aboutsummaryrefslogtreecommitdiff
path: root/cgi/manage.py
diff options
context:
space:
mode:
Diffstat (limited to 'cgi/manage.py')
-rw-r--r--cgi/manage.py150
1 files changed, 69 insertions, 81 deletions
diff --git a/cgi/manage.py b/cgi/manage.py
index 40be3b2..0053f54 100644
--- a/cgi/manage.py
+++ b/cgi/manage.py
@@ -35,7 +35,7 @@ def manage(self, path_split):
UpdateDb("DELETE FROM `logs` WHERE `timestamp` < %s", (timestamp() - Settings.MANAGE_LOG_TIME,))
else:
page += _('Incorrect username/password.')
- logAction('', 'Failed log-in. U:'+_mysql.escape_string(self.formdata['username'])+' IP logged.')
+ logAction('', 'Failed log-in. U:'+self.formdata['username']+' IP logged.')
logging.warn("Failed log-in. U:{} IP:{}".format(self.formdata['username'], self.environ["REMOTE_ADDR"]))
else:
# Validate existing session
@@ -687,10 +687,9 @@ def manage(self, path_split):
return
if self.formdata['seconds'] != '0':
- until = str(
- timestamp() + int(self.formdata['seconds']))
+ until = timestamp() + int(self.formdata['seconds'])
else:
- until = '0'
+ until = 0
where = ''
if 'board_all' not in self.formdata:
where = []
@@ -701,7 +700,7 @@ def manage(self, path_split):
if self.formdata[keyname] == "1":
where.append(board['dir'])
if len(where) > 0:
- where = pickle.dumps(where)
+ where = boards2str(where)
else:
self.error(
_("You must select where the ban shall be placed"))
@@ -719,14 +718,14 @@ def manage(self, path_split):
return"""
# Blind mode
- blind = self.formdata.get('blind', '0')
+ blind = self.formdata.get('blind', 0)
#raise UserError, "{} {} {}".format(ipstart, ipend, ipstr)
# Banear sin mensaje
- InsertDb("INSERT INTO `bans` (`ipstart`, `ipend`, `ipstr`, `boards`, `added`, `until`, `staff`, `reason`, `note`, `blind`) VALUES (INET6_ATON('" +
- ipstart + "'), INET6_ATON('" + ipend + "'), '" + ipstr + "', '" +
- _mysql.escape_string(where) + "', " + str(timestamp()) + ", " + until + ", '" + _mysql.escape_string(staff_account['username']) + "', '" + _mysql.escape_string(self.formdata['reason']) + "', '" + _mysql.escape_string(self.formdata['note']) + "', '"+blind+"')")
+ InsertDb("INSERT INTO `bans` (`ipstart`, `ipend`, `ipstr`, `boards`, `added`, `until`, `staff`, `reason`, `note`, `blind`) VALUES "
+ "(INET6_ATON(%s), INET6_ATON(%s), %s, %s, %s, %s, %s, %s, %s, %s)",
+ (ipstart, ipend, ipstr, where, timestamp(), until, staff_account['username'], self.formdata['reason'], self.formdata['note'], blind))
regenerateAccess()
if 'edit' in self.formdata:
@@ -747,18 +746,18 @@ def manage(self, path_split):
'reason': '',
'note': '',
'message': '(GET OUT)',
- 'seconds': '0',
- 'blind': '1'}
+ 'seconds': 0,
+ 'blind': 1}
edit_id = 0
if 'edit' in self.formdata:
edit_id = self.formdata['edit']
- ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = '" +
- _mysql.escape_string(edit_id) + "' ORDER BY `added` DESC")
+ ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = %s ORDER BY `added` DESC",
+ (edit_id,))
if ban:
if ban['boards'] == '':
where = ''
else:
- where = pickle.loads(ban['boards'])
+ where = boards2str(ban['boards'])
if ban['until'] == '0':
until = 0
else:
@@ -785,12 +784,12 @@ def manage(self, path_split):
action_taken = False
if len(path_split) > 4:
if path_split[3] == 'delete':
- ip = FetchOne("SELECT ipstr FROM `bans` WHERE `id` = '" +
- _mysql.escape_string(path_split[4]) + "' LIMIT 1", 0)[0]
- if ip != '':
+ ip = FetchOne("SELECT ipstr FROM `bans` WHERE `id` = %s LIMIT 1",
+ (path_split[4],))
+ if ip:
# Delete ban
- UpdateDb('DELETE FROM `bans` WHERE `id` = ' +
- _mysql.escape_string(path_split[4]) + ' LIMIT 1')
+ UpdateDb('DELETE FROM `bans` WHERE `id` = %s LIMIT 1',
+ (path_split[4],))
regenerateAccess()
message = _('Ban successfully deleted.')
template_filename = "message.html"
@@ -809,18 +808,18 @@ def manage(self, path_split):
if ban['boards'] == '':
ban['boards'] = _('All boards')
else:
- where = pickle.loads(ban['boards'].encode('utf-8'))
+ where = str2boards(ban['boards'])
if len(where) > 1:
ban['boards'] = '/' + \
'/, /'.join(where) + '/'
else:
ban['boards'] = '/' + where[0] + '/'
ban['added'] = formatTimestamp(ban['added'])
- if ban['until'] == '0':
+ if ban['until'] == 0:
ban['until'] = _('Does not expire')
else:
ban['until'] = formatTimestamp(ban['until'])
- if ban['blind'] == '1':
+ if ban['blind']:
ban['blind'] = 'Sí'
else:
ban['blind'] = 'No'
@@ -876,50 +875,50 @@ def manage(self, path_split):
board['slip'] = self.formdata['slip']
board['countrycode'] = self.formdata['countrycode']
if 'recyclebin' in self.formdata:
- board['recyclebin'] = '1'
+ board['recyclebin'] = 1
else:
- board['recyclebin'] = '0'
+ board['recyclebin'] = 0
if 'disable_name' in self.formdata:
- board['disable_name'] = '1'
+ board['disable_name'] = 1
else:
- board['disable_name'] = '0'
+ board['disable_name'] = 0
if 'disable_subject' in self.formdata:
- board['disable_subject'] = '1'
+ board['disable_subject'] = 1
else:
- board['disable_subject'] = '0'
+ board['disable_subject'] = 0
if 'secret' in self.formdata:
- board['secret'] = '1'
+ board['secret'] = 1
else:
- board['secret'] = '0'
+ board['secret'] = 0
if 'locked' in self.formdata:
- board['locked'] = '1'
+ board['locked'] = 1
else:
- board['locked'] = '0'
+ board['locked'] = 0
board['postarea_desc'] = self.formdata['postarea_desc']
if 'allow_noimage' in self.formdata:
- board['allow_noimage'] = '1'
+ board['allow_noimage'] = 1
else:
- board['allow_noimage'] = '0'
+ board['allow_noimage'] = 0
if 'allow_images' in self.formdata:
- board['allow_images'] = '1'
+ board['allow_images'] = 1
else:
- board['allow_images'] = '0'
+ board['allow_images'] = 0
if 'allow_image_replies' in self.formdata:
- board['allow_image_replies'] = '1'
+ board['allow_image_replies'] = 1
else:
- board['allow_image_replies'] = '0'
+ board['allow_image_replies'] = 0
if 'allow_spoilers' in self.formdata:
- board['allow_spoilers'] = '1'
+ board['allow_spoilers'] = 1
else:
- board['allow_spoilers'] = '0'
+ board['allow_spoilers'] = 0
if 'allow_oekaki' in self.formdata:
- board['allow_oekaki'] = '1'
+ board['allow_oekaki'] = 1
else:
- board['allow_oekaki'] = '0'
+ board['allow_oekaki'] = 0
if 'archive' in self.formdata:
- board['archive'] = '1'
+ board['archive'] = 1
else:
- board['archive'] = '0'
+ board['archive'] = 0
board['postarea_extra'] = self.formdata['postarea_extra']
board['force_css'] = self.formdata['force_css']
@@ -932,8 +931,7 @@ def manage(self, path_split):
board['id'], filetype['id']))
try:
- board['numthreads'] = int(
- self.formdata['numthreads'])
+ board['numthreads'] = int(self.formdata['numthreads'])
except:
raise UserError(_("Max threads shown must be numeric."))
@@ -963,14 +961,12 @@ def manage(self, path_split):
raise UserError(_("Max age must be numeric."))
try:
- board['maxinactive'] = int(
- self.formdata['maxinactive'])
+ board['maxinactive'] = int(self.formdata['maxinactive'])
except:
raise UserError(_("Max inactivity must be numeric."))
try:
- board['threadsecs'] = int(
- self.formdata['threadsecs'])
+ board['threadsecs'] = int(self.formdata['threadsecs'])
except:
raise UserError(_("Time between new threads must be numeric."))
@@ -1306,7 +1302,7 @@ def manage(self, path_split):
'SELECT * FROM archive WHERE boardid = %s ORDER BY timestamp DESC' % board['id'])
for item in threads:
t = time.time()
- self.output += item['timestamp'] + '<br />'
+ self.output += str(item['timestamp']) + '<br />'
fname = Settings.ROOT_DIR + \
board["dir"] + "/kako/" + \
str(item["timestamp"]) + ".json"
@@ -1367,10 +1363,10 @@ def manage(self, path_split):
new_timestamp_formatted = formatTimestamp(
post['timestamp'])
tim = 0
- if board["useid"] != '0':
+ if board["useid"] != 0:
new_timestamp_formatted += ' ID:' + \
- iphash(post['ip'], '', tim, '1',
- False, False, False, '0')
+ iphash(post['ip'], '', tim, 1,
+ False, False, False, 0)
self.output += "%s - %s <br />" % (
post['id'], new_timestamp_formatted)
query = "UPDATE `posts` SET timestamp_formatted = '%s' WHERE boardid = '%s' AND id = '%s'" % (
@@ -1442,7 +1438,6 @@ def manage(self, path_split):
filter_from = ''
filter_tripcode = ''
- # I don't like pickles... oh well.
where = ''
if 'board_all' not in self.formdata:
where = []
@@ -1453,8 +1448,7 @@ def manage(self, path_split):
if self.formdata[keyname] == "1":
where.append(board['dir'])
if len(where) > 0:
- where = _mysql.escape_string(
- pickle.dumps(where))
+ where = boards2str(where)
else:
self.error(
_("You must select what board the filter will affect"))
@@ -1560,10 +1554,10 @@ def manage(self, path_split):
edit_id = int(self.formdata['edit'])
filt = FetchOne(
"SELECT * FROM `filters` WHERE `id` = %s LIMIT 1" % str(edit_id))
- if filt['boards'] == '':
+ if not filt['boards']:
where = ''
else:
- where = pickle.loads(filt['boards'])
+ where = str2boards(filt['boards'])
startvalues = {'type': filt['type'],
'trip': filt['from_trip'],
'where': where,
@@ -1615,18 +1609,13 @@ def manage(self, path_split):
action_taken = True
if not action_taken:
- filters = FetchAll(
- "SELECT * FROM `filters` ORDER BY `added` DESC")
+ filters = FetchAll("SELECT * FROM `filters` ORDER BY `added` DESC")
for filter in filters:
if not filter['boards']:
filter['boards'] = _('All boards')
else:
- where = pickle.loads(filter['boards'].encode('utf-8'))
- if len(where) > 1:
- filter['boards'] = '/' + \
- '/, /'.join(where) + '/'
- else:
- filter['boards'] = '/' + where[0] + '/'
+ where = str2boards(filter['boards'])
+ filter['boards'] = '/' + '/, /'.join(where) + '/'
if filter['type'] == 0:
filter['type_formatted'] = _('Word:') + ' <b>' + html.escape(filter['from']) + '</b>'
elif filter['type'] == 1:
@@ -1834,10 +1823,10 @@ def manage(self, path_split):
message = None
import math
- pagesize = float(Settings.REPORTS_PER_PAGE)
+ pagesize = Settings.REPORTS_PER_PAGE
totals = FetchOne("SELECT COUNT(id) FROM `reports`")
total = int(totals['COUNT(id)'])
- pages = int(math.ceil(total / pagesize))
+ pages = int(math.ceil(total // pagesize))
try:
currentpage = int(path_split[3])
@@ -1847,24 +1836,23 @@ def manage(self, path_split):
if len(path_split) > 4:
if path_split[4] == 'ignore':
# Delete report
- UpdateDb("DELETE FROM `reports` WHERE `id` = '" +
- _mysql.escape_string(path_split[5])+"'")
+ UpdateDb("DELETE FROM `reports` WHERE `id` = %s", (path_split[5],))
message = _('Report %s ignored.') % path_split[5]
if 'ignore' in self.formdata:
ignored = 0
if 'board' in self.formdata and self.formdata['board'] != 'all':
- reports = FetchAll("SELECT `id` FROM `reports` WHERE `board` = '%s' ORDER BY `timestamp` DESC LIMIT %d, %d" % (
- _mysql.escape_string(self.formdata['board']), currentpage*pagesize, pagesize))
+ reports = FetchAll("SELECT `id` FROM `reports` WHERE `board` = %s ORDER BY `timestamp` DESC LIMIT %s, %s",
+ (self.formdata['board'], currentpage*pagesize, pagesize))
else:
- reports = FetchAll("SELECT `id` FROM `reports` ORDER BY `timestamp` DESC LIMIT %d, %d" % (
- currentpage*pagesize, pagesize))
+ reports = FetchAll("SELECT `id` FROM `reports` ORDER BY `timestamp` DESC LIMIT %s, %s",
+ (currentpage*pagesize, pagesize))
for report in reports:
keyname = 'i' + report['id']
if keyname in self.formdata:
# Ignore here
- UpdateDb("DELETE FROM `reports` WHERE `id` = '" +
- _mysql.escape_string(report['id'])+"'")
+ UpdateDb("DELETE FROM `reports` WHERE `id` = %s",
+ (report['id'],))
ignored += 1
message = _('Ignored %s report(s).') % str(ignored)
@@ -1880,11 +1868,11 @@ def manage(self, path_split):
# Tabla
if 'board' in self.formdata and self.formdata['board'] != 'all':
- reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` WHERE `board` = '%s' ORDER BY `timestamp` DESC LIMIT %d, %d" % (
- _mysql.escape_string(self.formdata['board']), currentpage*pagesize, pagesize))
+ reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` WHERE `board` = %s ORDER BY `timestamp` DESC LIMIT %s, %s",
+ (self.formdata['board'], currentpage*pagesize, pagesize))
else:
- reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` ORDER BY `timestamp` DESC LIMIT %d, %d" % (
- currentpage*pagesize, pagesize))
+ reports = FetchAll("SELECT id, timestamp, timestamp_formatted, postid, parentid, link, board, INET6_NTOA(ip) AS ip, reason, INET6_NTOA(repip) AS repip FROM `reports` ORDER BY `timestamp` DESC LIMIT %s, %s",
+ (currentpage*pagesize, pagesize))
if 'board' in self.formdata:
curboard = self.formdata['board']
generated by cgit v1.2.1-18-gbd029 (git 2.20.0) at 2024-05-07 08:49:21 +0000