1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-02 19:17:21 +01:00
vichan/templates
papereth 6ccaf19045
Fixed thread.html template (#380)
* Update functions.php

` $_SERVER['REMOTE_ADDR']` was hardcoded in ban lookup instead of `$ip` variable

* Fix information leak in thread.html

Sensitive information can be leaked due to inadequate/absent escaping.

Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions.
Line 22 is just leaking it all, not removing anything.

* Fixed thread template

`remove_markup` is not available on vichan, arguably it makes things better but it's out of scope for this CHANGE, removing modifiers is enough to stop the info leak
consider adding it again after pulling:
fallenPineapple@a5b3336

also moving truncation before escaping for extra safety
2020-08-15 07:19:47 -07:00
..
installer update installer 2016-05-05 09:16:09 +02:00
mod Fix PHP 7.3 regression in ?/users 2019-05-02 12:19:50 +08:00
post Close #366 2020-01-21 09:46:29 +08:00
themes Theme fixes 2020-01-20 10:37:54 +08:00
attention_bar.html attention bar: cleanup stylesheets 2012-12-24 03:39:47 +01:00
banned.html added option for showing the mod in ban page. 2014-09-01 06:30:33 +08:00
boardlist.html Revert "Merge branch 'master' of github.com:vichan-devel/Tinyboard" 2013-08-05 06:17:01 -04:00
error.html Better error handling/displaying with $config['debug'] and $config['verbose_errors'] 2013-08-03 00:22:28 -04:00
fileboard.html fileboard support 2015-04-22 06:06:34 +02:00
generic_page.html Update license and copyright dates 2018-03-01 22:57:53 -03:00
header.html Updated reCAPTCHA v2 to use api.js method 2017-07-24 03:40:56 -04:00
index.html Update license and copyright dates 2018-03-01 22:57:53 -03:00
main.js main.js: a bit more sane code 2016-05-05 15:37:50 +02:00
page.html Update license and copyright dates 2018-03-01 22:57:53 -03:00
post_form.html Updated reCAPTCHA v2 to use api.js method 2017-07-24 03:40:56 -04:00
post_reply.html support for slugified links; may introduce a few bugs 2015-03-10 12:48:59 +01:00
post_thread_fileboard.html fileboard: fix possible XSS (mainly applicable to 8chan) 2015-04-23 03:45:08 +02:00
post_thread.html Cyclical threads ♺ 2016-05-06 16:39:20 +02:00
posts.sql Cyclical threads ♺ 2016-05-06 16:39:20 +02:00
report_delete.html Also improved some CSS and HTML aspects of the thread layout. 2016-05-06 13:51:15 +02:00
report.html Oops forgot a file 2016-05-05 13:33:14 +02:00
search_form.html post search: one more i18n string 2013-07-20 20:41:54 -04:00
thread.html Fixed thread.html template (#380) 2020-08-15 07:19:47 -07:00