czaks
33ef3f9b01
synchronize catalog_link
2016-05-06 14:14:22 +02:00
8chan
7a7574bdca
SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
...
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']
Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.
Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
8chan
6da7f4d25a
No more country flags in <title>
2016-05-06 12:40:37 +02:00
8chan
632d0a76d0
Display placeholder if no file in catalog/theme.php; czaks: fix the code a bit
2016-05-06 12:37:00 +02:00
8chan
6b04b3c671
Fix post deletion
2016-05-05 13:21:09 +02:00
Fredrick Brennan
8943bb0bb3
Rewrite report system due to flooding
2016-05-05 12:57:52 +02:00
czaks
cd01191072
those parts are extraneous
2016-05-05 11:45:29 +02:00
8chan
3eb755ee7e
Move login check in inc/mod/auth.php to a function
...
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
8chan Admin
93f748e6a8
Security: capitalization of mods username is significant
2016-05-05 11:39:12 +02:00
czaks
d310abc95c
Merge branch 'master' of github.com:vichan-devel/vichan
2016-05-05 10:54:09 +02:00
czaks
abe4bdd6ae
fixup
2016-05-05 10:52:58 +02:00
czaks
77176faece
enable javascript in mod panel
2016-05-05 09:56:54 +02:00
czaks
a42256b296
locale cache: fix a bug when perms are done wrong
2016-05-05 08:43:34 +02:00
czaks
36b78e5f98
fix for editor highlighting
2016-05-05 08:40:13 +02:00
czaks
dcf5d699bd
simplify the md5 execution logic
2016-05-05 08:22:19 +02:00
czaks
9768161327
simplify the code a bit
2016-05-05 07:51:55 +02:00
czaks
7c3126866c
ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)
2016-05-05 06:43:22 +02:00
czaks
caaf741691
[SECURITY] keep up with modern password hashing standards
2016-04-22 05:35:43 +02:00
Matthieu
d2de4419bd
Added: config option to hide email in post. (prevent emailfag but let the possibility to sage and noko)
2016-01-26 00:50:55 +01:00
czaks
6d4e756240
fix a bug for some bad database state. thanks Seisatsu for testing
2015-09-11 12:49:42 +02:00
czaks
706feeddff
fix cache_config: webms were thumbnailed twice and with the latest addition, they couldn`t resize at all
2015-08-11 04:51:27 +02:00
czaks
a54488d900
Merge branch 'master' of github.com:vichan-devel/Tinyboard
2015-08-11 03:47:54 +02:00
czaks
1136cc0e44
reflect in readme, that we support .mp4 files as well now
2015-08-11 03:47:44 +02:00
czaks
ccd00c497c
a stricter check for webm processing
2015-08-11 03:46:02 +02:00
Marcin Łabanowski
11d4cb0f4f
Merge pull request #155 from 27chan/patch-7
...
Add extension mp4
2015-08-11 03:44:51 +02:00
Marcin Łabanowski
b0eb49de82
Merge pull request #160 from 27chan/patch-10
...
Add extension mp4
2015-08-11 03:39:22 +02:00
27chan
219c1987a9
Add extension mp4
2015-08-10 22:25:09 -03:00
27chan
f1cbbbc15a
Add extension mp4
2015-08-10 22:15:21 -03:00
27chan
601c8cebc9
Add extension mp4
2015-08-10 22:13:42 -03:00
czaks
d3d167affb
SECURITY: XSS fix for youtube.js/metacafe embed
2015-07-08 16:26:58 +02:00
Anonke
3f29bdfac9
the poster IDs were showing in API despite being disabled
2015-05-30 20:46:43 +02:00
czaks
2d9214ac63
version check should point at engine.vichan.net and not tinyboard.org actually
2015-04-23 08:18:36 +02:00
czaks
4c1d2f924c
fix error while installing themes; thanks xixi
2015-04-23 07:57:52 +02:00
Marcin Łabanowski
4014682882
fileboard support
2015-04-22 06:06:34 +02:00
czaks
1b16e97f67
[code] fix regexps
2015-04-12 03:08:40 +02:00
czaks
197d5f236f
[code] tag support
2015-04-12 01:14:35 +02:00
8chan
f2848f2242
Update GeoIP database
2015-04-10 15:03:35 +02:00
czaks
11dfc8bbdc
fs cache backend: silence the error
2015-04-06 22:51:02 +02:00
czaks
094f60d34d
try_smarter: fix two bugs. 1. uncovered by the second, during a bump only the page the thread was on and first page were rebuild, despite threads rearranging their positions on the remaining pages. happening always. 2. during smart build, the page wasn`t ordered to be rebuilt
2015-04-06 18:59:33 +02:00
Marcin Łabanowski
8fcb9195c8
Merge pull request #137 from lewdchan/master
...
made the define_groups function play nice on hhvm
2015-04-05 20:51:51 +02:00
czaks
c50635c700
Merge branch 'master' of github.com:vichan-devel/Tinyboard
2015-04-05 20:37:40 +02:00
czaks
9831b582fa
groups were not defined
2015-04-05 20:25:57 +02:00
czaks
6fd4eb2add
fix a locale issue
2015-04-05 20:23:57 +02:00
czaks
f053450edf
cache_config: fix debug notice
2015-04-05 20:04:27 +02:00
czaks
45f11d1d78
indent the file (inc/functions.php) after the latest changes
2015-04-05 19:12:41 +02:00
czaks
dc2928a14d
cache_config preliminary release
2015-04-05 18:48:53 +02:00
czaks
1d28b4be4d
cache.php: fs cache
2015-04-05 17:13:55 +02:00
czaks
b78b3db010
uncache themes on settings change
2015-04-05 16:59:04 +02:00
czaks
758cb94e01
optimization: locale caching, so we don`t have to reparse instance-config every single time
2015-04-05 16:52:35 +02:00
czaks
71ef3430fc
optimization: get rid of one more sql query related to installed themes
2015-04-05 16:38:16 +02:00