8chan
7a7574bdca
SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']
Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.
Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
10 years ago
czaks
cd01191072
those parts are extraneous
8 years ago
8chan
3eb755ee7e
Move login check in inc/mod/auth.php to a function
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
10 years ago
8chan Admin
93f748e6a8
Security: capitalization of mods username is significant
10 years ago
czaks
77176faece
enable javascript in mod panel
8 years ago
czaks
7c3126866c
ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)
8 years ago
czaks
caaf741691
[SECURITY] keep up with modern password hashing standards
8 years ago
czaks
2d9214ac63
version check should point at engine.vichan.net and not tinyboard.org actually
9 years ago
czaks
4c1d2f924c
fix error while installing themes; thanks xixi
9 years ago
czaks
b78b3db010
uncache themes on settings change
9 years ago
czaks
2f7aeec531
...
9 years ago
czaks
58b60f0aa4
...
9 years ago
czaks
bdb6001f3f
support for slugified links; may introduce a few bugs
9 years ago
czaks
9b3fa77719
new banlist implementation; also includes a public banlist
10 years ago
8chan
c4dc3f4d47
Fix spoiler image not working
10 years ago
kaf
fe60590d19
Check spoiler_image size before ussuming it is 128×128px
10 years ago
Juan Tamad
53ada6a5ff
added option for showing the mod in ban page.
also fixes issue where the Staff is not shown in ban appeals.
10 years ago
8chan
ef7556194c
Fix 55ch cancer; can now see next page of posts, ?/recent uses templating system
10 years ago
czaks
f97d2dff85
fix previous commit
10 years ago
czaks
9526f5ed1c
fix #72
10 years ago
czaks
2c883fda0a
fix ban appeals; thanks to sraczynski for reporting
10 years ago
Chen-Pang He
7933abd271
Fix vichan #65
Conflicts:
inc/mod/auth.php
inc/mod/pages.php
10 years ago
czaks
23d6e82038
$_SERVER[HTTPS] isn`t being always set; fixes #65
10 years ago
Fredrick Brennan
4f070d16e5
Congrats, you broke the mod page on non-secured servers @jdh8
10 years ago
Chen-Pang He
6716a24b68
Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site
10 years ago
Fredrick Brennan
65a14a0d39
Fix moving of deleted files
10 years ago
Fredrick Brennan
5039584a5e
Fix ?/recent str_replace issue
10 years ago
Fredrick Brennan
042e7b9c59
Deprecate postControls(), per-file deletion and spoilering
10 years ago
Fredrick Brennan
24753907eb
remove var_dump
10 years ago
Fredrick Brennan
53e33d414f
Fix mod_move for multi image
10 years ago
Fredrick Brennan
2b3942d19d
Fix mod_move for multi image
10 years ago
copypaste
c483e1258c
multiimage posting
10 years ago
czaks
9d9d514919
we no have any modpages.html
10 years ago
sinuca
fb2b66e2dd
Recent posts functionality
Conflicts:
inc/config.php
inc/mod/pages.php
mod.php
10 years ago
Michael Foster
f5422cad65
Um. I accidentally deleted this code for some reason.
11 years ago
Michael Foster
c8062fbf76
CSRF more mod pages
11 years ago
Michael Foster
d234c014f0
?/debug/apc with cache prefixes
11 years ago
Michael Foster
fcbc211314
Fixed weird bug with ?/debug/sql trying to allocate a few GB on some instances. Assuming bug with APCu.
11 years ago
Michael Foster
39be89ba49
?/debug/apc
11 years ago
Michael Foster
a9b7f9b1bc
begin implementation of in-built ban appealing
11 years ago
ctrlcctrlv
0a58973631
Make it so that users can't insert code w/syntax errors into ?/config
11 years ago
Michael Foster
3471f7c668
Optionally show post user was banned for
11 years ago
Michael Foster
803f0c8ce1
Fix search for new bans table
11 years ago
Michael Foster
3e57bb04d7
Begin upgrade to much better bans table. DO NOT PULL YET; It won't work.
11 years ago
Michael Foster
dd1bec687b
bugfix: disable javascript on mod pages
11 years ago
Michael Foster
b038e0b244
fix last commit
11 years ago
Michael Foster
2230f0a051
disable $config['try_smarter'] on ?/rebuild
11 years ago
Michael Foster
5da8f28726
Improvements to ?/debug/antispam and ?/debug/recentc
11 years ago
Michael Foster
cc37d79c0d
Fix last commit.
11 years ago
Michael Foster
eea4e42609
Add ability to create custom user/permissions groups
11 years ago