8chan
3da946268a
SECURITY: Poster IDs could reveal IPs across boards
...
Imagine the following scenario:
Alice has permission to view IPs on board A, and Bob has permissions to view IPs on board B.
If the post number was to match, and the same IP made both posts, A and B could trade user IPs which they wouldn't normally have permission to do so. This weird bug has already creeped up on 8chan.co and is now patched.
2014-10-07 08:16:21 -07:00
8chan
f0e58a02d2
Merge https://github.com/vichan-devel/vichan
...
Conflicts:
README.md
2014-09-24 19:42:45 +00:00
czaks
3b2f448102
restore compatibility with php < 5.5; fixes vichan-devel#86
2014-09-24 12:26:15 +02:00
8chan
da9ee32c2b
add htmlpurifier library
2014-09-23 23:25:04 +00:00
8chan
1e479f5a2e
Fix #13
2014-09-23 23:22:41 +00:00
Ian Bradley
306f4ef46b
Added escapeshellarg() for WebM thumbnail generation.
2014-09-15 16:57:06 -07:00
Ian Bradley
41c8628e19
Added escapeshellarg() for WebM thumbnail generation.
2014-09-15 16:57:06 -07:00
Ian Bradley
0a9de3deb5
FFmpeg support for WebMs. Fixes threads with large amounts of WebM's causing crashes for some users.
2014-09-15 16:34:36 -07:00
Ian Bradley
c91915f121
FFmpeg support for WebMs. Fixes threads with large amounts of WebM's causing crashes for some users.
2014-09-15 16:34:36 -07:00
czaks
8d0f1bf4ad
fix a bug in filename truncation
2014-07-08 09:56:31 +02:00
czaks
2476648416
fix a bug in filename truncation
2014-07-08 09:56:31 +02:00
czaks
4a0c87c7e1
Revert "Update jQuery UI to 1.11.0, GeoIPv6 and IP library"
...
This reverts commit dca7570b32
.
2014-07-06 03:50:16 +02:00
czaks
9bcd228293
Revert "Update jQuery UI to 1.11.0, GeoIPv6 and IP library"
...
This reverts commit dca7570b32
.
2014-07-06 03:50:16 +02:00
czaks
a9b035d822
Revert "Second rework of the GeoIP code, now supporting cities!"
...
This reverts commit 2488e77e86
.
2014-07-06 02:12:54 +02:00
czaks
22108ca901
Revert "Second rework of the GeoIP code, now supporting cities!"
...
This reverts commit 2488e77e86
.
2014-07-06 02:12:54 +02:00
Jano Slota
2488e77e86
Second rework of the GeoIP code, now supporting cities!
2014-07-06 01:30:38 +02:00
Jano Slota
a520101e22
Second rework of the GeoIP code, now supporting cities!
2014-07-06 01:30:38 +02:00
Jano Slota
dca7570b32
Update jQuery UI to 1.11.0, GeoIPv6 and IP library
2014-07-06 01:25:37 +02:00
Jano Slota
2d9e7d8ac0
Update jQuery UI to 1.11.0, GeoIPv6 and IP library
2014-07-06 01:25:37 +02:00
czaks
fe126cb4bf
rewrite filename truncation code; ref #53
2014-05-11 14:10:53 +02:00
czaks
5f626acd50
rewrite filename truncation code; ref #53
2014-05-11 14:10:53 +02:00
Jason Lam
ff51706bfd
add new truncate_filename filter
2014-05-09 20:42:57 -04:00
Jason Lam
687983b7c3
add new truncate_filename filter
2014-05-09 20:42:57 -04:00
Jano Slota
c25b8f01c5
Updated minify, jQuery, MixItUp and Tooltipster
2014-05-07 11:17:32 +02:00
Jano Slota
a2cd7de2dc
Updated minify, jQuery, MixItUp and Tooltipster
2014-05-07 11:17:32 +02:00
Fredrick Brennan
042e7b9c59
Deprecate postControls(), per-file deletion and spoilering
2014-04-30 17:18:35 -04:00
Fredrick Brennan
4460b08096
Deprecate postControls(), per-file deletion and spoilering
2014-04-30 17:18:35 -04:00
czaks
a2d62ce96d
fix webm for multiimage
2014-04-29 21:18:37 +02:00
czaks
8acee0f43a
fix webm for multiimage
2014-04-29 21:18:37 +02:00
copypaste
c483e1258c
multiimage posting
2014-04-27 15:48:47 +02:00
copypaste
f178769a0a
multiimage posting
2014-04-27 15:48:47 +02:00
czaks
e741ca9b01
update containerchan readme
2014-04-06 21:56:34 +02:00
czaks
22ab426842
update containerchan readme
2014-04-06 21:56:34 +02:00
czaks
e99c638e26
work on player.php (webm)
2014-04-06 21:32:23 +02:00
czaks
73875ff532
work on player.php (webm)
2014-04-06 21:32:23 +02:00
czaks
09b64a289b
matroska elements go there
2014-04-06 21:29:09 +02:00
czaks
c4dee402c7
matroska elements go there
2014-04-06 21:29:09 +02:00
czaks
781fde7789
move php files to a more sane directory
2014-04-06 21:21:17 +02:00
czaks
2315b8f08f
move php files to a more sane directory
2014-04-06 21:21:17 +02:00
czaks
207543754c
SECURITY: remove XSS vulnerability
2014-03-30 16:40:14 +02:00
czaks
6db593830b
SECURITY: remove XSS vulnerability
2014-03-30 16:40:14 +02:00
czaks
bcb47a1d33
geoip: compatibility fix; this allows to have both versions of geoip loaded
2014-02-19 00:01:40 +01:00
czaks
6926c934d0
geoip: compatibility fix; this allows to have both versions of geoip loaded
2014-02-19 00:01:40 +01:00
Jano Slota
9dad842c24
Moved the external geoip files to inc/lib/geoip and made the geoip code a bit prettier
2014-02-18 23:50:01 +01:00
Jano Slota
64cab8fd5c
Moved the external geoip files to inc/lib/geoip and made the geoip code a bit prettier
2014-02-18 23:50:01 +01:00
Michael Foster
df143c6b50
fix Twig permissions
2013-09-19 16:09:35 +10:00
Michael Foster
00fd54d20f
fix Twig permissions
2013-09-19 16:09:35 +10:00
Michael Foster
9c48084f3b
upgrade twig library
2013-09-19 16:08:25 +10:00
Michael Foster
f817c0c960
upgrade twig library
2013-09-19 16:08:25 +10:00
Michael Foster
f53348d7c8
Add this library I found
2013-09-17 09:18:59 +10:00