Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2025-03-14 13:35:33 +03:00
Code Issues Projects Releases Packages Wiki Activity

Защита от SQLi и доработка поиска

Browse source
This commit is contained in:
n1rwana 2023-08-12 00:38:51 +03:00
parent ee15ee617d
commit 5353ef3543
No known key found for this signature in database
GPG key ID: 184A60085ABF17D8
1 changed files with 153 additions and 153 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
Web/Presenters/NoSpamPresenter.php
View file

@ -177,26 +177,25 @@ final class NoSpamPresenter extends OpenVKPresenter
if ($conditions) {
$logs = $db->query("SELECT * FROM `ChandlerLogs` $whereStart $conditions GROUP BY `object_id`, `object_model`");
if (!$where) {
foreach ($logs as $log) {
$log = (new Logs)->get($log->id);
$response[] = $log->getObject()->unwrap();
}
} else {
foreach ($logs as $log) {
$log = (new Logs)->get($log->id);
$object = $log->getObject()->unwrap();
if (!$object) continue;
if ($where) {
if (str_starts_with($where, " AND")) {
$where = substr_replace($where, "", 0, strlen(" AND"));
}
foreach ($db->query("SELECT * FROM `$table` WHERE $where")->fetchAll() as $o) {
if ($object->id === $o["id"]) {
$a = $db->query("SELECT * FROM `$table` WHERE $where")->fetchAll();
foreach ($a as $o) {
if ($object->id == $o["id"]) {
$response[] = $object;
}
}
} else {
$response[] = $object;
}
}
}
@ -210,12 +209,16 @@ final class NoSpamPresenter extends OpenVKPresenter
$processed = 0;
$where = $this->postParam("where");
$ip = $this->postParam("ip");
$useragent = $this->postParam("useragent");
$searchTerm = $this->postParam("q");
$ip = addslashes($this->postParam("ip"));
$useragent = addslashes($this->postParam("useragent"));
$searchTerm = addslashes($this->postParam("q"));
$ts = (int)$this->postParam("ts");
$te = (int)$this->postParam("te");
$user = $this->postParam("user");
$user = addslashes($this->postParam("user"));
if ($where) {
$where = explode(";", $where)[0];
}
if (!$ip && !$useragent && !$searchTerm && !$ts && !$te && !$where && !$searchTerm && !$user)
$this->returnJson(["success" => false, "error" => "Нет запроса. Заполните поле \"подстрока\" или введите запрос \"WHERE\" в поле под ним."]);
@ -256,12 +259,7 @@ final class NoSpamPresenter extends OpenVKPresenter
}
$rows = [];
if ($ip || $useragent || $ts || $te || $user) {
$rows = searchByAdditionalParams($table, $where, $ip, $useragent, $ts, $te, $user);
}
if (count($rows) === 0) {
if (!$searchTerm) {
if (str_starts_with($where, " AND")) {
if ($searchTerm && !$this->postParam("where")) {
$where = substr_replace($where, "", 0, strlen(" AND"));
@ -270,6 +268,9 @@ final class NoSpamPresenter extends OpenVKPresenter
}
}
if ($ip || $useragent || $ts || $te || $user) {
$rows = searchByAdditionalParams($table, $where, $ip, $useragent, $ts, $te, $user);
} else {
if (!$where) {
$rows = [];
} else {
@ -277,7 +278,6 @@ final class NoSpamPresenter extends OpenVKPresenter
$rows = $result->fetchAll();
}
}
}
if (!in_array((int)$this->postParam("ban"), [1, 2, 3])) {
foreach ($rows as $key => $object) {
@ -347,7 +347,7 @@ final class NoSpamPresenter extends OpenVKPresenter
}
if (in_array((int)$this->postParam("ban"), [2, 3])) {
$reason = mb_strlen(trim($this->postParam("ban_reason"))) > 0 ? $this->postParam("ban_reason") : ("**content-noSpamTemplate-" . $log->getId() . "**");
$reason = mb_strlen(trim($this->postParam("ban_reason"))) > 0 ? addslashes($this->postParam("ban_reason")) : ("**content-noSpamTemplate-" . $log->getId() . "**");
$is_forever = (string)$this->postParam("is_forever") === "true";
$unban_time = $is_forever ? 0 : (int)$this->postParam("unban_time") ?? NULL;