From 84a3b73a7d8ba0c3bc4ee4a6760f1371a52b2d80 Mon Sep 17 00:00:00 2001 From: fatchan Date: Mon, 13 Apr 2020 15:59:18 +1000 Subject: [PATCH] improve redirects and handle referer better when doing mod actions --- models/forms/actionhandler.js | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/models/forms/actionhandler.js b/models/forms/actionhandler.js index fd2972a5..aa95c28c 100644 --- a/models/forms/actionhandler.js +++ b/models/forms/actionhandler.js @@ -18,11 +18,19 @@ const { Posts, Boards, Modlogs } = require(__dirname+'/../../db/') , getAffectedBoards = require(__dirname+'/../../helpers/affectedboards.js') , buildQueue = require(__dirname+'/../../queue.js') , { postPasswordSecret } = require(__dirname+'/../../configs/main.js') + , threadRegex = /\/[a-z0-9]+\/(?:manage\/)?thread\/(\d+)\.html/i , { createHash, timingSafeEqual } = require('crypto'); module.exports = async (req, res, next) => { - const redirect = req.headers.referer || `/${req.params.board ? req.params.board+'/manage/reports' : 'globalmanage/recents'}.html`; + let redirect = req.headers.referer; + if (!redirect) { + if (!req.params.board) { + redirect = '/globalmanage/recent.html'; + } else { + redirect = `/${req.params.board}/${req.path.endsWith('modactions') ? 'manage/reports' : 'index'}.html`; + } + } //if user isnt staff, and they put an action that requires password, e.g. delete/spoiler, then filter posts to only matching password if (res.locals.permLevel >= 4 && res.locals.actions.numPasswords > 0) { @@ -54,6 +62,16 @@ module.exports = async (req, res, next) => { const deleting = req.body.delete || req.body.delete_ip_board || req.body.delete_ip_global || req.body.delete_ip_thread; let { boardThreadMap, beforePages, threadBoards } = await getAffectedBoards(res.locals.posts, deleting); + if (deleting + && req.params.board + && req.headers.referer + && boardThreadMap[req.params.board]) { + const threadRefMatch = req.headers.referer.match(threadRegex); + if (threadRefMatch && boardThreadMap[req.params.board].directThreads.has(+threadRefMatch[1])) { + redirect = `/${req.params.board}/${req.path.endsWith('modactions') ? 'manage/' : ''}index.html`; + } + } + const messages = []; const modlogActions = [] const combinedQuery = {};