95b1e103cb
Edit static pages commit
2016-05-06 16:03:55 +02:00
7911c374e8
Public action logs commit (log.php)
...
Note: In a previous commit, I began making inc/mod/auth.php more modular with the check_login() function. Including it does NOT check mod login by default anymore like it does on vichan. You have to call check_login(). I've finally included it in inc/functions.php. If you have any custom pages that use inc/mod/auth.php, just including functions.php is enough now.
===================================
Also: backports 351375185e5 (early 404)
2016-05-06 15:44:26 +02:00
7a7574bdca
SECURITY / XSS : ?/edit allowed arbitrary HTML to be added by any user thru addition of <tinyboard raw html>1</tinyboard>
...
This allowed ANY user with ?/edit privilege to also have raw_html regardless of whether they had $config['mod']['rawhtml']
Now, any changes to <tinyboard> markup modifiers via ?/edit are not allowed. They are removed at read time, and before write they are removed again and the ones in the database (which should be clean...) are inserted instead.
Please immediately apply this patch to your instance if you are running any version of 8chan/infinity.
2016-05-06 12:43:25 +02:00
cd01191072
those parts are extraneous
2016-05-05 11:45:29 +02:00
3eb755ee7e
Move login check in inc/mod/auth.php to a function
...
This allows pages like create.php to not include inc/mod/pages.php while still being able to use the mod auth functions (like generating salts and passwords)
2016-05-05 11:40:52 +02:00
93f748e6a8
Security: capitalization of mods username is significant
2016-05-05 11:39:12 +02:00
77176faece
enable javascript in mod panel
2016-05-05 09:56:54 +02:00
7c3126866c
ease the migration process for the previous security patch (by introducing another migration); restore php 5.4 compatibility (introducing a polyfill system)
2016-05-05 06:43:22 +02:00
caaf741691
[SECURITY] keep up with modern password hashing standards
2016-04-22 05:35:43 +02:00
2d9214ac63
version check should point at engine.vichan.net and not tinyboard.org actually
2015-04-23 08:18:36 +02:00
4c1d2f924c
fix error while installing themes; thanks xixi
2015-04-23 07:57:52 +02:00
b78b3db010
uncache themes on settings change
2015-04-05 16:59:04 +02:00
2f7aeec531
...
2015-03-10 13:48:33 +01:00
58b60f0aa4
...
2015-03-10 13:46:34 +01:00
bdb6001f3f
support for slugified links; may introduce a few bugs
2015-03-10 12:48:59 +01:00
9b3fa77719
new banlist implementation; also includes a public banlist
2014-10-08 23:23:59 +02:00
c4dc3f4d47
Fix spoiler image not working
2014-10-07 04:33:57 +02:00
fe60590d19
Check spoiler_image size before ussuming it is 128×128px
2014-10-05 15:26:28 +00:00
53ada6a5ff
added option for showing the mod in ban page.
...
also fixes issue where the Staff is not shown in ban appeals.
2014-09-01 06:30:33 +08:00
ef7556194c
Fix 55ch cancer; can now see next page of posts, ?/recent uses templating system
2014-07-19 18:42:52 +00:00
f97d2dff85
fix previous commit
2014-07-08 09:44:30 +02:00
9526f5ed1c
fix #72
2014-07-08 09:43:04 +02:00
2c883fda0a
fix ban appeals; thanks to sraczynski for reporting
2014-06-16 11:39:56 +02:00
427a9938a7
Merge 4.5
2014-06-12 03:12:56 +02:00
7933abd271
Fix vichan #65
...
Conflicts:
inc/mod/auth.php
inc/mod/pages.php
2014-06-12 03:12:27 +02:00
503903ac0f
Merge 4.5
2014-06-11 02:05:14 +02:00
23d6e82038
$_SERVER[HTTPS] isn`t being always set; fixes #65
2014-06-11 02:04:59 +02:00
c2cbbe7e22
Merge 4.5
...
Conflicts:
js/expand-too-long.js
2014-06-10 17:51:03 +02:00
6716a24b68
Send cookie only via HTTPS if a mod logs in via HTTPS, which is the case on this site
2014-06-10 17:42:18 +02:00
65a14a0d39
Fix moving of deleted files
2014-05-19 14:00:16 -04:00
5039584a5e
Fix ?/recent str_replace issue
2014-05-04 19:24:34 -04:00
042e7b9c59
Deprecate postControls(), per-file deletion and spoilering
2014-04-30 17:18:35 -04:00
24753907eb
remove var_dump
2014-04-29 20:18:30 -04:00
53e33d414f
Fix mod_move for multi image
2014-04-29 19:14:10 -04:00
2b3942d19d
Fix mod_move for multi image
2014-04-29 19:07:13 -04:00
bb5446a93d
Merge remote-tracking branch 'origin/br-integration' into staging
2014-04-29 21:35:50 +02:00
c483e1258c
multiimage posting
2014-04-27 15:48:47 +02:00
9d9d514919
we no have any modpages.html
2014-03-25 11:57:36 +01:00
fb2b66e2dd
Recent posts functionality
...
Conflicts:
inc/config.php
inc/mod/pages.php
mod.php
2014-03-25 11:35:04 +01:00
f5657caf24
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
...
Conflicts:
inc/config.php
install.php
post.php
stylesheets/style.css
2013-11-11 21:54:35 +01:00
f5422cad65
Um. I accidentally deleted this code for some reason.
2013-09-30 12:18:56 +10:00
c8062fbf76
CSRF more mod pages
2013-09-23 16:48:56 +10:00
d234c014f0
?/debug/apc with cache prefixes
2013-09-23 10:41:47 +10:00
fcbc211314
Fixed weird bug with ?/debug/sql trying to allocate a few GB on some instances. Assuming bug with APCu.
2013-09-23 10:21:18 +10:00
39be89ba49
?/debug/apc
2013-09-23 10:11:16 +10:00
a9b7f9b1bc
begin implementation of in-built ban appealing
2013-09-21 12:51:23 +10:00
0a58973631
Make it so that users can't insert code w/syntax errors into ?/config
2013-09-21 02:21:05 +00:00
8ca495e5b8
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
...
Conflicts:
inc/config.php
2013-09-17 19:12:19 -04:00
3471f7c668
Optionally show post user was banned for
2013-09-18 08:47:34 +10:00
6cb7eb939e
Merge branch 'master' of https://github.com/savetheinternet/Tinyboard into vichan-devel-4.5
...
Conflicts:
inc/config.php
inc/display.php
inc/mod/pages.php
install.php
js/quick-reply.js
post.php
templates/index.html
2013-09-17 10:43:44 -04:00
Fredrick Brennan
czaks
kaf
Juan Tamad
Chen-Pang He
sinuca
Michael Foster
ctrlcctrlv