From ec917def7c15e5e384d0a8b645111ad37a060aa8 Mon Sep 17 00:00:00 2001 From: discomrade Date: Tue, 28 Sep 2021 01:13:40 +0000 Subject: [PATCH] Block D+ and D++ on special IP addresses --- inc/config.php | 6 ++++++ inc/mod/pages.php | 3 +++ 2 files changed, 9 insertions(+) diff --git a/inc/config.php b/inc/config.php index c5f68100..f49978c4 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1516,6 +1516,12 @@ // Limit how many bans can be removed via the ban list. Set to false (or zero) for no limit. $config['mod']['unban_limit'] = false; + // An array of IP addresses that throw an error when trying to D+ and D++. + // This is to prevent massively-shared IP addresses such as Tor from accidental mass deletion. + // The IP address is checked literally, not as a numerical value, so make sure it's identical + // to how that address is in code, as there are different valid ways of presenting the same address. + $config['mod']['protected_ips'] = array('127.0.0.1'); + // Whether or not to lock moderator sessions to IP addresses. This makes cookie theft ineffective. $config['mod']['lock_ip'] = true; diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 7edab753..02cc564b 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -2496,6 +2496,9 @@ function mod_deletebyip($boardName, $post, $global = false) { if (!$ip = $query->fetchColumn()) error($config['error']['invalidpost']); + // Prevent D+ or D++ deletion on special IP addesses, such as a Tor server + if (in_array($ip, $config['mod']['protected_ips'])) {error($ip." is listed as protected in the site config.");} + $boards = $global ? listBoards() : array(array('uri' => $boardName)); $query = '';