1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-12 07:41:12 +01:00
Commit Graph

79 Commits

Author SHA1 Message Date
8chan
3da946268a SECURITY: Poster IDs could reveal IPs across boards
Imagine the following scenario:

Alice has permission to view IPs on board A, and Bob has permissions to view IPs on board B.

If the post number was to match, and the same IP made both posts, A and B could trade user IPs which they wouldn't normally have permission to do so. This weird bug has already creeped up on 8chan.co and is now patched.
2014-10-07 08:16:21 -07:00
8chan
f0e58a02d2 Merge https://github.com/vichan-devel/vichan
Conflicts:
	README.md
2014-09-24 19:42:45 +00:00
czaks
3b2f448102 restore compatibility with php < 5.5; fixes vichan-devel#86 2014-09-24 12:26:15 +02:00
8chan
da9ee32c2b add htmlpurifier library 2014-09-23 23:25:04 +00:00
8chan
1e479f5a2e Fix #13 2014-09-23 23:22:41 +00:00
Ian Bradley
306f4ef46b Added escapeshellarg() for WebM thumbnail generation. 2014-09-15 16:57:06 -07:00
Ian Bradley
41c8628e19 Added escapeshellarg() for WebM thumbnail generation. 2014-09-15 16:57:06 -07:00
Ian Bradley
0a9de3deb5 FFmpeg support for WebMs. Fixes threads with large amounts of WebM's causing crashes for some users. 2014-09-15 16:34:36 -07:00
Ian Bradley
c91915f121 FFmpeg support for WebMs. Fixes threads with large amounts of WebM's causing crashes for some users. 2014-09-15 16:34:36 -07:00
czaks
8d0f1bf4ad fix a bug in filename truncation 2014-07-08 09:56:31 +02:00
czaks
2476648416 fix a bug in filename truncation 2014-07-08 09:56:31 +02:00
czaks
4a0c87c7e1 Revert "Update jQuery UI to 1.11.0, GeoIPv6 and IP library"
This reverts commit dca7570b32.
2014-07-06 03:50:16 +02:00
czaks
9bcd228293 Revert "Update jQuery UI to 1.11.0, GeoIPv6 and IP library"
This reverts commit dca7570b32.
2014-07-06 03:50:16 +02:00
czaks
a9b035d822 Revert "Second rework of the GeoIP code, now supporting cities!"
This reverts commit 2488e77e86.
2014-07-06 02:12:54 +02:00
czaks
22108ca901 Revert "Second rework of the GeoIP code, now supporting cities!"
This reverts commit 2488e77e86.
2014-07-06 02:12:54 +02:00
Jano Slota
2488e77e86 Second rework of the GeoIP code, now supporting cities! 2014-07-06 01:30:38 +02:00
Jano Slota
a520101e22 Second rework of the GeoIP code, now supporting cities! 2014-07-06 01:30:38 +02:00
Jano Slota
dca7570b32 Update jQuery UI to 1.11.0, GeoIPv6 and IP library 2014-07-06 01:25:37 +02:00
Jano Slota
2d9e7d8ac0 Update jQuery UI to 1.11.0, GeoIPv6 and IP library 2014-07-06 01:25:37 +02:00
czaks
fe126cb4bf rewrite filename truncation code; ref #53 2014-05-11 14:10:53 +02:00
czaks
5f626acd50 rewrite filename truncation code; ref #53 2014-05-11 14:10:53 +02:00
Jason Lam
ff51706bfd add new truncate_filename filter 2014-05-09 20:42:57 -04:00
Jason Lam
687983b7c3 add new truncate_filename filter 2014-05-09 20:42:57 -04:00
Jano Slota
c25b8f01c5 Updated minify, jQuery, MixItUp and Tooltipster 2014-05-07 11:17:32 +02:00
Jano Slota
a2cd7de2dc Updated minify, jQuery, MixItUp and Tooltipster 2014-05-07 11:17:32 +02:00
Fredrick Brennan
042e7b9c59 Deprecate postControls(), per-file deletion and spoilering 2014-04-30 17:18:35 -04:00
Fredrick Brennan
4460b08096 Deprecate postControls(), per-file deletion and spoilering 2014-04-30 17:18:35 -04:00
czaks
a2d62ce96d fix webm for multiimage 2014-04-29 21:18:37 +02:00
czaks
8acee0f43a fix webm for multiimage 2014-04-29 21:18:37 +02:00
copypaste
c483e1258c multiimage posting 2014-04-27 15:48:47 +02:00
copypaste
f178769a0a multiimage posting 2014-04-27 15:48:47 +02:00
czaks
e741ca9b01 update containerchan readme 2014-04-06 21:56:34 +02:00
czaks
22ab426842 update containerchan readme 2014-04-06 21:56:34 +02:00
czaks
e99c638e26 work on player.php (webm) 2014-04-06 21:32:23 +02:00
czaks
73875ff532 work on player.php (webm) 2014-04-06 21:32:23 +02:00
czaks
09b64a289b matroska elements go there 2014-04-06 21:29:09 +02:00
czaks
c4dee402c7 matroska elements go there 2014-04-06 21:29:09 +02:00
czaks
781fde7789 move php files to a more sane directory 2014-04-06 21:21:17 +02:00
czaks
2315b8f08f move php files to a more sane directory 2014-04-06 21:21:17 +02:00
czaks
207543754c SECURITY: remove XSS vulnerability 2014-03-30 16:40:14 +02:00
czaks
6db593830b SECURITY: remove XSS vulnerability 2014-03-30 16:40:14 +02:00
czaks
bcb47a1d33 geoip: compatibility fix; this allows to have both versions of geoip loaded 2014-02-19 00:01:40 +01:00
czaks
6926c934d0 geoip: compatibility fix; this allows to have both versions of geoip loaded 2014-02-19 00:01:40 +01:00
Jano Slota
9dad842c24 Moved the external geoip files to inc/lib/geoip and made the geoip code a bit prettier 2014-02-18 23:50:01 +01:00
Jano Slota
64cab8fd5c Moved the external geoip files to inc/lib/geoip and made the geoip code a bit prettier 2014-02-18 23:50:01 +01:00
Michael Foster
df143c6b50 fix Twig permissions 2013-09-19 16:09:35 +10:00
Michael Foster
00fd54d20f fix Twig permissions 2013-09-19 16:09:35 +10:00
Michael Foster
9c48084f3b upgrade twig library 2013-09-19 16:08:25 +10:00
Michael Foster
f817c0c960 upgrade twig library 2013-09-19 16:08:25 +10:00
Michael Foster
f53348d7c8 Add this library I found 2013-09-17 09:18:59 +10:00