From d8a368c0a4d6dacb382c8ebb0de50da39b04e94e Mon Sep 17 00:00:00 2001
From: Renard
Date: Fri, 31 Jul 2020 19:59:35 -0400
Subject: Mod Api: Show Posts

---
 cgi/modapi.py | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

(limited to 'cgi')

diff --git a/cgi/modapi.py b/cgi/modapi.py
index 4d0a428..19bf5fd 100644
--- a/cgi/modapi.py
+++ b/cgi/modapi.py
@@ -76,22 +76,18 @@ def api_process(self, path_split):
                 "SELECT * FROM `news` WHERE type = 1 ORDER BY `timestamp` DESC")
             values['news'] = news
         elif method == 'post':
+            board = formdata.get("board")
             if 'id' in formdata.keys():
                 id = formdata.get('id')
-                post = FetchOne("SELECT * FROM `posts` WHERE `id` = '" +
-                                _mysql.escape_string(id) + "'")
+                post = FetchOne("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `id` = '" +
+                                _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'")
                 values['post'] = post
             if 'parentid' in formdata.keys():
                 id = formdata.get('parentid')
-                post = FetchAll("SELECT * FROM `posts` WHERE `parentid` = '" +
-                                _mysql.escape_string(id) + "'")
+                post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` FROM `posts` WHERE `parentid` = '" +
+                                _mysql.escape_string(id) + "' AND board = '" + _mysql.escape_string(board) + "'")
                 values['posts'] = post
-            if 'test' in formdata.keys():
-                id = formdata.get('test')
-                post = FetchAll("SELECT `id`, `boardid`, `parentid`,`timestamp`, `name`, `tripcode`, `email` ,`subject`,`message`,`file`,`thumb`, INET6_NTOA(`ip`) as ip,`IS_DELETED` AS `deleted`, `bumped`, `last`, `locked` FROM `posts` WHERE `parentid` = '" +
-                                _mysql.escape_string(id) + "'")
-                values['posts'] = post
-        elif method == 'reports':  # /cgi/manage/reports/ignore
+        elif method == 'reports':
             if len(path_split) > 3:
                 if path_split[3] == 'ignore':
                     report_id = formdata.get("id")
-- 
cgit v1.2.1-18-gbd029