papereth
6ccaf19045
Fixed thread.html
template ( #380 )
...
* Update functions.php
` $_SERVER['REMOTE_ADDR']` was hardcoded in ban lookup instead of `$ip` variable
* Fix information leak in thread.html
Sensitive information can be leaked due to inadequate/absent escaping.
Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.
* Fixed thread template
`remove_markup` is not available on vichan, arguably it makes things better but it's out of scope for this CHANGE, removing modifiers is enough to stop the info leak
consider adding it again after pulling:
fallenPineapple@a5b3336
also moving truncation before escaping for extra safety
2020-08-15 07:19:47 -07:00
papereth
2275735fdf
Fix information leak in thread.html ( #377 )
...
Sensitive information can be leaked due to inadequate/absent escaping, if proxy_save enabled
Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.
2020-08-10 09:50:02 -07:00
antedeguemon
b94bf5ec19
Update license and copyright dates
2018-03-01 22:57:53 -03:00
Horija
175b54b7f0
Fixed go to bottom link
2017-04-21 03:09:48 +02:00
czaks
2fa37278db
boardlist goes before #top
2016-05-06 15:09:25 +02:00
czaks
33ef3f9b01
synchronize catalog_link
2016-05-06 14:14:22 +02:00
Bui
33ef1d2123
add active page classes to body; czaks: go to bottom @ thread: fixes
2016-05-06 14:05:16 +02:00
8n-tech
6644ff666a
Also improved some CSS and HTML aspects of the thread layout.
...
Signed-off-by: 8n-tech <8n-tech@users.noreply.github.com>
2016-05-06 13:51:15 +02:00
8chan
6da7f4d25a
No more country flags in <title>
2016-05-06 12:40:37 +02:00
czaks
3f29170f1b
debrand 8chan; btw. the previous commit was [SECURITY] i think?
2016-05-06 12:23:18 +02:00
8chan
ce62673a2c
OpenGraph information in thread pages https://en.wikipedia.org/wiki/Facebook_Platform#Open_Graph_protocol
2016-05-06 12:18:31 +02:00
8chan
aa0d3395b1
Show first 256 chars of body in <title>
2016-05-06 12:17:51 +02:00
8chan
b6f3d44080
Go to bottom link
2016-05-06 12:16:01 +02:00
czaks
293543878a
backport parts of 2d6d449bd2
, in particular html classes
2016-05-06 12:14:28 +02:00
Bui
6c334a3b44
lol spaces
2016-05-06 11:45:52 +02:00
Bui
d46bf4e2f2
add id to thread links
2016-05-06 11:45:37 +02:00
czaks
02c3c28a16
main.js: a bit more sane code
2016-05-05 15:37:50 +02:00
czaks
38bf3276e4
update copyright years; remove a link to tinyboard (website is dead)
2016-05-05 09:39:23 +02:00
Jason Puglisi
90e4208473
Added [Return] and [Go to bottom] to thread page above posts
2015-08-08 13:45:02 -04:00
czaks
4060bf10ed
update copyright years & vichan website
2015-04-12 03:18:51 +02:00
czaks
7ec728ffb0
add a go to top link thread view; fixes #82
2014-09-21 02:52:20 +02:00
czaks
e5c48282c4
apply new branding for vichan-devel
2014-04-17 17:11:32 +02:00
czaks
e08bc5d54d
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
2014-04-12 20:52:42 +02:00
Michael Reiley
677e428a4d
Update copyright years.
2014-04-12 11:12:42 -07:00
czaks
cdb988c6d4
rename banner class to board_image in order to evade some adblock rules
2014-01-06 16:38:48 +01:00
czaks
56742a5f9a
i prefer for the top ads to be over the boardlist
2014-01-06 03:28:37 +01:00
ctrlcctrlv
acb4c47a9f
Allow for HTML in the board subtitle
...
Conflicts:
inc/config.php
2013-08-11 21:08:19 +10:00
ctrlcctrlv
d4a1ae3595
Advertisements
2013-08-08 21:57:52 +00:00
ctrlcctrlv
b8921508fe
Allow for HTML in the board subtitle
2013-08-08 18:58:44 +00:00
czaks
a0855cdcf5
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
...
Conflicts:
inc/config.php
inc/functions.php
templates/generic_page.html
templates/index.html
2013-08-03 19:05:25 -04:00
Michael Foster
4fce9b63ae
Major config.php cleanup and a few minor misc fixes.
2013-08-02 20:52:58 -04:00
czaks
b35ea55763
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
...
Conflicts:
templates/thread.html
2013-07-31 19:25:04 -04:00
czaks
6317a70152
header abstraction: abstracted also in thread.html
...
Conflicts:
templates/page.html
templates/thread.html
2013-07-31 17:14:10 -04:00
czaks
55c7146d88
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
...
Conflicts:
inc/config.php
inc/display.php
inc/functions.php
inc/image.php
js/expand.js
js/hide-threads.js
js/local-time.js
js/smartphone-spoiler.js
templates/header.html
templates/index.html
templates/main.js
templates/page.html
templates/post_reply.html
templates/post_thread.html
templates/thread.html
2013-07-31 14:54:20 -04:00
Michael Foster
123a72d7de
Convert to UNIX line endings
2013-07-31 04:28:26 -04:00
Michael Foster
46edec0f2d
Bug with last commit
2013-07-23 09:46:29 -04:00
Michael Foster
1132a4ce79
Option to use font-awesome for sticky/lock icons, etc.
2013-07-23 09:38:42 -04:00
czaks
7bdb96a16b
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
...
Conflicts:
install.php
templates/index.html
templates/thread.html
2013-07-16 13:02:13 -04:00
Michael Foster
29b10c88db
Outputting thread subject in header/title (issue #122 )
2013-07-16 02:48:20 -04:00
czaks
3bcf88e842
JS Api: added an active_page variable to make it easier to denote the context from javascript
2013-06-24 08:23:09 -04:00
czaks
ba424698e0
header abstraction: abstracted also in thread.html
2013-06-15 00:22:13 -04:00
Marcin Łabanowski
18ca523b18
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
2013-01-21 13:17:13 +01:00
Michael Save
7a68fc9525
Copyright and license update for 2013.
2013-01-20 21:23:46 +11:00
asiekierka
5556990b94
add config root to JS side
2012-12-24 18:21:21 +01:00
Marcin Łabanowski
9d8ec70d64
attention bar: move before post form
2012-12-24 03:52:32 +01:00
Marcin Łabanowski
2833268887
attention bar: fixed after translation
2012-12-24 03:43:48 +01:00
asiekierka
81e0f55b00
pasek atencji dodany do templates
2012-12-23 18:10:18 +01:00
Michael Save
a610458720
a lot more improvements
2012-05-06 01:33:10 +10:00
Michael Save
9649550463
start on mod interface rewrite
2012-04-13 02:11:41 +10:00
Michael Save
af3ec3f8c7
expand.js: inline thread expanding
2012-03-31 21:32:09 +11:00