diff options
| author | Git <git@what.cd> | 2016-01-28 08:00:28 +0000 |
|---|---|---|
| committer | Git <git@what.cd> | 2016-01-28 08:00:28 +0000 |
| commit | 2ae321dfee04da13f78cbfaa08ea4d24c5f0d9c0 (patch) | |
| tree | c40282387088a76e0551b16661947a73822407a3 | |
| parent | 565ac11cdb9064913be2858ebb29559587e52c1e (diff) | |
| download | Gazelle-2ae321dfee04da13f78cbfaa08ea4d24c5f0d9c0.zip Gazelle-2ae321dfee04da13f78cbfaa08ea4d24c5f0d9c0.tar.gz Gazelle-2ae321dfee04da13f78cbfaa08ea4d24c5f0d9c0.tar.bz2 | |
Empty commit
| -rw-r--r-- | docs/CHANGES.txt | 3 | ||||
| -rw-r--r-- | sections/torrents/download.php | 10 | ||||
| -rw-r--r-- | sections/user/takemoderate.php | 2 |
3 files changed, 13 insertions, 2 deletions
diff --git a/docs/CHANGES.txt b/docs/CHANGES.txt index ae61248..0c9fb76 100644 --- a/docs/CHANGES.txt +++ b/docs/CHANGES.txt @@ -1,5 +1,8 @@ CHANGE LOG +2016-01-27 by newman +Fix downloading torrents via wget or other utilities when account is locked. This should prevent plugins like autodl-irssi from downloading torrents after an account becomes locked + 2016-01-23 by newman Add confirmation for deleting poll options. Don't load all news and blogs when editing one. Don't load all news when writing a new post, instead load 5 and add the "click to view more" link, similar to the homepage. Add "Replies" column to staffpm.php and Staff PMs on user profiles. Add better.php header link diff --git a/sections/torrents/download.php b/sections/torrents/download.php index c87774f..3b24b44 100644 --- a/sections/torrents/download.php +++ b/sections/torrents/download.php @@ -13,21 +13,27 @@ if (!isset($_REQUEST['authkey']) || !isset($_REQUEST['torrent_pass'])) { $UserInfo = $Cache->get_value('user_'.$_REQUEST['torrent_pass']); if (!is_array($UserInfo)) { $DB->query(" - SELECT ID, DownloadAlt + SELECT ID, DownloadAlt, la.UserID FROM users_main AS m INNER JOIN users_info AS i ON i.UserID = m.ID + LEFT JOIN locked_accounts AS la ON la.UserID = m.ID WHERE m.torrent_pass = '".db_string($_REQUEST['torrent_pass'])."' AND m.Enabled = '1'"); $UserInfo = $DB->next_record(); $Cache->cache_value('user_'.$_REQUEST['torrent_pass'], $UserInfo, 3600); } $UserInfo = array($UserInfo); - list($UserID, $DownloadAlt) = array_shift($UserInfo); + list($UserID, $DownloadAlt, $Locked) = array_shift($UserInfo); if (!$UserID) { error(0); } $TorrentPass = $_REQUEST['torrent_pass']; $AuthKey = $_REQUEST['authkey']; + + if ($Locked == $UserID) { + header('HTTP/1.1 403 Forbidden'); + die(); + } } $TorrentID = $_REQUEST['id']; diff --git a/sections/user/takemoderate.php b/sections/user/takemoderate.php index 81c7897..16dac3e 100644 --- a/sections/user/takemoderate.php +++ b/sections/user/takemoderate.php @@ -192,11 +192,13 @@ if ($LockType == '---' || $LockedAccount == 0) { if ($Cur['Type']) { $DB->query("DELETE FROM locked_accounts WHERE UserID = '" . $UserID . "'"); $EditSummary[] = 'Account unlocked'; + $Cache->delete_value('user_' . $Cur['torrent_pass']); } } else if (!$Cur['Type'] || $Cur['Type'] != $LockType) { $DB->query("INSERT INTO locked_accounts (UserID, Type) VALUES ('" . $UserID . "', '" . $LockType . "') ON DUPLICATE KEY UPDATE Type = '" . $LockType . "'"); + $Cache->delete_value('user_' . $Cur['torrent_pass']); if ($Cur['Type'] != $LockType) { $EditSummary[] = 'Account lock reason changed to ' . $LockType; |