1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-30 18:24:29 +01:00
Commit Graph

405 Commits

Author SHA1 Message Date
czaks
736e982945 [SECURITY] Lessen security impact
post.php: misc fixes
2017-05-17 14:05:01 -04:00
Horija
dc7a507526 Update post.php 2017-04-24 12:21:33 +02:00
czaks
d85cb47647 report event 2017-03-11 08:34:58 -05:00
vholmes
387ebe9c0c Prevents reports with too many characters 2017-02-15 23:07:50 -02:00
czaks
a5e7b3da6f nntpchan: work around php nonsense 2016-08-19 23:15:42 +02:00
czaks
a779b96370 second iteration of nntpchan implementation 2016-08-15 00:56:06 +02:00
czaks
1c24c69999 Merge branch 'master' of github.com:vichan-devel/Tinyboard 2016-08-14 16:24:25 +02:00
czaks
5e335a8564 preliminary inbound nntpchan support 2016-08-14 16:24:17 +02:00
ptchan-foss
8548a4ff70 Fixed report syslog message 2016-08-12 18:18:54 +01:00
nekomiko482
a55760299c Fixes incompatibility with BSD's md5 output format.
fixes #190
2016-07-07 12:53:40 +03:00
czaks
11cecf8452 Revert "[BUG] Image reject repost board option now also affects YT embeds"
This reverts commit b476b66007.
2016-06-21 05:03:44 +02:00
czaks
e230f1472c don`t ocr non-images 2016-06-10 12:41:53 +02:00
czaks
8a46c7a0d5 tesseract OCR support for spamfilters 2016-06-09 11:09:10 +02:00
czaks
644f227ab3 fix "Undefined variable: pid"; thanks fpdl and MrFreeman 2016-05-08 03:09:20 +02:00
Fredrick Brennan
505adffcdc Cyclical threads ♺ 2016-05-06 16:39:20 +02:00
8chan
7911c374e8 Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

===================================
Also: backports 351375185e (early 404)
2016-05-06 15:44:26 +02:00
Fredrick Brennan
b476b66007 [BUG] Image reject repost board option now also affects YT embeds 2016-05-06 15:12:08 +02:00
Fredrick Brennan
8943bb0bb3 Rewrite report system due to flooding 2016-05-05 12:57:52 +02:00
8chan
3eb755ee7e Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
czaks
d310abc95c Merge branch 'master' of github.com:vichan-devel/vichan 2016-05-05 10:54:09 +02:00
czaks
186ad5ca86 bsd fixup 2016-05-05 10:53:44 +02:00
czaks
19b70663d7 remove magic_quotes check; it`s 2016 after all 2016-05-05 10:29:13 +02:00
czaks
4c827cf105 fix some nonsense 2016-05-05 10:22:34 +02:00
czaks
c4b98e94ce [SECURITY] harden for imagetragick (we aren`t hit by the bug, but we were passing uncommon filetypes, like JPEG2000, directly to imagemagick) 2016-05-05 10:17:14 +02:00
czaks
dcf5d699bd simplify the md5 execution logic 2016-05-05 08:22:19 +02:00
czaks
b5370fd3e5 fileboard: op tag fix 2015-04-23 02:41:17 +02:00
Marcin Łabanowski
4014682882 fileboard support 2015-04-22 06:06:34 +02:00
czaks
34eeaccea9 optimization: we don`t need bans.php most of the time and bans.php has big dependencies 2015-04-05 16:31:20 +02:00
czaks
6cbd51b83c for fastcgi users: rearrange post.php, sort of, so that posts are created faster, and we can leave php to generate themes in the background
same for post deletion
2015-03-31 09:21:16 +02:00
czaks
10f93d0d43 implement a protection against transparent proxies 2015-03-24 05:19:25 +01:00
czaks
e999955d08 ... 2015-03-10 13:28:55 +01:00
czaks
bdb6001f3f support for slugified links; may introduce a few bugs 2015-03-10 12:48:59 +01:00
Jason Puglisi
6d28f9c98e Fixed error that would prevent posting without ['mod'] 2015-02-26 22:51:45 -05:00
Wesley
2d396c4eb8 Add E Z board locking feature 2015-02-15 21:16:36 -05:00
czaks
f4422e597b fix a related bug 2014-10-24 13:43:15 +02:00
czaks
daad519b85 config[php_md5] feature 2014-10-24 13:24:33 +02:00
Bui
cb9b4db73d do security checks *after* checking captcha 2014-10-07 00:15:45 +02:00
Fredrick Brennan
23c73ca839 Allow the user to decide whether or not he wants to display his country 2014-09-20 16:35:28 +00:00
Ian Bradley
c1ecef3772 Added support for BSD md5 incase md5sum isn't available. 2014-09-15 16:33:37 -07:00
czaks
9b943da60a Revert "Rework the GeoIP code, add country-based poster names"
This reverts commit db3c7f4ee9.
2014-07-06 02:13:08 +02:00
Jano Slota
a1d2d2388a Fix the bug that allowed to post an empty reply 2014-07-06 01:29:30 +02:00
Jano Slota
db3c7f4ee9 Rework the GeoIP code, add country-based poster names 2014-07-06 01:29:12 +02:00
8chan
eea984859b Better remote errors 2014-05-27 23:50:11 +00:00
Fredrick Brennan
c1bc5778dd Derp, filesize was always being based on first file 2014-05-17 15:47:15 -04:00
Reid 'Crafted'
78ffd76fcf Make post.php compatable with PHP 5.3x
Compatible with earlier versions of PHP. This should work on 5.4 too, but I haven't tested it.
2014-05-13 21:23:06 +01:00
czaks
19ce50c545 Merge ../pl
Conflicts:
	post.php
2014-05-10 21:58:23 +02:00
Jano Slota
c2c7859a9e Fixed a little exiftool bug
Conflicts:
	post.php
2014-05-10 21:50:01 +02:00
czaks
cd15458a32 Merge remote-tracking branch 'origin/4.5' 2014-05-06 21:53:38 +02:00
czaks
f7278e5a61 user moderation support 2014-05-06 21:53:05 +02:00
Fredrick Brennan
d31a353962 Allow post deletion switch 2014-05-05 18:03:51 -04:00
czaks
0a53fdb3a2 remove quick-reply harder 2014-04-30 22:46:20 +02:00
czaks
46802d3f1b fix post event 2014-04-29 21:18:17 +02:00
czaks
d57dcc5e6e fix remote upload 2014-04-29 20:50:28 +02:00
czaks
b94e39148b remove quick-reply-old. it probably doesn't work now, it certainly isn't
maintained. this is an old cruft and if needed, it needs rewriting.
2014-04-29 18:37:29 +02:00
copypaste
c483e1258c multiimage posting 2014-04-27 15:48:47 +02:00
kaf
f83c87b623 Added: /pol/-like flags based on a953229de7
Conflicts:
	inc/config.php
	templates/post_form.html
2014-04-19 18:48:17 +02:00
czaks
1fb362a7c0 fix previous commit 2014-04-18 14:33:50 +02:00
czaks
8e9db69375 post.php: load config earlier 2014-04-18 14:32:05 +02:00
czaks
e08bc5d54d Merge branch 'master' of https://github.com/savetheinternet/Tinyboard 2014-04-12 20:52:42 +02:00
Michael Reiley
677e428a4d Update copyright years. 2014-04-12 11:12:42 -07:00
czaks
bcb47a1d33 geoip: compatibility fix; this allows to have both versions of geoip loaded 2014-02-19 00:01:40 +01:00
Jano Slota
9dad842c24 Moved the external geoip files to inc/lib/geoip and made the geoip code a bit prettier 2014-02-18 23:50:01 +01:00
Jano Slota
ada45312a4 Use the added GeoIPv6 instead of the PHP plugin. Quite messy. 2014-02-18 23:49:07 +01:00
undido
bfc966e312 Security exploit patched information leak 2014-02-07 04:32:27 -04:00
czaks
d4698a82d1 SECURITY: post data were sent to file post.txt 2014-02-02 17:42:39 +01:00
czaks
8bd99be6f1 fix error on repost blockade: the expression had a bug 2014-01-19 14:42:03 -05:00
czaks
118cd77a4d fix error on repost blockade: the expression had a bug 2013-12-23 19:01:08 +01:00
czaks
533443ac79 post.php: fix spaces 2013-12-23 18:42:01 +01:00
root
82972927d5 added: nonoko 2013-12-23 17:41:33 +01:00
czaks
f5657caf24 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
	install.php
	post.php
	stylesheets/style.css
2013-11-11 21:54:35 +01:00
Michael Foster
00f4da3b82 $config['referer_match'] = false to disable 2013-09-23 15:52:59 +10:00
Michael Foster
a9b7f9b1bc begin implementation of in-built ban appealing 2013-09-21 12:51:23 +10:00
czaks
99a2e1cf3d Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	js/quick-reply.js
2013-09-18 09:00:22 -04:00
Michael Foster
d13f30b39f js/settings.js: Simple config stuff for javascript extensions 2013-09-18 14:40:39 +10:00
czaks
6cb7eb939e Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
	inc/display.php
	inc/mod/pages.php
	install.php
	js/quick-reply.js
	post.php
	templates/index.html
2013-09-17 10:43:44 -04:00
Michael Foster
4b45ccc4ee ajax-post-controls.js 2013-09-16 04:42:13 +10:00
Michael Foster
30fb025eef ; 2013-09-15 20:15:17 +10:00
Michael Foster
00833eeafd js/ajax.js: post with ajax 2013-09-15 14:03:27 +10:00
Michael Foster
4cd2389655 lol 2013-09-15 05:48:37 +10:00
Michael Foster
32c999346f Remove $config['url_regex']; 2013-09-15 05:46:08 +10:00
Michael Foster
f309e4037c Better and faster basic flood prevention, while merging it into $config['filters']. 2013-09-06 23:09:18 +10:00
czaks
069f1def9b Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	install.php
2013-09-01 11:25:19 -04:00
Michael Foster
b51fc38783 Some SQL and indexes improvements 2013-09-01 02:04:42 +10:00
Michael Foster
8d14ef6bf7 lol 2013-08-31 13:33:26 +10:00
czaks
8de81d176c Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
2013-08-29 07:33:19 -04:00
Michael Foster
a8e3754375 Minor $config['try_smarter'] work 2013-08-29 18:55:25 +10:00
Michael Foster
d7fc5adc22 Performance: Use only one INSERT INTO (with multiple rows) for tracked cites 2013-08-29 12:38:37 +10:00
czaks
8503e65858 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
	inc/functions.php
	install.php
	stylesheets/dark_roach.css
2013-08-28 12:41:36 -04:00
Michael Foster
5003a692b4 exiftool: Use -overwrite_original. Important bugfix; old images were never being deleted when using exiftool (instead kept as *_original in /tmp) 2013-08-27 08:55:03 +10:00
Michael Foster
319cd2520f Upload by URL: still use fatal_error_handler() on shutdown 2013-08-27 08:13:23 +10:00
Dan Saunders
09388f6588 Added a post-delete action for themes
This would be really useful for themes that focus on posts
2013-08-26 13:35:51 +10:00
Michael Foster
cdeccbb9ba Uploading files via URL: fix for URL parameters (eg. image.png?id=343543) 2013-08-26 12:13:40 +10:00
czaks
de035f4a7e Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	stylesheets/dark_roach.css
	stylesheets/style.css
2013-08-20 18:22:37 -04:00
Michael Foster
e45ffb8592 custom timeouet for curl'ing upload urls 2013-08-19 18:54:10 +10:00
czaks
da1b7d087e Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	install.php
2013-08-18 13:16:31 -04:00
Michael Foster
740b710dd4 chmod(): images don't need +x lol 2013-08-19 01:54:14 +10:00
Michael Foster
154fbf5070 Huge bug: undoImage() was not working at all. This means lots of Tinyboard users probably have lone/permanent images. Working on Tinyboard-Tools script to remove all images/thumbs that don't belong. 2013-08-19 01:07:04 +10:00
Michael Foster
80804b9df6 Bugfix: $config['file_thumb'] being used incorrectly 2013-08-18 20:53:01 +10:00
czaks
bf119b7abd Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	js/post-hover.js
2013-08-17 16:21:40 -04:00
Michael Foster
3a27060503 GeoIP: Ignore country codes that aren't country codes: ap (Asia/Pacific), EU, etc. 2013-08-18 01:06:13 +10:00