Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-27 17:00:52 +01:00
Code Releases Wiki Activity

SECURITY: Move indexed option to table...fixes unindexed boards appearing in search/random

Browse Source
This commit is contained in:
8chan 2014-10-07 20:54:00 -07:00
parent 2f91ea9c74
commit d58adad48d
7 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
boards.php
View File

@ -57,8 +57,8 @@ foreach ($boards as $i => &$board) {
$board_config = str_replace('$config', '$boardCONFIG', $board_config);
$board_config = str_replace('<?php', '', $board_config);
eval($board_config);
$showboard = (!isset($boardCONFIG['meta_noindex']) || !$boardCONFIG['meta_noindex']);
}
$showboard = $board['indexed'];
$locale = isset($boardCONFIG['locale'])?$boardCONFIG['locale']:'en';
$board['title'] = utf8tohtml($board['title']);

7
inc/functions.php
View File

@ -652,20 +652,21 @@ function hasPermission($action = null, $board = null, $_mod = null) {
return true;
}
function listBoards($just_uri = false) {
function listBoards($just_uri = false, $indexed_only = false) {
global $config;
$just_uri ? $cache_name = 'all_boards_uri' : $cache_name = 'all_boards';
$indexed_only ? $cache_name .= 'indexed' : false;
if ($config['cache']['enabled'] && ($boards = cache::get($cache_name)))
return $boards;
if (!$just_uri) {
$query = query("SELECT ``boards``.`uri` uri, ``boards``.`title` title, ``boards``.`subtitle` subtitle, ``board_create``.`time` time FROM ``boards`` LEFT JOIN ``board_create`` ON ``boards``.`uri` = ``board_create``.`uri` ORDER BY ``boards``.`uri`") or error(db_error());
$query = query("SELECT ``boards``.`uri` uri, ``boards``.`title` title, ``boards``.`subtitle` subtitle, ``board_create``.`time` time, ``boards``.`indexed` indexed FROM ``boards``" . ( $indexed_only ? " WHERE `indexed` = 1 " : "" ) . "LEFT JOIN ``board_create`` ON ``boards``.`uri` = ``board_create``.`uri` ORDER BY ``boards``.`uri`") or error(db_error());
$boards = $query->fetchAll();
} else {
$boards = array();
$query = query("SELECT `uri` FROM ``boards``") or error(db_error());
$query = query("SELECT `uri` FROM ``boards``" . ( $indexed_only ? " WHERE `indexed` = 1" : "" ) . " ORDER BY ``boards``.`uri`") or error(db_error());
while (true) {
$board = $query->fetchColumn();
if ($board === FALSE) break;

5
inc/instance-config.php
View File

@ -255,7 +255,6 @@
$poster_ids = isset($_POST['poster_ids']) ? 'true' : 'false';
$show_sages = isset($_POST['show_sages']) ? 'true' : 'false';
$auto_unicode = isset($_POST['auto_unicode']) ? 'true' : 'false';
$meta_noindex = isset($_POST['meta_noindex']) ? 'true' : 'false';
$allow_roll = isset($_POST['allow_roll']) ? 'true' : 'false';
$image_reject_repost = isset($_POST['image_reject_repost']) ? 'true' : 'false';
$allow_flash = isset($_POST['allow_flash']) ? '$config[\'allowed_ext_files\'][] = \'swf\';' : '';
@ -311,10 +310,11 @@ OEKAKI;
if (!(strlen($subtitle) < 200))
error('Invalid subtitle');
$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri');
$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle, `indexed` = :indexed WHERE `uri` = :uri');
$query->bindValue(':title', $title);
$query->bindValue(':subtitle', $subtitle);
$query->bindValue(':uri', $b);
$query->bindValue(':indexed', !isset($_POST['meta_noindex']));
$query->execute() or error(db_error($query));
@ -328,7 +328,6 @@ OEKAKI;
\$config['poster_ids'] = $poster_ids;
\$config['show_sages'] = $show_sages;
\$config['auto_unicode'] = $auto_unicode;
\$config['meta_noindex'] = $meta_noindex;
\$config['allow_roll'] = $allow_roll;
\$config['image_reject_repost'] = $image_reject_repost;
\$config['anonymous'] = base64_decode('$anonymous');

2
random.php
View File

@ -2,7 +2,7 @@
include "inc/functions.php";
$boards = listBoards(TRUE);
$boards = listBoards(TRUE, TRUE);
$board = array_rand($boards);
header('Location: /'.$boards[$board]);
?>

2
search.php
View File

@ -12,7 +12,7 @@
if (isset($config['search']['boards'])) {
$boards = $config['search']['boards'];
} else {
$boards = listBoards(TRUE);
$boards = listBoards(TRUE, TRUE);
}
$body = Element('search_form.html', Array('boards' => $boards, 'b' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '&quot;', utf8tohtml($_GET['search'])) : false));

2
templates/8chan/index.html
View File

@ -239,7 +239,7 @@
<strong>{% trans %}Featured boards:{% endtrans %}</strong>
<span class="favorite-boards"></span>
<br>
<strong>{% trans %}Board of the week:{% endtrans %} /<a href="/ebola">ebola</a>/</strong>
<strong>{% trans %}Board of the week:{% endtrans %} /<a href="/cow">cow</a>/, /<a href="/fringe">fringe</a>/, /<a href="/desu">desu</a>/</strong>
</div>
</header>

2
templates/header.html
View File

@ -4,7 +4,7 @@
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
{% if config.meta_keywords %}<meta name="keywords" content="{{ config.meta_keywords }}">{% endif %}
{% if config.meta_description %}<meta name="description" content="{{ config.meta_description }}">{% endif %}
{% if config.meta_noindex %}<meta name="robots" content="noindex" />{% endif %}
{% if not board.indexed %}<meta name="robots" content="noindex" />{% endif %}
{% if config.default_stylesheet.1 != '' and not mod %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}">{% endif %}
{% if config.font_awesome %}<link rel="stylesheet" media="screen" href="{{ config.root }}{{ config.font_awesome_css }}">{% endif %}
{% if config.country_flags_condensed %}<link rel="stylesheet" href="{{ config.root }}{{ config.country_flags_condensed_css }}">{% endif %}