aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar Renard 2020-07-31 19:59:35 -0400
committerLibravatar Renard 2020-07-31 19:59:35 -0400
commitd8a368c0a4d6dacb382c8ebb0de50da39b04e94e (patch)
tree578c711bd8605a0148c2ffaf7fb2c039fe2e75ef
parent8eacbe05201aa9e9eec7c43092997a5d6fc90e02 (diff)
downloadweabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.gz
weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.xz
weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.zip
Mod Api: Show Posts
-rw-r--r--cgi/modapi.py16
1 files changed, 6 insertions, 10 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py
index 4d0a428..19bf5fd 100644
--- a/cgi/modapi.py
+++ b/cgi/modapi.py
@@ -76,22 +76,18 @@ def api_process(self, path_split):
"SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC")
values['news'] = news
elif method == 'post':
+ board = formdata.get("board")
if 'id' in formdata.keys():
id = formdata.get('id')
- post = FetchOne("SELECT * FROM `posts` WHERE `id` = '" +
- _mysql.escape_string(id) + "'")
+ post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `id` = '" +
+ _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'")
values['post'] = post
if 'parentid' in formdata.keys():
id = formdata.get('parentid')
- post = FetchAll("SELECT * FROM `posts` WHERE `parentid` = '" +
- _mysql.escape_string(id) + "'")
+ post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `parentid` = '" +
+ _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'")
values['posts'] = post
- if 'test' in formdata.keys():
- id = formdata.get('test')
- post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `parentid` = '" +
- _mysql.escape_string(id) + "'")
- values['posts'] = post
- elif method == 'reports': # /cgi/manage/reports/ignore
+ elif method == 'reports':
if len(path_split) > 3:
if path_split[3] == 'ignore':
report_id = formdata.get("id")