Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.
8chan uses NFS and flock() does not work over NFS. See http://0pointer.de/blog/projects/locking.html for more information.
Without proper file locking, race conditions are possible in ?/settings and other pages. The one in ?/settings is particularly bad, too many successive writes can cause a PHP file with bad syntax to be written which breaks an entire board and many scripts that call openBoard().
You need to install the dio.so module if you merge this commit.
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']
Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.
Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
Sometimes thumbnail generation fails but the post is still there, sometimes post deletion is aborted halfway through
Ignore errors from file_unlink and don't fail if $f->file, $f->thumb not set
- Resolved warnings would be thrown if inc/dnsbls.php did not exist.
- Resolved problem where shell_exec_error was incorrectly reporting a success in instances where 'md5sum' was not supported, resulting in "'md5sum'" literally being recorded as the file hash. This then lead to hex2bin throwing an error on page load, preventing access to threads (among other problems).
Imagine the following scenario:
Alice has permission to view IPs on board A, and Bob has permissions to view IPs on board B.
If the post number was to match, and the same IP made both posts, A and B could trade user IPs which they wouldn't normally have permission to do so. This weird bug has already creeped up on 8chan.co and is now patched.