diff --git a/board.php b/board.php index 5dc4fb3..b657e30 100644 --- a/board.php +++ b/board.php @@ -14,6 +14,8 @@ $config = require 'config.php'; $boardId = $_GET['board'] ?? 'b'; $threadId = isset($_GET['thread']) ? urldecode($_GET['thread']) : null; + + try { $db = new PDO( "mysql:host={$config['db']['host']};dbname={$config['db']['name']}", @@ -124,7 +126,7 @@ if ($threadId) { $posts = $stmt->fetchAll(PDO::FETCH_ASSOC); if (empty($posts)) { - header('Location: board.php?board=' . $boardId); + header('Location: board.php?board=' . urlencode($boardId)); exit; } } catch (PDOException $e) { diff --git a/newthread.php b/newthread.php index 11b47b8..c08fa2f 100644 --- a/newthread.php +++ b/newthread.php @@ -96,15 +96,13 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') { '); $stmt->execute([$threadId, $boardId, $title, $description, $fileName, $fileSize, $fileType, $ip, $anonymousId]); - if ($message) { - $stmt = $db->prepare(' - INSERT INTO posts (post_id, thread_id, board_id, message, ip_address, anonymous_id) - VALUES (?, ?, ?, ?, ?, ?) - '); - $stmt->execute([$postId, $threadId, $boardId, $message, $ip, $anonymousId]); - } + $stmt = $db->prepare(' + INSERT INTO posts (post_id, thread_id, board_id, message, file_name, file_size, file_type, ip_address, anonymous_id) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) + '); + $stmt->execute([$postId, $threadId, $boardId, $message, $fileName, $fileSize, $fileType, $ip, $anonymousId]); - header('Location: board.php?board=' . $boardId . '&thread=' . $threadId); + header('Location: board.php?board=' . urlencode($boardId) . '&thread=' . urlencode($threadId)); exit; } } else {