lainchan

History

8chan 7a7574bdca SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard> This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml'] Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead. Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.		2016-05-06 12:43:25 +02:00
..
lib	No more country flags in <title>	2016-05-06 12:40:37 +02:00
locale
mod	SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>	2016-05-06 12:43:25 +02:00
anti-bot.php
api.php	fixup	2016-05-05 10:52:58 +02:00
bans.php
cache.php	fs cache backend: silence the error	2015-04-06 22:51:02 +02:00
config.php	Display placeholder if no file in catalog/theme.php; czaks: fix the code a bit	2016-05-06 12:37:00 +02:00
database.php
display.php	simplify the code a bit	2016-05-05 07:51:55 +02:00
events.php
filters.php
functions.php	SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>	2016-05-06 12:43:25 +02:00
image.php
instance-config.php
polyfill.php	ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)	2016-05-05 06:43:22 +02:00
remote.php
template.php