8efab06616
Upgrade to utf8mb4 charset for MySQL server versions above 5.5.3. Keep support for older versions. Fix charsets for multiple columns and tables.
11 years ago
461084d400
MySQL's utf8 charset only supports up to 3-byte symbols. Insterting four byte symbols (U+010000 to U+10FFFF) can be done maliciously to break HTML mark-up.
The ideal solution was to convert to MySQL's utf8mb4 charset, but then we would lose support for MySQL < 5.5.3. In this fix, incompatible characters are encoded as HTML numeric character references (eg. #65536 ) and just stripped from body_nommarkup.
11 years ago
1759ac2ea3
Post search: Search other fields too
11 years ago
58306bdc63
Search posts
11 years ago
5bab041814
Make font-awesome enabled by default
11 years ago
bd8bd3c02e
Fix for last commit
11 years ago
57c8e4ee7c
Strip combining characters from Unicode strings (eg. Zalgo)
11 years ago
37d5846e4e
Fix markup overlapping. Issue #124
11 years ago
33a1c00bd5
%length% in public ban messages
11 years ago
31f657e550
Long overdue: Salted password hashes
11 years ago
1132a4ce79
Option to use font-awesome for sticky/lock icons, etc.
11 years ago
ab0c5ee481
Option to make stylesheet selections board-specific
11 years ago
6ba8f3f7de
Add custom links to dashboard
11 years ago
ed8fe6c27a
Option to check public ban message by default
11 years ago
308f557fd5
Option to automatically strip EXIF metadata from JPEGs
11 years ago
67cbc2b1aa
Fix permissions with search
11 years ago
b776e0a7f0
Search update
11 years ago
e62b83e79c
Bring back search (searching posts not implemented yet)
11 years ago
30dc892786
Only store video URLs in database, instead of the generated player HTML.
11 years ago
e4bd9a6886
Themes edit: Split "post" into two seperate actions: "post" (replies) and "post-thread". And add a $board variable.
11 years ago
ce9431ba34
Update filters to work with new ban table
11 years ago
aadb57f2a2
More ban stuff: Show whether or not user has "seen" a ban yet in the ban list and on IP address pages. Purge useless expired ban records.
11 years ago
c8f30550af
$config['require_ban_view']: Force users to view the "You are banned" page at least once before letting a ban disappear naturally.
11 years ago
29b10c88db
Outputting thread subject in header/title (issue #122 )
11 years ago
7302fc57a8
Automatically dismiss all reports regarding a thread after it is locked.
11 years ago
2144d43f2b
Fix issue #24
11 years ago
23b27d8057
Add clean() to mod_move function
11 years ago
77e4d926d9
Add "write" (files written to) to debug section
11 years ago
82e3592703
Argh, just remove all RTL and LTR control codes in bidi_cleanup.
If the name and subject fields both start with RLO characters, then the
subject would be after the name with the old bidi_cleanup.
11 years ago
3eda5b0543
Adds image_hard_limit and reply_hard_limit options.
Also reworks the numPosts() function and uses it elsewhere too.
11 years ago
765e64ee38
m and n dash fix
11 years ago
b078222ede
Fix "Undefined index: sticky" and "locked" errors on new thread creation.
11 years ago
b6fc7ca89d
Fix broken entity removal in post truncation.
11 years ago
be1e55b9d6
Fix result page after installing theme getting doubled up.
11 years ago
6fd6b92fe8
Fix openBoard and boardTitle functions using same caching keys.
Added getBoardInfo function that's used by both of the above functions,
and can get a board's info without loading it.
11 years ago
1d4fced75a
pm_snippet() should probably use mb_substr if it's using mb_strlen.
11 years ago
2fe79f6a61
Output times in UTC.
Let the client localize the times with js/local-time.js themselves. No
one cares what the server timezone is.
This fixes a bug where posts made in a different daylight savings mode
have their times displayed off by an hour. Their times would be rendered
to the server's own timezone area correctly, but then the server's
*current* utc-offset would be appended, which wouldn't match up.
11 years ago
a92bb182d9
Fix display issues with RTL control characters in post names, subjects, and filenames.
11 years ago
3bcc87caf2
Fix PM count caching.
cache::get() returns null if the key wasn't found (at least when using
the Redis cache backend).
11 years ago
83401b3a68
update config.php config for unban limit
Adding config and error for unban list when a user tries to unban more users than they are allowed too.
11 years ago
b4ff535128
update to pages.php minor exploit
A lot of bans can be removed from a tinyboard database because it isn't limited A staff member could select 100 users all at once with a simple javascript function and unban them all this needs to be limited because a staff member on an image board if they feel hostile they can just remove all bans on the tinyboard site easily without being limited to how many people they can unban at a time, this adds an option to limit it.
11 years ago
bb54605eb7
Fix per-board name not being used
11 years ago
53f710060d
Fix truncation issue by no longer using HTML entities for Unicode characters
11 years ago
64ae123739
Mod log in ?/IP (ie. ban history)
11 years ago
1816218c64
Fix: Critical security vulnerability
11 years ago
2051018ba1
...
11 years ago
5661e32b1c
Instead of showing $config['error']['malformed'] on corrupt session, just go straight to the login form
11 years ago
774e27caf5
Use === operator in authentication.
11 years ago
e5bf2a91fc
Don't always redirect to dashboard on login
11 years ago
879f20ec72
Reworked index() slightly to make caching simpler and only use one key.
11 years ago
Michael Foster
Macil Tech
undido
Fredrick
Michael Save