1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-11 07:16:10 +01:00
Commit Graph

788 Commits

Author SHA1 Message Date
papereth
6ccaf19045
Fixed thread.html template (#380)
* Update functions.php

` $_SERVER['REMOTE_ADDR']` was hardcoded in ban lookup instead of `$ip` variable

* Fix information leak in thread.html

Sensitive information can be leaked due to inadequate/absent escaping.

Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.

* Fixed thread template

`remove_markup` is not available on vichan, arguably it makes things better but it's out of scope for this CHANGE, removing modifiers is enough to stop the info leak
consider adding it again after pulling:
fallenPineapple@a5b3336

also moving truncation before escaping for extra safety
2020-08-15 07:19:47 -07:00
papereth
2275735fdf
Fix information leak in thread.html (#377)
Sensitive information can be leaked due to inadequate/absent escaping, if proxy_save enabled

Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.
2020-08-10 09:50:02 -07:00
Fredrick Brennan
01538ed33a Close #366
I don't know why this works, but this extra whitespace is required on
PHP 7.4.

If you want to know why I hate PHP updates, this is why.
2020-01-21 09:46:29 +08:00
Daniel Saunders
2600298be8 Theme fixes 2020-01-20 10:37:54 +08:00
Fredrick Brennan
3a41c24e6e Fix PHP 7.3 regression in ?/users
This gets rid of the "Case-insensitive constants are deprecated" error
by passing doing |upper before passing to constant().
2019-05-02 12:19:50 +08:00
Fredrick Brennan
7514f31b36 count➜length in confeditor for PHP7.2 2018-10-12 14:47:38 +08:00
H1K1CH4N
b1842dfe10 removed NPFchan copyright 2018-09-29 04:19:36 +02:00
H1K1CH4N
6f15b56b65 made the image header a little bit better in index theme 2018-09-27 04:58:05 +02:00
H1K1CH4N
44dcbca6c9 improved index theme css 2018-09-27 03:02:21 +02:00
H1K1CH4N
b8f1c219f0 Adds a new theme called "Index"
adds an option to use textarea in theme settings.
Merged most Basic, Recent and Frameset theme functions in one.
you can add a video picture icon and quote in the homepage.
@ctrlcctrlv feel free to add suggestions and fix bladly formed code or let me know and I will try to fix.
i installed it on my demo site: https://hikichan.com/
2018-09-27 00:41:22 +02:00
Fredrick Brennan
aeb4a31194 Close #304 2018-09-18 14:08:06 +08:00
Fredrick Brennan
41cfd500de Fix dashboard Countable on non-countable error
Only affected PHP7.2, was due to a sloppy template. PHP7.2 is much more
strict than previous versions so these kinds of bugs are coming to the
fore.
2018-07-27 19:40:44 +08:00
antedeguemon
b94bf5ec19 Update license and copyright dates 2018-03-01 22:57:53 -03:00
H0K4
e8edadeda9
Update move.html 2017-11-05 18:07:52 +01:00
H0K4
896d9e2f75
Update move_reply.html 2017-11-05 18:07:22 +01:00
H0K4
714cb95194
Update move_reply.html 2017-11-05 18:04:34 +01:00
H0K4
767e8f5d6a
Prevents double submit when moving a thread.
I probably moved 1000 of threads and if you double click on the submit button it duplicates the moved thread.
2017-11-05 18:03:20 +01:00
Thalis
0b84fc26d6 fixed deleted.png image not found on the front end 2017-07-28 21:40:06 +02:00
czaks
b7875be471 search form in index: fix order 2017-07-26 23:37:05 -04:00
Daniel Saunders
7a43a3ea34 Updated reCAPTCHA v2 to use api.js method 2017-07-24 03:40:56 -04:00
Marcin Łabanowski
39715e3595 Merge pull request #224 from ghost/patch-2
Implementing Czaks captcha
2017-07-23 17:57:59 +02:00
Marcin Łabanowski
59bcf88872 Merge pull request #146 from szalwia/master
Fix thumbnail scaling in recent theme
2017-07-23 17:55:40 +02:00
Thalis
4efaf50c90 Board search content implementation
you can search boards with this mod.
2017-07-23 17:49:01 +02:00
antedeguemon
4f85b7c570 Fixed XSS in post edit page and modsearch 2017-05-21 17:08:43 -03:00
Horija
5dbfc0ab24 Update post_form.html 2017-04-24 11:44:39 +02:00
Horija
175b54b7f0 Fixed go to bottom link 2017-04-21 03:09:48 +02:00
int15h
b3071152dc new exif provider 2016-12-24 10:39:30 -02:00
Montrosos
1f4de533f0 Included header.html for better boardlist
Simply included the header.html so that the compact boardlist works with it and it's responsive now.
2016-12-12 13:52:42 +01:00
czaks
fed9065cf1 skip non-image files in recent themes; fixes vichan-devel/vichan#185 2016-06-19 02:23:24 +02:00
fatchan
4f3cc7f316 Whoops 2016-06-09 11:22:57 +02:00
fatchan
f27c26907d Remove hardcoded 8chan links in catalog RSS 2016-06-09 11:22:47 +02:00
fatchan
cdd963e79e fix flag spacing 2016-06-09 11:18:34 +02:00
czaks
36d762514c Merge branch 'master' of github.com:vichan-devel/Tinyboard 2016-06-09 04:51:17 +02:00
czaks
94c91db097 fix news deletion; thanks MrFreeman 2016-06-09 04:51:05 +02:00
fatchan
d285a79667 Move the 'Go back and rebuild again' to the top of the rebuilt page so you dont have to scroll 2016-05-31 23:28:55 +10:00
czaks
b6f0317bde advanced build (1/2): a small refactor of index generating procedure; generation strategies 2016-05-08 10:54:30 +02:00
czaks
3f405b3484 what if IP address contained bad characters? (highly local) 2016-05-06 16:53:28 +02:00
czaks
3571670b98 fix catalog link someone? 2016-05-06 16:51:34 +02:00
czaks
a5bd39dc4a mod dashboard html: link to page editor 2016-05-06 16:49:35 +02:00
Fredrick Brennan
505adffcdc Cyclical threads ♺ 2016-05-06 16:39:20 +02:00
8chan
d788131202 Allow a board called news to exist 2016-05-06 16:26:17 +02:00
Fredrick Brennan
95b1e103cb Edit static pages commit 2016-05-06 16:03:55 +02:00
8chan
7911c374e8 Public action logs commit (log.php)
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.

===================================
Also: backports 351375185e (early 404)
2016-05-06 15:44:26 +02:00
czaks
2fa37278db boardlist goes before #top 2016-05-06 15:09:25 +02:00
Forkless
d069a4c9fd Added option for hiding IDs. 2016-05-06 14:32:53 +02:00
czaks
33ef3f9b01 synchronize catalog_link 2016-05-06 14:14:22 +02:00
Bui
33ef1d2123 add active page classes to body; czaks: go to bottom @ thread: fixes 2016-05-06 14:05:16 +02:00
8n-tech
6644ff666a Also improved some CSS and HTML aspects of the thread layout.
Signed-off-by: 8n-tech <8n-tech@users.noreply.github.com>
2016-05-06 13:51:15 +02:00
8chan
6da7f4d25a No more country flags in <title> 2016-05-06 12:40:37 +02:00
8chan
ae4eb4d3d9 RSS 2016-05-06 12:40:07 +02:00