1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-28 01:10:51 +01:00
Commit Graph

133 Commits

Author SHA1 Message Date
papereth
6ccaf19045
Fixed thread.html template (#380)
* Update functions.php

` $_SERVER['REMOTE_ADDR']` was hardcoded in ban lookup instead of `$ip` variable

* Fix information leak in thread.html

Sensitive information can be leaked due to inadequate/absent escaping.

Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.

* Fixed thread template

`remove_markup` is not available on vichan, arguably it makes things better but it's out of scope for this CHANGE, removing modifiers is enough to stop the info leak
consider adding it again after pulling:
fallenPineapple@a5b3336

also moving truncation before escaping for extra safety
2020-08-15 07:19:47 -07:00
papereth
2275735fdf
Fix information leak in thread.html (#377)
Sensitive information can be leaked due to inadequate/absent escaping, if proxy_save enabled

Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.
2020-08-10 09:50:02 -07:00
antedeguemon
b94bf5ec19 Update license and copyright dates 2018-03-01 22:57:53 -03:00
Horija
175b54b7f0 Fixed go to bottom link 2017-04-21 03:09:48 +02:00
czaks
2fa37278db boardlist goes before #top 2016-05-06 15:09:25 +02:00
czaks
33ef3f9b01 synchronize catalog_link 2016-05-06 14:14:22 +02:00
Bui
33ef1d2123 add active page classes to body; czaks: go to bottom @ thread: fixes 2016-05-06 14:05:16 +02:00
8n-tech
6644ff666a Also improved some CSS and HTML aspects of the thread layout.
Signed-off-by: 8n-tech <8n-tech@users.noreply.github.com>
2016-05-06 13:51:15 +02:00
8chan
6da7f4d25a No more country flags in <title> 2016-05-06 12:40:37 +02:00
czaks
3f29170f1b debrand 8chan; btw. the previous commit was [SECURITY] i think? 2016-05-06 12:23:18 +02:00
8chan
ce62673a2c OpenGraph information in thread pages https://en.wikipedia.org/wiki/Facebook_Platform#Open_Graph_protocol 2016-05-06 12:18:31 +02:00
8chan
aa0d3395b1 Show first 256 chars of body in <title> 2016-05-06 12:17:51 +02:00
8chan
b6f3d44080 Go to bottom link 2016-05-06 12:16:01 +02:00
czaks
293543878a backport parts of 2d6d449bd2, in particular html classes 2016-05-06 12:14:28 +02:00
Bui
6c334a3b44 lol spaces 2016-05-06 11:45:52 +02:00
Bui
d46bf4e2f2 add id to thread links 2016-05-06 11:45:37 +02:00
czaks
02c3c28a16 main.js: a bit more sane code 2016-05-05 15:37:50 +02:00
czaks
38bf3276e4 update copyright years; remove a link to tinyboard (website is dead) 2016-05-05 09:39:23 +02:00
Jason Puglisi
90e4208473 Added [Return] and [Go to bottom] to thread page above posts 2015-08-08 13:45:02 -04:00
czaks
4060bf10ed update copyright years & vichan website 2015-04-12 03:18:51 +02:00
czaks
7ec728ffb0 add a go to top link thread view; fixes #82 2014-09-21 02:52:20 +02:00
czaks
e5c48282c4 apply new branding for vichan-devel 2014-04-17 17:11:32 +02:00
czaks
e08bc5d54d Merge branch 'master' of https://github.com/savetheinternet/Tinyboard 2014-04-12 20:52:42 +02:00
Michael Reiley
677e428a4d Update copyright years. 2014-04-12 11:12:42 -07:00
czaks
cdb988c6d4 rename banner class to board_image in order to evade some adblock rules 2014-01-06 16:38:48 +01:00
czaks
56742a5f9a i prefer for the top ads to be over the boardlist 2014-01-06 03:28:37 +01:00
ctrlcctrlv
acb4c47a9f Allow for HTML in the board subtitle
Conflicts:
	inc/config.php
2013-08-11 21:08:19 +10:00
ctrlcctrlv
d4a1ae3595 Advertisements 2013-08-08 21:57:52 +00:00
ctrlcctrlv
b8921508fe Allow for HTML in the board subtitle 2013-08-08 18:58:44 +00:00
czaks
a0855cdcf5 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
	inc/functions.php
	templates/generic_page.html
	templates/index.html
2013-08-03 19:05:25 -04:00
Michael Foster
4fce9b63ae Major config.php cleanup and a few minor misc fixes. 2013-08-02 20:52:58 -04:00
czaks
b35ea55763 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	templates/thread.html
2013-07-31 19:25:04 -04:00
czaks
6317a70152 header abstraction: abstracted also in thread.html
Conflicts:
	templates/page.html
	templates/thread.html
2013-07-31 17:14:10 -04:00
czaks
55c7146d88 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	inc/config.php
	inc/display.php
	inc/functions.php
	inc/image.php
	js/expand.js
	js/hide-threads.js
	js/local-time.js
	js/smartphone-spoiler.js
	templates/header.html
	templates/index.html
	templates/main.js
	templates/page.html
	templates/post_reply.html
	templates/post_thread.html
	templates/thread.html
2013-07-31 14:54:20 -04:00
Michael Foster
123a72d7de Convert to UNIX line endings 2013-07-31 04:28:26 -04:00
Michael Foster
46edec0f2d Bug with last commit 2013-07-23 09:46:29 -04:00
Michael Foster
1132a4ce79 Option to use font-awesome for sticky/lock icons, etc. 2013-07-23 09:38:42 -04:00
czaks
7bdb96a16b Merge branch 'master' of https://github.com/savetheinternet/Tinyboard
Conflicts:
	install.php
	templates/index.html
	templates/thread.html
2013-07-16 13:02:13 -04:00
Michael Foster
29b10c88db Outputting thread subject in header/title (issue #122) 2013-07-16 02:48:20 -04:00
czaks
3bcf88e842 JS Api: added an active_page variable to make it easier to denote the context from javascript 2013-06-24 08:23:09 -04:00
czaks
ba424698e0 header abstraction: abstracted also in thread.html 2013-06-15 00:22:13 -04:00
Marcin Łabanowski
18ca523b18 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard 2013-01-21 13:17:13 +01:00
Michael Save
7a68fc9525 Copyright and license update for 2013. 2013-01-20 21:23:46 +11:00
asiekierka
5556990b94 add config root to JS side 2012-12-24 18:21:21 +01:00
Marcin Łabanowski
9d8ec70d64 attention bar: move before post form 2012-12-24 03:52:32 +01:00
Marcin Łabanowski
2833268887 attention bar: fixed after translation 2012-12-24 03:43:48 +01:00
asiekierka
81e0f55b00 pasek atencji dodany do templates 2012-12-23 18:10:18 +01:00
Michael Save
a610458720 a lot more improvements 2012-05-06 01:33:10 +10:00
Michael Save
9649550463 start on mod interface rewrite 2012-04-13 02:11:41 +10:00
Michael Save
af3ec3f8c7 expand.js: inline thread expanding 2012-03-31 21:32:09 +11:00