@ function db_select_thread_with_attributes($board, $thread_id) } /** - * Get the threads with the given id in the given board. + * Get the post with the given id in the given board. * * @param string $board Board to search in. MUST ALREADY BE SANITIZED. - * @param int $thread_id Id of the thread. - * @return false|array Returns false if no thread exists. Otherwise, an array of arrays with the threads 'id', 'thread' - * and 'body_nomarkup' properties. + * @param int $id Id of the post. + * @return false|array Returns false if no post exists. Otherwise, an array with the post's 'id', 'thread' and + * 'body_nomarkup' keys. */ -function db_select_threads_minimal($board, $thread_id) +function db_select_post_minimal($board, $id) { $query = prepare(sprintf("SELECT `id`, `thread`, `body_nomarkup` FROM ``posts_%s`` WHERE `id` = :id", $board)); - $query->bindValue(':id', $thread_id, PDO::PARAM_INT); + $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); - $threads = $query->fetch(PDO::FETCH_ASSOC); + $post = $query->fetch(PDO::FETCH_ASSOC); - if (!$threads) { + if (!$post) { return false; } - return $threads; + return $post; } /** @@ -536,7 +536,13 @@ function handle_report() markup($reason); foreach ($report as $id) { - $thread = db_select_threads_minimal($board['uri'], $id); + $post = db_select_post_minimal($board['uri'], $id); + if ($post === false) { + if ($config['syslog']) { + _syslog(LOG_INFO, "Failed to report non-existing post #{$id} in {$board['dir']}"); + } + error($config['error']['nopost']); + } $error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($thread))); if ($error) { @@ -547,7 +553,7 @@ function handle_report() _syslog( LOG_INFO, 'Reported post: ' . - '/' . $board['dir'] . $config['dir']['res'] . link_for($thread) . ($thread['thread'] ? '#' . $id : '') . + '/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '') . ' for "' . $reason . '"' );