Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-14 09:44:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes regarding csrf + refactor some parts of AAC (guilds + forum)

Browse Source 
Replace $account_logged->getPlayers() with getPlayersList()
$_REQUEST['todo'] -> $_REQUEST['post']
$guild_errors -> $errors
This commit is contained in:
slawkens
2025-05-24 11:42:42 +02:00
parent e776bd52be
commit 84d502bf10
42 changed files with 301 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
system/pages/forum/edit_post.php
View File

@@ -18,15 +18,14 @@ if ($ret === false) {
return;
}
csrfProtect();
if(!$logged) {
echo 'You are not logged in. <a href="' . getLink('account/manage') . '?redirect=' . urlencode(getLink('forum')) . '">Log in</a> to post on the forum.<br /><br />';
return;
}
if(Forum::canPost($account_logged))
{
csrfProtect();
if(Forum::canPost($account_logged)) {
$post_id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : false;
if(!$post_id) {
$errors[] = 'Please enter post id.';
@@ -43,12 +42,12 @@ if(Forum::canPost($account_logged))
$char_id = $post_topic = $text = $smile = $html = null;
$players_from_account = $db->query("SELECT `players`.`name`, `players`.`id` FROM `players` WHERE `players`.`account_id` = ".(int) $account_logged->getId())->fetchAll();
$saved = false;
if(isset($_REQUEST['save'])) {
$text = stripslashes(trim($_REQUEST['text']));
$char_id = (int) $_REQUEST['char_id'];
$post_topic = stripslashes(trim($_REQUEST['topic']));
$smile = isset($_REQUEST['smile']) ? (int)$_REQUEST['smile'] : 0;
$html = isset($_REQUEST['html']) ? (int)$_REQUEST['html'] : 0;
if(isset($_POST['save'])) {
$text = stripslashes(trim($_POST['text']));
$char_id = (int) $_POST['char_id'];
$post_topic = stripslashes(trim($_POST['topic']));
$smile = isset($_POST['smile']) ? (int)$_POST['smile'] : 0;
$html = isset($_POST['html']) ? (int)$_POST['html'] : 0;
if (!superAdmin()) {
$html = 0;