From f6e97b6e73be96e75ec606bda3d90126c69d7aee Mon Sep 17 00:00:00 2001
From: Fredrick Brennan <admin@8chan.co>
Date: Mon, 19 May 2014 13:39:30 -0400
Subject: [PATCH 1/6] SECURITY: Remove $config[db][password] when
 $config[debug] is TRUE

---
 inc/display.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/inc/display.php b/inc/display.php
index bcde41d0..8a6ab2bf 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -109,6 +109,18 @@ function error($message, $priority = true, $debug_stuff = false) {
 		)));
 	}
 	
+	$pw = $config['db']['password'];
+	$debug_callback = function(&$item) use (&$debug_callback, $pw) {
+		global $config;
+		if (is_array($item)) {
+			$item = array_filter($item, $debug_callback);
+		}
+		return ($item !== $pw || !$pw);
+	};
+
+
+	$debug_stuff = array_filter($debug_stuff, $debug_callback);
+
 	die(Element('page.html', array(
 		'config' => $config,
 		'title' => _('Error'),

From 56695fbf04ebcc34eafd6cb12719101be3546f73 Mon Sep 17 00:00:00 2001
From: Fredrick Brennan <admin@8chan.co>
Date: Mon, 19 May 2014 13:46:18 -0400
Subject: [PATCH 2/6] No need for global config

---
 inc/display.php | 1 -
 1 file changed, 1 deletion(-)

diff --git a/inc/display.php b/inc/display.php
index 8a6ab2bf..dd8b1444 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -111,7 +111,6 @@ function error($message, $priority = true, $debug_stuff = false) {
 	
 	$pw = $config['db']['password'];
 	$debug_callback = function(&$item) use (&$debug_callback, $pw) {
-		global $config;
 		if (is_array($item)) {
 			$item = array_filter($item, $debug_callback);
 		}

From b506c0be9f0146e01aed5e52c4f139388820ba20 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 27 May 2014 23:44:49 +0000
Subject: [PATCH 3/6] Fix array_filter error message when debug_stuff is false

---
 inc/display.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/inc/display.php b/inc/display.php
index dd8b1444..4e8ab8fb 100644
--- a/inc/display.php
+++ b/inc/display.php
@@ -118,7 +118,8 @@ function error($message, $priority = true, $debug_stuff = false) {
 	};
 
 
-	$debug_stuff = array_filter($debug_stuff, $debug_callback);
+	if ($debug_stuff) 
+		$debug_stuff = array_filter($debug_stuff, $debug_callback);
 
 	die(Element('page.html', array(
 		'config' => $config,

From 8d745bec2692340c7de3d30f0d36df33e9d83ace Mon Sep 17 00:00:00 2001
From: Chen-Pang He <jdh8@ms63.hinet.net>
Date: Mon, 2 Jun 2014 19:21:13 +0800
Subject: [PATCH 4/6] Set viewport to basic theme

---
 templates/themes/basic/index.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/themes/basic/index.html b/templates/themes/basic/index.html
index 6425e0c1..6178d4a9 100644
--- a/templates/themes/basic/index.html
+++ b/templates/themes/basic/index.html
@@ -3,6 +3,7 @@
 <html>
 <head>
 	<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+	<meta name="viewport" content="width=device-width" />
 	<title>{{ settings.title }}</title>
 	<link rel="stylesheet" media="screen" href="{{ config.url_stylesheet }}"/>
 </head>

From 6716a24b6844ab2ec1ee7588f1cf024070c395ed Mon Sep 17 00:00:00 2001
From: Chen-Pang He <jdh8@ms63.hinet.net>
Date: Thu, 5 Jun 2014 18:07:29 +0800
Subject: [PATCH 5/6] Send cookie only via HTTPS if a mod logs in via HTTPS,
 which is the case on this site

---
 inc/mod/auth.php  | 4 ++--
 inc/mod/pages.php | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/mod/auth.php b/inc/mod/auth.php
index f2003dfe..697d06a1 100644
--- a/inc/mod/auth.php
+++ b/inc/mod/auth.php
@@ -69,13 +69,13 @@ function setCookies() {
 			$mod['hash'][0] . // password
 			':' .
 			$mod['hash'][1], // salt
-		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, $config['cookies']['httponly']);
+		time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], $config['cookies']['httponly']);
 }
 
 function destroyCookies() {
 	global $config;
 	// Delete the cookies
-	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, false, true);
+	setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], true);
 }
 
 function modLog($action, $_board=null) {
diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index a247e35c..5cb98085 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -150,7 +150,7 @@ function mod_dashboard() {
 				$latest = false;
 			}
 	
-			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, false, true);
+			setcookie('update', serialize($latest), time() + $config['check_updates_time'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $_SERVER['HTTPS'], true);
 		}
 		
 		if ($latest)

From 2f55cd9897253213c862f1ae36766ebeb74b7c58 Mon Sep 17 00:00:00 2001
From: czaks <marcin@6irc.net>
Date: Tue, 10 Jun 2014 17:49:12 +0200
Subject: [PATCH 6/6] fix expand-too-long on some occasions

---
 js/expand-too-long.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/js/expand-too-long.js b/js/expand-too-long.js
index 23921eaf..0720fa75 100644
--- a/js/expand-too-long.js
+++ b/js/expand-too-long.js
@@ -23,7 +23,7 @@ $(function() {
 				url: url,
 				context: document.body,
 				success: function(data) {
-					var content = $(data).find('#'+url.split('#')[1]).next().html();
+					var content = $(data).find('#'+url.split('#')[1]).parent().find(".body").html();
 
 					body.html(content);
 				}