leftypol
/
leftypol
4
5
Fork 2
Code Issues 58 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Merge branch 'master' of github.com:vichan-devel/vichan

pull/40/head
czaks 8 years ago
parent
186ad5ca86 19b70663d7
commit
d310abc95c
5 changed files with 17 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      inc/functions.php
  2. 4
      inc/mod/pages.php
  3. 10
      mod.php
  4. 29
      post.php
  5. 2
      templates/page.html

2
inc/functions.php
View File

@ -880,7 +880,7 @@ function displayBan($ban) {
Element('page.html', array(
'title' => _('Banned!'),
'config' => $config,
'nojavascript' => true,
'boardlist' => createBoardlist($mod),
'body' => Element('banned.html', array(
'config' => $config,
'ban' => $ban,

4
inc/mod/pages.php
View File

@ -15,7 +15,7 @@ function mod_page($title, $template, $args, $subtitle = false) {
'hide_dashboard_link' => $template == 'mod/dashboard.html',
'title' => $title,
'subtitle' => $subtitle,
'nojavascript' => true,
'boardlist' => createBoardlist($mod),
'body' => Element($template,
array_merge(
array('config' => $config, 'mod' => $mod),
@ -846,7 +846,7 @@ function mod_page_ip($ip) {
$args['security_token'] = make_secure_link_token('IP/' . $ip);
mod_page(sprintf('%s: %s', _('IP'), $ip), 'mod/view_ip.html', $args, $args['hostname']);
mod_page(sprintf('%s: %s', _('IP'), htmlspecialchars($ip)), 'mod/view_ip.html', $args, $args['hostname']);
}
function mod_ban() {

10
mod.php
View File

@ -12,16 +12,6 @@ require_once 'inc/mod/auth.php';
if ($config['debug'])
$parse_start_time = microtime(true);
// Fix for magic quotes
if (get_magic_quotes_gpc()) {
function strip_array($var) {
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
$query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
$pages = array(

29
post.php
View File

@ -7,16 +7,6 @@ require_once 'inc/functions.php';
require_once 'inc/anti-bot.php';
require_once 'inc/bans.php';
// Fix for magic quotes
if (get_magic_quotes_gpc()) {
function strip_array($var) {
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
if ((!isset($_POST['mod']) || !$_POST['mod']) && $config['board_locked']) {
error("Board is locked");
}
@ -447,7 +437,7 @@ if (isset($_POST['delete'])) {
$i = 0;
foreach ($_FILES as $key => $file) {
if ($file['size'] && $file['tmp_name']) {
$file['filename'] = urldecode(get_magic_quotes_gpc() ? stripslashes($file['name']) : $file['name']);
$file['filename'] = urldecode($file['name']);
$file['extension'] = strtolower(mb_substr($file['filename'], mb_strrpos($file['filename'], '.') + 1));
if (isset($config['filename_func']))
$file['file_id'] = $config['filename_func']($file);
@ -625,12 +615,14 @@ if (isset($_POST['delete'])) {
if ($post['has_file']) {
foreach ($post['files'] as $key => &$file) {
if ($file['is_an_image'] && $config['ie_mime_type_detection'] !== false) {
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($upload, null, null, null, 255);
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
if ($file['is_an_image']) {
if ($config['ie_mime_type_detection'] !== false) {
// Check IE MIME type detection XSS exploit
$buffer = file_get_contents($upload, null, null, null, 255);
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post);
error($config['error']['mime_exploit']);
}
}
require_once 'inc/image.php';
@ -639,6 +631,9 @@ if (isset($_POST['delete'])) {
if (!$size = @getimagesize($file['tmp_name'])) {
error($config['error']['invalidimg']);
}
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
error($config['error']['invalidimg']);
}
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
error($config['error']['maxsize']);
}

2
templates/page.html
View File

@ -9,6 +9,8 @@
<title>{{ title }}</title>
</head>
<body>
{{ boardlist.top }}
{% if pm %}<div class="top_notice">You have <a href="?/PM/{{ pm.id }}">an unread PM</a>{% if pm.waiting > 0 %}, plus {{ pm.waiting }} more waiting{% endif %}.</div><hr>{% endif %}
<header>
<h1>{{ title }}</h1>

Write Preview
Loading…
Cancel
Save