gochan/gochan
1
0
Fork 0
mirror of https://github.com/Eggbertx/gochan.git synced 2025-08-03 03:36:22 -07:00
Code Releases Activity

Fix edit post not letting non-privileged users edit their posts

Browse source
This commit is contained in:
Eggbertx 2023-02-11 15:33:15 -08:00
parent 0ec36c2840
commit 46db3e0abc
3 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cmd/gochan/editpost.go
View file

@ -75,6 +75,7 @@ func editPost(checkedPosts []int, editBtn string, doEdit string, writer http.Res
"siteConfig": config.GetSiteConfig(),
"board": board,
"boardConfig": config.GetBoardConfig(""),
"password": password,
"post": post,
"referrer": request.Referer(),
}
@ -92,7 +93,6 @@ func editPost(checkedPosts []int, editBtn string, doEdit string, writer http.Res
writer.Write(buf.Bytes())
}
if doEdit == "post" || doEdit == "upload" {
var password string
postid, err := strconv.Atoi(request.FormValue("postid"))
if err != nil {
errEv.Err(err).Caller().
@ -122,7 +122,9 @@ func editPost(checkedPosts []int, editBtn string, doEdit string, writer http.Res
}
rank := manage.GetStaffRank(request)
if request.FormValue("password") != password && rank == 0 {
password := request.PostFormValue("password")
passwordMD5 := gcutil.Md5Sum(password)
if post.Password != passwordMD5 && rank == 0 {
server.ServeError(writer, "Wrong password", wantsJSON, nil)
return
}

6
frontend/js/dom/postdropdown.js
View file

@ -12,18 +12,20 @@ const idRe = /^((reply)|(op))(\d+)/;
function editPost(id, _board) {
let cookiePass = getCookie("password");
promptLightbox(cookiePass, true, () => {
promptLightbox(cookiePass, true, (_jq, inputData) => {
$("input[type=checkbox]").prop("checked", false);
$(`input#check${id}`).prop("checked", true);
$("input#delete-password").val(inputData);
$("input[name=edit_btn]").trigger("click");
}, "Edit post");
}
function moveThread(id, _board) {
let cookiePass = getCookie("password");
promptLightbox(cookiePass, true, () => {
promptLightbox(cookiePass, true, (_jq, inputData) => {
$("input[type=checkbox]").prop("checked", false);
$(`input#check${id}`).prop("checked", true);
$("input#delete-password").val(inputData);
$("input[name=move_btn]").trigger("click");
}, "Move thread");
}

4
templates/post_edit.html
View file

@ -8,7 +8,7 @@
<input name="postid" type="hidden" value="{{.post.ID}}" />
<input name="boardid" type="hidden" value="{{.board.ID}}" />
<input name="threadid" type="hidden" value="{{.post.ThreadID}}" />
<input name="password" type="hidden" value="{{.post.Password}}" />
<input name="password" type="hidden" value="{{.password}}" />
<input name="doedit" type="hidden" value="post" />
<table id="postbox-static">
<tr><th class="postblock">Name</th><td>{{stringAppend .post.Name "!" .post.Tripcode}}</td></tr>
@ -25,7 +25,7 @@
<input name="postid" type="hidden" value="{{$.post.ID}}" />
<input name="boardid" type="hidden" value="{{$.board.ID}}" />
<input name="threadid" type="hidden" value="{{$.post.ThreadID}}" />
<input name="password" type="hidden" value="{{$.post.Password}}" />
<input name="password" type="hidden" value="{{$.password}}" />
<input name="doedit" type="hidden" value="upload" />
<table id="postbox-static">
{{- with .upload -}}