From 6f4fe1379ffc597685f750370e0f37d7cfe947fd Mon Sep 17 00:00:00 2001
From: "Janus B. Kristensen" <jbk@visualgroup.dk>
Date: Mon, 23 May 2005 19:05:44 +0000
Subject: [PATCH] Reason is optional and action can get from either post or get
 methods. (todo write request_str instead of the test for get/post_str)

svn path=/trunk/boinc/; revision=6226
---
 html/user/forum_moderate_post_action.php   | 20 +++++++++++++-------
 html/user/forum_moderate_thread_action.php |  9 ++++-----
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/html/user/forum_moderate_post_action.php b/html/user/forum_moderate_post_action.php
index 6229561835..cfad69ea70 100644
--- a/html/user/forum_moderate_post_action.php
+++ b/html/user/forum_moderate_post_action.php
@@ -17,9 +17,15 @@ if (!isSpecialUser($user,0)) {
     exit();
 }
 
-if (!post_str('action')) {
-    echo "You must specify an action...";
-    exit();
+// TODO:  Write a request_str function to prevent stuff like this
+if (!post_str('action', true)) {
+    if (!get_str('action', true)){
+	    error_page("You must specify an action...");
+    } else {
+	$action = get_str('action');
+    }
+} else {
+    $action = post_str('action');
 }
 
 $post = getPost(get_int('id'));
@@ -31,13 +37,13 @@ if (!$post) {
 
 $thread = getThread($post->thread);
 
-if (post_str('action')=="hide"){
+if ($action=="hide"){
     $result=mysql_query("update post set hidden = ".post_int("category")." where id=".$post->id);
     echo mysql_error();
-} elseif (post_str('action')=="unhide"){
+} elseif ($action=="unhide"){
     $result=mysql_query("update post set hidden = 0 where id=".$post->id);
     echo mysql_error();
-} elseif (post_str('action')=="move"){
+} elseif ($action=="move"){
     if (getThread(post_int('threadid'))){
         $result=mysql_query("update post set thread = ".post_int('threadid')." where id=".$post->id);
         echo mysql_error();
@@ -55,7 +61,7 @@ if (post_str('action')=="hide"){
 
 if ($result) {
     echo mysql_error();
-    if (post_str('reason')){
+    if (post_str('reason', true)){
         send_moderation_email(lookup_user_id($post->user),$thread, $post, post_str("reason"));
     }
     header('Location: forum_thread.php?id='.$thread->id);
diff --git a/html/user/forum_moderate_thread_action.php b/html/user/forum_moderate_thread_action.php
index 9206230bf2..1dab51e5db 100644
--- a/html/user/forum_moderate_thread_action.php
+++ b/html/user/forum_moderate_thread_action.php
@@ -12,10 +12,9 @@ db_init();
 $user = get_logged_in_user();
 $user = getForumPreferences($user);
 
-if (!post_str('action')) {
-    if (!get_str('action')){
-	echo "You must specify an action...";
-	exit();
+if (!post_str('action', true)) {
+    if (!get_str('action', true)){
+	    error_page("You must specify an action...");
     } else {
 	$action = get_str('action');
     }
@@ -67,7 +66,7 @@ if ($action=="hide"){
 
 if ($result) {
     echo mysql_error();
-    if (post_str('reason')){
+    if (post_str('reason', true)){
         send_thread_moderation_email(lookup_user_id($post->user),$thread, post_str("reason"));
     }
     header('Location: forum_thread.php?id='.$thread->id);