1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-11 07:16:10 +01:00
Commit Graph

287 Commits

Author SHA1 Message Date
8chan
7911c374e8 Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

===================================
Also: backports 351375185e (early 404)
2016-05-06 15:44:26 +02:00
8chan
7a7574bdca SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']

Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.

Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
czaks
cd01191072 those parts are extraneous 2016-05-05 11:45:29 +02:00
8chan
3eb755ee7e Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
8chan Admin
93f748e6a8 Security: capitalization of mods username is significant 2016-05-05 11:39:12 +02:00
czaks
77176faece enable javascript in mod panel 2016-05-05 09:56:54 +02:00
czaks
7c3126866c ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system) 2016-05-05 06:43:22 +02:00
czaks
caaf741691 [SECURITY] keep up with modern password hashing standards 2016-04-22 05:35:43 +02:00
czaks
2d9214ac63 version check should point at engine.vichan.net and not tinyboard.org actually 2015-04-23 08:18:36 +02:00
czaks
4c1d2f924c fix error while installing themes; thanks xixi 2015-04-23 07:57:52 +02:00
czaks
b78b3db010 uncache themes on settings change 2015-04-05 16:59:04 +02:00
czaks
2f7aeec531 ... 2015-03-10 13:48:33 +01:00
czaks
58b60f0aa4 ... 2015-03-10 13:46:34 +01:00
czaks
bdb6001f3f support for slugified links; may introduce a few bugs 2015-03-10 12:48:59 +01:00
czaks
9b3fa77719 new banlist implementation; also includes a public banlist 2014-10-08 23:23:59 +02:00
8chan
c4dc3f4d47 Fix spoiler image not working 2014-10-07 04:33:57 +02:00
kaf
fe60590d19 Check spoiler_image size before ussuming it is 128×128px 2014-10-05 15:26:28 +00:00
Juan Tamad
53ada6a5ff added option for showing the mod in ban page.
also fixes issue where the Staff is not shown in ban appeals.
2014-09-01 06:30:33 +08:00
8chan
ef7556194c Fix 55ch cancer; can now see next page of posts, ?/recent uses templating system 2014-07-19 18:42:52 +00:00
czaks
f97d2dff85 fix previous commit 2014-07-08 09:44:30 +02:00
czaks
9526f5ed1c fix #72 2014-07-08 09:43:04 +02:00
czaks
2c883fda0a fix ban appeals; thanks to sraczynski for reporting 2014-06-16 11:39:56 +02:00
czaks
427a9938a7 Merge 4.5 2014-06-12 03:12:56 +02:00
Chen-Pang He
7933abd271 Fix vichan #65
Conflicts:
	inc/mod/auth.php
	inc/mod/pages.php
2014-06-12 03:12:27 +02:00
czaks
503903ac0f Merge 4.5 2014-06-11 02:05:14 +02:00
czaks
23d6e82038 $_SERVER[HTTPS] isn`t being always set; fixes #65 2014-06-11 02:04:59 +02:00
czaks
c2cbbe7e22 Merge 4.5
Conflicts:
	js/expand-too-long.js
2014-06-10 17:51:03 +02:00
Chen-Pang He
6716a24b68 Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site 2014-06-10 17:42:18 +02:00
Fredrick Brennan
65a14a0d39 Fix moving of deleted files 2014-05-19 14:00:16 -04:00
Fredrick Brennan
5039584a5e Fix ?/recent str_replace issue 2014-05-04 19:24:34 -04:00
Fredrick Brennan
042e7b9c59 Deprecate postControls(), per-file deletion and spoilering 2014-04-30 17:18:35 -04:00
Fredrick Brennan
24753907eb remove var_dump 2014-04-29 20:18:30 -04:00
Fredrick Brennan
53e33d414f Fix mod_move for multi image 2014-04-29 19:14:10 -04:00
Fredrick Brennan
2b3942d19d Fix mod_move for multi image 2014-04-29 19:07:13 -04:00
czaks
bb5446a93d Merge remote-tracking branch 'origin/br-integration' into staging 2014-04-29 21:35:50 +02:00
copypaste
c483e1258c multiimage posting 2014-04-27 15:48:47 +02:00
czaks
9d9d514919 we no have any modpages.html 2014-03-25 11:57:36 +01:00
sinuca
fb2b66e2dd Recent posts functionality
Conflicts:
	inc/config.php
	inc/mod/pages.php
	mod.php
2014-03-25 11:35:04 +01:00
czaks
f5657caf24 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
	install.php
	post.php
	stylesheets/style.css
2013-11-11 21:54:35 +01:00
Michael Foster
f5422cad65 Um. I accidentally deleted this code for some reason. 2013-09-30 12:18:56 +10:00
Michael Foster
c8062fbf76 CSRF more mod pages 2013-09-23 16:48:56 +10:00
Michael Foster
d234c014f0 ?/debug/apc with cache prefixes 2013-09-23 10:41:47 +10:00
Michael Foster
fcbc211314 Fixed weird bug with ?/debug/sql trying to allocate a few GB on some instances. Assuming bug with APCu. 2013-09-23 10:21:18 +10:00
Michael Foster
39be89ba49 ?/debug/apc 2013-09-23 10:11:16 +10:00
Michael Foster
a9b7f9b1bc begin implementation of in-built ban appealing 2013-09-21 12:51:23 +10:00
ctrlcctrlv
0a58973631 Make it so that users can't insert code w/syntax errors into ?/config 2013-09-21 02:21:05 +00:00
czaks
8ca495e5b8 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
2013-09-17 19:12:19 -04:00
Michael Foster
3471f7c668 Optionally show post user was banned for 2013-09-18 08:47:34 +10:00
czaks
6cb7eb939e Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
	inc/display.php
	inc/mod/pages.php
	install.php
	js/quick-reply.js
	post.php
	templates/index.html
2013-09-17 10:43:44 -04:00
Michael Foster
803f0c8ce1 Fix search for new bans table 2013-09-17 09:35:13 +10:00
Michael Foster
3e57bb04d7 Begin upgrade to much better bans table. DO NOT PULL YET; It won't work. 2013-09-17 09:15:24 +10:00
Michael Foster
dd1bec687b bugfix: disable javascript on mod pages 2013-09-16 06:37:14 +10:00
Michael Foster
b038e0b244 fix last commit 2013-09-15 04:23:47 +10:00
Michael Foster
2230f0a051 disable $config['try_smarter'] on ?/rebuild 2013-09-15 04:22:27 +10:00
Michael Foster
5da8f28726 Improvements to ?/debug/antispam and ?/debug/recentc 2013-09-09 20:16:13 +10:00
Michael Foster
cc37d79c0d Fix last commit. 2013-09-09 01:38:32 +10:00
Michael Foster
eea4e42609 Add ability to create custom user/permissions groups 2013-09-09 01:33:51 +10:00
Michael Foster
7f0de93608 Cleaner check to make sure inc/ files aren't accessed directly. 2013-09-06 20:12:04 +10:00
czaks
8a244ab61e Fixed working on some broken shared hostings. Thanks for Belarussian anon for reporting. 2013-09-02 13:41:28 +10:00
czaks
069f1def9b Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	install.php
2013-09-01 11:25:19 -04:00
czaks
c240056865 Fixed working on some broken shared hostings. Thanks for Belarussian anon for reporting. 2013-09-01 11:20:57 -04:00
Michael Foster
8d14ef6bf7 lol 2013-08-31 13:33:26 +10:00
Michael Foster
d166fc70bd Fix \t in posts (editing posts, and HTML Tidy) 2013-08-31 13:23:29 +10:00
Michael Foster
46d41cd2a7 More track_cites work 2013-08-30 15:00:33 +10:00
Michael Foster
8921eb9c1a Bugfix: pm_unreadcount cache not working correctly 2013-08-30 08:38:14 +10:00
ctrlcctrlv
5f977ee593 Moving threads wasn't working with the catalog theme enabled
Conflicts:
	inc/mod/pages.php
2013-08-29 15:18:45 +10:00
ctrlcctrlv
b829d19ec7 Moving threads wasn't working with the catalog theme enabled 2013-08-29 00:38:39 +00:00
ctrlcctrlv
3b5561d1a4 Bugfix: Circlepuller is a dumbass and broke many mod actions, don't merge his commits without testing them 2013-08-29 07:32:29 +10:00
ctrlcctrlv
e34c0f4b65 Bugfix: Circlepuller is a dumbass and broke many mod actions, don't merge his commits without testing them 2013-08-28 21:31:10 +00:00
czaks
8503e65858 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
	inc/functions.php
	install.php
	stylesheets/dark_roach.css
2013-08-28 12:41:36 -04:00
Michael Foster
6ce78cb1a4 Bugfix: post editing: should be $board here, not $board['uri'] 2013-08-27 17:27:17 +10:00
Dan Saunders
00a1841cbc Regenerate themes after editing a post 2013-08-27 06:56:53 +10:00
Dan Saunders
08bb2894bc Rebuild themes when a post or file is deleted...
Rebuild themes when a post or file is deleted in the moderation panel.
2013-08-27 06:56:46 +10:00
Michael Foster
54a8c72121 Huge bug with deleting boards: $tmp_board unused; sometimes it would delete the wrong board's directory 2013-08-21 21:34:18 +10:00
Michael Foster
72beacc1da allow moving threads with non-image uploads 2013-08-21 20:54:46 +10:00
czaks
de035f4a7e Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	stylesheets/dark_roach.css
	stylesheets/style.css
2013-08-20 18:22:37 -04:00
ctrlcctrlv
fd398f82ed Fix reply moving 2013-08-19 13:20:10 +00:00
Michael Foster
69741e6c08 deleting boards: cache purging, delete directory after sql queries (in case we have permission errors, etc.) 2013-08-19 20:00:16 +10:00
czaks
da1b7d087e Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	install.php
2013-08-18 13:16:31 -04:00
ctrlcctrlv
9773416553 Better setting name 2013-08-19 03:01:30 +10:00
ctrlcctrlv
47dec49465 Optionally access mod cookie in JavaScript 2013-08-19 03:01:15 +10:00
Michael Foster
5051e0572a Missing theme conf type "checkbox" 2013-08-19 02:03:54 +10:00
ctrlcctrlv
2eb68ac398 Better setting name 2013-08-18 01:53:39 +00:00
ctrlcctrlv
52fe0c8989 Optionally access mod cookie in JavaScript 2013-08-18 01:44:36 +00:00
czaks
ca565d07c2 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/display.php
2013-08-16 16:06:54 -04:00
Michael Foster
0d45fbc799 Add \n before post modifiers. Add flag alt for country flags. 2013-08-17 03:39:58 +10:00
czaks
146243c473 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
	inc/display.php
	inc/functions.php
2013-08-16 10:07:24 -04:00
Michael Foster
47ddd2f8b2 Fix editing raw HTML posts 2013-08-16 22:18:57 +10:00
Michael Foster
b666886416 A few modifications:
1. Finally, clean up some of the crappy code in inc/display.php; no more extreme clutter. new Thread() and new Post() take an array as the first parameter now.

2. Poster country flags. Currently requires the "geoip" extension.

3. Give post images a classname. This was also long-overdue.
2013-08-16 21:08:01 +10:00
czaks
4f855cf3b3 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
	inc/display.php
	inc/functions.php
2013-08-13 14:46:16 -04:00
Michael Foster
e0a8ffcfb9 ?/config: Link URLs in comments 2013-08-12 21:14:32 +10:00
ctrlcctrlv
2018fd206b Improve spoiler action
Conflicts:
	inc/mod/pages.php
2013-08-12 12:57:54 +10:00
ctrlcctrlv
ed04525994 Spoil files moderator action 2013-08-12 12:55:44 +10:00
czaks
8534e2cc80 Merge branch 'noko50-new-dev11' of http://github.com/fallenPineapple/Tinyboard
Conflicts:
	inc/functions.php
2013-08-11 17:49:29 -04:00
ctrlcctrlv
b9ec342750 Merge conflict 2013-08-11 15:36:17 +00:00
ctrlcctrlv
fd54de7126 Improve spoiler action 2013-08-11 13:54:11 +00:00
czaks
fa9bf536c3 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
	inc/display.php
	inc/mod/pages.php
	js/catalog-link.js
	post.php
	templates/banned.html
2013-08-11 09:50:33 -04:00
ctrlcctrlv
38c9ac65d8 Critical bug: could not move threads/posts with spoiler images, resulted in I/O error
Conflicts:
	inc/mod/pages.php
2013-08-11 21:26:02 +10:00
fallenPineapple
12ee85beaf Adds "noko50" (View Last 50 Posts) pages. (Broken Reply) 2013-08-10 17:16:30 -04:00
czaks
6fb2ea3b31 fix support for board prefixes after merge 2013-08-09 17:42:19 -04:00