mirror of
https://github.com/Eggbertx/gochan.git
synced 2025-08-05 04:36:24 -07:00
Fix edit post not letting non-privileged users edit their posts
This commit is contained in:
parent
0ec36c2840
commit
46db3e0abc
3 changed files with 10 additions and 6 deletions
|
@ -75,6 +75,7 @@ func editPost(checkedPosts []int, editBtn string, doEdit string, writer http.Res
|
||||||
"siteConfig": config.GetSiteConfig(),
|
"siteConfig": config.GetSiteConfig(),
|
||||||
"board": board,
|
"board": board,
|
||||||
"boardConfig": config.GetBoardConfig(""),
|
"boardConfig": config.GetBoardConfig(""),
|
||||||
|
"password": password,
|
||||||
"post": post,
|
"post": post,
|
||||||
"referrer": request.Referer(),
|
"referrer": request.Referer(),
|
||||||
}
|
}
|
||||||
|
@ -92,7 +93,6 @@ func editPost(checkedPosts []int, editBtn string, doEdit string, writer http.Res
|
||||||
writer.Write(buf.Bytes())
|
writer.Write(buf.Bytes())
|
||||||
}
|
}
|
||||||
if doEdit == "post" || doEdit == "upload" {
|
if doEdit == "post" || doEdit == "upload" {
|
||||||
var password string
|
|
||||||
postid, err := strconv.Atoi(request.FormValue("postid"))
|
postid, err := strconv.Atoi(request.FormValue("postid"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errEv.Err(err).Caller().
|
errEv.Err(err).Caller().
|
||||||
|
@ -122,7 +122,9 @@ func editPost(checkedPosts []int, editBtn string, doEdit string, writer http.Res
|
||||||
}
|
}
|
||||||
|
|
||||||
rank := manage.GetStaffRank(request)
|
rank := manage.GetStaffRank(request)
|
||||||
if request.FormValue("password") != password && rank == 0 {
|
password := request.PostFormValue("password")
|
||||||
|
passwordMD5 := gcutil.Md5Sum(password)
|
||||||
|
if post.Password != passwordMD5 && rank == 0 {
|
||||||
server.ServeError(writer, "Wrong password", wantsJSON, nil)
|
server.ServeError(writer, "Wrong password", wantsJSON, nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,18 +12,20 @@ const idRe = /^((reply)|(op))(\d+)/;
|
||||||
|
|
||||||
function editPost(id, _board) {
|
function editPost(id, _board) {
|
||||||
let cookiePass = getCookie("password");
|
let cookiePass = getCookie("password");
|
||||||
promptLightbox(cookiePass, true, () => {
|
promptLightbox(cookiePass, true, (_jq, inputData) => {
|
||||||
$("input[type=checkbox]").prop("checked", false);
|
$("input[type=checkbox]").prop("checked", false);
|
||||||
$(`input#check${id}`).prop("checked", true);
|
$(`input#check${id}`).prop("checked", true);
|
||||||
|
$("input#delete-password").val(inputData);
|
||||||
$("input[name=edit_btn]").trigger("click");
|
$("input[name=edit_btn]").trigger("click");
|
||||||
}, "Edit post");
|
}, "Edit post");
|
||||||
}
|
}
|
||||||
|
|
||||||
function moveThread(id, _board) {
|
function moveThread(id, _board) {
|
||||||
let cookiePass = getCookie("password");
|
let cookiePass = getCookie("password");
|
||||||
promptLightbox(cookiePass, true, () => {
|
promptLightbox(cookiePass, true, (_jq, inputData) => {
|
||||||
$("input[type=checkbox]").prop("checked", false);
|
$("input[type=checkbox]").prop("checked", false);
|
||||||
$(`input#check${id}`).prop("checked", true);
|
$(`input#check${id}`).prop("checked", true);
|
||||||
|
$("input#delete-password").val(inputData);
|
||||||
$("input[name=move_btn]").trigger("click");
|
$("input[name=move_btn]").trigger("click");
|
||||||
}, "Move thread");
|
}, "Move thread");
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
<input name="postid" type="hidden" value="{{.post.ID}}" />
|
<input name="postid" type="hidden" value="{{.post.ID}}" />
|
||||||
<input name="boardid" type="hidden" value="{{.board.ID}}" />
|
<input name="boardid" type="hidden" value="{{.board.ID}}" />
|
||||||
<input name="threadid" type="hidden" value="{{.post.ThreadID}}" />
|
<input name="threadid" type="hidden" value="{{.post.ThreadID}}" />
|
||||||
<input name="password" type="hidden" value="{{.post.Password}}" />
|
<input name="password" type="hidden" value="{{.password}}" />
|
||||||
<input name="doedit" type="hidden" value="post" />
|
<input name="doedit" type="hidden" value="post" />
|
||||||
<table id="postbox-static">
|
<table id="postbox-static">
|
||||||
<tr><th class="postblock">Name</th><td>{{stringAppend .post.Name "!" .post.Tripcode}}</td></tr>
|
<tr><th class="postblock">Name</th><td>{{stringAppend .post.Name "!" .post.Tripcode}}</td></tr>
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
<input name="postid" type="hidden" value="{{$.post.ID}}" />
|
<input name="postid" type="hidden" value="{{$.post.ID}}" />
|
||||||
<input name="boardid" type="hidden" value="{{$.board.ID}}" />
|
<input name="boardid" type="hidden" value="{{$.board.ID}}" />
|
||||||
<input name="threadid" type="hidden" value="{{$.post.ThreadID}}" />
|
<input name="threadid" type="hidden" value="{{$.post.ThreadID}}" />
|
||||||
<input name="password" type="hidden" value="{{$.post.Password}}" />
|
<input name="password" type="hidden" value="{{$.password}}" />
|
||||||
<input name="doedit" type="hidden" value="upload" />
|
<input name="doedit" type="hidden" value="upload" />
|
||||||
<table id="postbox-static">
|
<table id="postbox-static">
|
||||||
{{- with .upload -}}
|
{{- with .upload -}}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue