diff options
Diffstat (limited to 'cgi/framework.py')
-rw-r--r-- | cgi/framework.py | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/cgi/framework.py b/cgi/framework.py index 5277df0..e2af143 100644 --- a/cgi/framework.py +++ b/cgi/framework.py @@ -4,7 +4,6 @@ import cgi import datetime import time import hashlib -import pickle import socket import urllib.request, urllib.parse, urllib.error import re @@ -38,6 +37,14 @@ def setBoard(dir): return board +def str2boards(sstr): + return sstr.split(',') + + +def boards2str(boards): + return ','.join(boards) + + def cleanDir(path, ext=None): if ext: filelist = [f for f in os.listdir(path) if f.endswith("." + ext)] @@ -49,14 +56,14 @@ def cleanDir(path, ext=None): def addressIsBanned(ip, board, blind_only=False): - query = "SELECT * FROM `bans` WHERE INET6_ATON('"+str(ip)+"') BETWEEN `ipstart` AND `ipend`" + query = "SELECT * FROM `bans` WHERE INET6_ATON(%s) BETWEEN `ipstart` AND `ipend`" if blind_only: query += " AND `blind` = '1'" - bans = FetchAll(query) + bans = FetchAll(query, (ip,)) for ban in bans: - if ban["boards"] != "": - boards = pickle.loads(ban["boards"]) - if ban["boards"] == "" or board in boards: + if ban["boards"]: + boards = str2boards(ban["boards"]) + if not ban["boards"] or board in boards: if board not in Settings.EXCLUDE_GLOBAL_BANS: return True return False @@ -140,15 +147,22 @@ def updateBoardSettings(): Pickle the board's settings and store it in the configuration field """ board = Settings._.BOARD - #UpdateDb("UPDATE `boards` SET `configuration` = '%s' WHERE `id` = %s LIMIT 1" % (_mysql.escape_string(configuration), board["id"])) - + del board["filetypes"] del board["filetypes_ext"] - post_values = ["`" + _mysql.escape_string(str(key)) + "` = '" + _mysql.escape_string( - str(value)) + "'" for key, value in board.items()] - - UpdateDb("UPDATE `boards` SET %s WHERE `id` = '%s' LIMIT 1" % - (", ".join(post_values), board["id"])) + + sql = "UPDATE `boards` SET " + keys = [] + values = [] + for k, v in board.items(): + keys.append("`" + k + "` = %s") + values.append(v) + + sql += ", ".join(keys) + sql += " WHERE `id` = %s LIMIT 1" + values.append(board["id"]) + + UpdateDb(sql, values) def timestamp(t=None): |