1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-30 18:24:29 +01:00
Commit Graph

1851 Commits

Author SHA1 Message Date
sshscp15
30e7574649
Fix display warning/errors (#496)
* prevent filling debug param when debug is off

* fix php warning: "$item" must be passed by reference
2022-09-15 13:03:32 -04:00
27chan
76fad44de4
Removed regex with possibiblity of XSS
An anonymous user reported the issue to me
2022-09-05 13:58:41 -03:00
Fred Brennan
572a11dba7 Flip insane default for non-developers 2022-08-29 11:48:38 -04:00
Fred Brennan
efd54a20e8 Install config to secrets.php by default 2022-08-29 11:47:47 -04:00
Fred Brennan
a99d7c7c80 Add support for APC(u) 2022-08-29 11:45:59 -04:00
C Hatfield
ae2d91c534
Moved hardcoded html filepaths into config file for extensibility (#354)
Co-authored-by: chatfield <chatfield@creatuity.com>
Co-authored-by: Fred Brennan <copypaste@kittens.ph>
2022-08-29 10:50:45 -04:00
haruhianon609
0f94915fdf
Add yandex images as image identification option (#430)
* Add yandex images as image identification option

* Update image_identification.html

* Fix indentation

Co-authored-by: Fred Brennan <copypaste@kittens.ph>
2022-08-29 10:37:40 -04:00
Fredrick Brennan
1e19e75bf5
Change illogical default of $config[force_body]
Makes JS and non-JS enforcement equivalent while providing a downgrade path.

JS may not allow empty bodies even when $config[force_body] false. Don't care enough to fix. PR welcome.

Close #493.
2022-08-29 10:30:50 -04:00
Fredrick Brennan
9e63116338
fix mysql_version() for mariadb 2022-08-20 12:45:56 -04:00
sshscp15
4db4ab9cf0 simple catalog support for moderators 2022-08-20 12:25:10 -04:00
PVNFU-28
75236d6ae5 Update functions.php
current regex consumes the space after a post quote, instead of merely checking that it's there. As a result textually consecutive post quotes, which the source calls cites, cannot be separated by a single space. This fixes that
2022-08-20 12:20:53 -04:00
bebyx
c128a37160
Fix editing global pages for 7.4 (#487) 2022-08-20 12:17:04 -04:00
Junicchi
23ebde7883 fix Undefined index ip problem, fixes #434 2022-08-20 12:13:02 -04:00
27chan
ae3b5b194c
Merge pull request #466 from discomrade/patch-5
Fix multiple issues in anti bump flood
2022-06-21 12:56:11 -03:00
27chan
1d8a577029
Merge pull request #440 from discomrade/patch-1
Fix custom thumb_ext when using ImageMagick convert
2022-06-06 22:06:16 -03:00
discomrade
77bab66293
Fix multiple issues in anti bump flood
- saged posts aren't ignored when finding last bump
- bumplocked thread with one reply, delete the reply and no post matches the query
- bumplocked threads should be ignored
2022-01-22 03:31:52 +00:00
jove
847c5d130c Fixes an error reporting typo. 2022-01-18 07:17:34 -01:00
discomrade
8512321669 Fix redis 'delete' deprecation error
Redis deprecated the 'delete' alias for 'del'. Posting while using redis cache would return an error, the post would still be posted.
2022-01-16 23:50:25 -05:00
Fredrick Brennan
9745e9d854 Ignore recently added graphicsmagick check
Closes #445.
2021-11-03 22:55:55 -04:00
discomrade
54cd4d41f2
Fix custom thumb_ext for ImageMagick convert
Fixed breaking typo in previous commit
2021-06-23 12:40:27 +00:00
discomrade
a752a3930c
Fix custom thumb_ext for ImageMagick convert
When using ImageMagick's convert tool, the output defaults to the input format if no file extension or format is specified.
The temp file currently has no extension, so a $config['thumb_ext'] value has no effect on the image.
By appending the thumb_ext to the temp output file, it will convert the image to the intended format.

You can see this issue present on lainchan, where thumbnails have a .png filename but are not really PNG files when the input is a .jpg, for example.
2021-06-23 11:52:29 +00:00
h00j
fd9a3c07dd Merge branch 'master' of https://github.com/vichan-devel/vichan 2021-04-01 22:30:49 +02:00
h00j
281dccb690 fix undefined index in cloak_mask/uncloak_mask 2021-04-01 22:30:22 +02:00
h00j
59c0f788d2 typo 2021-03-12 21:52:37 +01:00
h00j
4ef7feabf2 add telegrams 2021-03-12 21:51:42 +01:00
Łiźnier Hełam Łabej
ee57b6b5ca
Merge pull request #405 from PVNFU-28/patch-3
Update config.php
2021-02-26 21:41:46 +01:00
Łiźnier Hełam Łabej
7a44731f27
Merge pull request #413 from PVNFU-28/patch-9
replace rbl.efnet.org with rbl.efnetrbl.org
2021-02-26 21:40:01 +01:00
PVNFU-28
d166db6a50
replace rbl.efnet.org with rbl.efnetrbl.org
rbl.efnet.org redirects to rbl.efnetrbl.org and says
"Notice We have created a mirror of the rbl.efnet.org zone at rbl.efnetrbl.org.
It has the exact same data and responses. Please use the mirror in your configs.
The mirror was created after repeated failures at Network Solutions."

Also deleted some random tabs on empty lines and some extra spaces which were put by error I guess
2021-02-21 01:03:10 -03:00
PVNFU-28
30eb4e8335
Update config.php
Fixes https://github.com/vichan-devel/vichan/issues/404
2021-02-16 23:33:52 -03:00
h00j
00349d0315 mute constant redefinition notice 2021-02-14 09:22:01 +01:00
panfu28
c25e3dea78
Update config.php
Fixed embedding for dailymotion, metacage and vocaroo.
Google Videos stopped being a thing in 2012 it seems.
2021-02-14 02:49:15 -03:00
h00j
908b843854 move antibot functions 2021-02-13 21:14:06 +01:00
h00j
599fee5e21 use composer 2021-02-13 19:24:03 +01:00
Łiźnier Hełam Łabej
47df9c6485
Merge pull request #399 from vichan-devel/ip-cloaking
ip cloaking
2021-02-13 17:28:30 +01:00
h00j
bce71c1f98 ip cloaking 2021-02-13 14:11:41 +01:00
panfu28
d8e3925183
Update config.php
just fixed a comment that might confuse new users, plus it was outdated
2020-12-11 17:10:43 -03:00
Sardach
19151def82 insignificant fix
PHP7 shows a warning when executing tools/rebuild2.php: "Declaration of case-insensitive constants is deprecated"
$group_name and $group_value really not need be case-insensitive, so i simply removed that "true".
2020-10-31 04:24:21 -07:00
papereth
a268004c7a
Fix wrong variable used in ban lookup (#376)
` $_SERVER['REMOTE_ADDR']` was hardcoded in ban lookup instead of `$ip` variable
2020-08-09 18:31:50 -07:00
Daniel Saunders
c7e5cd6814 $board can be NULL here, prevent indexing it
Simplest 7.4 fix ever? Possibly.
2020-01-20 10:37:10 +08:00
Fredrick Brennan
5e809047ad By default, no longer treat deprecations as errors
Close #363.

See also https://www.youtube.com/watch?v=9crnlHLVdno
2020-01-20 10:04:39 +08:00
Fredrick Brennan
a2ba03849f Fix PHP 7.4 deprecations 2020-01-20 10:04:39 +08:00
Fredrick Brennan
af06cf3737
Disable check_updates by default
It no longer works and never will again, so...
2020-01-15 11:36:51 +08:00
rarjpg
63b0b92690 Move HTML Tidy 'bare' option to the config 2019-11-29 19:21:20 +08:00
rarjpg
0a3bca7dd8 Various fixes 2019-11-29 13:54:08 +08:00
Kureva
1613f6baea Option to reset thread bump after last post deleted. 2019-10-14 18:56:13 +08:00
Daniel Saunders
e15e966cdb Fix a bug related to deleting boards (see https://github.com/vichan-devel/vichan/issues/331) 2019-09-22 16:57:12 +08:00
Brayden
997326af59 fix typo in inc/config.php 2019-03-22 10:02:38 +08:00
Fredrick Brennan
ac971f36d5 Fix capcodes in PHP7.2. Close #299 2018-07-27 20:08:03 +08:00
Fredrick Brennan
524d48110b Fix bans of form "5d", "1y", etc. for PHP7.2
This closes #301.
2018-07-27 19:06:31 +08:00
Fredrick Brennan
0aa4e3badc Update Twig. This closes #295 2018-05-10 18:25:37 +08:00
Fredrick Brennan
b078ffb1e4 Close #282 2018-05-10 17:33:07 +08:00
antedeguemon
b94bf5ec19 Update license and copyright dates 2018-03-01 22:57:53 -03:00
Fredrick Brennan
c2f7073dd4 Fix warnings in PHP7 in gettext library
Not sure how to commit this upstream, the library seems to be
unmaintained.
2017-11-05 21:17:20 +08:00
Fredrick Brennan
8e811cec44 Close #265 2017-11-03 22:12:35 +08:00
Christopher Henly
598843547e
Remove links to (dead) tinyboard.org
Instead we link to the archived documentation, just like in README.md. I also removed the link to tinyboard.org from the boardlinks example, and replaced it with a Github one.
2017-10-30 15:20:43 -04:00
vi
8c0b413c94
New vimeo embed 2017-10-27 22:41:08 -02:00
Fredrick Brennan
09b373cf60 Merge pull request #245 from ghost/patch-2
Bug fixing inc.
2017-10-26 13:35:26 +08:00
RalphORama
c8765dede4 Update PHP version check
Removed trailing zero
2017-10-24 17:36:14 -04:00
RalphORama
2097562596 PHP version check for mcrypt_create_iv
Use `mcrypt_create_iv()` if PHP version is less than 7.1.0, otherwise use `random_bytes()` (introduced in PHP 7.1 to replace `mcrypt_create_iv()`)
2017-10-24 16:27:00 -04:00
RalphORama
67b1565ef8 Replace mcrypt_create_iv with random_bytes
`mcrypt_create_iv()` was deprecated in PHP 7.1.0.
2017-10-24 16:16:25 -04:00
antedeguemon
4d1dc45a7c Bugfix: allow mods to edit poster name at edit post page 2017-07-29 20:23:18 -03:00
Thalis
7529c83a00 added fix from @Circlepuller to mod_move_reply also
thx @Cirlepuller
2017-07-28 22:51:59 +02:00
Thalis
0846d0c784 might fix moving replies with deleted image
brace yourself for other conflicts lol
2017-07-28 22:41:20 +02:00
Thalis
7883998a78 should fix moving a spoilered thread (OP) image 2017-07-28 21:01:12 +02:00
Daniel Saunders
504282b55f Merge remote-tracking branch 'vichan/master' 2017-07-24 22:40:39 -04:00
czaks
4025705eac replace faulty dnsbl with efnetrbl 2017-07-24 15:04:01 -04:00
Daniel Saunders
64cf4b11ee Dirty quick fix to allow moderation to move threads with deleted files 2017-07-24 15:01:17 -04:00
czaks
7b538f0eae Merge branch 'master' of github.com:vichan-devel/Tinyboard 2017-07-24 15:00:44 -04:00
Daniel Saunders
d8e12a15b7 Dirty quick fix to allow moderation to move threads with deleted files 2017-07-24 15:00:33 -04:00
Daniel Saunders
a31a3a281f Bug related to antispam and reCAPTCHA 2 valid fields 2017-07-24 12:22:53 -04:00
Daniel Saunders
09fadec620 inline-expanding.js needs jQuery to function, so why are we not including it in the default configuration too? 2017-07-24 04:38:38 -04:00
Daniel Saunders
b5fac28a8b Fully removed the outdated recaptchalib.php (freed up some room hehe) 2017-07-24 04:03:49 -04:00
Marcin Łabanowski
39715e3595 Merge pull request #224 from ghost/patch-2
Implementing Czaks captcha
2017-07-23 17:57:59 +02:00
Marcin Łabanowski
3e23c028de Merge pull request #215 from antedeguemon/master
Prevents reports with too many characters
2017-07-23 17:55:22 +02:00
Marcin Łabanowski
ef1898833d Merge pull request #226 from ghost/patch-1
Fixed DNSBL TOR
2017-07-23 17:54:08 +02:00
Thalis
fe495fed64 Update config.php 2017-07-23 17:50:54 +02:00
czaks
40fe35fedc early 404 staged 2017-05-17 14:54:35 -04:00
Hollick
29409f1456 Update config.php
Well I'm just putting this info out there for those that need tor protection. no reason to pull this if not stable.
2017-04-28 19:07:17 +02:00
Hollick
c4358b078e Update config.php 2017-04-28 16:19:32 +02:00
Hollick
bb86d55b1f Fixed DNSBL TOR
Don't know if Sectoor.de comes online again. Found this new dnsbl tor blacklist checker. in case you really need a tor blacklist.
2017-04-28 16:09:15 +02:00
Horija
e1bc4f1da9 Update config.php 2017-04-24 11:41:49 +02:00
Horija
3438718667 Add files via upload 2017-04-24 11:40:49 +02:00
Horija
6a53b99feb Create readme.md 2017-04-24 11:40:22 +02:00
Horija
9ddb5833b3 Implementing a new captcha
I'm (trying) to integrate @Czaks custom captcha
2017-04-24 11:38:56 +02:00
KekuKin
57732bdff5 Fixed uninstall error for themes.
Was receiving uninstall errors: undefined index: theme
2017-03-30 00:58:11 +02:00
vholmes
387ebe9c0c Prevents reports with too many characters 2017-02-15 23:07:50 -02:00
Marcin Łabanowski
a989435253 Merge pull request #212 from SHooZ/uk_UA-localization
Add uk_UA localization files
2017-01-22 23:58:32 +01:00
SHooZ
2ca02733ac Add uk_UA localization files 2017-01-22 22:16:56 +00:00
Michael D. Reiley
372c26491a Fix typo in max_images comment
multi_image.js should be multi-image.js, with a dash, not an underscore.
2016-10-01 15:06:09 -07:00
Michael D. Reiley
8951cb74c8 Rebuild index when mod deletes a thread.
The index does not properly rebuild when a mod deletes a thread, resulting in a ghost thread remaining in the index until the next rebuild. This fix was originally contributed to Uboachan's codebase by Mannosuke.
2016-09-22 23:03:11 -07:00
czaks
3f38a6db97 Merge branch 'master' of github.com:vichan-devel/Tinyboard 2016-08-19 23:15:47 +02:00
czaks
a5e7b3da6f nntpchan: work around php nonsense 2016-08-19 23:15:42 +02:00
Jeff Becker
1c3e6e590a
patch for nntpchan stream 2016-08-19 16:05:50 -04:00
czaks
0b19051891 fix a notice; increase waiting time for dns 2016-08-15 04:13:26 +02:00
czaks
a779b96370 second iteration of nntpchan implementation 2016-08-15 00:56:06 +02:00
czaks
5e335a8564 preliminary inbound nntpchan support 2016-08-14 16:24:17 +02:00
czaks
11cecf8452 Revert "[BUG] Image reject repost board option now also affects YT embeds"
This reverts commit b476b66007.
2016-06-21 05:03:44 +02:00
czaks
d2bb4a776f fail gracefully on no thumbnail 2016-06-09 11:15:45 +02:00
czaks
8a46c7a0d5 tesseract OCR support for spamfilters 2016-06-09 11:09:10 +02:00
czaks
52fe9bc873 fix sane_strategy for advanced build. should fix the ajax.js problem. 2016-05-15 15:53:30 +02:00
czaks
bb9aaad899 i forgot about a queue and a lock implementation 2016-05-08 15:37:49 +02:00
czaks
f24e0f9814 optimize out openboard when we don`t need it. a big performance improvement too 🏎
also, don't call dnsbl for local ip addresses
2016-05-08 14:02:17 +02:00
czaks
12e6aba5d4 (2/2) advanced build. implement a daemon that will build static pages.
implement a queue and a lock. fix notice in bans. and it even works!

the daemon is basic right now, it could work in a mode that it will defer building certain
pages until a certain time.
2016-05-08 13:23:41 +02:00
czaks
e265375475 fixup 2016-05-08 10:59:36 +02:00
czaks
b6f0317bde advanced build (1/2): a small refactor of index generating procedure; generation strategies 2016-05-08 10:54:30 +02:00
czaks
a5e22f6d63 split route and controller parts from smart build 2016-05-08 02:50:44 +02:00
Fredrick Brennan
505adffcdc Cyclical threads ♺ 2016-05-06 16:39:20 +02:00
czaks
ab02a42725 maybe we can try to load Parsedown, after all we can silence the error 2016-05-06 16:27:43 +02:00
8chan
d788131202 Allow a board called news to exist 2016-05-06 16:26:17 +02:00
czaks
d726eaf195 we don't have a htmlpurifier yet ;_; 2016-05-06 16:07:21 +02:00
Fredrick Brennan
95b1e103cb Edit static pages commit 2016-05-06 16:03:55 +02:00
8chan
7911c374e8 Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

===================================
Also: backports 351375185e (early 404)
2016-05-06 15:44:26 +02:00
8chan
6dd1420f91 Add event to quote backlinks 2016-05-06 15:15:17 +02:00
8chan
ce3ce4f1b6 Fix *0 secure tripcodes caused by accidentally feeding + signs to crypt() 2016-05-06 15:14:55 +02:00
8chan
7831da83fc New event: rebuildpost, allows you to bind events to ?/edit 2016-05-06 15:13:27 +02:00
Fredrick Brennan
b476b66007 [BUG] Image reject repost board option now also affects YT embeds 2016-05-06 15:12:08 +02:00
czaks
126ee42b9d better rules for stripping combined chars, based on 45c0d32761 by @ctrlcctrlv 2016-05-06 14:34:42 +02:00
czaks
33ef3f9b01 synchronize catalog_link 2016-05-06 14:14:22 +02:00
8chan
7a7574bdca SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']

Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.

Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
8chan
6da7f4d25a No more country flags in <title> 2016-05-06 12:40:37 +02:00
8chan
632d0a76d0 Display placeholder if no file in catalog/theme.php; czaks: fix the code a bit 2016-05-06 12:37:00 +02:00
8chan
6b04b3c671 Fix post deletion 2016-05-05 13:21:09 +02:00
Fredrick Brennan
8943bb0bb3 Rewrite report system due to flooding 2016-05-05 12:57:52 +02:00
czaks
cd01191072 those parts are extraneous 2016-05-05 11:45:29 +02:00
8chan
3eb755ee7e Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
8chan Admin
93f748e6a8 Security: capitalization of mods username is significant 2016-05-05 11:39:12 +02:00
czaks
d310abc95c Merge branch 'master' of github.com:vichan-devel/vichan 2016-05-05 10:54:09 +02:00
czaks
abe4bdd6ae fixup 2016-05-05 10:52:58 +02:00
czaks
77176faece enable javascript in mod panel 2016-05-05 09:56:54 +02:00
czaks
a42256b296 locale cache: fix a bug when perms are done wrong 2016-05-05 08:43:34 +02:00
czaks
36b78e5f98 fix for editor highlighting 2016-05-05 08:40:13 +02:00
czaks
dcf5d699bd simplify the md5 execution logic 2016-05-05 08:22:19 +02:00
czaks
9768161327 simplify the code a bit 2016-05-05 07:51:55 +02:00
czaks
7c3126866c ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system) 2016-05-05 06:43:22 +02:00
czaks
caaf741691 [SECURITY] keep up with modern password hashing standards 2016-04-22 05:35:43 +02:00
Matthieu
d2de4419bd Added: config option to hide email in post. (prevent emailfag but let the possibility to sage and noko) 2016-01-26 00:50:55 +01:00
czaks
6d4e756240 fix a bug for some bad database state. thanks Seisatsu for testing 2015-09-11 12:49:42 +02:00
czaks
706feeddff fix cache_config: webms were thumbnailed twice and with the latest addition, they couldn`t resize at all 2015-08-11 04:51:27 +02:00
czaks
a54488d900 Merge branch 'master' of github.com:vichan-devel/Tinyboard 2015-08-11 03:47:54 +02:00
czaks
1136cc0e44 reflect in readme, that we support .mp4 files as well now 2015-08-11 03:47:44 +02:00
czaks
ccd00c497c a stricter check for webm processing 2015-08-11 03:46:02 +02:00
Marcin Łabanowski
11d4cb0f4f Merge pull request #155 from 27chan/patch-7
Add extension mp4
2015-08-11 03:44:51 +02:00
Marcin Łabanowski
b0eb49de82 Merge pull request #160 from 27chan/patch-10
Add extension mp4
2015-08-11 03:39:22 +02:00
27chan
219c1987a9 Add extension mp4 2015-08-10 22:25:09 -03:00
27chan
f1cbbbc15a Add extension mp4 2015-08-10 22:15:21 -03:00
27chan
601c8cebc9 Add extension mp4 2015-08-10 22:13:42 -03:00
czaks
d3d167affb SECURITY: XSS fix for youtube.js/metacafe embed 2015-07-08 16:26:58 +02:00
Anonke
3f29bdfac9 the poster IDs were showing in API despite being disabled 2015-05-30 20:46:43 +02:00
czaks
2d9214ac63 version check should point at engine.vichan.net and not tinyboard.org actually 2015-04-23 08:18:36 +02:00
czaks
4c1d2f924c fix error while installing themes; thanks xixi 2015-04-23 07:57:52 +02:00