1 files changed, 20 insertions, 15 deletions

diff --git a/cgi/weabot.py b/cgi/weabot.py
index 720916d..636eb02 100755
--- a/cgi/weabot.py
+++ b/cgi/weabot.py
@@ -23,7 +23,7 @@ from formatting import *
 from post import *
 from img import *
 
-__version__ = "0.10.0"
+__version__ = "0.10.5"
 
 # Set to True to disable weabot's exception routing and enable profiling
 _DEBUG = False
@@ -35,7 +35,7 @@ class weabot(object):
     def __init__(self, environ, start_response):
         global _DEBUG
 
-        logging.basicConfig(filename='weabot.log', format='%(asctime)s %(levelname)s %(message)s', level=logging.DEBUG)
+        logging.basicConfig(filename='weabot.log', format='%(asctime)s %(levelname)s %(message)s', level=logging.INFO)
 
         self.environ = environ
         if self.environ["PATH_INFO"].startswith("/weabot.py/"):
@@ -85,7 +85,7 @@ class weabot(object):
     def error(self, message):
         board = Settings._.BOARD
         if board:
-            if board['board_type'] == '1':
+            if board['board_type'] == 1:
                 info = {}
                 info['host'] = self.environ["REMOTE_ADDR"]
                 info['name'] = self.formdata.get('fielda', '')
@@ -265,7 +265,7 @@ class weabot(object):
                 if Settings.ENABLE_BANS and addressIsBanned(self.environ['REMOTE_ADDR'], board["dir"], blind_only=True):
                     raise UserError('<meta http-equiv="refresh" content="0; url=/cgi/banned/%s">' % board["dir"])
  
-                if len(path_split) > 4 and path_split[4] and board['board_type'] == '1':
+                if len(path_split) > 4 and path_split[4] and board['board_type'] == 1:
                     self.output = dynamicRead(int(path_split[3]), path_split[4], True)
                 elif board['board_type'] == 1:
                     self.output = threadPage(0, True, int(path_split[3]))
@@ -329,12 +329,12 @@ class weabot(object):
                 self.output += '<html xmlns="http://www.w3.org/1999/xhtml"><meta http-equiv="refresh" content="0;url=%s" /><body><p>...</p></body></html>' % url
             elif path_split[1] == "banned":
                 OpenDb()
-                bans = FetchAll("SELECT * FROM `bans` WHERE INET6_ATON('"+self.environ["REMOTE_ADDR"]+"') BETWEEN `ipstart` AND `ipend`")
+                bans = FetchAll("SELECT * FROM `bans` WHERE INET6_ATON(%s) BETWEEN `ipstart` AND `ipend`", (self.environ["REMOTE_ADDR"],))
                 if bans:
                     for ban in bans:
                         if ban["boards"]:
-                            boards = pickle.loads(ban["boards"])
-                        if ban["boards"] or path_split[2] in boards:
+                            boards = str2boards(ban["boards"])
+                        if not ban["boards"] or path_split[2] in boards:
                             caught = True
                             if ban["boards"]:
                                 boards_str = '/' + '/, /'.join(boards) + '/'
@@ -592,7 +592,7 @@ class weabot(object):
         # make ID hash
         if board["useid"]:
             post["timestamp_formatted"] += ' ID:' + iphash(ip, post, tim, board["useid"], mobile,
-              self.environ["HTTP_USER_AGENT"], cap_id, hide_end, (board["countrycode"] in ['1', '2']))
+              self.environ["HTTP_USER_AGENT"], cap_id, hide_end, (board["countrycode"] in [1, 2]))
 
         # use for future file checks
         xfile = (file is not None or oek_file)
@@ -793,7 +793,13 @@ class weabot(object):
         postid = post.insert()
 
         # delete threads that have crossed last page
-        trimThreads()
+        trimmed = trimThreads()
+        
+        # let's stop here if the thread we posted in got trimmed
+        if post["parentid"] and post["parentid"] in trimmed:
+            regenerateFrontPages()
+            regenerateHome()
+            raise UserError("El hilo en el que publicaste ya fue eliminado.")
 
         # fix null references when creating thread
         if board["board_type"] == 1 and not post["parentid"]:
@@ -947,8 +953,8 @@ class weabot(object):
             raise UserError(_("You're banned."))
 
         # check if post exists
-        post = FetchOne("SELECT `id`, `parentid`, `ip` FROM `posts` WHERE `id` = '%s' AND `boardid` = '%s'" % (
-            _mysql.escape_string(str(postid)), _mysql.escape_string(board['id'])))
+        post = FetchOne("SELECT `id`, `parentid`, `ip` FROM `posts` WHERE `id` = %s AND `boardid` = %s",
+                       (postid, board['id']))
         if not post:
             raise UserError(_("Post doesn't exist."))
 
@@ -963,13 +969,12 @@ class weabot(object):
 
         # insert report
         t = time.time()
-        message = cgi.escape(self.formdata["reason"]).strip()[0:8000]
+        message = html.escape(self.formdata["reason"]).strip()[0:800]
         message = message.replace("\n", "<br />")
 
         UpdateDb("INSERT INTO `reports` (board, postid, parentid, link, ip, reason, repip, timestamp, timestamp_formatted) " +
-            "VALUES ('%s', '%s', '%s', '%s', '%s', '%s', INET6_ATON('%s'), '%s', '%s')" % (
-            board["dir"], post['id'], post['parentid'], link, post['ip'], _mysql.escape_string(message),
-            _mysql.escape_string(self.environ["REMOTE_ADDR"]), str(t), formatTimestamp(t)))
+            "VALUES (%s, %s, %s, %s, %s, %s, INET6_ATON(%s), %s, %s)",
+            (board["dir"], post['id'], post['parentid'], link, post['ip'], message, self.environ["REMOTE_ADDR"], t, formatTimestamp(t)))
         self.output = renderTemplate("report.html", {'finished': True})
 
     def stats(self):