mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-12-02 19:17:21 +01:00
6ccaf19045
* Update functions.php ` $_SERVER['REMOTE_ADDR']` was hardcoded in ban lookup instead of `$ip` variable * Fix information leak in thread.html Sensitive information can be leaked due to inadequate/absent escaping. Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions. Line 22 is just leaking it all, not removing anything. * Fixed thread template `remove_markup` is not available on vichan, arguably it makes things better but it's out of scope for this CHANGE, removing modifiers is enough to stop the info leak consider adding it again after pulling: fallenPineapple@a5b3336 also moving truncation before escaping for extra safety |
||
---|---|---|
.. | ||
installer | ||
mod | ||
post | ||
themes | ||
attention_bar.html | ||
banned.html | ||
boardlist.html | ||
error.html | ||
fileboard.html | ||
generic_page.html | ||
header.html | ||
index.html | ||
main.js | ||
page.html | ||
post_form.html | ||
post_reply.html | ||
post_thread_fileboard.html | ||
post_thread.html | ||
posts.sql | ||
report_delete.html | ||
report.html | ||
search_form.html | ||
thread.html |