Michael Foster
e01b659183
?/IP/: Don't show posts for board user doesn't have access to
2013-07-30 23:30:49 -04:00
Michael Foster
a01f53b4a4
Upgrade to utf8mb4 charset for MySQL server versions above 5.5.3. Keep support for older versions. Fix charsets for multiple columns and tables.
2013-07-30 22:08:56 -04:00
Michael Foster
e2adc0093d
MySQL's utf8 charset only supports up to 3-byte symbols. Insterting four byte symbols (U+010000 to U+10FFFF) can be done maliciously to break HTML mark-up.
...
The ideal solution was to convert to MySQL's utf8mb4 charset, but then we would lose support for MySQL < 5.5.3. In this fix, incompatible characters are encoded as HTML numeric character references (eg. #65536 ) and just stripped from body_nommarkup.
2013-07-30 16:41:10 -04:00
Michael Foster
1d5339d7c6
Post search: Search other fields too
2013-07-29 20:20:07 -04:00
Michael Foster
cc7615cf06
Search posts
2013-07-29 16:18:06 -04:00
Michael Foster
4f747172c2
Make font-awesome enabled by default
2013-07-29 12:27:10 -04:00
Michael Foster
d9dfed5e1c
Fix for last commit
2013-07-28 20:46:00 -04:00
Michael Foster
9a14d32c77
Strip combining characters from Unicode strings (eg. Zalgo)
2013-07-28 20:33:26 -04:00
Michael Foster
5359769088
Fix markup overlapping. Issue #124
2013-07-26 11:01:13 -04:00
Michael Foster
8daaaf350a
%length% in public ban messages
2013-07-24 11:30:01 -04:00
Michael Foster
d6090fb776
Long overdue: Salted password hashes
2013-07-24 11:15:55 -04:00
Michael Foster
e84dceb60c
Option to use font-awesome for sticky/lock icons, etc.
2013-07-23 09:38:42 -04:00
Michael Foster
ad2edf62d7
Option to make stylesheet selections board-specific
2013-07-23 01:35:56 -04:00
Michael Foster
9a35acdd1e
Add custom links to dashboard
2013-07-22 18:30:45 -04:00
Michael Foster
aa598d28d1
Option to check public ban message by default
2013-07-22 17:51:13 -04:00
Michael Foster
f798bb5209
Option to automatically strip EXIF metadata from JPEGs
2013-07-21 15:50:45 -04:00
Michael Foster
f552849495
Fix permissions with search
2013-07-20 13:15:44 -04:00
Michael Foster
f49e6c9fc3
Search update
2013-07-20 12:05:42 -04:00
Michael Foster
b34ba883c5
Bring back search (searching posts not implemented yet)
2013-07-20 07:50:33 -04:00
Michael Foster
731cfba33b
Only store video URLs in database, instead of the generated player HTML.
2013-07-19 18:36:12 -04:00
Michael Foster
34b5f62600
Themes edit: Split "post" into two seperate actions: "post" (replies) and "post-thread". And add a $board variable.
2013-07-18 12:06:26 -04:00
Michael Foster
072e22bdfa
Update filters to work with new ban table
2013-07-18 10:17:19 -04:00
Michael Foster
390e529717
More ban stuff: Show whether or not user has "seen" a ban yet in the ban list and on IP address pages. Purge useless expired ban records.
2013-07-16 08:50:39 -04:00
Michael Foster
4340e74569
$config['require_ban_view']: Force users to view the "You are banned" page at least once before letting a ban disappear naturally.
2013-07-16 06:33:37 -04:00
Michael Foster
9825d8611f
Outputting thread subject in header/title (issue #122 )
2013-07-16 02:48:20 -04:00
Michael Foster
4eea9507c3
Automatically dismiss all reports regarding a thread after it is locked.
2013-07-16 02:32:44 -04:00
Michael Foster
a378ff7658
Fix issue #24
2013-07-16 02:27:20 -04:00
Michael Foster
a5e04f0ba7
Add clean() to mod_move function
2013-07-16 01:38:24 -04:00
Michael Foster
5c7e328f5d
Add "write" (files written to) to debug section
2013-07-16 01:21:06 -04:00
Macil Tech
90c2b95f92
Argh, just remove all RTL and LTR control codes in bidi_cleanup.
...
If the name and subject fields both start with RLO characters, then the
subject would be after the name with the old bidi_cleanup.
2013-07-08 13:26:31 -05:00
Michael
bab6548929
Merge pull request #116 from Macil/hardlimits
...
Adds image_hard_limit and reply_hard_limit options
2013-06-18 10:46:25 -07:00
Michael
a087ab72db
Merge pull request #115 from Macil/miscfixes
...
Miscellaneous fixes
2013-06-18 10:45:13 -07:00
Michael
9ca0aa37f5
Merge pull request #114 from Macil/rtlfix
...
Fix display issues with RTL control characters in post names, subjects, ...
2013-06-18 10:41:31 -07:00
Michael
6c367c8f31
Merge pull request #113 from Macil/tzfix
...
Output times in UTC
2013-06-18 10:40:56 -07:00
Macil Tech
aa881058a3
Adds image_hard_limit and reply_hard_limit options.
...
Also reworks the numPosts() function and uses it elsewhere too.
2013-06-18 12:21:41 -05:00
Macil Tech
b872cf55e4
m and n dash fix
2013-06-18 12:07:30 -05:00
Macil Tech
01f1c89f7c
Fix "Undefined index: sticky" and "locked" errors on new thread creation.
2013-06-18 12:00:26 -05:00
Macil Tech
66965b3655
Fix broken entity removal in post truncation.
2013-06-18 11:16:15 -05:00
Macil Tech
821f40a794
Fix result page after installing theme getting doubled up.
2013-06-18 11:14:02 -05:00
Macil Tech
42aec516f6
Fix openBoard and boardTitle functions using same caching keys.
...
Added getBoardInfo function that's used by both of the above functions,
and can get a board's info without loading it.
2013-06-18 11:13:43 -05:00
Macil Tech
b992532c32
pm_snippet() should probably use mb_substr if it's using mb_strlen.
2013-06-18 11:12:31 -05:00
Macil Tech
7912f13319
Output times in UTC.
...
Let the client localize the times with js/local-time.js themselves. No
one cares what the server timezone is.
This fixes a bug where posts made in a different daylight savings mode
have their times displayed off by an hour. Their times would be rendered
to the server's own timezone area correctly, but then the server's
*current* utc-offset would be appended, which wouldn't match up.
2013-06-18 11:10:39 -05:00
Macil Tech
8b14cbb091
Fix display issues with RTL control characters in post names, subjects, and filenames.
2013-06-18 11:07:47 -05:00
Macil Tech
3d9f318397
Fix PM count caching.
...
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
2013-06-18 11:02:45 -05:00
undido
cd3a05a9d1
update config.php config for unban limit
...
Adding config and error for unban list when a user tries to unban more users than they are allowed too.
2013-04-16 19:14:51 -03:00
undido
5ae9fa3c1f
update to pages.php minor exploit
...
A lot of bans can be removed from a tinyboard database because it isn't limited A staff member could select 100 users all at once with a simple javascript function and unban them all this needs to be limited because a staff member on an image board if they feel hostile they can just remove all bans on the tinyboard site easily without being limited to how many people they can unban at a time, this adds an option to limit it.
2013-04-16 19:09:58 -03:00
Fredrick
b09a46fe99
Fix per-board name not being used
2013-03-20 07:46:48 -04:00
Fredrick
0b4487aafa
Fix truncation issue by no longer using HTML entities for Unicode characters
2013-03-17 07:00:55 -04:00
Michael Save
41b3638fbf
Mod log in ?/IP (ie. ban history)
2013-03-16 18:27:24 +11:00
Michael Save
642fbb6b78
Fix: Critical security vulnerability
2013-03-15 00:40:02 +11:00
Michael Save
3ae53c0b78
...
2013-01-30 05:07:09 +11:00
Michael Save
6ff062be0e
Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form
2013-01-30 04:45:38 +11:00
Michael Save
6b7be343d3
Merge branch 'master' of github.com:savetheinternet/Tinyboard
2013-01-29 22:17:46 +11:00
Michael Save
43fd36dd05
Use === operator in authentication.
2013-01-29 22:13:35 +11:00
Michael Save
242841122b
Don't always redirect to dashboard on login
2013-01-29 22:11:33 +11:00
Michael
8594294b39
Merge pull request #96 from Macil/redis
...
Add Redis caching support
2013-01-27 21:32:28 -08:00
Michael
18e86d6fc8
Merge pull request #97 from Macil/indexstuff
...
index() rework to use only one cache key
2013-01-27 21:32:01 -08:00
Macil Tech
3ba2bb4aa1
Reworked index() slightly to make caching simpler and only use one key.
2013-01-27 21:32:22 -06:00
Michael Save
86cbde384e
More use of mod log
2013-01-27 19:02:47 +11:00
Michael Save
d9b27fd42a
New debug page: ?/debug/sql
2013-01-25 23:56:55 +11:00
Michael Save
5766be121c
?/debug/recent
2013-01-25 22:23:26 +11:00
Michael Save
e16ef2fde9
New debug mod page: ?/debug/recent (recent posts across all boards)
2013-01-25 22:18:03 +11:00
Michael Save
80f5c57e9b
Show "most recent" in anti-spam debug page
2013-01-24 19:25:07 +11:00
Michael Save
adae930469
Raw HTML editing
2013-01-24 19:16:25 +11:00
Michael Save
c417e48d78
Bugfix: Anti-bot check not allowing posting from second page
2013-01-24 04:56:06 +11:00
Michael Save
b15b38b505
Major fixes and clean-up for edit form
2013-01-24 04:16:09 +11:00
asiekierka
940e6c657b
[EDIT] basic edit support
2013-01-24 03:53:23 +11:00
asiekierka
153fb156fe
[EDIT] added dummy form
2013-01-24 03:53:06 +11:00
asiekierka
748450ccec
[EDIT] added dummy page
2013-01-24 03:52:55 +11:00
Michael Save
2ef4d511bd
Em dash and en dash mix-up. Issue #88
2013-01-24 03:37:15 +11:00
Michael Save
1049e5f57e
No point using JSON as Cache class already supports objects
2013-01-23 13:42:14 +11:00
Macil Tech
da3a6a09a8
Add Redis caching support.
...
Compatible with the phpredis extension:
https://github.com/nicolasff/phpredis
2013-01-22 20:22:16 -06:00
Michael Save
df6ec1c1f9
I'm dumb
2013-01-23 12:48:23 +11:00
Michael Save
656fab9f8e
Hopefully a final fix for caching thread previews. This feature was previous disabled because of a bug/confliction.
2013-01-23 12:43:46 +11:00
Michael Save
4f58617507
Copyright and license update for 2013.
2013-01-20 21:23:46 +11:00
Macil Tech
ef7c998b02
Add field_disable_subject and field_disable_reply_subject config options.
2013-01-19 01:37:48 -06:00
Michael
b91845ea7e
Merge pull request #93 from Macil/image_reject_repost_in_thread
...
Add image_reject_repost_in_thread option
2013-01-18 23:03:16 -08:00
Macil Tech
7871d30bda
Incorrect parameter type.
...
The parameter was bound with the wrong type. I guess the type isn't
enforced judging by how the code still seemed to work, but it probably
should be fixed.
2013-01-19 00:39:30 -06:00
Macil Tech
3b739ba722
Fix transforming links to mod links in OP posts.
...
Similar regexes are called for threads and posts, but they differed
needlessly, and the thread regex would drop anything between the `<a`
and `href="` parts. This makes them both the same and functional.
2013-01-19 00:39:30 -06:00
Macil Tech
87b1498d23
Insert into posts table using named columns.
...
Makes it easier to update the posts table schema.
2013-01-19 00:39:29 -06:00
Macil Tech
e274368372
Made deleting posts by IP more efficient.
...
No longer rebuilds same thread multiple times.
2013-01-19 00:39:29 -06:00
Macil Tech
c61a74ca37
Extend timelimit when rebuilding from mod interface.
...
The rebuild_timelimit config option was not used anywhere since the mod
interface rewrite.
2013-01-19 00:39:29 -06:00
Macil Tech
42b3e6eea6
Fix incorrect log message when bumplocking and stickying threads.
2013-01-19 00:39:29 -06:00
Macil Tech
847ae1ef87
Global missing from mod_logout
2013-01-19 00:39:29 -06:00
Macil Tech
97ae4dd6bc
Don't do anything if a mod link is middle-clicked.
...
This lets Chrome users open mod actions in a new tab by middle-clicking,
as Chrome still calls the onclick event when middle-clicking unlike
Firefox.
2013-01-19 00:38:44 -06:00
Macil Tech
15043b39cf
Add image_reject_repost_in_thread option
2013-01-19 00:25:24 -06:00
Macil Tech
6b3d02e4fa
Remove buildThread() call from mod_deletefile because deleteFile()
...
already calls it.
2013-01-18 23:13:08 -06:00
Macil Tech
5c2b26d2d3
Do truncation by actual character count.
...
Using substr can cut a multi-byte character in half.
Also, if a long post with many multi-byte characters was reported, then
the mod interface would temporarily extend the body_truncate_char
setting to be sure to cover all of the *characters* in the report, but
this function would interpret body_truncate_char as a number of *bytes*,
so sometimes the end of the report's appended html would be cut off.
2013-01-18 18:26:25 -06:00
Macil Tech
263ecfe5ce
Don't truncate inside an HTML comment!
2013-01-18 18:26:25 -06:00
Macil Tech
36af0af624
Don't require closing tag for tags that don't need it.
2013-01-18 18:26:25 -06:00
Michael
83feb4ce94
Merge pull request #81 from Appe/patch-1
...
Updated Youtube embed code.
2012-12-01 06:40:21 -08:00
Michael Save
91a4832fd6
Added new events: lock and load-config
2012-11-19 10:28:23 +11:00
Appe
bb7b907428
Updated Youtube embed code.
2012-11-08 23:58:05 +02:00
Michael Save
3347cfb4fb
Bugfix: [sticky]
2012-09-30 22:56:09 +10:00
Michael Save
61101dd1f4
Something is broken. Removed that for now.
2012-09-28 04:53:07 +10:00
Michael Save
9edc856c92
Quick fix relating to last commit
2012-09-28 04:50:25 +10:00
Michael Save
1a02cfbc6a
Bugfix: Caching complications with thread preview
2012-09-28 04:46:20 +10:00
Michael Save
bb5fc5545b
Bugfix: [F]
2012-09-28 04:00:13 +10:00
Michael Save
bd35aea0f7
Bugfix: B&D "invalid security token" error
2012-09-28 03:54:32 +10:00
Michael Save
8e3ef4ebfe
bugfix: security token forgotten for ban form in view_ip.html
2012-08-28 02:24:29 +10:00