perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

Merge branch 'master' of https://github.com/savetheinternet/Tinyboard

Browse source
This commit is contained in:
Marcin Łabanowski 2013-01-19 16:23:02 +01:00
commit 82fb733906
10 changed files with 115 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

9
inc/config.php
View file

@ -366,6 +366,10 @@
$config['field_disable_name'] = false;
// When true, no email will be able to be set.
$config['field_disable_email'] = false;
// When true, no subject will be able to be set.
$config['field_disable_subject'] = false;
// When true, no subject will be able to be set in replies.
$config['field_disable_reply_subject'] = false;
// When true, a blank password will be used for files (not usable for deletion).
$config['field_disable_password'] = false;
@ -468,8 +472,10 @@
// Maximum image dimensions
$config['max_width'] = 10000;
$config['max_height'] = $config['max_width']; // 1:1
// Reject dupliate image uploads
// Reject duplicate image uploads
$config['image_reject_repost'] = true;
// Reject duplicate image uploads within the same thread. Doesn't change anything if image_reject_repost is true.
$config['image_reject_repost_in_thread'] = false;
// Display the aspect ratio in a post's file info
$config['show_ratio'] = false;
@ -704,6 +710,7 @@
$config['error']['maxsize'] = _('The file was too big.');
$config['error']['invalidzip'] = _('Invalid archive!');
$config['error']['fileexists'] = _('That file <a href="%s">already exists</a>!');
$config['error']['fileexistsinthread'] = _('That file <a href="%s">already exists</a> in this thread!');
$config['error']['delete_too_soon'] = _('You\'ll have to wait another %s before deleting that.');
$config['error']['mime_exploit'] = _('MIME type detection XSS exploit (IE) detected; post discarded.');
$config['error']['invalid_embed'] = _('Couldn\'t make sense of the URL of the video you tried to embed.');

18
inc/display.php
View file

@ -155,6 +155,11 @@ function truncate($body, $url, $max_lines = false, $max_chars = false) {
$max_lines = $config['body_truncate'];
if ($max_chars === false)
$max_chars = $config['body_truncate_char'];
// We don't want to risk truncating in the middle of an HTML comment.
// It's easiest just to remove them all first.
$body = preg_replace('/<!--.*?-->/s', '', $body);
$original_body = $body;
$lines = substr_count($body, '<br/>');
@ -165,7 +170,7 @@ function truncate($body, $url, $max_lines = false, $max_chars = false) {
$body = $m[0];
}
$body = substr($body, 0, $max_chars);
$body = mb_substr($body, 0, $max_chars);
if ($body != $original_body) {
// Remove any corrupt tags at the end
@ -190,9 +195,12 @@ function truncate($body, $url, $max_lines = false, $max_chars = false) {
// remove broken HTML entity at the end (if existent)
$body = preg_replace('/&[^;]+$/', '', $body);
$tags_no_close_needed = array("colgroup", "dd", "dt", "li", "optgroup", "option", "p", "tbody", "td", "tfoot", "th", "thead", "tr", "br", "img");
// Close any open tags
foreach ($tags as &$tag) {
$body .= "</{$tag}>";
if (!in_array($tag, $tags_no_close_needed))
$body .= "</{$tag}>";
}
} else {
// remove broken HTML entity at the end (if existent)
@ -208,7 +216,7 @@ function truncate($body, $url, $max_lines = false, $max_chars = false) {
function secure_link_confirm($text, $title, $confirm_message, $href) {
global $config;
return '<a onclick="if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlentities(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlentities(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
}
function secure_link($href) {
return $href . '/' . make_secure_link_token($href);
@ -342,8 +350,8 @@ class Thread {
// Fix internal links
// Very complicated regex
$this->body = preg_replace(
'/<a(([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/',
'<a href="?/$3',
'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/',
'<a $1href="?/$4',
$this->body
);
}

18
inc/functions.php
View file

@ -527,7 +527,7 @@ function checkFlood($post) {
$query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE (`ip` = :ip AND `time` >= :floodtime) OR (`ip` = :ip AND `body` != '' AND `body` = :body AND `time` >= :floodsameiptime) OR (`body` != '' AND `body` = :body AND `time` >= :floodsametime) LIMIT 1", $board['uri']));
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->bindValue(':body', $post['body'], PDO::PARAM_INT);
$query->bindValue(':body', $post['body']);
$query->bindValue(':floodtime', time()-$config['flood_time'], PDO::PARAM_INT);
$query->bindValue(':floodsameiptime', time()-$config['flood_time_ip'], PDO::PARAM_INT);
$query->bindValue(':floodsametime', time()-$config['flood_time_same'], PDO::PARAM_INT);
@ -697,7 +697,7 @@ function threadExists($id) {
function post(array $post) {
global $pdo, $board;
$query = prepare(sprintf("INSERT INTO `posts_%s` VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri']));
$query = prepare(sprintf("INSERT INTO `posts_%s` (`id`, `thread`, `subject`, `email`, `name`, `trip`, `capcode`, `body`, `body_nomarkup`, `time`, `bump`, `thumb`, `thumbwidth`, `thumbheight`, `file`, `filewidth`, `fileheight`, `filesize`, `filename`, `filehash`, `password`, `ip`, `sticky`, `locked`, `sage`, `embed`) VALUES ( NULL, :thread, :subject, :email, :name, :trip, :capcode, :body, :body_nomarkup, :time, :time, :thumb, :thumbwidth, :thumbheight, :file, :width, :height, :filesize, :filename, :filehash, :password, :ip, :sticky, :locked, 0, :embed)", $board['uri']));
// Basic stuff
if (!empty($post['subject'])) {
@ -1651,6 +1651,20 @@ function getPostByHash($hash) {
return false;
}
function getPostByHashInThread($hash, $thread) {
global $board;
$query = prepare(sprintf("SELECT `id`,`thread` FROM `posts_%s` WHERE `filehash` = :hash AND ( `thread` = :thread OR `id` = :thread )", $board['uri']));
$query->bindValue(':hash', $hash, PDO::PARAM_STR);
$query->bindValue(':thread', $thread, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if ($post = $query->fetch()) {
return $post;
}
return false;
}
function undoImage(array $post) {
if (!$post['has_file'])
return;

37
inc/mod/pages.php
View file

@ -64,6 +64,7 @@ function mod_confirm($request) {
}
function mod_logout() {
global $config;
destroyCookies();
header('Location: ?/', true, $config['redirect_http']);
@ -706,7 +707,7 @@ function mod_sticky($board, $unsticky, $post) {
$query->bindValue(':sticky', $unsticky ? 0 : 1);
$query->execute() or error(db_error($query));
if ($query->rowCount()) {
modLog(($unlock ? 'Unstickied' : 'Stickied') . " thread #{$post}");
modLog(($unsticky ? 'Unstickied' : 'Stickied') . " thread #{$post}");
buildThread($post);
buildIndex();
}
@ -728,7 +729,7 @@ function mod_bumplock($board, $unbumplock, $post) {
$query->bindValue(':bumplock', $unbumplock ? 0 : 1);
$query->execute() or error(db_error($query));
if ($query->rowCount()) {
modLog(($unlock ? 'Unbumplocked' : 'Bumplocked') . " thread #{$post}");
modLog(($unbumplock ? 'Unbumplocked' : 'Bumplocked') . " thread #{$post}");
buildThread($post);
buildIndex();
}
@ -1067,13 +1068,6 @@ function mod_deletefile($board, $post) {
// Record the action
modLog("Deleted file from post #{$post}");
$query = prepare(sprintf('SELECT `thread` FROM `posts_%s` WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->execute() or error(db_error($query));
$thread = $query->fetchColumn();
// Rebuild thread
buildThread($thread ? $thread : $post);
// Rebuild board
buildIndex();
@ -1106,7 +1100,7 @@ function mod_deletebyip($boardName, $post, $global = false) {
$query = '';
foreach ($boards as $_board) {
$query .= sprintf("SELECT `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']);
$query .= sprintf("SELECT `thread`, `id`, '%s' AS `board` FROM `posts_%s` WHERE `ip` = :ip UNION ALL ", $_board['uri'], $_board['uri']);
}
$query = preg_replace('/UNION ALL $/', '', $query);
@ -1117,18 +1111,27 @@ function mod_deletebyip($boardName, $post, $global = false) {
if ($query->rowCount() < 1)
error($config['error']['invalidpost']);
$boards = array();
set_time_limit($config['mod']['rebuild_timelimit']);
$threads_to_rebuild = array();
$threads_deleted = array();
while ($post = $query->fetch()) {
openBoard($post['board']);
$boards[] = $post['board'];
deletePost($post['id'], false);
deletePost($post['id'], false, false);
if ($post['thread'])
$threads_to_rebuild[$post['board']][$post['thread']] = true;
else
$threads_deleted[$post['board']][$post['id']] = true;
}
$boards = array_unique($boards);
foreach ($boards as $_board) {
foreach ($threads_to_rebuild as $_board => $_threads) {
openBoard($_board);
foreach ($_threads as $_thread => $_dummy) {
if ($_dummy && !isset($threads_deleted[$_board][$_thread]))
buildThread($_thread);
}
buildIndex();
}
@ -1460,6 +1463,8 @@ function mod_rebuild() {
error($config['error']['noaccess']);
if (isset($_POST['rebuild'])) {
set_time_limit($config['mod']['rebuild_timelimit']);
$log = array();
$boards = listBoards();
$rebuilt_scripts = array();