aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Renard 2020-07-31 20:12:58 -0400
committerLibravatar Renard 2020-07-31 20:12:58 -0400
commit0225f28f7da8774e788b7991e1342bba12e62e39 (patch)
treef069e3fd52f3a2a762a47687e6eb415f4dd9235c
parent6c08c2a6b94ab1a9d1c5539b16a74b87fe00739c (diff)
downloadweabot-0225f28f7da8774e788b7991e1342bba12e62e39.tar.gz
weabot-0225f28f7da8774e788b7991e1342bba12e62e39.tar.xz
weabot-0225f28f7da8774e788b7991e1342bba12e62e39.zip
Me estai webiando conchetumadre
-rw-r--r--cgi/modapi.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py
index ff18b7c..6350b35 100644
--- a/cgi/modapi.py
+++ b/cgi/modapi.py
@@ -79,12 +79,12 @@ def api_process(self, path_split):
board = setBoard(formdata.get("board"))
if 'id' in formdata.keys():
id = formdata.get('id')
- post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `id` = '" +
+ post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `id` = '" +
_mysql.escape_string(id) + "' AND `boardid` = '" + _mysql.escape_string(board["id"]) + "'")
values['post'] = post
if 'parentid' in formdata.keys():
id = formdata.get('parentid')
- post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `parentid` = '" +
+ post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `parentid` = '" +
_mysql.escape_string(id) + "' AND `boardid` = '" + _mysql.escape_string(board["id"]) + "'")
values['posts'] = post
elif method == 'reports':