8chan
7a7574bdca
SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
...
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']
Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.
Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
8chan
6da7f4d25a
No more country flags in <title>
2016-05-06 12:40:37 +02:00
8chan
ae4eb4d3d9
RSS
2016-05-06 12:40:07 +02:00
8chan
632d0a76d0
Display placeholder if no file in catalog/theme.php; czaks: fix the code a bit
2016-05-06 12:37:00 +02:00
anonfagola
cb97029d0d
Update catalog.html
...
Changed title from being - "Catalog /board/" to "/board/ - Catalog"
2016-05-06 12:27:21 +02:00
czaks
3f29170f1b
debrand 8chan; btw. the previous commit was [SECURITY] i think?
2016-05-06 12:23:18 +02:00
8chan
ce62673a2c
OpenGraph information in thread pages https://en.wikipedia.org/wiki/Facebook_Platform#Open_Graph_protocol
2016-05-06 12:18:31 +02:00
8chan
aa0d3395b1
Show first 256 chars of body in <title>
2016-05-06 12:17:51 +02:00
8chan
b6f3d44080
Go to bottom link
2016-05-06 12:16:01 +02:00
czaks
293543878a
backport parts of 2d6d449bd2
, in particular html classes
2016-05-06 12:14:28 +02:00
Bui
6c334a3b44
lol spaces
2016-05-06 11:45:52 +02:00
Bui
d46bf4e2f2
add id to thread links
2016-05-06 11:45:37 +02:00
czaks
02c3c28a16
main.js: a bit more sane code
2016-05-05 15:37:50 +02:00
czaks
6991ca270e
fix bad merge
2016-05-05 13:53:52 +02:00
8chan
129eb154b3
Merge
2016-05-05 13:45:36 +02:00
Zixaphir
633c223282
Fix trailing comma
2016-05-05 13:43:32 +02:00
Zixaphir
cad8019068
Prevent images from hovering off-page
...
This entirely affects the "imageHoverFollowCursor" option.
2016-05-05 13:43:17 +02:00
Pashe
5f043d0a29
Have image-hover.js use data-fullimage instead of the API
2016-05-05 13:43:04 +02:00
8chan
913420e040
Image hover backported from 8chan X
2016-05-05 13:42:54 +02:00
czaks
130b32d08b
remove image hover, so we can import the whole 8chan history of that file
2016-05-05 13:42:38 +02:00
Fredrick Brennan
2712235f15
Make js/options/favs.js actually usable
...
I pretty much had to rework this completely to get it into a usable state
Reference ctrlcctrlv/infinity#424
2016-05-05 13:36:26 +02:00
Harry Hackett
6cb3039b71
Create fav.js
2016-05-05 13:35:02 +02:00
Fredrick Brennan
71fde35938
Oops forgot a file
2016-05-05 13:33:14 +02:00
Mark Taiwan
c2e3ff162f
Added missing curly brackets in post-filter.js
2016-05-05 13:22:59 +02:00
8chan
7cf3fccda5
Fix menu brokenness if user post deletion disabled
2016-05-05 13:22:36 +02:00
8n-tech
e64b01b690
Javascript ammendments, dio_ on Windows.
...
Signed-off-by: 8n-tech <8n-tech@users.noreply.github.com>
2016-05-05 13:22:11 +02:00
8chan
6b04b3c671
Fix post deletion
2016-05-05 13:21:09 +02:00
8chan
5f10badee9
Make no-animated-gif.js trigger on new_post
2016-05-05 13:12:10 +02:00
8chan
8412299fa5
Fix hide-threads.js interaction in no-animated-gif.js
2016-05-05 13:11:54 +02:00
Ringstaart
4e635229b4
Replace capital X by clearly superior ASCII ×
...
There's no reason to use a malformed letter when an ASCII character of a proper cross is available. This is an important issue, and I care about it very much.
2016-05-05 13:08:30 +02:00
8chan
f02226449a
Fix own post (You)
2016-05-05 13:06:25 +02:00
Fredrick Brennan
cac428b30c
Add some missing i18n tags
2016-05-05 13:03:31 +02:00
8chan
5267098cb8
Make bottom watchlist-toggle work
2016-05-05 13:01:24 +02:00
8chan
fd2e9df30c
This script was breaking boards.html
2016-05-05 13:01:00 +02:00
Pashe
01446aad12
thread-watcher.js: fix background and border
2016-05-05 13:00:47 +02:00
Pashe
6f301505e3
thread-watcher.js: change display format
2016-05-05 13:00:33 +02:00
7185
0b1c67574a
Fix selector in inline.js
...
Should make >>>/crossboard/links (and expanding links) work again
2016-05-05 12:59:25 +02:00
Fredrick Brennan
8943bb0bb3
Rewrite report system due to flooding
2016-05-05 12:57:52 +02:00
8chan
95a9b7b72b
Completely rewrite fix-report-delete-submit.js, add report/delete to menu
2016-05-05 12:52:17 +02:00
Forkless
4e39262223
Moved the Options tab stuff to be setup after the document is ready.
2016-05-05 12:45:25 +02:00
Forkless
81daf934fb
Fix for the js being shitty inside the compiled main.js.
2016-05-05 12:45:07 +02:00
Forkless
f6b4b2ac18
Removed redundant setting.
...
Bugfix.
2016-05-05 12:44:48 +02:00
Forkless
1663efcf9d
Fix for update to comment toolbar (should work now)
2016-05-05 12:43:57 +02:00
Fredrick Brennan
1b0f5fd24c
Revert "Comment toolbar update and Thread stats addition"
2016-05-05 12:42:41 +02:00
ForklessAnon
69a6631742
Added option to disable/ignore keybinds.
2016-05-05 12:36:28 +02:00
ForklessAnon
86ddb4ecbb
Update formatting toolbar to include user definable settings and customized options.
2016-05-05 12:35:58 +02:00
Markerov
9265ebea43
initial commit
2016-05-05 12:35:45 +02:00
marktaiwan
59ee8a990f
post-filter.js: prevent extra space characters
...
prevent extra spaces in comment caused by joining strings with leading
or trailing space.
2016-05-05 12:33:44 +02:00
8chan
4e27112147
Fix filter for users with emoji in thier names
2016-05-05 12:33:23 +02:00
marktaiwan
a9b29c7232
Bugfix: convert it to string
2016-05-05 12:33:02 +02:00