* Update functions.php
` $_SERVER['REMOTE_ADDR']` was hardcoded in ban lookup instead of `$ip` variable
* Fix information leak in thread.html
Sensitive information can be leaked due to inadequate/absent escaping.
Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.
* Fixed thread template
`remove_markup` is not available on vichan, arguably it makes things better but it's out of scope for this CHANGE, removing modifiers is enough to stop the info leak
consider adding it again after pulling:
fallenPineapple@a5b3336
also moving truncation before escaping for extra safety
Sensitive information can be leaked due to inadequate/absent escaping, if proxy_save enabled
Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.
Chromium browsers expect capital U in setUpControl and old version of webm-settings.js has setupControl which causes a error and makes expand-video.js not work and options.js not save when this is in use. This bug is not present on FireFox which automatically fixes this for some reason. Stupid bug, stupid fix. No lines actually added or removed.
adds an option to use textarea in theme settings.
Merged most Basic, Recent and Frameset theme functions in one.
you can add a video picture icon and quote in the homepage.
@ctrlcctrlv feel free to add suggestions and fix bladly formed code or let me know and I will try to fix.
i installed it on my demo site: https://hikichan.com/
You'll need to delete all reports made before applying this patch for it
to work right. However, all reports made after applying this patch will
appear correctly in `mod.php?/reports`.
This closes#300.
Users with existing installations are still required to follow the
advice in security bulletin #284.
This commit isn't perfect -- PHP installations below 7.0 and w/o OpenSSL
cannot be fully secured in my estimation. . .
* fixed banned redirect i think
my tinyboard script has been altered a lot but i think this is the fix for the wrong ban redirect.
* maybe it's just this