From ed050497778fb16d9c7f1adf257ca747643d6e20 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sat, 11 May 2024 00:28:51 +0200 Subject: [PATCH 1/9] functions.php: fix null parameter --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 1d98f9cf..53c3b55e 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -2276,7 +2276,7 @@ function defined_flags_accumulate($desired_flags) { function utf8tohtml($utf8) { $flags = defined_flags_accumulate(['ENT_NOQUOTES', 'ENT_SUBSTITUTE', 'ENT_DISALLOWED']); - return htmlspecialchars($utf8, $flags, 'UTF-8'); + return $utf8 ? htmlspecialchars($utf8, $flags, 'UTF-8') : ''; } function ordutf8($string, &$offset) { From 4c731ba241ca125297082919e13d375de83918a2 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sat, 11 May 2024 00:29:46 +0200 Subject: [PATCH 2/9] auth.php: check if cookie exists --- inc/mod/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/mod/auth.php b/inc/mod/auth.php index f95fbb86..46da5cdb 100644 --- a/inc/mod/auth.php +++ b/inc/mod/auth.php @@ -240,7 +240,7 @@ function check_login(bool $prompt = false): void { $expected_cookie_name = calc_cookie_name($is_https, $is_path_jailed, $config['cookies']['mod']); // Validate session - if (isset($expected_cookie_name)) { + if (isset($_COOKIE[$expected_cookie_name])) { // Should be username:hash:salt $cookie = explode(':', $_COOKIE[$expected_cookie_name]); if (count($cookie) != 3) { From dd224cea58095733b3baef4d5f1c1db05046c184 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sat, 11 May 2024 11:44:43 +0200 Subject: [PATCH 3/9] functions.php: handle null body in remove_modifiers --- inc/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/functions.php b/inc/functions.php index 53c3b55e..5aabdef4 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -1990,7 +1990,7 @@ function extract_modifiers($body) { } function remove_modifiers($body) { - return preg_replace('@(.+?)@usm', '', $body); + return $body ? preg_replace('@(.+?)@usm', '', $body) : null; } function markup(&$body, $track_cites = false, $op = false) { From faa43cb8a62141fb4d87a509f6f4c1be60503369 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sat, 11 May 2024 12:05:10 +0200 Subject: [PATCH 4/9] image.php: do not delete moved images --- inc/image.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/inc/image.php b/inc/image.php index 2429f682..840c9004 100644 --- a/inc/image.php +++ b/inc/image.php @@ -291,6 +291,7 @@ class ImageConvert extends ImageBase { } else { rename($this->temp, $src); chmod($src, 0664); + $this->temp = false; } } public function width() { @@ -300,8 +301,10 @@ class ImageConvert extends ImageBase { return $this->height; } public function destroy() { - @unlink($this->temp); - $this->temp = false; + if ($this->temp !== false) { + @unlink($this->temp); + $this->temp = false; + } } public function resize() { global $config; From 010ab2bf62f4759a07358e87320faf0370692ad3 Mon Sep 17 00:00:00 2001 From: fowr <89118232+perdedora@users.noreply.github.com> Date: Fri, 21 Jul 2023 23:26:55 -0300 Subject: [PATCH 5/9] post.php: add default exif_stripped --- post.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/post.php b/post.php index aba6c6be..8fe7354f 100644 --- a/post.php +++ b/post.php @@ -1055,9 +1055,11 @@ if (isset($_POST['delete'])) { if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) { error($config['error']['maxsize']); } + // If, on the basis of the file extension, the image file has metadata we can operate on. $file_image_has_operable_metadata = $file['extension'] === 'jpg' || $file['extension'] === 'jpeg' || $file['extension'] === 'webp' || $file['extension'] == 'png'; + $file['exif_stripped'] = false; if ($file_image_has_operable_metadata && $config['convert_auto_orient']) { // The following code corrects the image orientation. @@ -1123,7 +1125,7 @@ if (isset($_POST['delete'])) { $dont_copy_file = false; - if ($config['redraw_image'] || ($file_image_has_operable_metadata && !@$file['exif_stripped'] && $config['strip_exif'])) { + if ($config['redraw_image'] || ($file_image_has_operable_metadata && !$file['exif_stripped'] && $config['strip_exif'])) { if (!$config['redraw_image'] && $config['use_exiftool']) { try { $file['size'] = strip_image_metadata($file['tmp_name']); From 1a59e663c65821583bca8099e41bd7b3a7e37d8d Mon Sep 17 00:00:00 2001 From: fowr <89118232+perdedora@users.noreply.github.com> Date: Fri, 21 Jul 2023 22:50:17 -0300 Subject: [PATCH 6/9] anti-bot.php: fix implicit conversion from float --- inc/anti-bot.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/anti-bot.php b/inc/anti-bot.php index 48150328..29279296 100644 --- a/inc/anti-bot.php +++ b/inc/anti-bot.php @@ -123,7 +123,7 @@ class AntiBot { $html = ''; if ($count === false) { - $count = mt_rand(1, abs(count($this->inputs) / 15) + 1); + $count = mt_rand(1, (int)abs(count($this->inputs) / 15) + 1); } if ($count === true) { From ffa5c018e70df9fcfbd69ae367d99cb6b23df102 Mon Sep 17 00:00:00 2001 From: fowr <89118232+perdedora@users.noreply.github.com> Date: Fri, 21 Jul 2023 22:30:46 -0300 Subject: [PATCH 7/9] functions.php: add missing global --- inc/functions.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/functions.php b/inc/functions.php index 5aabdef4..61b85a96 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -2259,6 +2259,7 @@ function escape_markup_modifiers($string) { } function defined_flags_accumulate($desired_flags) { + global $config; $output_flags = 0x0; foreach ($desired_flags as $flagname) { if (defined($flagname)) { From 827373819f3ea8deb76c4b3ae135f419bb119089 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sat, 11 May 2024 12:34:41 +0200 Subject: [PATCH 8/9] docker: add compose documentation notes --- docker/doc.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/doc.md b/docker/doc.md index e022f170..051ae56e 100644 --- a/docker/doc.md +++ b/docker/doc.md @@ -14,3 +14,7 @@ The folder structure expected by compose is as follows └── www ``` The vichan container is by itself much less rigid. + + +Use `docker compose up --build` to start the docker compose. +Use `docker compose up --build -d php` to rebuild just the vichan container while the compose is running. Useful for development. From 96bebe8c79914d4a32d5a00d505a845d9cb4ca2b Mon Sep 17 00:00:00 2001 From: Zankaria Date: Sat, 11 May 2024 12:44:16 +0200 Subject: [PATCH 9/9] post.php: fix broken JS cookie setting --- post.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/post.php b/post.php index 8fe7354f..7babb04e 100644 --- a/post.php +++ b/post.php @@ -1321,14 +1321,22 @@ if (isset($_POST['delete'])) { if (isset($_SERVER['HTTP_REFERER'])) { // Tell Javascript that we posted successfully - if (isset($_COOKIE[$config['cookies']['js']])) + if (isset($_COOKIE[$config['cookies']['js']])) { $js = json_decode($_COOKIE[$config['cookies']['js']]); - else - $js = (object) array(); + } else { + $js = (object)array(); + } // Tell it to delete the cached post for referer $js->{$_SERVER['HTTP_REFERER']} = true; - // Encode and set cookie - setcookie($config['cookies']['js'], json_encode($js), 0, $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, false); + + // Encode and set cookie. + $options = [ + 'expires' => 0, + 'path' => $config['cookies']['jail'] ? $config['cookies']['path'] : '/', + 'httponly' => false, + 'samesite' => 'Strict' + ]; + setcookie($config['cookies']['js'], json_encode($js), $options); } $root = $post['mod'] ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];