[SECURITY] Lessen security impact

post.php: misc fixes

mod.php

@@ -94,10 +94,10 @@ $pages = array(
 	'/config/(\%b)'				=> 'secure_POST config',	// config editor
 	
 	// these pages aren't listed in the dashboard without $config['debug']
-	'/debug/antispam'			=> 'debug_antispam',
-	'/debug/recent'				=> 'debug_recent_posts',
-	'/debug/apc'				=> 'debug_apc',
-	'/debug/sql'				=> 'secure_POST debug_sql',
+	//'/debug/antispam'			=> 'debug_antispam',
+	//'/debug/recent'				=> 'debug_recent_posts',
+	//'/debug/apc'				=> 'debug_apc',
+	//'/debug/sql'				=> 'secure_POST debug_sql',
 	
 	// This should always be at the end:
 	'/(\%b)/'										=> 'view_board',

post.php

@@ -210,7 +210,7 @@ if (isset($_POST['delete'])) {
 		error($config['error']['nodelete']);
 		
 	foreach ($delete as &$id) {
-		$query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
+		$query = prepare(sprintf("SELECT `id`,`thread`,`time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
 		$query->bindValue(':id', $id, PDO::PARAM_INT);
 		$query->execute() or error(db_error($query));
 		
@@ -240,7 +240,7 @@ if (isset($_POST['delete'])) {
 				deletePost($id);
 				modLog("User deleted his own post #$id");
 			}
-			
+
 			_syslog(LOG_INFO, 'Deleted post: ' .
 				'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
 			);
@@ -318,7 +318,7 @@ if (isset($_POST['delete'])) {
 		
 		$post = $query->fetch(PDO::FETCH_ASSOC);
 		
-	        $error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason));
+	        $error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($post)));
 
 	        if ($error) {
 	                error($error);