Commit Graph

637 Commits

Author SHA1 Message Date
8chan
7a7574bdca SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']

Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.

Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
8chan
6b04b3c671 Fix post deletion 2016-05-05 13:21:09 +02:00
czaks
77176faece enable javascript in mod panel 2016-05-05 09:56:54 +02:00
czaks
a42256b296 locale cache: fix a bug when perms are done wrong 2016-05-05 08:43:34 +02:00
czaks
36b78e5f98 fix for editor highlighting 2016-05-05 08:40:13 +02:00
czaks
7c3126866c ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system) 2016-05-05 06:43:22 +02:00
czaks
706feeddff fix cache_config: webms were thumbnailed twice and with the latest addition, they couldn`t resize at all 2015-08-11 04:51:27 +02:00
Marcin Łabanowski
4014682882 fileboard support 2015-04-22 06:06:34 +02:00
czaks
197d5f236f [code] tag support 2015-04-12 01:14:35 +02:00
czaks
094f60d34d try_smarter: fix two bugs. 1. uncovered by the second, during a bump only the page the thread was on and first page were rebuild, despite threads rearranging their positions on the remaining pages. happening always. 2. during smart build, the page wasn`t ordered to be rebuilt 2015-04-06 18:59:33 +02:00
Marcin Łabanowski
8fcb9195c8 Merge pull request #137 from lewdchan/master
made the define_groups function play nice on hhvm
2015-04-05 20:51:51 +02:00
czaks
9831b582fa groups were not defined 2015-04-05 20:25:57 +02:00
czaks
6fd4eb2add fix a locale issue 2015-04-05 20:23:57 +02:00
czaks
f053450edf cache_config: fix debug notice 2015-04-05 20:04:27 +02:00
czaks
45f11d1d78 indent the file (inc/functions.php) after the latest changes 2015-04-05 19:12:41 +02:00
czaks
dc2928a14d cache_config preliminary release 2015-04-05 18:48:53 +02:00
czaks
758cb94e01 optimization: locale caching, so we don`t have to reparse instance-config every single time 2015-04-05 16:52:35 +02:00
czaks
71ef3430fc optimization: get rid of one more sql query related to installed themes 2015-04-05 16:38:16 +02:00
czaks
34eeaccea9 optimization: we don`t need bans.php most of the time and bans.php has big dependencies 2015-04-05 16:31:20 +02:00
czaks
cbbebcd20c optimization: if gettext.so is loaded, we don`t need the fallback implementation 2015-04-05 16:26:32 +02:00
Jayme Brereton
fa2e6cfa80 made the define_groups function play nice on hhvm 2015-04-05 20:14:58 +09:30
czaks
67db118f1e Revert "Revert "smart_build: buildThread" (for a moment, something b0rks)"
This reverts commit b246daa191.
2015-04-02 20:30:57 +02:00
czaks
99706835c2 Revert "Revert "smart_build for buildIndex""
This reverts commit cfb2f55b7a.
2015-04-02 20:29:43 +02:00
czaks
cfb2f55b7a Revert "smart_build for buildIndex"
This reverts commit 55277ce383.
2015-04-02 19:36:55 +02:00
czaks
b246daa191 Revert "smart_build: buildThread" (for a moment, something b0rks)
This reverts commit f2a74812f0.
2015-04-01 18:44:01 +02:00
czaks
f2a74812f0 smart_build: buildThread 2015-04-01 18:43:48 +02:00
czaks
14671e0535 functions.php fix: after_open_board support; so that we may disable smart_build immediately after open_board 2015-04-01 18:13:32 +02:00
czaks
55277ce383 smart_build for buildIndex 2015-04-01 18:11:08 +02:00
czaks
d4892aca12 fix one of the previous commits: fix api_global 2015-04-01 17:30:06 +02:00
czaks
4030c42bb4 add a global_api variable for buildIndex 2015-04-01 17:07:24 +02:00
czaks
deefe8299b unlink a .gz version of a file if it exists 2015-04-01 16:56:17 +02:00
czaks
7fd8c75450 dont rebuild a page, when not needed, even if it doesnt exist 2015-04-01 16:53:28 +02:00
czaks
5d8e023fc4 remove tinyboard special markup from slugs; thanks stigma for reporting 2015-03-30 06:26:53 +02:00
czaks
10f93d0d43 implement a protection against transparent proxies 2015-03-24 05:19:25 +01:00
czaks
3851087dce slug size should be configurable 2015-03-12 00:03:22 +01:00
czaks
4bf525599e ... 2015-03-10 14:19:36 +01:00
czaks
a2544bc596 ... (cites) 2015-03-10 14:16:27 +01:00
czaks
9f34d334d3 .. 2015-03-10 13:52:31 +01:00
czaks
7623de9e2f ... (cache) 2015-03-10 13:42:10 +01:00
czaks
d690567b44 ... (minor fix for locales) 2015-03-10 13:16:16 +01:00
czaks
0062125f5c ... 2015-03-10 13:09:53 +01:00
czaks
fe7e9c5103 ... 2015-03-10 13:03:47 +01:00
czaks
429c9f890f ... 2015-03-10 13:02:38 +01:00
czaks
f4bba2e9ed ... 2015-03-10 12:57:06 +01:00
czaks
bdb6001f3f support for slugified links; may introduce a few bugs 2015-03-10 12:48:59 +01:00
czaks
bffe03e651 rearrange config processing a bit 2015-02-27 21:16:03 +01:00
czaks
0ab8890b67 tools/rebuild: show currently rebuilded themes 2015-02-26 21:44:39 +01:00
czaks
3a552e5b76 hopefully fix locales 2014-10-09 04:09:30 +02:00
czaks
dfd05e88f9 possible fix of themes` interactions 2014-10-09 03:57:18 +02:00
wopot
c7351dff09 4 times "elseif" is not the way
and precalc. value sometimes help if well commentent
2014-10-07 00:16:02 +02:00
Bui
aba8d27ace wasn't aware of DNS function 2014-10-05 23:20:06 +02:00
Bui
1e95e58811 don't break if dns_system is true 2014-10-05 23:20:06 +02:00
Bui
8b9932218f add forward-confirmed reverse DNS 2014-10-05 23:20:06 +02:00
kaf
9cee5f6c61 [bugfix]ban appeals (was also present in tinyboard) 2014-10-05 12:53:02 +00:00
Juan Tamad
53ada6a5ff added option for showing the mod in ban page.
also fixes issue where the Staff is not shown in ban appeals.
2014-09-01 06:30:33 +08:00
8chan
e28f233e3d Close #51: Prevent players from cheating the dice roller by using markup 2014-08-10 15:38:02 +00:00
8chan
1ea3da1db6 Merge Barrucadu/diceroll into master 2014-08-10 15:35:11 +00:00
czaks
c3662d4a59 handle tinyboard flags with length=0 2014-08-09 05:12:36 +02:00
czaks
9b943da60a Revert "Rework the GeoIP code, add country-based poster names"
This reverts commit db3c7f4ee9.
2014-07-06 02:13:08 +02:00
czaks
a9b035d822 Revert "Second rework of the GeoIP code, now supporting cities!"
This reverts commit 2488e77e86.
2014-07-06 02:12:54 +02:00
Jano Slota
2488e77e86 Second rework of the GeoIP code, now supporting cities! 2014-07-06 01:30:38 +02:00
Jano Slota
db3c7f4ee9 Rework the GeoIP code, add country-based poster names 2014-07-06 01:29:12 +02:00
Jano Slota
4adf893c39 Random names for anonymous users - thanks to svnth 2014-07-06 01:27:38 +02:00
czaks
6a3dbe5c98 Merge 4.5
Conflicts:
	inc/display.php
	templates/post_reply.html
	templates/post_thread.html
2014-07-06 01:24:16 +02:00
Chen-Pang He
97069ea490 Introduce $config['gzip_static'] 2014-07-06 01:12:12 +02:00
czaks
26884e8e11 Merge 4.5
Conflicts:
	post.php
2014-06-20 23:35:45 +02:00
Techan
eb2a468a09 Improve protection from displaying errors to visitors 2014-06-20 23:07:07 +02:00
czaks
b12612ac57 fix sql error as reported by a Romanian anon 2014-06-14 18:33:55 +02:00
Fredrick Brennan
9b3f8421fc Fix displaying bans 2014-05-14 13:51:49 -04:00
czaks
dafe0d5896 Merge branch 'master' of github.com:vichan-devel/Tinyboard into staging 2014-05-04 00:19:45 +02:00
czaks
8d4104feb0 restore php5.3 compatibility. thx for Kihokki for reporting that 2014-05-03 23:58:24 +02:00
czaks
211c1acec9 actually fix this bug 2014-05-02 19:32:18 +02:00
czaks
9416587d40 fix a bug with multiple images; thanks to saiko of tahta.ch for reporting it 2014-05-02 18:58:21 +02:00
Fredrick Brennan
042e7b9c59 Deprecate postControls(), per-file deletion and spoilering 2014-04-30 17:18:35 -04:00
copypaste
c483e1258c multiimage posting 2014-04-27 15:48:47 +02:00
czaks
a9c35844c7 fix themes resetting the board 2014-04-21 15:38:18 +02:00
czaks
b33e8cb10d fix previous commit 2014-04-19 23:06:59 +02:00
ctrlcctrlv
465986d06c use all boards for search.php if boards are not specified 2014-04-19 23:03:23 +02:00
kaf
f83c87b623 Added: /pol/-like flags based on a953229de7
Conflicts:
	inc/config.php
	templates/post_form.html
2014-04-19 18:48:17 +02:00
czaks
2d34274672 fix posting of ı and İ, possibly a bit more xD 2014-04-18 14:38:05 +02:00
czaks
5a73af9ea1 add a webm posthandler 2014-04-06 21:54:22 +02:00
czaks
2a41c37fee fix link_prefix. thanks to anon on http://tinyboard.org/demo/mod.php?/sup/res/1210.html 2014-03-13 22:39:32 +01:00
czaks
75cca1ffb2 fix previous commit 2014-02-24 15:29:26 +01:00
czaks
58615845ad allow basic commenting of locale string 2014-02-23 19:01:41 +01:00
czaks
9c30e380d8 actually fix prevous commit 2014-02-23 18:54:31 +01:00
czaks
0354b9a5e3 finally fix i18n strings in config.php 2014-02-23 18:49:04 +01:00
czaks
cbf44d4d75 cleanup: don't trigger rebuild code; fail silently (boardlink race fix; I will test it a bit) 2014-02-18 20:42:19 +01:00
czaks
c5dfc2937c fix double quoting in links. thanks STI for reporting that 2014-01-17 00:30:04 +01:00
czaks
d6b8447233 revise 4chan api support 2013-12-28 19:46:50 +01:00
czaks
62fe8571e2 json api: fix building of catalog.json (NB: this puts extra load on server; we can try to make it lighter) 2013-12-28 18:03:49 +01:00
czaks
f5657caf24 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
	install.php
	post.php
	stylesheets/style.css
2013-11-11 21:54:35 +01:00
Michael Foster
9fb63b053f new event: markup-url 2013-10-04 20:13:58 +10:00
Michael Foster
964bb83300 OK, now it is secure. 2013-09-23 14:23:42 +10:00
Michael Foster
9cf6814776 Fix secure tripcode hardening 2013-09-23 12:53:44 +10:00
Michael Foster
699279d84a Hardened secure tripcode? 2013-09-23 12:41:27 +10:00
Michael Foster
a9b7f9b1bc begin implementation of in-built ban appealing 2013-09-21 12:51:23 +10:00
czaks
8ca495e5b8 Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
2013-09-17 19:12:19 -04:00
Michael Foster
57e4292e9d Improvements to showing post in ban 2013-09-18 08:56:04 +10:00
Michael Foster
3471f7c668 Optionally show post user was banned for 2013-09-18 08:47:34 +10:00
czaks
6cb7eb939e Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
Conflicts:
	inc/config.php
	inc/display.php
	inc/mod/pages.php
	install.php
	js/quick-reply.js
	post.php
	templates/index.html
2013-09-17 10:43:44 -04:00