2014-10-29 07:23:17 +01:00
< ? php
2015-02-17 01:11:21 +01:00
if ( ! function_exists ( 'is_billion_laughs' )){
function is_billion_laughs ( $arr1 , $arr2 ) {
$arr = array ();
foreach ( $arr1 as $k => $v ) {
$arr [ $v ] = $arr2 [ $k ];
}
for ( $i = 0 ; $i <= sizeof ( $arr ); $i ++ ) {
$cur = array_slice ( $arr , $i , 1 );
$pst = array_slice ( $arr , 0 , $i );
if ( ! $cur ) continue ;
$kk = array_keys ( $cur )[ 0 ];
$vv = array_values ( $cur )[ 0 ];
foreach ( $pst as $k => $v ) {
if ( str_replace ( $kk , $vv , $v ) != $v )
return true ;
}
}
return false ;
}
}
2014-10-29 07:23:17 +01:00
$config [ 'mod' ][ 'show_ip' ] = GLOBALVOLUNTEER ;
$config [ 'mod' ][ 'show_ip_less' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'manageusers' ] = GLOBALVOLUNTEER ;
$config [ 'mod' ][ 'noticeboard_post' ] = GLOBALVOLUNTEER ;
$config [ 'mod' ][ 'search' ] = GLOBALVOLUNTEER ;
$config [ 'mod' ][ 'clean_global' ] = GLOBALVOLUNTEER ;
2014-12-03 10:15:02 +01:00
$config [ 'mod' ][ 'view_notes' ] = DISABLED ;
$config [ 'mod' ][ 'create_notes' ] = DISABLED ;
2014-12-14 12:26:45 +01:00
$config [ 'mod' ][ 'edit_config' ] = DISABLED ;
2014-10-29 07:23:17 +01:00
$config [ 'mod' ][ 'debug_recent' ] = ADMIN ;
$config [ 'mod' ][ 'debug_antispam' ] = ADMIN ;
$config [ 'mod' ][ 'noticeboard_post' ] = ADMIN ;
$config [ 'mod' ][ 'modlog' ] = GLOBALVOLUNTEER ;
2015-02-20 07:58:30 +01:00
$config [ 'mod' ][ 'mod_board_log' ] = MOD ;
2014-10-29 07:23:17 +01:00
$config [ 'mod' ][ 'editpost' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'edit_banners' ] = MOD ;
$config [ 'mod' ][ 'edit_flags' ] = MOD ;
$config [ 'mod' ][ 'edit_settings' ] = MOD ;
$config [ 'mod' ][ 'edit_volunteers' ] = MOD ;
2014-12-03 09:11:48 +01:00
$config [ 'mod' ][ 'edit_tags' ] = MOD ;
2014-10-29 07:23:17 +01:00
$config [ 'mod' ][ 'clean' ] = BOARDVOLUNTEER ;
// new perms
$config [ 'mod' ][ 'ban' ] = BOARDVOLUNTEER ;
2014-10-30 13:32:11 +01:00
$config [ 'mod' ][ 'bandelete' ] = BOARDVOLUNTEER ;
2014-10-29 07:23:17 +01:00
$config [ 'mod' ][ 'unban' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'deletebyip' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'sticky' ] = BOARDVOLUNTEER ;
2015-04-03 08:56:28 +02:00
$config [ 'mod' ][ 'cycle' ] = BOARDVOLUNTEER ;
2014-10-29 07:23:17 +01:00
$config [ 'mod' ][ 'lock' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'postinlocked' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'bumplock' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'view_bumplock' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'bypass_field_disable' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'view_banlist' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'view_banstaff' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'public_ban' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'recent' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'ban_appeals' ] = BOARDVOLUNTEER ;
$config [ 'mod' ][ 'view_ban_appeals' ] = BOARDVOLUNTEER ;
2014-10-30 13:32:11 +01:00
$config [ 'mod' ][ 'view_ban' ] = BOARDVOLUNTEER ;
2015-03-17 00:48:10 +01:00
$config [ 'mod' ][ 'reassign_board' ] = GLOBALVOLUNTEER ;
2015-02-17 01:14:05 +01:00
$config [ 'mod' ][ 'move' ] = GLOBALVOLUNTEER ;
2015-02-17 01:56:09 +01:00
$config [ 'mod' ][ 'shadow_capcode' ] = 'Global Volunteer' ;
2014-11-22 08:32:22 +01:00
2015-02-21 08:13:52 +01:00
2014-12-03 09:11:48 +01:00
$config [ 'mod' ][ 'custom_pages' ][ '/tags/(\%b)' ] = function ( $b ) {
global $board , $config ;
if ( ! openBoard ( $b ))
error ( " Could not open board! " );
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_tags' ], $b ))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( isset ( $_POST [ 'tags' ])) {
if ( sizeof ( $_POST [ 'tags' ]) > 5 )
error ( _ ( 'Too many tags.' ));
$delete = prepare ( 'DELETE FROM ``board_tags`` WHERE uri = :uri' );
$delete -> bindValue ( ':uri' , $b );
$delete -> execute ();
foreach ( $_POST [ 'tags' ] as $i => $tag ) {
if ( $tag ) {
if ( strlen ( $tag ) > 255 )
continue ;
$insert = prepare ( 'INSERT INTO ``board_tags``(uri, tag) VALUES (:uri, :tag)' );
$insert -> bindValue ( ':uri' , $b );
$insert -> bindValue ( ':tag' , utf8tohtml ( $tag ));
$insert -> execute ();
}
}
$update = prepare ( 'UPDATE ``boards`` SET sfw = :sfw WHERE uri = :uri' );
$update -> bindValue ( ':uri' , $b );
$update -> bindValue ( ':sfw' , isset ( $_POST [ 'sfw' ]));
$update -> execute ();
}
$query = prepare ( 'SELECT * FROM ``board_tags`` WHERE uri = :uri' );
$query -> bindValue ( ':uri' , $b );
$query -> execute ();
$tags = $query -> fetchAll ();
$query = prepare ( 'SELECT `sfw` FROM ``boards`` WHERE uri = :uri' );
$query -> bindValue ( ':uri' , $b );
$query -> execute ();
$sfw = $query -> fetchColumn ();
2015-03-17 00:48:10 +01:00
mod_page ( _ ( 'Edit tags' ), 'mod/tags.html' , array ( 'board' => $board , 'token' => make_secure_link_token ( 'tags/' . $board [ 'uri' ]), 'tags' => $tags , 'sfw' => $sfw ));
2014-12-03 09:11:48 +01:00
};
2014-11-22 08:32:22 +01:00
$config [ 'mod' ][ 'custom_pages' ][ '/reassign/(\%b)' ] = function ( $b ) {
global $board , $config ;
if ( ! openBoard ( $b ))
error ( " Could not open board! " );
if ( ! hasPermission ( $config [ 'mod' ][ 'reassign_board' ], $b ))
error ( $config [ 'error' ][ 'noaccess' ]);
$query = query ( " SELECT id, username FROM mods WHERE boards = ' $b ' AND type = 20 " );
$mods = $query -> fetchAll ();
if ( ! $mods ) {
error ( 'No mods?' );
}
$password = base64_encode ( openssl_random_pseudo_bytes ( 9 ));
$salt = generate_salt ();
$hashed = hash ( 'sha256' , $salt . sha1 ( $password ));
$query = prepare ( 'UPDATE ``mods`` SET `password` = :hashed, `salt` = :salt WHERE BINARY username = :mod' );
$query -> bindValue ( ':hashed' , $hashed );
$query -> bindValue ( ':salt' , $salt );
$query -> bindValue ( ':mod' , $mods [ 0 ][ 'username' ]);
$query -> execute ();
2015-01-22 08:49:15 +01:00
$body = " Thanks for your interest in this board. Kindly find the username and password below. You can login at https://8ch.net/mod.php.<br>Username: { $mods [ 0 ][ 'username' ] } <br>Password: { $password } <br>Thanks for using 8chan! " ;
2015-03-17 00:48:10 +01:00
modLog ( " Reassigned board / $b / " );
2014-11-22 08:32:22 +01:00
mod_page ( _ ( 'Edit reassign' ), 'blank.html' , array ( 'board' => $board , 'token' => make_secure_link_token ( 'reassign/' . $board [ 'uri' ]), 'body' => $body ));
};
2014-10-29 07:23:17 +01:00
$config [ 'mod' ][ 'custom_pages' ][ '/volunteers/(\%b)' ] = function ( $b ) {
global $board , $config , $pdo ;
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_volunteers' ], $b ))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! openBoard ( $b ))
error ( " Could not open board! " );
if ( isset ( $_POST [ 'username' ], $_POST [ 'password' ])) {
$query = prepare ( 'SELECT * FROM ``mods`` WHERE type = 19 AND boards = :board' );
$query -> bindValue ( ':board' , $b );
$query -> execute () or error ( db_error ( $query ));
$count = $query -> rowCount ();
$query = prepare ( 'SELECT `username` FROM ``mods``' );
$query -> execute () or error ( db_error ( $query ));
$volunteers = $query -> fetchAll ( PDO :: FETCH_ASSOC );
if ( $_POST [ 'username' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'username' ));
if ( $_POST [ 'password' ] == '' )
error ( sprintf ( $config [ 'error' ][ 'required' ], 'password' ));
2014-12-14 12:26:45 +01:00
if ( ! preg_match ( '/^[a-zA-Z0-9._]{1,30}$/' , $_POST [ 'username' ]))
error ( _ ( 'Invalid username' ));
2014-10-29 07:23:17 +01:00
if ( $count > 10 ) {
error ( _ ( 'Too many board volunteers!' ));
}
foreach ( $volunteers as $i => $v ) {
2014-12-14 12:26:45 +01:00
if ( strtolower ( $_POST [ 'username' ]) == strtolower ( $v [ 'username' ])) {
error ( _ ( 'Refusing to create a volunteer with the same username as an existing one.' ));
2014-10-29 07:23:17 +01:00
}
}
$salt = generate_salt ();
$password = hash ( 'sha256' , $salt . sha1 ( $_POST [ 'password' ]));
$query = prepare ( 'INSERT INTO ``mods`` VALUES (NULL, :username, :password, :salt, 19, :board)' );
$query -> bindValue ( ':username' , $_POST [ 'username' ]);
$query -> bindValue ( ':password' , $password );
$query -> bindValue ( ':salt' , $salt );
$query -> bindValue ( ':board' , $b );
$query -> execute () or error ( db_error ( $query ));
$userID = $pdo -> lastInsertId ();
modLog ( 'Created a new volunteer: ' . utf8tohtml ( $_POST [ 'username' ]) . ' <small>(#' . $userID . ')</small>' );
}
if ( isset ( $_POST [ 'delete' ])){
foreach ( $_POST [ 'delete' ] as $i => $d ){
$query = prepare ( 'SELECT * FROM ``mods`` WHERE id = :id' );
$query -> bindValue ( ':id' , $d );
$query -> execute () or error ( db_error ( $query ));
$result = $query -> fetch ( PDO :: FETCH_ASSOC );
if ( ! $result ) {
error ( _ ( 'Volunteer does not exist!' ));
}
if ( $result [ 'boards' ] != $b || $result [ 'type' ] != BOARDVOLUNTEER ) {
error ( $config [ 'error' ][ 'noaccess' ]);
}
$query = prepare ( 'DELETE FROM ``mods`` WHERE id = :id' );
$query -> bindValue ( ':id' , $d );
$query -> execute () or error ( db_error ( $query ));
}
}
$query = prepare ( 'SELECT * FROM ``mods`` WHERE type = 19 AND boards = :board' );
$query -> bindValue ( ':board' , $b );
$query -> execute () or error ( db_error ( $query ));
$volunteers = $query -> fetchAll ( PDO :: FETCH_ASSOC );
mod_page ( _ ( 'Edit volunteers' ), 'mod/volunteers.html' , array ( 'board' => $board , 'token' => make_secure_link_token ( 'volunteers/' . $board [ 'uri' ]), 'volunteers' => $volunteers ));
};
$config [ 'mod' ][ 'custom_pages' ][ '/flags/(\%b)' ] = function ( $b ) {
global $config , $mod , $board ;
require_once 'inc/image.php' ;
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_flags' ], $b ))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! openBoard ( $b ))
error ( " Could not open board! " );
2014-11-10 07:18:45 +01:00
if ( file_exists ( " $b /flags.ser " ))
$config [ 'user_flags' ] = unserialize ( file_get_contents ( " $b /flags.ser " ));
2014-10-29 07:23:17 +01:00
$dir = 'static/custom-flags/' . $b ;
if ( ! is_dir ( $dir )){
mkdir ( $dir , 0777 , true );
}
2015-04-03 11:59:15 +02:00
function handle_file ( $id = false , $description , $b , $dir ) {
global $config ;
if ( ! isset ( $description ) and $description )
2014-11-10 07:18:45 +01:00
error ( _ ( 'You must enter a flag description!' ));
2015-04-03 11:59:15 +02:00
if ( strlen ( $description ) > 255 )
2014-11-10 07:18:45 +01:00
error ( _ ( 'Flag description too long!' ));
2015-04-03 11:59:15 +02:00
if ( $id ) {
$f = 'flag-' . $id ;
} else {
$f = 'file' ;
$id = time () . substr ( microtime (), 2 , 3 );
}
$upload = $_FILES [ $f ][ 'tmp_name' ];
2014-10-29 07:23:17 +01:00
$banners = array_diff ( scandir ( $dir ), array ( '..' , '.' ));
if ( ! is_readable ( $upload ))
error ( $config [ 'error' ][ 'nomove' ]);
2015-04-03 11:59:15 +02:00
$extension = strtolower ( mb_substr ( $_FILES [ $f ][ 'name' ], mb_strrpos ( $_FILES [ $f ][ 'name' ], '.' ) + 1 ));
2014-10-29 07:23:17 +01:00
if ( $extension != 'png' ) {
error ( _ ( 'Flags must be in PNG format.' ));
}
if ( filesize ( $upload ) > 48000 ){
error ( _ ( 'File too large!' ));
}
if ( ! $size = @ getimagesize ( $upload )) {
error ( $config [ 'error' ][ 'invalidimg' ]);
}
2014-12-20 16:01:40 +01:00
if ( $size [ 0 ] > 20 or $size [ 0 ] < 11 or $size [ 1 ] > 16 or $size [ 1 ] < 11 ){
2014-10-29 07:23:17 +01:00
error ( _ ( 'Image wrong size!' ));
}
2014-11-10 07:18:45 +01:00
if ( sizeof ( $banners ) > 256 ) {
2014-10-29 07:23:17 +01:00
error ( _ ( 'Too many flags.' ));
}
copy ( $upload , " $dir / $id . $extension " );
2015-04-03 11:59:15 +02:00
purge ( " $dir / $id . $extension " );
$config [ 'user_flags' ][ $id ] = utf8tohtml ( $description );
file_write ( $b . '/flags.ser' , serialize ( $config [ 'user_flags' ]));
}
// Handle a new flag, if any.
if ( isset ( $_FILES [ 'file' ])){
handle_file ( false , $_POST [ 'description' ], $b , $dir );
}
// Handle edits to existing flags.
foreach ( $_FILES as $k => $a ) {
if ( empty ( $_FILES [ $k ][ 'tmp_name' ])) continue ;
if ( preg_match ( '/^flag-(\d+)$/' , $k , $matches )) {
$id = ( int ) $matches [ 1 ];
if ( ! isset ( $_POST [ 'description-' . $id ])) continue ;
2014-11-10 07:18:45 +01:00
2015-04-03 11:59:15 +02:00
if ( isset ( $config [ 'user_flags' ][ $id ])) {
handle_file ( $id , $_POST [ 'description-' . $id ], $b , $dir );
}
}
}
// Description just changed, flag not edited.
foreach ( $_POST as $k => $v ) {
if ( ! preg_match ( '/^description-(\d+)$/' , $k , $matches )) continue ;
$id = ( int ) $matches [ 1 ];
if ( ! isset ( $_POST [ 'description-' . $id ])) continue ;
$description = $_POST [ 'description-' . $id ];
if ( strlen ( $description ) > 255 )
error ( _ ( 'Flag description too long!' ));
$config [ 'user_flags' ][ $id ] = utf8tohtml ( $description );
file_write ( $b . '/flags.ser' , serialize ( $config [ 'user_flags' ]));
}
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'POST' ) {
2014-11-10 07:18:45 +01:00
$flags = <<< FLAGS
< ? php
\ $config [ 'country_flags' ] = false ;
\ $config [ 'country_flags_condensed' ] = false ;
\ $config [ 'user_flag' ] = true ;
\ $config [ 'uri_flags' ] = '/static/custom-flags/$b/%s.png' ;
\ $config [ 'flag_style' ] = '' ;
\ $config [ 'user_flags' ] = unserialize ( file_get_contents ( '$b/flags.ser' ));
FLAGS ;
file_write ( $b . '/flags.php' , $flags );
2014-10-29 07:23:17 +01:00
}
2015-04-03 11:59:15 +02:00
2014-10-29 07:23:17 +01:00
if ( isset ( $_POST [ 'delete' ])){
foreach ( $_POST [ 'delete' ] as $i => $d ){
2014-11-10 07:18:45 +01:00
if ( ! preg_match ( '/[0-9+]/' , $d )){
2014-10-29 07:23:17 +01:00
error ( 'Nice try.' );
}
2014-11-10 07:18:45 +01:00
unlink ( " $dir / $d .png " );
$id = explode ( '.' , $d )[ 0 ];
unset ( $config [ 'user_flags' ][ $id ]);
file_write ( $b . '/flags.ser' , serialize ( $config [ 'user_flags' ]));
2014-10-29 07:23:17 +01:00
}
}
2014-11-10 07:18:45 +01:00
if ( isset ( $_POST [ 'alphabetize' ])) {
asort ( $config [ 'user_flags' ], SORT_NATURAL | SORT_FLAG_CASE );
file_write ( $b . '/flags.ser' , serialize ( $config [ 'user_flags' ]));
}
2014-10-29 07:23:17 +01:00
$banners = array_diff ( scandir ( $dir ), array ( '..' , '.' ));
2014-11-10 07:18:45 +01:00
mod_page ( _ ( 'Edit flags' ), 'mod/flags.html' , array ( 'board' => $board , 'banners' => $banners , 'token' => make_secure_link_token ( 'banners/' . $board [ 'uri' ])));
2014-10-29 07:23:17 +01:00
};
$config [ 'mod' ][ 'custom_pages' ][ '/banners/(\%b)' ] = function ( $b ) {
global $config , $mod , $board ;
require_once 'inc/image.php' ;
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_banners' ], $b ))
error ( $config [ 'error' ][ 'noaccess' ]);
if ( ! openBoard ( $b ))
error ( " Could not open board! " );
$dir = 'static/banners/' . $b ;
if ( ! is_dir ( $dir )){
mkdir ( $dir , 0777 , true );
}
if ( isset ( $_FILES [ 'file' ])){
$upload = $_FILES [ 'file' ][ 'tmp_name' ];
$banners = array_diff ( scandir ( $dir ), array ( '..' , '.' ));
if ( ! is_readable ( $upload ))
error ( $config [ 'error' ][ 'nomove' ]);
$id = time () . substr ( microtime (), 2 , 3 );
$extension = strtolower ( mb_substr ( $_FILES [ 'file' ][ 'name' ], mb_strrpos ( $_FILES [ 'file' ][ 'name' ], '.' ) + 1 ));
if ( ! in_array ( $extension , array ( 'jpg' , 'jpeg' , 'png' , 'gif' ))){
error ( 'Not an image extension.' );
}
if ( filesize ( $upload ) > 512000 ){
error ( 'File too large!' );
}
if ( ! $size = @ getimagesize ( $upload )) {
error ( $config [ 'error' ][ 'invalidimg' ]);
}
if ( $size [ 0 ] != 300 or $size [ 1 ] != 100 ){
error ( 'Image wrong size!' );
}
if ( sizeof ( $banners ) >= 50 ) {
error ( 'Too many banners.' );
}
copy ( $upload , " $dir / $id . $extension " );
}
if ( isset ( $_POST [ 'delete' ])){
foreach ( $_POST [ 'delete' ] as $i => $d ){
if ( ! preg_match ( '/[0-9+]\.(png|jpeg|jpg|gif)/' , $d )){
error ( 'Nice try.' );
}
unlink ( " $dir / $d " );
}
}
$banners = array_diff ( scandir ( $dir ), array ( '..' , '.' ));
mod_page ( _ ( 'Edit banners' ), 'mod/banners.html' , array ( 'board' => $board , 'banners' => $banners , 'token' => make_secure_link_token ( 'banners/' . $board [ 'uri' ])));
};
$config [ 'mod' ][ 'custom_pages' ][ '/settings/(\%b)' ] = function ( $b ) {
global $config , $mod ;
2015-02-26 02:18:01 +01:00
//if ($b === 'infinity' && $mod['type'] !== ADMIN)
// error('Settings temporarily disabled for this board.');
2014-10-29 07:23:17 +01:00
if ( ! in_array ( $b , $mod [ 'boards' ]) and $mod [ 'boards' ][ 0 ] != '*' )
error ( $config [ 'error' ][ 'noaccess' ]);
2014-11-02 00:01:22 +01:00
if ( ! hasPermission ( $config [ 'mod' ][ 'edit_settings' ], $b ))
error ( $config [ 'error' ][ 'noaccess' ]);
2014-10-29 07:23:17 +01:00
if ( ! openBoard ( $b ))
error ( " Could not open board! " );
$possible_languages = array_diff ( scandir ( 'inc/locale/' ), array ( '..' , '.' , '.tx' , 'README.md' ));
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' ) {
$title = $_POST [ 'title' ];
$subtitle = $_POST [ 'subtitle' ];
$country_flags = isset ( $_POST [ 'country_flags' ]) ? 'true' : 'false' ;
$field_disable_name = isset ( $_POST [ 'field_disable_name' ]) ? 'true' : 'false' ;
$enable_embedding = isset ( $_POST [ 'enable_embedding' ]) ? 'true' : 'false' ;
$force_image_op = isset ( $_POST [ 'force_image_op' ]) ? 'true' : 'false' ;
$disable_images = isset ( $_POST [ 'disable_images' ]) ? 'true' : 'false' ;
$poster_ids = isset ( $_POST [ 'poster_ids' ]) ? 'true' : 'false' ;
$show_sages = isset ( $_POST [ 'show_sages' ]) ? 'true' : 'false' ;
$auto_unicode = isset ( $_POST [ 'auto_unicode' ]) ? 'true' : 'false' ;
2015-02-26 10:10:00 +01:00
$strip_combining_chars = isset ( $_POST [ 'strip_combining_chars' ]) ? 'true' : 'false' ;
2014-10-29 07:23:17 +01:00
$allow_roll = isset ( $_POST [ 'allow_roll' ]) ? 'true' : 'false' ;
$image_reject_repost = isset ( $_POST [ 'image_reject_repost' ]) ? 'true' : 'false' ;
2015-01-01 07:32:26 +01:00
$early_404 = isset ( $_POST [ 'early_404' ]) ? 'true' : 'false' ;
2014-10-29 07:23:17 +01:00
$allow_delete = isset ( $_POST [ 'allow_delete' ]) ? 'true' : 'false' ;
$allow_flash = isset ( $_POST [ 'allow_flash' ]) ? '$config[\'allowed_ext_files\'][] = \'swf\';' : '' ;
2014-11-02 00:01:22 +01:00
$allow_pdf = isset ( $_POST [ 'allow_pdf' ]) ? '$config[\'allowed_ext_files\'][] = \'pdf\';' : '' ;
2014-10-29 07:23:17 +01:00
$code_tags = isset ( $_POST [ 'code_tags' ]) ? '$config[\'additional_javascript\'][] = \'js/code_tags/run_prettify.js\';$config[\'markup\'][] = array("/\[code\](.+?)\[\/code\]/ms", "<code><pre class=\'prettyprint\' style=\'display:inline-block\'>\$1</pre></code>");' : '' ;
$katex = isset ( $_POST [ 'katex' ]) ? '$config[\'katex\'] = true;$config[\'additional_javascript\'][] = \'js/katex/katex.min.js\'; $config[\'markup\'][] = array("/\[tex\](.+?)\[\/tex\]/ms", "<span class=\'tex\'>\$1</span>"); $config[\'additional_javascript\'][] = \'js/katex-enable.js\';' : '' ;
2014-11-10 07:18:45 +01:00
$user_flags = isset ( $_POST [ 'user_flags' ]) ? " if (file_exists(' $b /flags.php')) { include 'flags.php'; } \n " : '' ;
2014-11-14 15:09:52 +01:00
$captcha = isset ( $_POST [ 'captcha' ]) ? 'true' : 'false' ;
2014-12-20 16:01:25 +01:00
$force_subject_op = isset ( $_POST [ 'force_subject_op' ]) ? 'true' : 'false' ;
2015-03-16 09:31:01 +01:00
$force_flag = isset ( $_POST [ 'force_flag' ]) ? 'true' : 'false' ;
2015-02-17 01:14:40 +01:00
$tor_posting = isset ( $_POST [ 'tor_posting' ]) ? 'true' : 'false' ;
2015-01-29 08:25:55 +01:00
$new_thread_capt = isset ( $_POST [ 'new_thread_capt' ]) ? 'true' : 'false' ;
2015-03-11 10:58:07 +01:00
$oekaki = isset ( $_POST [ 'oekaki' ]) ? 'true' : 'false' ;
2015-01-01 07:32:26 +01:00
2014-10-29 07:23:17 +01:00
if ( $_POST [ 'locale' ] !== 'en' && in_array ( $_POST [ 'locale' ], $possible_languages )) {
$locale = " \$ config['locale'] = ' { $_POST [ 'locale' ] } .UTF-8'; " ;
} else {
$locale = '' ;
}
if ( isset ( $_POST [ 'max_images' ]) && ( int ) $_POST [ 'max_images' ] && ( int ) $_POST [ 'max_images' ] <= 5 ) {
$_POST [ 'max_images' ] = ( int ) $_POST [ 'max_images' ];
$multiimage = " \$ config['max_images'] = { $_POST [ 'max_images' ] } ;
\ $config [ 'additional_javascript' ][] = 'js/multi-image.js' ; " ;
} else {
$multiimage = '' ;
}
$anonymous = base64_encode ( $_POST [ 'anonymous' ]);
2015-03-29 03:18:14 +02:00
$blotter = base64_encode ( purify_html ( html_entity_decode ( $_POST [ 'blotter' ])));
2014-10-29 07:23:17 +01:00
$add_to_config = @ file_get_contents ( $b . '/extra_config.php' );
$replace = '' ;
if ( isset ( $_POST [ 'replace' ])) {
2015-01-01 07:32:26 +01:00
if ( sizeof ( $_POST [ 'replace' ]) > 200 || sizeof ( $_POST [ 'with' ]) > 200 ) {
error ( _ ( 'Sorry, max 200 wordfilters allowed.' ));
}
2014-10-29 07:23:17 +01:00
if ( count ( $_POST [ 'replace' ]) == count ( $_POST [ 'with' ])) {
foreach ( $_POST [ 'replace' ] as $i => $r ) {
if ( $r !== '' ) {
$w = $_POST [ 'with' ][ $i ];
2015-01-01 07:32:26 +01:00
if ( strlen ( $w ) > 255 ) {
2015-01-06 10:32:45 +01:00
error ( sprintf ( _ ( 'Sorry, %s is too long. Max replacement is 255 characters' ), utf8tohtml ( $w )));
2015-01-01 07:32:26 +01:00
}
2014-10-29 07:23:17 +01:00
$replace .= '$config[\'wordfilters\'][] = array(base64_decode(\'' . base64_encode ( $r ) . '\'), base64_decode(\'' . base64_encode ( $w ) . '\'));' ;
}
}
}
2015-02-17 01:11:21 +01:00
if ( is_billion_laughs ( $_POST [ 'replace' ], $_POST [ 'with' ])) {
error ( _ ( 'Wordfilters may not wordfilter previous wordfilters. For example, if a filters to bb and b filters to cc, that is not allowed.' ));
}
2014-10-29 07:23:17 +01:00
}
2015-01-01 07:32:26 +01:00
if ( isset ( $_POST [ 'hour_max_threads' ]) && in_array ( $_POST [ 'hour_max_threads' ], [ '10' , '25' , '50' , '100' ])) {
$hour_max_threads = $_POST [ 'hour_max_threads' ];
} else {
$hour_max_threads = 'false' ;
}
2015-03-06 10:57:03 +01:00
if ( isset ( $_POST [ 'max_pages' ])) {
$mp = ( int ) $_POST [ 'max_pages' ];
if ( $mp > 25 || $mp < 2 ) {
$max_pages = 15 ;
} else {
$max_pages = $mp ;
}
} else {
$max_pages = 15 ;
}
if ( isset ( $_POST [ 'reply_limit' ])) {
$rl = ( int ) $_POST [ 'reply_limit' ];
if ( $rl > 750 || $rl < 250 || $rl % 25 ) {
$reply_limit = 250 ;
} else {
$reply_limit = $rl ;
}
} else {
$reply_limit = 250 ;
}
2014-10-29 07:23:17 +01:00
if ( ! ( strlen ( $title ) < 40 ))
error ( 'Invalid title' );
if ( ! ( strlen ( $subtitle ) < 200 ))
error ( 'Invalid subtitle' );
2015-02-26 02:21:49 +01:00
$query = prepare ( 'UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle, `indexed` = :indexed, `public_bans` = :public_bans, `public_logs` = :public_logs, `8archive` = :8archive WHERE `uri` = :uri' );
2014-10-29 07:23:17 +01:00
$query -> bindValue ( ':title' , $title );
$query -> bindValue ( ':subtitle' , $subtitle );
$query -> bindValue ( ':uri' , $b );
$query -> bindValue ( ':indexed' , ! isset ( $_POST [ 'meta_noindex' ]));
$query -> bindValue ( ':public_bans' , isset ( $_POST [ 'public_bans' ]));
2015-02-26 02:21:49 +01:00
$query -> bindValue ( ':public_logs' , ( int ) $_POST [ 'public_logs' ]);
2014-10-29 07:23:17 +01:00
$query -> bindValue ( ':8archive' , isset ( $_POST [ '8archive' ]));
$query -> execute () or error ( db_error ( $query ));
$config_file = <<< EOT
< ? php
\ $config [ 'country_flags' ] = $country_flags ;
\ $config [ 'field_disable_name' ] = $field_disable_name ;
\ $config [ 'enable_embedding' ] = $enable_embedding ;
\ $config [ 'force_image_op' ] = $force_image_op ;
\ $config [ 'disable_images' ] = $disable_images ;
\ $config [ 'poster_ids' ] = $poster_ids ;
\ $config [ 'show_sages' ] = $show_sages ;
\ $config [ 'auto_unicode' ] = $auto_unicode ;
2015-02-26 10:10:00 +01:00
\ $config [ 'strip_combining_chars' ] = $strip_combining_chars ;
2014-10-29 07:23:17 +01:00
\ $config [ 'allow_roll' ] = $allow_roll ;
\ $config [ 'image_reject_repost' ] = $image_reject_repost ;
2015-01-01 07:32:26 +01:00
\ $config [ 'early_404' ] = $early_404 ;
2014-10-29 07:23:17 +01:00
\ $config [ 'allow_delete' ] = $allow_delete ;
\ $config [ 'anonymous' ] = base64_decode ( '$anonymous' );
\ $config [ 'blotter' ] = base64_decode ( '$blotter' );
\ $config [ 'stylesheets' ][ 'Custom' ] = 'board/$b.css' ;
\ $config [ 'default_stylesheet' ] = array ( 'Custom' , \ $config [ 'stylesheets' ][ 'Custom' ]);
2014-11-14 15:09:52 +01:00
\ $config [ 'captcha' ][ 'enabled' ] = $captcha ;
2014-12-20 16:01:25 +01:00
\ $config [ 'force_subject_op' ] = $force_subject_op ;
2015-03-16 09:31:01 +01:00
\ $config [ 'force_flag' ] = $force_flag ;
2015-02-17 01:14:40 +01:00
\ $config [ 'tor_posting' ] = $tor_posting ;
2015-01-29 08:25:55 +01:00
\ $config [ 'new_thread_capt' ] = $new_thread_capt ;
2015-01-01 07:32:26 +01:00
\ $config [ 'hour_max_threads' ] = $hour_max_threads ;
2015-03-06 10:57:03 +01:00
\ $config [ 'reply_limit' ] = $reply_limit ;
\ $config [ 'max_pages' ] = $max_pages ;
2015-03-11 10:58:07 +01:00
\ $config [ 'oekaki' ] = $oekaki ;
$code_tags $katex $replace $multiimage $allow_flash $allow_pdf $user_flags
2014-10-29 07:23:17 +01:00
if ( \ $config [ 'disable_images' ])
\ $config [ 'max_pages' ] = 10000 ;
$locale
$add_to_config
EOT ;
2014-12-03 09:11:48 +01:00
// Clean up our CSS...no more expression() or off-site URLs.
$clean_css = preg_replace ( '/expression\s*\(/' , '' , $_POST [ 'css' ]);
$matched = array ();
2015-02-21 08:13:52 +01:00
preg_match_all ( " # { $config [ 'link_regex' ] } #im " , $clean_css , $matched );
2014-12-03 09:11:48 +01:00
if ( isset ( $matched [ 0 ])) {
2015-01-03 05:56:55 +01:00
foreach ( $matched [ 0 ] as $match ) {
$match_okay = false ;
2015-02-21 08:13:52 +01:00
foreach ( $config [ 'allowed_offsite_urls' ] as $allowed_url ) {
2015-02-17 01:15:15 +01:00
if ( strpos ( $match , $allowed_url ) !== false && strpos ( $match , '#' ) === false ) {
2015-01-03 05:56:55 +01:00
$match_okay = true ;
2014-12-03 09:11:48 +01:00
}
}
2015-01-03 05:56:55 +01:00
if ( $match_okay !== true ) {
2015-01-03 23:16:55 +01:00
error ( sprintf ( _ ( " Off-site link \" %s \" is not allowed in the board stylesheet " ), $match ));
2015-01-03 05:56:55 +01:00
}
2014-12-03 09:11:48 +01:00
}
}
2015-01-03 23:35:03 +01:00
//Filter out imports from sites with potentially unsafe content
$match_imports = '@import[^;]*' ;
$matched = array ();
2015-02-17 01:15:15 +01:00
preg_match_all ( " # $match_imports #im " , $clean_css , $matched );
2015-01-03 23:35:03 +01:00
$unsafe_import_urls = array ( 'https://a.pomf.se/' );
if ( isset ( $matched [ 0 ])) {
foreach ( $matched [ 0 ] as $match ) {
$match_okay = true ;
foreach ( $unsafe_import_urls as $unsafe_import_url ) {
2015-02-17 01:15:15 +01:00
if ( strpos ( $match , $unsafe_import_url ) !== false && strpos ( $match , '#' ) === false ) {
2015-01-03 23:35:03 +01:00
$match_okay = false ;
}
}
if ( $match_okay !== true ) {
error ( sprintf ( _ ( " Potentially unsafe import \" %s \" is not allowed in the board stylesheet " ), $match ));
}
}
}
2014-12-03 09:11:48 +01:00
2014-10-29 07:23:17 +01:00
$query = query ( 'SELECT `uri`, `title`, `subtitle` FROM ``boards`` WHERE `8archive` = TRUE' );
file_write ( '8archive.json' , json_encode ( $query -> fetchAll ( PDO :: FETCH_ASSOC )));
file_write ( $b . '/config.php' , $config_file );
2014-12-03 09:11:48 +01:00
file_write ( 'stylesheets/board/' . $b . '.css' , $clean_css );
2014-10-29 07:23:17 +01:00
$_config = $config ;
2015-01-01 07:32:26 +01:00
unset ( $config [ 'wordfilters' ]);
2014-10-29 07:23:17 +01:00
2014-11-19 09:50:05 +01:00
// Faster than openBoard and bypasses cache...we're trusting the PHP output
// to be safe enough to run with every request, we can eval it here.
2014-12-03 09:11:48 +01:00
eval ( str_replace ( 'flags.php' , " $b /flags.php " , preg_replace ( '/^\<\?php$/m' , '' , $config_file )));
2014-10-29 07:23:17 +01:00
// be smarter about rebuilds...only some changes really require us to rebuild all threads
2014-11-14 15:09:52 +01:00
if ( $_config [ 'captcha' ][ 'enabled' ] != $config [ 'captcha' ][ 'enabled' ]
2015-01-29 13:19:38 +01:00
|| $_config [ 'new_thread_capt' ] != $config [ 'new_thread_capt' ] /*New thread captcha - if toggling "enable captcha" requires this, toggling new thread capt does too, I guess.*/
2014-11-14 15:09:52 +01:00
|| $_config [ 'captcha' ][ 'extra' ] != $config [ 'captcha' ][ 'extra' ]
|| $_config [ 'blotter' ] != $config [ 'blotter' ]
|| $_config [ 'field_disable_name' ] != $config [ 'field_disable_name' ]
2014-11-22 09:15:32 +01:00
|| $_config [ 'show_sages' ] != ( isset ( $config [ 'show_sages' ]) && $config [ 'show_sages' ])) {
2014-10-29 07:23:17 +01:00
buildIndex ();
$query = query ( sprintf ( " SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL " , $b )) or error ( db_error ());
while ( $post = $query -> fetch ( PDO :: FETCH_ASSOC )) {
buildThread ( $post [ 'id' ]);
}
}
modLog ( 'Edited board settings' , $b );
}
$query = prepare ( 'SELECT * FROM boards WHERE uri = :board' );
$query -> bindValue ( ':board' , $b );
$query -> execute () or error ( db_error ( $query ));
$board = $query -> fetchAll ()[ 0 ];
2015-01-29 14:46:41 +01:00
2014-10-29 07:23:17 +01:00
$css = @ file_get_contents ( 'stylesheets/board/' . $board [ 'uri' ] . '.css' );
2015-01-22 08:49:15 +01:00
if ( $config [ 'cache' ][ 'enabled' ]) {
2014-10-29 07:23:17 +01:00
cache :: delete ( 'board_' . $board [ 'uri' ]);
cache :: delete ( 'all_boards' );
2015-01-22 08:49:15 +01:00
}
2014-10-29 07:23:17 +01:00
2015-03-29 03:18:14 +02:00
mod_page ( _ ( 'Board configuration' ), 'mod/settings.html' , array ( 'board' => $board , 'css' => prettify_textarea ( $css ), 'token' => make_secure_link_token ( 'settings/' . $board [ 'uri' ]), 'languages' => $possible_languages , 'allowed_urls' => $config [ 'allowed_offsite_urls' ]));
2014-10-29 07:23:17 +01:00
};