Browse Source

Send encrypted emails and IPs over POST to avoid large request URLs

spaghetti 3 years ago
parent
commit
853ceb48b2

+ 4
- 4
sections/delete/delete_email.php View File

@@ -1,7 +1,7 @@
1 1
 <?
2 2
 
3
-if (!isset($_GET['emails']) || !is_array($_GET['emails'])) {
4
-  error("Stop that.");
3
+if (!isset($_POST['emails']) || !is_array($_POST['emails'])) {
4
+  error("No email requested");
5 5
 }
6 6
 
7 7
 if (!apcu_exists('DBKEY')) {
@@ -17,14 +17,14 @@ View::show_header('Email Expunge Request');
17 17
 </div>
18 18
 <form class="create_form box pad" name="emaildelete" action="delete.php" method="post">
19 19
   <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
20
-  <? foreach($_GET['emails'] as $email) { ?>
20
+  <? foreach($_POST['emails'] as $email) { ?>
21 21
   <input type="hidden" name="emails[]" value="<?=$email?>" />
22 22
   <? } ?>
23 23
   <input type="hidden" name="action" value="takeemail" />
24 24
   <table cellspacing="1" cellpadding="3" border="0" class="layout" width="100%">
25 25
     <tr>
26 26
       <td class="label">Email:</td>
27
-      <td><input type="text" size="30" value="<?=Crypto::decrypt($_GET['emails'][0])?>" disabled /></td>
27
+      <td><input type="text" size="30" value="<?=Crypto::decrypt($_POST['emails'][0])?>" disabled /></td>
28 28
     </tr>
29 29
     <tr>
30 30
       <td class="label">Reason (Optional):</td>

+ 4
- 4
sections/delete/delete_ip.php View File

@@ -1,7 +1,7 @@
1 1
 <?
2 2
 
3
-if (!isset($_GET['ips']) || !is_array($_GET['ips'])) {
4
-  error("Stop that.");
3
+if (!isset($_POST['ips']) || !is_array($_POST['ips'])) {
4
+  error("No IP requested");
5 5
 }
6 6
 
7 7
 if (!apcu_exists('DBKEY')) {
@@ -17,14 +17,14 @@ View::show_header('IP Address Expunge Request');
17 17
 </div>
18 18
 <form class="create_form box pad" name="ipdelete" action="delete.php" method="post">
19 19
   <input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
20
-  <? foreach($_GET['ips'] as $ip) { ?>
20
+  <? foreach($_POST['ips'] as $ip) { ?>
21 21
   <input type="hidden" name="ips[]" value="<?=$ip?>" />
22 22
   <? } ?>
23 23
   <input type="hidden" name="action" value="takeip" />
24 24
   <table cellspacing="1" cellpadding="3" border="0" class="layout" width="100%">
25 25
     <tr>
26 26
       <td class="label">IP:</td>
27
-      <td><input type="text" size="30" value="<?=Crypto::decrypt($_GET['ips'][0])?>" disabled /></td>
27
+      <td><input type="text" size="30" value="<?=Crypto::decrypt($_POST['ips'][0])?>" disabled /></td>
28 28
     </tr>
29 29
     <tr>
30 30
       <td class="label">Reason (Optional):</td>

+ 7
- 1
sections/userhistory/email_history_userview.php View File

@@ -65,7 +65,13 @@ if (!$Self) {
65 65
     <td><?=display_str($Email)?></td>
66 66
     <td>
67 67
     <? if ($Email != $Curr) { ?>
68
-      <a href="delete.php?action=email&emails[]=<?=implode('&emails[]=', array_map('urlencode', $Encs))?>" class="brackets">X</a>
68
+      <form action="delete.php" method="post">
69
+        <input type="hidden" name="action" value="email">
70
+        <? foreach ($Encs as $Enc) { ?>
71
+        <input type="hidden" name="emails[]" value="<?=$Enc?>">
72
+        <? } ?>
73
+        <input type="submit" value="X">
74
+      </form>
69 75
     <? } ?>
70 76
     </td>
71 77
   </tr>

+ 7
- 1
sections/userhistory/ip_history_userview.php View File

@@ -65,7 +65,13 @@ if (!$Self) {
65 65
     <td><?=display_str($IP)?></td>
66 66
     <td>
67 67
     <? if ($IP != $Curr) { ?>
68
-      <a href="delete.php?action=ip&ips[]=<?=implode('&ips[]=', array_map('urlencode', $Encs))?>" class="brackets">X</a>
68
+      <form action="delete.php" method="post">
69
+        <input type="hidden" name="action" value="ip">
70
+        <? foreach ($Encs as $Enc) { ?>
71
+        <input type="hidden" name="ips[]" value="<?=$Enc?>">
72
+        <? } ?>
73
+        <input type="submit" value="X">
74
+      </form>
69 75
     <? } ?>
70 76
     </td>
71 77
   </tr>

Loading…
Cancel
Save