From d8a368c0a4d6dacb382c8ebb0de50da39b04e94e Mon Sep 17 00:00:00 2001 From: Renard Date: Fri, 31 Jul 2020 19:59:35 -0400 Subject: Mod Api: Show Posts --- cgi/modapi.py | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'cgi') diff --git a/cgi/modapi.py b/cgi/modapi.py index 4d0a428..19bf5fd 100644 --- a/cgi/modapi.py +++ b/cgi/modapi.py @@ -76,22 +76,18 @@ def api_process(self, path_split): "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC") values['news'] = news elif method == 'post': + board = formdata.get("board") if 'id' in formdata.keys(): id = formdata.get('id') - post = FetchOne("SELECT * FROM `posts` WHERE `id` = '" + - _mysql.escape_string(id) + "'") + post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `id` = '" + + _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'") values['post'] = post if 'parentid' in formdata.keys(): id = formdata.get('parentid') - post = FetchAll("SELECT * FROM `posts` WHERE `parentid` = '" + - _mysql.escape_string(id) + "'") + post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `parentid` = '" + + _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'") values['posts'] = post - if 'test' in formdata.keys(): - id = formdata.get('test') - post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `parentid` = '" + - _mysql.escape_string(id) + "'") - values['posts'] = post - elif method == 'reports': # /cgi/manage/reports/ignore + elif method == 'reports': if len(path_split) > 3: if path_split[3] == 'ignore': report_id = formdata.get("id") -- cgit v1.2.1-18-gbd029