aboutsummaryrefslogtreecommitdiff
path: root/cgi/manage.py
diff options
context:
space:
mode:
Diffstat (limited to 'cgi/manage.py')
-rw-r--r--cgi/manage.py214
1 files changed, 108 insertions, 106 deletions
diff --git a/cgi/manage.py b/cgi/manage.py
index 40a37a1..2aa8a5e 100644
--- a/cgi/manage.py
+++ b/cgi/manage.py
@@ -658,7 +658,7 @@ def manage(self, path_split):
board = setBoard(path_split[3])
post = FetchOne('SELECT INET6_NTOA(`ip`) AS `ip` FROM `posts` WHERE `boardid` = ' +
board['id'] + ' AND `id` = \'' + _mysql.escape_string(path_split[4]) + '\' LIMIT 1')
- # Creo que esto no deberia ir aqui... -> UpdateDb('UPDATE `posts` SET `banned` = 1 WHERE `boardid` = ' + board['id'] + ' AND `id` = \'' + _mysql.escape_string(path_split[4]) + '\'')
+
if not post:
message = _('Unable to locate a post with that ID.')
template_filename = "message.html"
@@ -667,119 +667,121 @@ def manage(self, path_split):
Settings.CGI_URL + 'manage/ban?ip=' + post['ip'] + '" />Espere...'
template_filename = "message.html"
else:
- # if path_split[3] == '':
- try:
+ reason = self.formdata.get('reason')
+ if reason is not None:
+ # Start ban process
+ import netaddr
ip = self.formdata['ip']
- except:
- ip = ''
- try:
- netmask = insnetmask = self.formdata['netmask']
- if netmask == '255.255.255.255':
- insnetmask = ''
- except:
- netmask = instnetmask = ''
- # else:
- # ip = path_split[3]
- if ip != '':
+
+ # Parse CIDR or IP glob
try:
- reason = self.formdata['reason']
- except:
- reason = None
- if reason is not None:
- if self.formdata['seconds'] != '0':
- until = str(
- timestamp() + int(self.formdata['seconds']))
+ ipnetwork = netaddr.IPNetwork(ip)
+ ipstart, ipend = str(ipnetwork[0]), str(ipnetwork[-1])
+ ipstr = str(ipnetwork)
+ except netaddr.core.AddrFormatError:
+ # Invalid format so try with globs
+ iprange = netaddr.glob_to_iprange(ip)
+ ipstart, ipend = str(iprange[0]), str(iprange[-1])
+
+ cidrs = iprange.cidrs()
+ if len(cidrs) == 1:
+ ipstr = str(cidrs[0])
else:
- until = '0'
- where = ''
- if 'board_all' not in self.formdata.keys():
- where = []
- boards = FetchAll('SELECT `dir` FROM `boards`')
- for board in boards:
- keyname = 'board_' + board['dir']
- if keyname in self.formdata.keys():
- if self.formdata[keyname] == "1":
- where.append(board['dir'])
- if len(where) > 0:
- where = pickle.dumps(where)
- else:
- self.error(
- _("You must select where the ban shall be placed"))
- return
+ ipstr = str(iprange)
- if 'edit' in self.formdata.keys():
- UpdateDb("DELETE FROM `bans` WHERE `id` = '" +
- _mysql.escape_string(self.formdata['edit']) + "' LIMIT 1")
- else:
- ban = FetchOne("SELECT `id` FROM `bans` WHERE `ip` = '" + _mysql.escape_string(
- ip) + "' AND `boards` = '" + _mysql.escape_string(where) + "' LIMIT 1")
- if ban:
- self.error(_('There is already an identical ban for this IP.') + '<a href="' +
- Settings.CGI_URL+'manage/ban/' + ip + '?edit=' + ban['id']+'">' + _('Edit') + '</a>')
- return
-
- # Blind mode
- if 'blind' in self.formdata.keys() and self.formdata['blind'] == '1':
- blind = '1'
- else:
- blind = '0'
- # Banear sin mensaje
- InsertDb("INSERT INTO `bans` (`ip`, `netmask`, `boards`, `added`, `until`, `staff`, `reason`, `note`, `blind`) VALUES (INET6_ATON('" + _mysql.escape_string(ip) + "'), INET_ATON('"+_mysql.escape_string(insnetmask)+"'), '" +
- _mysql.escape_string(where) + "', " + str(timestamp()) + ", " + until + ", '" + _mysql.escape_string(staff_account['username']) + "', '" + _mysql.escape_string(self.formdata['reason']) + "', '" + _mysql.escape_string(self.formdata['note']) + "', '"+blind+"')")
+ if self.formdata['seconds'] != '0':
+ until = str(
+ timestamp() + int(self.formdata['seconds']))
+ else:
+ until = '0'
+ where = ''
+ if 'board_all' not in self.formdata.keys():
+ where = []
+ boards = FetchAll('SELECT `dir` FROM `boards`')
+ for board in boards:
+ keyname = 'board_' + board['dir']
+ if keyname in self.formdata.keys():
+ if self.formdata[keyname] == "1":
+ where.append(board['dir'])
+ if len(where) > 0:
+ where = pickle.dumps(where)
+ else:
+ self.error(
+ _("You must select where the ban shall be placed"))
+ return
- regenerateAccess()
- if 'edit' in self.formdata.keys():
- message = _('Ban successfully edited.')
- action = 'Edited ban for ' + ip
+ if 'edit' in self.formdata.keys():
+ UpdateDb("DELETE FROM `bans` WHERE `id` = '" +
+ _mysql.escape_string(self.formdata['edit']) + "' LIMIT 1")
+ """else: # TODO : Duplicate check
+ ban = FetchOne("SELECT `id` FROM `bans` WHERE `ip` = '" + _mysql.escape_string(
+ ip) + "' AND `boards` = '" + _mysql.escape_string(where) + "' LIMIT 1")
+ if ban:
+ self.error(_('There is already an identical ban for this IP.') + '<a href="' +
+ Settings.CGI_URL+'manage/ban/' + ip + '?edit=' + ban['id']+'">' + _('Edit') + '</a>')
+ return"""
+
+ # Blind mode
+ blind = self.formdata.get('blind', '0')
+
+ #raise UserError, "{} {} {}".format(ipstart, ipend, ipstr)
+
+ # Banear sin mensaje
+ InsertDb("INSERT INTO `bans` (`ipstart`, `ipend`, `ipstr`, `boards`, `added`, `until`, `staff`, `reason`, `note`, `blind`) VALUES (INET6_ATON('" +
+ ipstart + "'), INET6_ATON('" + ipend + "'), '" + ipstr + "', '" +
+ _mysql.escape_string(where) + "', " + str(timestamp()) + ", " + until + ", '" + _mysql.escape_string(staff_account['username']) + "', '" + _mysql.escape_string(self.formdata['reason']) + "', '" + _mysql.escape_string(self.formdata['note']) + "', '"+blind+"')")
+
+ regenerateAccess()
+ if 'edit' in self.formdata.keys():
+ message = _('Ban successfully edited.')
+ action = 'Edited ban for ' + ip
+ else:
+ message = _('Ban successfully placed.')
+ action = 'Banned ' + ip
+ if until != '0':
+ action += ' until ' + \
+ formatTimestamp(until)
else:
- message = _('Ban successfully placed.')
- action = 'Banned ' + ip
- if until != '0':
- action += ' until ' + \
- formatTimestamp(until)
+ action += ' permanently'
+ logAction(staff_account['username'], action)
+ template_filename = 'message.html'
+ else:
+ startvalues = {'where': [],
+ 'reason': '',
+ 'note': '',
+ 'message': '(GET OUT)',
+ 'seconds': '0',
+ 'blind': '1'}
+ edit_id = 0
+ if 'edit' in self.formdata.keys():
+ edit_id = self.formdata['edit']
+ ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = '" +
+ _mysql.escape_string(edit_id) + "' ORDER BY `added` DESC")
+ if ban:
+ if ban['boards'] == '':
+ where = ''
else:
- action += ' permanently'
- logAction(staff_account['username'], action)
- template_filename = 'message.html'
- else:
- startvalues = {'where': [],
- 'netmask': '255.255.255.255',
- 'reason': '',
- 'note': '',
- 'message': '(GET OUT)',
- 'seconds': '0',
- 'blind': '1'}
- edit_id = 0
- if 'edit' in self.formdata.keys():
- edit_id = self.formdata['edit']
- ban = FetchOne("SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` WHERE `id` = '" +
- _mysql.escape_string(edit_id) + "' ORDER BY `added` DESC")
- if ban:
- if ban['boards'] == '':
- where = ''
- else:
- where = pickle.loads(ban['boards'])
- if ban['until'] == '0':
- until = 0
- else:
- until = int(ban['until']) - timestamp()
- startvalues = {'where': where,
- 'netmask': ban['netmask'],
- 'reason': ban['reason'],
- 'note': ban['note'],
- 'seconds': str(until),
- 'blind': ban['blind']
- }
+ where = pickle.loads(ban['boards'])
+ if ban['until'] == '0':
+ until = 0
else:
- edit_id = 0
+ until = int(ban['until']) - timestamp()
+ startvalues = {'where': where,
+ 'reason': ban['reason'],
+ 'note': ban['note'],
+ 'seconds': str(until),
+ 'blind': ban['blind']
+ }
+ else:
+ edit_id = 0
- template_filename = "bans.html"
- template_values = {'mode': 1,
- 'boards': boardlist(),
- 'ip': ip,
- 'startvalues': startvalues,
- 'edit_id': edit_id}
+ template_filename = "bans.html"
+ template_values = {'mode': 1,
+ 'boards': boardlist(),
+ 'ip': self.formdata.get('ip'),
+ 'startvalues': startvalues,
+ 'edit_id': edit_id}
elif path_split[2] == 'bans':
if not moderator:
return
@@ -787,7 +789,7 @@ def manage(self, path_split):
action_taken = False
if len(path_split) > 4:
if path_split[3] == 'delete':
- ip = FetchOne("SELECT INET6_NTOA(`ip`) AS 'ip' FROM `bans` WHERE `id` = '" +
+ ip = FetchOne("SELECT ipstr FROM `bans` WHERE `id` = '" +
_mysql.escape_string(path_split[4]) + "' LIMIT 1", 0)[0]
if ip != '':
# Delete ban
@@ -805,7 +807,7 @@ def manage(self, path_split):
if not action_taken:
bans = FetchAll(
- "SELECT `id`, INET6_NTOA(`ip`) AS 'ip', CASE WHEN `netmask` IS NULL THEN '255.255.255.255' ELSE INET_NTOA(`netmask`) END AS 'netmask', boards, added, until, staff, reason, note, blind FROM `bans` ORDER BY `added` DESC")
+ "SELECT `id`, `ipstr` AS 'ip', boards, added, until, staff, reason, note, blind FROM `bans` ORDER BY `added` DESC")
if bans:
for ban in bans:
if ban['boards'] == '':
generated by cgit v1.2.1-18-gbd029 (git 2.20.0) at 2024-09-20 11:45:13 +0000