From d5c9d4e657433ad06a375ede48d027fe12a17648 Mon Sep 17 00:00:00 2001
From: Eggbertx <eggbertx@users.noreply.github.com>
Date: Sun, 28 Aug 2022 11:55:08 -0700
Subject: [PATCH] Fix manage postinfo action

---
 pkg/gcsql/posts.go                 | 61 +++++++++++++++++++++---------
 pkg/gcsql/postsretrievalqueries.go | 13 +++----
 pkg/manage/actions.go              | 28 ++++++++++++--
 3 files changed, 73 insertions(+), 29 deletions(-)

diff --git a/pkg/gcsql/posts.go b/pkg/gcsql/posts.go
index c0ad9bd8..c8dd2ac4 100644
--- a/pkg/gcsql/posts.go
+++ b/pkg/gcsql/posts.go
@@ -105,22 +105,48 @@ func GetReplyFileCount(postID int) (int, error) {
 	return count, err
 }
 
-func GetPostsFromIP(ip string, limit int, onlyNotDeleted bool) ([]Post, error) {
-	sql := `SELECT
-		DBPREFIXposts.id,
-		thread_id AS threadid,
-		(SELECT id FROM DBPREFIXposts WHERE is_top_post = TRUE AND thread_id = threadid LIMIT 1),
-		(SELECT board_id FROM DBPREFIXthreads WHERE id = DBPREFIXposts.thread_id) as board_id,
-		created_on,name,tripcode,email,subject,message,message_raw,password,
+const selectPostsQuery = `SELECT
+	DBPREFIXposts.id,
+	thread_id AS threadid,
+	(SELECT id FROM DBPREFIXposts WHERE is_top_post = TRUE AND thread_id = threadid LIMIT 1),
+	(SELECT board_id FROM DBPREFIXthreads WHERE id = DBPREFIXposts.thread_id) as board_id,
+	ip,created_on,name,tripcode,email,subject,message,message_raw,password,
 
-		COALESCE(files.filename,''),
-		COALESCE(files.original_filename,''),
-		COALESCE(files.thumbnail_width, 0),
-		COALESCE(files.thumbnail_height, 0),
-		COALESCE(files.width, 0),
-		COALESCE(files.height, 0)
-			FROM DBPREFIXposts LEFT OUTER JOIN DBPREFIXfiles AS files ON files.post_id = DBPREFIXposts.id
-		WHERE ip = ?`
+	COALESCE(files.filename,''),
+	COALESCE(files.original_filename,''),
+	COALESCE(files.file_size, 0),
+	COALESCE(files.checksum, ''),
+	COALESCE(files.thumbnail_width, 0),
+	COALESCE(files.thumbnail_height, 0),
+	COALESCE(files.width, 0),
+	COALESCE(files.height, 0)
+		FROM DBPREFIXposts LEFT OUTER JOIN DBPREFIXfiles AS files ON files.post_id = DBPREFIXposts.id`
+
+// GetPostFromID gets the post from the database with a matching ID,
+// optionally requiring it to not be deleted
+func GetPostFromID(id int, onlyNotDeleted bool) (*Post, error) {
+	sql := selectPostsQuery + ` WHERE DBPREFIXposts.id = ?`
+	if onlyNotDeleted {
+		sql += " AND is_deleted = 0"
+	}
+	var drop int
+	post := new(Post)
+	err := QueryRowSQL(sql, []interface{}{id}, []interface{}{
+		&post.ID, &drop, &post.ParentID,
+		&post.BoardID,
+		&post.IP, &post.Timestamp, &post.Name, &post.Tripcode, &post.Email, &post.Subject, &post.MessageHTML, &post.MessageText, &post.Password,
+		&post.Filename, &post.FilenameOriginal, &post.Filesize, &post.FileChecksum, &post.ThumbW, &post.ThumbH, &post.ImageW, &post.ImageH,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return post, err
+}
+
+// GetPostsFromIP gets the posts from the database with a matching IP address, specifying
+// optionally requiring them to not be deleted
+func GetPostsFromIP(ip string, limit int, onlyNotDeleted bool) ([]Post, error) {
+	sql := selectPostsQuery + ` WHERE DBPREFIXposts.ip = ?`
 	if onlyNotDeleted {
 		sql += " AND is_deleted = 0"
 	}
@@ -133,13 +159,12 @@ func GetPostsFromIP(ip string, limit int, onlyNotDeleted bool) ([]Post, error) {
 	var posts []Post
 	for rows.Next() {
 		var post Post
-		post.IP = ip
 		var drop int
 		if err = rows.Scan(
 			&post.ID, &drop, &post.ParentID,
 			&post.BoardID,
-			&post.Timestamp, &post.Name, &post.Tripcode, &post.Email, &post.Subject, &post.MessageHTML, &post.MessageText, &post.Password,
-			&post.Filename, &post.FilenameOriginal, &post.ThumbW, &post.ThumbH, &post.ImageW, &post.ImageH,
+			&post.IP, &post.Timestamp, &post.Name, &post.Tripcode, &post.Email, &post.Subject, &post.MessageHTML, &post.MessageText, &post.Password,
+			&post.Filename, &post.FilenameOriginal, &post.Filesize, &post.FileChecksum, &post.ThumbW, &post.ThumbH, &post.ImageW, &post.ImageH,
 		); err != nil {
 			return nil, err
 		}
diff --git a/pkg/gcsql/postsretrievalqueries.go b/pkg/gcsql/postsretrievalqueries.go
index 19f6ed60..1140c94a 100644
--- a/pkg/gcsql/postsretrievalqueries.go
+++ b/pkg/gcsql/postsretrievalqueries.go
@@ -7,15 +7,12 @@ import (
 	"strconv"
 )
 
-var abstractSelectPosts = `
 /*
 Left join singlefiles on recentposts where recentposts.selfid = singlefiles.post_id
 Coalesce filenames to "" (if filename = null -> "" else filename)
-
-
 */
-
-Select 
+var abstractSelectPosts = `
+SELECT 
 	recentposts.selfid AS id,
 	recentposts.toppostid AS parentid,
 	recentposts.boardid,
@@ -171,8 +168,8 @@ func GetSpecificTopPost(ID int) (Post, error) {
 // GetSpecificPostByString gets a specific post for a given string id.
 // Deprecated: This method was created to support old functionality during the database refactor of april 2020
 // The code should be changed to reflect the new database design
-func GetSpecificPostByString(ID string) (Post, error) {
-	return getSpecificPostStringDecorated(ID, false)
+func GetSpecificPostByString(ID string, onlyNotDeleted bool) (Post, error) {
+	return getSpecificPostStringDecorated(ID, onlyNotDeleted)
 }
 
 // GetSpecificPost gets a specific post for a given id.
@@ -184,7 +181,7 @@ func GetSpecificPost(ID int, onlyNotDeleted bool) (Post, error) {
 }
 
 var specificPostSQL = abstractSelectPosts + "\nWHERE recentposts.selfid = ?"
-var specificPostSQLNotDeleted = specificPostSQL + "\nWHERE recentposts.is_deleted = FALSE"
+var specificPostSQLNotDeleted = specificPostSQL + "\nAND recentposts.is_deleted = FALSE"
 
 func getSpecificPostStringDecorated(ID string, onlyNotDeleted bool) (Post, error) {
 	var sql string
diff --git a/pkg/manage/actions.go b/pkg/manage/actions.go
index 1b47f968..d830a966 100644
--- a/pkg/manage/actions.go
+++ b/pkg/manage/actions.go
@@ -252,7 +252,7 @@ var actions = []Action{
 
 			if request.FormValue("postid") != "" {
 				var err error
-				post, err = gcsql.GetSpecificPostByString(request.FormValue("postid"))
+				post, err = gcsql.GetSpecificPostByString(request.FormValue("postid"), true)
 				if err != nil {
 					err = errors.New("Error getting post: " + err.Error())
 					return "", err
@@ -850,8 +850,30 @@ var actions = []Action{
 		Permissions: ModPerms,
 		JSONoutput:  AlwaysJSON,
 		Callback: func(writer http.ResponseWriter, request *http.Request, wantsJSON bool) (output interface{}, err error) {
-			post, err := gcsql.GetSpecificPost(gcutil.HackyStringToInt(request.FormValue("postid")), false)
-			return post, err
+			postIDstr := request.FormValue("postid")
+			if postIDstr == "" {
+				return "", errors.New("invalid request (missing postid)")
+			}
+			var postID int
+			if postID, err = strconv.Atoi(postIDstr); err != nil {
+				return "", err
+			}
+			post, err := gcsql.GetPostFromID(postID, true)
+			if err != nil {
+				return "", err
+			}
+
+			postInfo := map[string]interface{}{
+				"post": post,
+				"ip":   post.IP,
+			}
+			names, err := net.LookupAddr(post.IP)
+			if err == nil {
+				postInfo["ipFQDN"] = names
+			} else {
+				postInfo["ipFQDN"] = []string{err.Error()}
+			}
+			return postInfo, nil
 		}},
 	// {
 	// 	may end up deleting this