diff options
author | Renard | 2020-07-31 19:59:35 -0400 |
---|---|---|
committer | Renard | 2020-07-31 19:59:35 -0400 |
commit | d8a368c0a4d6dacb382c8ebb0de50da39b04e94e (patch) | |
tree | 578c711bd8605a0148c2ffaf7fb2c039fe2e75ef | |
parent | 8eacbe05201aa9e9eec7c43092997a5d6fc90e02 (diff) | |
download | weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.gz weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.tar.xz weabot-d8a368c0a4d6dacb382c8ebb0de50da39b04e94e.zip |
Mod Api: Show Posts
-rw-r--r-- | cgi/modapi.py | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/cgi/modapi.py b/cgi/modapi.py index 4d0a428..19bf5fd 100644 --- a/cgi/modapi.py +++ b/cgi/modapi.py @@ -76,22 +76,18 @@ def api_process(self, path_split): "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC") values['news'] = news elif method == 'post': + board = formdata.get("board") if 'id' in formdata.keys(): id = formdata.get('id') - post = FetchOne("SELECT * FROM `posts` WHERE `id` = '" + - _mysql.escape_string(id) + "'") + post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `id` = '" + + _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'") values['post'] = post if 'parentid' in formdata.keys(): id = formdata.get('parentid') - post = FetchAll("SELECT * FROM `posts` WHERE `parentid` = '" + - _mysql.escape_string(id) + "'") + post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `parentid` = '" + + _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'") values['posts'] = post - if 'test' in formdata.keys(): - id = formdata.get('test') - post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `parentid` = '" + - _mysql.escape_string(id) + "'") - values['posts'] = post - elif method == 'reports': # /cgi/manage/reports/ignore + elif method == 'reports': if len(path_split) > 3: if path_split[3] == 'ignore': report_id = formdata.get("id") |