yolinlin/aowow
1
0
Fork 0
mirror of https://github.com/Sarjuuk/aowow.git synced 2025-11-29 15:58:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

Reports/Fixup

Browse Source 
* also include source url when checking target context
 * cleanup source url to be usable as key
This commit is contained in:
Sarjuuk
2025-10-26 18:49:17 +01:00
parent 3a25c2390f
commit 7cbe1f6007
1 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
includes/components/report.class.php
View File

@@ -144,11 +144,11 @@ class Report
$this->subject ??= 0; // 0 for utility, tools and misc pages? $this->subject ??= 0; // 0 for utility, tools and misc pages?
} }
private function checkTargetContext() : int private function checkTargetContext(?string $url) : int
{ {
// check already reported // check already reported
$field = User::isLoggedIn() ? 'userId' : 'ip'; $field = User::isLoggedIn() ? 'userId' : 'ip';
if (DB::Aowow()->selectCell('SELECT 1 FROM ?_reports WHERE `mode` = ?d AND `reason`= ?d AND `subject` = ?d AND ?# = ?', $this->mode, $this->reason, $this->subject, $field, User::$id ?: User::$ip)) if (DB::Aowow()->selectCell('SELECT 1 FROM ?_reports WHERE `mode` = ?d AND `reason`= ?d AND `subject` = ?d{ AND `url` = ?} AND ?# = ?', $this->mode, $this->reason, $this->subject, $url ?: DBSIMPLE_SKIP, $field, User::$id ?: User::$ip))
return self::ERR_ALREADY_REPORTED; return self::ERR_ALREADY_REPORTED;
// check targeted post/postOwner staff status // check targeted post/postOwner staff status
@@ -190,7 +190,28 @@ class Report
return false; return false;
} }
if($err = $this->checkTargetContext()) // clean up src url: dont use anchors, clean up query
if ($pageUrl)
{
$urlParts = parse_url($pageUrl);
if (!empty($urlParts['query']))
{
parse_str($urlParts['query'], $query); // kills redundant param declarations
unset($query['locale']); // locale param shouldn't be needed. more..?
$urlParts['query'] = http_build_query($query);
}
$pageUrl = '';
if (isset($urlParts['scheme']))
$pageUrl .= $urlParts['scheme'].':';
$pageUrl .= '//'.($urlParts['host'] ?? '').($urlParts['path'] ?? '');
if (isset($urlParts['query']))
$pageUrl .= '?'.$urlParts['query'];
}
if ($err = $this->checkTargetContext($pageUrl))
{ {
$this->errorCode = $err; $this->errorCode = $err;
return false; return false;