refresh-post protection

diff --git a/install.d/session.inc.php b/install.d/session.inc.php
index 8925b89..485315d 100644 (file)
--- a/install.d/session.inc.php
+++ b/install.d/session.inc.php
@@ -28,4 +28,19 @@ if (!isset($_SESSION['profile']) && (!isset($_POST['action']) ||
   $_SESSION['displaytype'] = $_POST['displaytype'];
   $_SESSION['profile'] = true;
 }
   $_SESSION['displaytype'] = $_POST['displaytype'];
   $_SESSION['profile'] = true;
 }

+
+// refresh-post protection
+$sname = $_SERVER['SCRIPT_NAME'];
+$array = explode('/',$sname);
+$sname = array_pop($array);
+unset($array);
+switch ($sname) {
+  case "thread.php":
+    if (!isset($_SESSION['bananapostok'])) 
+      $_SESSION['bananapostok']=true;
+    break;
+  default:
+    $_SESSION['bananapostok']=true;
+    break;
+}

 ?>
 ?>

diff --git a/thread.php b/thread.php
index f289fc0..abade85 100644 (file)
--- a/thread.php
+++ b/thread.php
@@ -65,7 +65,8 @@ $first = (isset($_REQUEST['first'])?
 $last  = (isset($_REQUEST['first'])?
   (floor($_REQUEST['first']/$max+1)*$max):$max);
 
 $last  = (isset($_REQUEST['first'])?
   (floor($_REQUEST['first']/$max+1)*$max):$max);
 

-if (isset($_REQUEST['action']) && (isset($_REQUEST['type']))) {
+if (isset($_REQUEST['action']) && (isset($_REQUEST['type'])) && 
+(isset($_SESSION['bananapostok'])) && ($_SESSION['bananapostok'])) {

   switch ($_REQUEST['type']) {  
     case 'cancel':
       $mid = array_search($id,$spool->ids);
   switch ($_REQUEST['type']) {  
     case 'cancel':
       $mid = array_search($id,$spool->ids);


@@ -140,6 +141,7 @@ if (isset($_REQUEST['action']) && (isset($_REQUEST['type']))) {
       }
       break;
   }
       }
       break;
   }

+  $_SESSION['bananapostok']=false;

   $spool = new spool($mynntp,$group,$profile['display'],
     $profile['lastnews']);
   if (!$spool) {
   $spool = new spool($mynntp,$group,$profile['display'],
     $profile['lastnews']);
   if (!$spool) {