1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-27 17:00:52 +01:00
vichan/inc
8chan 7a7574bdca SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']

Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.

Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
..
lib No more country flags in <title> 2016-05-06 12:40:37 +02:00
locale update locales 2014-10-18 13:54:27 +02:00
mod SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard> 2016-05-06 12:43:25 +02:00
anti-bot.php Use Unicode in antispam stuff 2013-09-08 17:01:55 +10:00
api.php fixup 2016-05-05 10:52:58 +02:00
bans.php .x.x less confusing...will change to less_ip eventually 2014-10-11 20:37:58 +02:00
cache.php fs cache backend: silence the error 2015-04-06 22:51:02 +02:00
config.php Display placeholder if no file in catalog/theme.php; czaks: fix the code a bit 2016-05-06 12:37:00 +02:00
database.php Begin upgrade to much better bans table. DO NOT PULL YET; It won't work. 2013-09-17 09:15:24 +10:00
display.php simplify the code a bit 2016-05-05 07:51:55 +02:00
events.php Cleaner check to make sure inc/ files aren't accessed directly. 2013-09-06 20:12:04 +10:00
filters.php enhance filters; make them work on multiimage 2014-08-08 21:35:00 +02:00
functions.php SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard> 2016-05-06 12:43:25 +02:00
image.php fix some png images being discarded 2015-03-31 05:20:00 +02:00
instance-config.php Change of instance-config defaults 2011-02-16 16:21:48 +11:00
polyfill.php ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system) 2016-05-05 06:43:22 +02:00
remote.php Cleaner check to make sure inc/ files aren't accessed directly. 2013-09-06 20:12:04 +10:00
template.php Fix is_writable check for templates/cache 2014-08-08 21:36:56 +02:00