diff --git a/composer.lock b/composer.lock
index 15dc2938..484adf4f 100644
--- a/composer.lock
+++ b/composer.lock
@@ -388,12 +388,12 @@
"source": {
"type": "git",
"url": "https://github.com/shish/microcrud.git",
- "reference": "415ef0d7cf54177783cceaf031e5b7a0e9b7aa11"
+ "reference": "8c468bf36554ae1d3cc24ddc4059ebac2e965ef1"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/shish/microcrud/zipball/415ef0d7cf54177783cceaf031e5b7a0e9b7aa11",
- "reference": "415ef0d7cf54177783cceaf031e5b7a0e9b7aa11",
+ "url": "https://api.github.com/repos/shish/microcrud/zipball/8c468bf36554ae1d3cc24ddc4059ebac2e965ef1",
+ "reference": "8c468bf36554ae1d3cc24ddc4059ebac2e965ef1",
"shasum": ""
},
"require": {
@@ -429,7 +429,7 @@
"crud",
"generator"
],
- "time": "2019-11-25T22:50:43+00:00"
+ "time": "2019-11-27T19:39:01+00:00"
},
{
"name": "shish/microhtml",
@@ -1853,12 +1853,12 @@
"source": {
"type": "git",
"url": "https://github.com/symfony/polyfill-ctype.git",
- "reference": "550ebaac289296ce228a706d0867afc34687e3f4"
+ "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/550ebaac289296ce228a706d0867afc34687e3f4",
- "reference": "550ebaac289296ce228a706d0867afc34687e3f4",
+ "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
+ "reference": "f8f0b461be3385e56d6de3dbb5a0df24c0c275e3",
"shasum": ""
},
"require": {
@@ -1870,7 +1870,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-master": "1.12-dev"
+ "dev-master": "1.13-dev"
}
},
"autoload": {
@@ -1903,7 +1903,7 @@
"polyfill",
"portable"
],
- "time": "2019-08-06T08:03:45+00:00"
+ "time": "2019-11-27T13:56:44+00:00"
},
{
"name": "theseer/tokenizer",
diff --git a/core/polyfills.php b/core/polyfills.php
index b5ec84c8..296f0693 100644
--- a/core/polyfills.php
+++ b/core/polyfills.php
@@ -728,6 +728,8 @@ function validate_input(array $inputs): array
$outputs[$key] = (int)$value;
} elseif (in_array('bool', $flags)) {
$outputs[$key] = bool_escape($value);
+ } elseif (in_array('date', $flags)) {
+ $outputs[$key] = date("Y-m-d H:i:s", strtotime(trim($value)));
} elseif (in_array('string', $flags)) {
if (in_array('trim', $flags)) {
$value = trim($value);
diff --git a/core/user.php b/core/user.php
index 4b746a78..26080466 100644
--- a/core/user.php
+++ b/core/user.php
@@ -242,5 +242,12 @@ class User
public function check_auth_token(): bool
{
return (isset($_POST["auth_token"]) && $_POST["auth_token"] == $this->get_auth_token());
+ }
+
+ public function ensure_authed(): void
+ {
+ if(!$this->check_auth_token()) {
+ die("Invalid auth token");
+ }
}
}
diff --git a/core/util.php b/core/util.php
index 3b19218c..0f005edb 100644
--- a/core/util.php
+++ b/core/util.php
@@ -639,7 +639,7 @@ function show_ip(string $ip, string $ban_reason): string
global $user;
$u_reason = url_escape($ban_reason);
$u_end = url_escape("+1 week");
- $ban = $user->can(Permissions::BAN_IP) ? ", Ban" : "";
+ $ban = $user->can(Permissions::BAN_IP) ? ", Ban" : "";
$ip = $user->can(Permissions::VIEW_IP) ? $ip.$ban : "";
return $ip;
}
diff --git a/ext/ipban/main.php b/ext/ipban/main.php
index 467dcf94..b296f9c5 100644
--- a/ext/ipban/main.php
+++ b/ext/ipban/main.php
@@ -1,5 +1,6 @@
table = "bans";
$this->base_query = "
- SELECT bans.*, users.name AS banner
- FROM bans JOIN users ON banner_id=users.id
+ SELECT * FROM (
+ SELECT bans.*, users.name AS banner
+ FROM bans JOIN users ON banner_id=users.id
+ ) AS tbl1
";
$this->size = 10;
$this->columns = [
- new StringColumn("ip", "IP"),
+ new InetColumn("ip", "IP"),
new EnumColumn("mode", "Mode", ["Block"=>"block", "Firewall"=>"firewall"]),
new TextColumn("reason", "Reason"),
new StringColumn("banner", "Banner"),
@@ -31,8 +34,10 @@ class IPBanTable extends Table
$this->flags = [
"all" => ["((expires > CURRENT_TIMESTAMP) OR (expires IS NULL))", null],
];
- $this->create_url = "/ip_ban/create";
- $this->delete_url = "/ip_ban/remove";
+ $this->create_url = make_link("ip_ban/create");
+ $this->delete_url = make_link("ip_ban/delete");
+
+ $this->table_attrs = ["class" => "sortable zebra"];
}
}
@@ -83,30 +88,25 @@ class IPBan extends Extension
public function onPageRequest(PageRequestEvent $event)
{
if ($event->page_matches("ip_ban")) {
- global $database, $page, $user;
+ global $database, $page, $user;
if ($user->can(Permissions::BAN_IP)) {
- if ($event->get_arg(0) == "create" && $user->check_auth_token()) {
- if (isset($_POST['c_ip']) && isset($_POST['c_reason']) && isset($_POST['c_expires'])) {
- if (empty($_POST['c_expires'])) {
- $end = null;
- } else {
- $end = date("Y-m-d H:i:s", strtotime(trim($_POST['c_expires'])));
- }
- send_event(new AddIPBanEvent($_POST['c_ip'], $_POST['c_reason'], $end));
-
- flash_message("Ban for {$_POST['c_ip']} added");
- $page->set_mode(PageMode::REDIRECT);
- $page->set_redirect(make_link("ip_ban/list"));
- }
- } elseif ($event->get_arg(0) == "delete" && $user->check_auth_token()) {
- if (isset($_POST['d_id'])) {
- send_event(new RemoveIPBanEvent($_POST['d_id']));
-
- flash_message("Ban removed");
- $page->set_mode(PageMode::REDIRECT);
- $page->set_redirect(make_link("ip_ban/list"));
- }
+ if ($event->get_arg(0) == "create") {
+ $user->ensure_authed();
+ $input = validate_input(["c_ip"=>"string", "c_reason"=>"string", "c_expires"=>"optional,date"]);
+ send_event(new AddIPBanEvent($input['c_ip'], $input['c_reason'], $input['c_expires']));
+ flash_message("Ban for {$input['c_ip']} added");
+ $page->set_mode(PageMode::REDIRECT);
+ $page->set_redirect(make_link("ip_ban/list"));
+ } elseif ($event->get_arg(0) == "delete") {
+ $user->ensure_authed();
+ $input = validate_input(["d_id"=>"int"]);
+ send_event(new RemoveIPBanEvent($input['d_id']));
+ flash_message("Ban removed");
+ $page->set_mode(PageMode::REDIRECT);
+ $page->set_redirect(make_link("ip_ban/list"));
} elseif ($event->get_arg(0) == "list") {
+ $_GET['c_banner'] = $user->name;
+ $_GET['c_added'] = date('Y-m-d');
$t = new IPBanTable($database->raw_db(), $user->get_auth_token());
$table = $t->table($t->query());
$this->theme->display_bans($page, $table, $t->paginator());