Mod Api: Show Posts

author: Renard 2020-07-31 19:59:35 -0400
committer: Renard 2020-07-31 19:59:35 -0400
commit: d8a368c0a4d6dacb382c8ebb0de50da39b04e94e (patch)
tree: 578c711bd8605a0148c2ffaf7fb2c039fe2e75ef
parent: 8eacbe05201aa9e9eec7c43092997a5d6fc90e02 (diff)
download: weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.gz
weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.xz
weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.zip
1 files changed, 6 insertions, 10 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py
index 4d0a428..19bf5fd 100644
--- a/cgi/modapi.py
+++ b/cgi/modapi.py
@@ -76,22 +76,18 @@ def api_process(self, path_split):
                 "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC")
             values['news'] = news
         elif method == 'post':
+            board = formdata.get("board")
             if 'id' in formdata.keys():
                 id = formdata.get('id')
-                post = FetchOne("SELECT * FROM `posts` WHERE `id` = '" +
-                                _mysql.escape_string(id) + "'")
+                post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `id` = '" +
+                                _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'")
                 values['post'] = post
             if 'parentid' in formdata.keys():
                 id = formdata.get('parentid')
-                post = FetchAll("SELECT * FROM `posts` WHERE `parentid` = '" +
-                                _mysql.escape_string(id) + "'")
+                post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `parentid` = '" +
+                                _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'")
                 values['posts'] = post
-            if 'test' in formdata.keys():
-                id = formdata.get('test')
-                post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `parentid` = '" +
-                                _mysql.escape_string(id) + "'")
-                values['posts'] = post
-        elif method == 'reports':  # /cgi/manage/reports/ignore
+        elif method == 'reports':
             if len(path_split) > 3:
                 if path_split[3] == 'ignore':
                     report_id = formdata.get("id")
author	Renard	2020-07-31 19:59:35 -0400
committer	Renard	2020-07-31 19:59:35 -0400
commit	d8a368c0a4d6dacb382c8ebb0de50da39b04e94e (patch)
tree	578c711bd8605a0148c2ffaf7fb2c039fe2e75ef
parent	8eacbe05201aa9e9eec7c43092997a5d6fc90e02 (diff)
download	weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.gz weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.xz weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.zip