1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-21 03:45:58 +01:00
Commit Graph

4411 Commits

Author SHA1 Message Date
8chan
7a7574bdca SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']

Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.

Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
8chan
6da7f4d25a No more country flags in <title> 2016-05-06 12:40:37 +02:00
8chan
ae4eb4d3d9 RSS 2016-05-06 12:40:07 +02:00
8chan
632d0a76d0 Display placeholder if no file in catalog/theme.php; czaks: fix the code a bit 2016-05-06 12:37:00 +02:00
anonfagola
cb97029d0d Update catalog.html
Changed title from being - "Catalog /board/" to "/board/ - Catalog"
2016-05-06 12:27:21 +02:00
czaks
3f29170f1b debrand 8chan; btw. the previous commit was [SECURITY] i think? 2016-05-06 12:23:18 +02:00
8chan
ce62673a2c OpenGraph information in thread pages https://en.wikipedia.org/wiki/Facebook_Platform#Open_Graph_protocol 2016-05-06 12:18:31 +02:00
8chan
aa0d3395b1 Show first 256 chars of body in <title> 2016-05-06 12:17:51 +02:00
8chan
b6f3d44080 Go to bottom link 2016-05-06 12:16:01 +02:00
czaks
293543878a backport parts of 2d6d449bd2, in particular html classes 2016-05-06 12:14:28 +02:00
Bui
6c334a3b44 lol spaces 2016-05-06 11:45:52 +02:00
Bui
d46bf4e2f2 add id to thread links 2016-05-06 11:45:37 +02:00
czaks
02c3c28a16 main.js: a bit more sane code 2016-05-05 15:37:50 +02:00
czaks
6991ca270e fix bad merge 2016-05-05 13:53:52 +02:00
8chan
129eb154b3 Merge 2016-05-05 13:45:36 +02:00
Zixaphir
633c223282 Fix trailing comma 2016-05-05 13:43:32 +02:00
Zixaphir
cad8019068 Prevent images from hovering off-page
This entirely affects the "imageHoverFollowCursor" option.
2016-05-05 13:43:17 +02:00
Pashe
5f043d0a29 Have image-hover.js use data-fullimage instead of the API 2016-05-05 13:43:04 +02:00
8chan
913420e040 Image hover backported from 8chan X 2016-05-05 13:42:54 +02:00
czaks
130b32d08b remove image hover, so we can import the whole 8chan history of that file 2016-05-05 13:42:38 +02:00
Fredrick Brennan
2712235f15 Make js/options/favs.js actually usable
I pretty much had to rework this completely to get it into a usable state

Reference ctrlcctrlv/infinity#424
2016-05-05 13:36:26 +02:00
Harry Hackett
6cb3039b71 Create fav.js 2016-05-05 13:35:02 +02:00
Fredrick Brennan
71fde35938 Oops forgot a file 2016-05-05 13:33:14 +02:00
Mark Taiwan
c2e3ff162f Added missing curly brackets in post-filter.js 2016-05-05 13:22:59 +02:00
8chan
7cf3fccda5 Fix menu brokenness if user post deletion disabled 2016-05-05 13:22:36 +02:00
8n-tech
e64b01b690 Javascript ammendments, dio_ on Windows.
Signed-off-by: 8n-tech <8n-tech@users.noreply.github.com>
2016-05-05 13:22:11 +02:00
8chan
6b04b3c671 Fix post deletion 2016-05-05 13:21:09 +02:00
8chan
5f10badee9 Make no-animated-gif.js trigger on new_post 2016-05-05 13:12:10 +02:00
8chan
8412299fa5 Fix hide-threads.js interaction in no-animated-gif.js 2016-05-05 13:11:54 +02:00
Ringstaart
4e635229b4 Replace capital X by clearly superior ASCII ×
There's no reason to use a malformed letter when an ASCII character of a proper cross is available. This is an important issue, and I care about it very much.
2016-05-05 13:08:30 +02:00
8chan
f02226449a Fix own post (You) 2016-05-05 13:06:25 +02:00
Fredrick Brennan
cac428b30c Add some missing i18n tags 2016-05-05 13:03:31 +02:00
8chan
5267098cb8 Make bottom watchlist-toggle work 2016-05-05 13:01:24 +02:00
8chan
fd2e9df30c This script was breaking boards.html 2016-05-05 13:01:00 +02:00
Pashe
01446aad12 thread-watcher.js: fix background and border 2016-05-05 13:00:47 +02:00
Pashe
6f301505e3 thread-watcher.js: change display format 2016-05-05 13:00:33 +02:00
7185
0b1c67574a Fix selector in inline.js
Should make >>>/crossboard/links (and expanding links) work again
2016-05-05 12:59:25 +02:00
Fredrick Brennan
8943bb0bb3 Rewrite report system due to flooding 2016-05-05 12:57:52 +02:00
8chan
95a9b7b72b Completely rewrite fix-report-delete-submit.js, add report/delete to menu 2016-05-05 12:52:17 +02:00
Forkless
4e39262223 Moved the Options tab stuff to be setup after the document is ready. 2016-05-05 12:45:25 +02:00
Forkless
81daf934fb Fix for the js being shitty inside the compiled main.js. 2016-05-05 12:45:07 +02:00
Forkless
f6b4b2ac18 Removed redundant setting.
Bugfix.
2016-05-05 12:44:48 +02:00
Forkless
1663efcf9d Fix for update to comment toolbar (should work now) 2016-05-05 12:43:57 +02:00
Fredrick Brennan
1b0f5fd24c Revert "Comment toolbar update and Thread stats addition" 2016-05-05 12:42:41 +02:00
ForklessAnon
69a6631742 Added option to disable/ignore keybinds. 2016-05-05 12:36:28 +02:00
ForklessAnon
86ddb4ecbb Update formatting toolbar to include user definable settings and customized options. 2016-05-05 12:35:58 +02:00
Markerov
9265ebea43 initial commit 2016-05-05 12:35:45 +02:00
marktaiwan
59ee8a990f post-filter.js: prevent extra space characters
prevent extra spaces in comment caused by joining strings with leading
or trailing space.
2016-05-05 12:33:44 +02:00
8chan
4e27112147 Fix filter for users with emoji in thier names 2016-05-05 12:33:23 +02:00
marktaiwan
a9b29c7232 Bugfix: convert it to string 2016-05-05 12:33:02 +02:00