From 5661e32b1ce977d4fe98b73f468bdf5695464c56 Mon Sep 17 00:00:00 2001 From: Michael Save Date: Wed, 30 Jan 2013 04:45:38 +1100 Subject: [PATCH 1/6] Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form --- inc/mod/auth.php | 7 +++++-- mod.php | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/inc/mod/auth.php b/inc/mod/auth.php index 8fb01ecb..b3b23553 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -98,8 +98,10 @@ if (isset($_COOKIE[$config['cookies']['mod']])) { // Should be username:hash:salt $cookie = explode(':', $_COOKIE[$config['cookies']['mod']]); if (count($cookie) != 3) { + // Malformed cookies destroyCookies(); - error($config['error']['malformed']); + // error($config['error']['malformed']); + mod_login(); } $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1"); @@ -111,7 +113,8 @@ if (isset($_COOKIE[$config['cookies']['mod']])) { if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) { // Malformed cookies destroyCookies(); - error($config['error']['malformed']); + // error($config['error']['malformed']); + mod_login(); } $mod = array( diff --git a/mod.php b/mod.php index a51f4bcd..8045cf47 100644 --- a/mod.php +++ b/mod.php @@ -5,8 +5,8 @@ */ require 'inc/functions.php'; -require 'inc/mod/auth.php'; require 'inc/mod/pages.php'; +require 'inc/mod/auth.php'; // Fix for magic quotes if (get_magic_quotes_gpc()) { From 2051018ba170ef1bb4d47afdcdee78156563c719 Mon Sep 17 00:00:00 2001 From: Michael Save Date: Wed, 30 Jan 2013 05:07:09 +1100 Subject: [PATCH 2/6] ... --- inc/mod/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/mod/auth.php b/inc/mod/auth.php index b3b23553..73a24c44 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -100,8 +100,8 @@ if (isset($_COOKIE[$config['cookies']['mod']])) { if (count($cookie) != 3) { // Malformed cookies destroyCookies(); - // error($config['error']['malformed']); mod_login(); + exit; } $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM `mods` WHERE `username` = :username LIMIT 1"); @@ -113,8 +113,8 @@ if (isset($_COOKIE[$config['cookies']['mod']])) { if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) { // Malformed cookies destroyCookies(); - // error($config['error']['malformed']); mod_login(); + exit; } $mod = array( From 1816218c64da5881c681808893ce8a9dc7eb54db Mon Sep 17 00:00:00 2001 From: Michael Save Date: Fri, 15 Mar 2013 00:40:02 +1100 Subject: [PATCH 3/6] Fix: Critical security vulnerability --- inc/mod/pages.php | 45 ++++++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 0ea97fe8..4d588030 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -114,26 +114,37 @@ function mod_dashboard() { } else { $ctx = stream_context_create(array('http' => array('timeout' => 5))); if ($code = @file_get_contents('http://tinyboard.org/version.txt', 0, $ctx)) { - eval($code); - if (preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) { - $current = array( - 'massive' => (int) $matches[1], - 'major' => (int) $matches[2], - 'minor' => (int) $matches[3] + $ver = strtok($code, "\n"); + + if (preg_match('@^// v(\d+)\.(\d+)\.(\d+)\s*?$@', $ver, $matches)) { + $latest = array( + 'massive' => $matches[1], + 'major' => $matches[2], + 'minor' => $matches[3] ); - if (isset($m[4])) { - // Development versions are always ahead in the versioning numbers - $current['minor'] --; - } - // Check if it's newer - if (!( $latest['massive'] > $current['massive'] || - $latest['major'] > $current['major'] || - ($latest['massive'] == $current['massive'] && - $latest['major'] == $current['major'] && - $latest['minor'] > $current['minor'] - ))) + if (preg_match('/v(\d+)\.(\d)\.(\d+)(-dev.+)?$/', $config['version'], $matches)) { + $current = array( + 'massive' => (int) $matches[1], + 'major' => (int) $matches[2], + 'minor' => (int) $matches[3] + ); + if (isset($m[4])) { + // Development versions are always ahead in the versioning numbers + $current['minor'] --; + } + // Check if it's newer + if (!( $latest['massive'] > $current['massive'] || + $latest['major'] > $current['major'] || + ($latest['massive'] == $current['massive'] && + $latest['major'] == $current['major'] && + $latest['minor'] > $current['minor'] + ))) + $latest = false; + } else { $latest = false; + } } else { + // Couldn't get latest version $latest = false; } } else { From 64ae123739c39567447bfc16fc95deb556786671 Mon Sep 17 00:00:00 2001 From: Michael Save Date: Sat, 16 Mar 2013 18:27:24 +1100 Subject: [PATCH 4/6] Mod log in ?/IP (ie. ban history) --- inc/config.php | 3 +++ inc/mod/ban.php | 15 +++++++++++--- inc/mod/pages.php | 9 +++++++++ templates/mod/view_ip.html | 40 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 64 insertions(+), 3 deletions(-) diff --git a/inc/config.php b/inc/config.php index cedf3e06..8d37e601 100644 --- a/inc/config.php +++ b/inc/config.php @@ -986,6 +986,9 @@ $config['mod']['createusers'] = ADMIN; // View the moderation log $config['mod']['modlog'] = ADMIN; + // View relevant moderation log entries on IP address pages (ie. ban history, etc.) + // Warning: Can be pretty resource exhaustive if your mod logs are huge. + $config['mod']['modlog_ip'] = MOD; // Create a PM (viewing mod usernames) $config['mod']['create_pm'] = JANITOR; // Read any PM, sent to or from anybody diff --git a/inc/mod/ban.php b/inc/mod/ban.php index 9c93d70e..30234157 100644 --- a/inc/mod/ban.php +++ b/inc/mod/ban.php @@ -80,16 +80,25 @@ function ban($mask, $reason, $length, $board) { modLog('Created a new ' . ($length > 0 ? preg_replace('/^(\d+) (\w+?)s?$/', '$1-$2', until($length)) : 'permanent') . - ' ban (#' . $pdo->lastInsertId() . ') for ' . + ' ban on ' . + ($board ? '/' . $board . '/' : 'all boards') . + ' for ' . (filter_var($mask, FILTER_VALIDATE_IP) !== false ? "$mask" : utf8tohtml($mask)) . + ' (#' . $pdo->lastInsertId() . ')' . ' with ' . ($reason ? 'reason: ' . utf8tohtml($reason) . '' : 'no reason')); } -function unban($id) { +function unban($id) { + $query = prepare("SELECT `ip` FROM `bans` WHERE `id` = :id"); + $query->bindValue(':id', $id); + $query->execute() or error(db_error($query)); + $mask = $query->fetchColumn(); + $query = prepare("DELETE FROM `bans` WHERE `id` = :id"); $query->bindValue(':id', $id); $query->execute() or error(db_error($query)); - modLog("Removed ban #{$id}"); + if ($mask) + modLog("Removed ban #{$id} for " . (filter_var($mask, FILTER_VALIDATE_IP) !== false ? "$mask" : utf8tohtml($mask))); } diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 4d588030..db51324a 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -600,6 +600,15 @@ function mod_page_ip($ip) { $args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC); } + if (hasPermission($config['mod']['modlog_ip'])) { + $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 20"); + $query->bindValue(':search', '%' . $ip . '%'); + $query->execute() or error(db_error($query)); + $args['logs'] = $query->fetchAll(PDO::FETCH_ASSOC); + } else { + $args['logs'] = array(); + } + mod_page(sprintf('%s: %s', _('IP'), $ip), 'mod/view_ip.html', $args, $args['hostname']); } diff --git a/templates/mod/view_ip.html b/templates/mod/view_ip.html index c49880ae..562a0140 100644 --- a/templates/mod/view_ip.html +++ b/templates/mod/view_ip.html @@ -161,3 +161,43 @@ {% include 'mod/ban_form.html' %} {% endif %} + +{% if logs|count > 0 %} +
+ History + + + + + + + + {% for log in logs %} + + + + + + + {% endfor %} +
{% trans 'Staff' %}{% trans 'Time' %}{% trans 'Board' %}{% trans 'Action' %}
+ {% if log.username %} + {{ log.username|e }} + {% elseif log.mod == -1 %} + system + {% else %} + {% trans 'deleted?' %} + {% endif %} + + {{ log.time|ago }} + + {% if log.board %} + {{ config.board_abbreviation|sprintf(log.board) }} + {% else %} + - + {% endif %} + + {{ log.text }} +
+
+{% endif %} From 53f710060d1437f89291f26b10397a9c6c8bf4d2 Mon Sep 17 00:00:00 2001 From: Fredrick Date: Sun, 17 Mar 2013 07:00:55 -0400 Subject: [PATCH 5/6] Fix truncation issue by no longer using HTML entities for Unicode characters --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 16b16901..cd079141 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1494,7 +1494,7 @@ function markup(&$body, $track_cites = false) { } function utf8tohtml($utf8) { - return mb_encode_numericentity(htmlspecialchars($utf8, ENT_NOQUOTES, 'UTF-8'), array(0x80, 0xffff, 0, 0xffff), 'UTF-8'); + return htmlspecialchars($utf8, ENT_NOQUOTES, 'UTF-8'); } function buildThread($id, $return=false, $mod=false) { From bb54605eb7ef65c5e415aba7bcc94eed928e185e Mon Sep 17 00:00:00 2001 From: Fredrick Date: Wed, 20 Mar 2013 07:46:48 -0400 Subject: [PATCH 6/6] Fix per-board name not being used --- inc/config.php | 4 ++-- inc/mod/pages.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/config.php b/inc/config.php index 8d37e601..8eed50fa 100644 --- a/inc/config.php +++ b/inc/config.php @@ -858,8 +858,8 @@ $config['mod']['shadow_mesage'] = 'Moved to %s.'; // Capcode to use when posting the above message. $config['mod']['shadow_capcode'] = 'Mod'; - // Name to use when posting the above message. - $config['mod']['shadow_name'] = $config['anonymous']; + // Name to use when posting the above message. If false, the default board name will be used. If something else, that will be used. + $config['mod']['shadow_name'] = false; // Wait indefinitely when rebuilding everything $config['mod']['rebuild_timelimit'] = 0; diff --git a/inc/mod/pages.php b/inc/mod/pages.php index db51324a..5d736a1a 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -912,7 +912,7 @@ function mod_move($originBoard, $postID) { 'mod' => true, 'subject' => '', 'email' => '', - 'name' => $config['mod']['shadow_name'], + 'name' => (!$config['mod']['shadow_name'] ? $config['anonymous'] : $config['mod']['shadow_name']), 'capcode' => $config['mod']['shadow_capcode'], 'trip' => '', 'password' => '',