diff options
author | Renard | 2020-07-31 20:12:58 -0400 |
---|---|---|
committer | Renard | 2020-07-31 20:12:58 -0400 |
commit | 0225f28f7da8774e788b7991e1342bba12e62e39 (patch) | |
tree | f069e3fd52f3a2a762a47687e6eb415f4dd9235c | |
parent | 6c08c2a6b94ab1a9d1c5539b16a74b87fe00739c (diff) | |
download | weabot-0225f28f7da8774e788b7991e1342bba12e62e39.tar.gz weabot-0225f28f7da8774e788b7991e1342bba12e62e39.tar.xz weabot-0225f28f7da8774e788b7991e1342bba12e62e39.zip |
Me estai webiando conchetumadre
-rw-r--r-- | cgi/modapi.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py index ff18b7c..6350b35 100644 --- a/cgi/modapi.py +++ b/cgi/modapi.py @@ -79,12 +79,12 @@ def api_process(self, path_split): board = setBoard(formdata.get("board")) if 'id' in formdata.keys(): id = formdata.get('id') - post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `id` = '" + + post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `id` = '" + _mysql.escape_string(id) + "' AND `boardid` = '" + _mysql.escape_string(board["id"]) + "'") values['post'] = post if 'parentid' in formdata.keys(): id = formdata.get('parentid') - post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `parentid` = '" + + post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `parentid` = '" + _mysql.escape_string(id) + "' AND `boardid` = '" + _mysql.escape_string(board["id"]) + "'") values['posts'] = post elif method == 'reports': |