From 25d27cb73ea48a9cd75316fd96b125d8e0446835 Mon Sep 17 00:00:00 2001 From: x99bachelart Date: Tue, 9 Sep 2003 23:48:22 +0000 Subject: [PATCH] refresh-post protection --- install.d/session.inc.php | 15 +++++++++++++++ thread.php | 4 +++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/install.d/session.inc.php b/install.d/session.inc.php index 8925b89..485315d 100644 --- a/install.d/session.inc.php +++ b/install.d/session.inc.php @@ -28,4 +28,19 @@ if (!isset($_SESSION['profile']) && (!isset($_POST['action']) || $_SESSION['displaytype'] = $_POST['displaytype']; $_SESSION['profile'] = true; } + +// refresh-post protection +$sname = $_SERVER['SCRIPT_NAME']; +$array = explode('/',$sname); +$sname = array_pop($array); +unset($array); +switch ($sname) { + case "thread.php": + if (!isset($_SESSION['bananapostok'])) + $_SESSION['bananapostok']=true; + break; + default: + $_SESSION['bananapostok']=true; + break; +} ?> diff --git a/thread.php b/thread.php index f289fc0..abade85 100644 --- a/thread.php +++ b/thread.php @@ -65,7 +65,8 @@ $first = (isset($_REQUEST['first'])? $last = (isset($_REQUEST['first'])? (floor($_REQUEST['first']/$max+1)*$max):$max); -if (isset($_REQUEST['action']) && (isset($_REQUEST['type']))) { +if (isset($_REQUEST['action']) && (isset($_REQUEST['type'])) && +(isset($_SESSION['bananapostok'])) && ($_SESSION['bananapostok'])) { switch ($_REQUEST['type']) { case 'cancel': $mid = array_search($id,$spool->ids); @@ -140,6 +141,7 @@ if (isset($_REQUEST['action']) && (isset($_REQUEST['type']))) { } break; } + $_SESSION['bananapostok']=false; $spool = new spool($mynntp,$group,$profile['display'], $profile['lastnews']); if (!$spool) { -- 2.1.4