summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2019-07-13 20:05:30 +0200
committerYorhel <git@yorhel.nl>2019-07-13 20:05:33 +0200
commit87811a6255d16a51848f4f4296ccb0d830054df1 (patch)
treed56f3fdb0676233c141ed8840e607d984b427184
parent326b6088461856bd5486afa0ab12fe9c3e117a20 (diff)
ULists: Remove character filter in VN vote listings
This can leak information about hidden users. While it's possible to fix the filter to throw all hidden users under 'h', I don't think the character filter had much value anyway and this is less error prone.
-rw-r--r--lib/VNDB/DB/ULists.pm3
-rw-r--r--lib/VNDB/Handler/ULists.pm14
2 files changed, 8 insertions, 9 deletions
diff --git a/lib/VNDB/DB/ULists.pm b/lib/VNDB/DB/ULists.pm
index f941dac5..9c892cf3 100644
--- a/lib/VNDB/DB/ULists.pm
+++ b/lib/VNDB/DB/ULists.pm
@@ -189,9 +189,6 @@ sub dbVoteGet {
$o{vn_char} ? ( 'LOWER(SUBSTR(v.title, 1, 1)) = ?' => $o{vn_char} ) : (),
defined $o{vn_char} && !$o{vn_char} ? (
'(ASCII(v.title) < 97 OR ASCII(v.title) > 122) AND (ASCII(v.title) < 65 OR ASCII(v.title) > 90)' => 1 ) : (),
- $o{user_char} ? ( 'LOWER(SUBSTR(u.username, 1, 1)) = ?' => $o{user_char} ) : (),
- defined $o{user_char} && !$o{user_char} ? (
- '(ASCII(u.username) < 97 OR ASCII(u.username) > 122) AND (ASCII(u.username) < 65 OR ASCII(u.username) > 90)' => 1 ) : (),
);
my @select = (
diff --git a/lib/VNDB/Handler/ULists.pm b/lib/VNDB/Handler/ULists.pm
index 10687533..7f4d1ed6 100644
--- a/lib/VNDB/Handler/ULists.pm
+++ b/lib/VNDB/Handler/ULists.pm
@@ -151,7 +151,7 @@ sub votelist {
reverse => $f->{o} eq 'd',
results => 50,
page => $f->{p},
- $f->{c} ne 'all' ? ($type eq 'u' ? 'vn_char' : 'user_char', $f->{c}) : (),
+ $type eq 'u' && $f->{c} ne 'all' ? (vn_char => $f->{c}) : (),
);
my $title = $type eq 'v' ? "Votes for $obj->{title}" : "Votes by $obj->{username}";
@@ -159,11 +159,13 @@ sub votelist {
$self->htmlMainTabs($type => $obj, 'votes');
div class => 'mainbox';
h1 $title;
- p class => 'browseopts';
- for ('all', 'a'..'z', 0) {
- a href => "/$type$id/votes?c=$_", $_ eq $f->{c} ? (class => 'optselected') : (), $_ eq 'all' ? 'ALL' : $_ ? uc $_ : '#';
- }
- end;
+ if($type eq 'u') {
+ p class => 'browseopts';
+ for ('all', 'a'..'z', 0) {
+ a href => "/$type$id/votes?c=$_", $_ eq $f->{c} ? (class => 'optselected') : (), $_ eq 'all' ? 'ALL' : $_ ? uc $_ : '#';
+ }
+ end;
+ }
p 'No votes to list. :-(' if !@$list;
end;