Commit Graph

3938 Commits

Author SHA1 Message Date
im-mi e6dd1b492c Sanitize ratings 2016-09-25 15:26:36 -04:00
im-mi d4fda00dd9 Check for existence of POST var tag_edit__owner before using it 2016-09-25 15:26:36 -04:00
im-mi 05da5d0b4f Use Image->get_image_link() on ICO files 2016-09-25 15:26:36 -04:00
im-mi 1dd0dfc591 Read ICO header with proper sign
Fixes width/height being read incorrectly when >= 128
2016-09-25 10:17:46 -04:00
Shish d9485bbb40 Merge pull request #587 from im-mi/fix-comment-delete-injection
Fix comment-delete injection
2016-09-14 17:12:01 -07:00
im-mi a49c5745b0 Use html_escape instead of htmlspecialchars 2016-09-14 18:08:12 -04:00
im-mi c1083bbea1 Fixed comment-delete code-injection vulnerability 2016-09-14 17:42:32 -04:00
Shish 7efff25dcc Merge pull request #585 from im-mi/pool-placeholder-text
Don't use javascript for pool search placeholder
2016-09-07 23:49:19 +01:00
im-mi e8c6f655b0 Don't use javascript for pool search placeholder 2016-09-07 08:43:34 -04:00
Shish d36338d4c4 Merge pull request #582 from im-mi/minor-html-fixes
Minor html fixes
2016-09-07 10:31:25 +01:00
Shish 0ef74bdd15 Merge pull request #584 from im-mi/remove-pool-index-link
Use generic NavBlock on pool pages (fixes a JS error)
2016-09-07 10:28:43 +01:00
im-mi 73ff0e669d Use generic NavBlock instead of "Index" block on pool pages 2016-09-06 09:25:08 -04:00
im-mi e5cfea028a Fixed mass source set's broken dialog 2016-09-03 14:43:56 -04:00
im-mi 91fea63319 Removed stray end tag 2016-09-03 14:26:24 -04:00
im-mi ac53fe52de Removed obsolete language specification from <script> 2016-09-03 14:26:24 -04:00
im-mi 10d47409ad Added doctype to home page 2016-09-03 14:26:24 -04:00
im-mi d39b084537 Properly end attribute list of tag on upload form 2016-09-03 14:26:24 -04:00
Shish 3051334d8f be explicit that variables are variables 2016-09-02 16:19:02 +01:00
Shish e96a5e1109 Merge pull request #579 from im-mi/fix-ico-256-256
Fix .ico when size is 256 x 256
2016-09-02 15:50:46 +01:00
Shish bc0b37a21f Merge pull request #580 from im-mi/mass-tagger-fixes
Mass tagger fixes
2016-09-02 15:49:18 +01:00
im-mi 15ffdff387 Fix .ico when size is 256 x 256 2016-09-02 05:33:16 -04:00
im-mi d2540a9619 Use CSS for mass tagger button styling 2016-09-02 05:30:00 -04:00
im-mi 49d6fa99da Clear the mass tagger's selection on load
.. in case it was autocompleted by the browser.
2016-09-02 05:29:59 -04:00
Shish 29bdc5da22 Merge pull request #576 from im-mi/fix-pool-description-code-injection
Update pool description formatter (code injection vulnerability)
2016-09-01 11:18:37 +01:00
Shish 2258116a31 Merge pull request #577 from im-mi/fix-tag-list-starts-with-headings
Fix "starts-with" header in tag list when escaping required
2016-09-01 11:16:10 +01:00
im-mi 10e8fc50d3 Fix "starts-with" header in tag list when escaping required
This fixes the "starts-with" headers* on the tags/alphabetic page. Before, the headers would be wrong if they started with an escaped character.

This also escapes the resulting header so that it no longer generates invalid HTML in such cases.

* Note that these headers are only visible when paged tag lists is disabled.
2016-09-01 03:33:17 -04:00
im-mi bb64d12d9d Use TextFormattingEvent instead of raw BBCode formatter 2016-09-01 00:35:52 -04:00
Shish bcef3fbc8f have tag sanitisation process ignore tags which are too long, fixes #565 2016-08-29 09:21:23 +01:00
Shish 5691d1c3ad Merge pull request #574 from im-mi/single-quotes-in-tags-fix
Fix tags not being escaped for HTML in some cases (code injection vulnerability)
2016-08-29 09:09:55 +01:00
im-mi 84b4ac3893 html_escape tag info link 2016-08-29 01:19:11 -04:00
im-mi 36b66f4c23 html_escape data-tags for tags that contain single quotes 2016-08-29 00:26:55 -04:00
Shish a68407e12e Merge pull request #573 from im-mi/patch-2
Fix log info section name
2016-08-20 14:57:35 +01:00
Shish 98254ef5bd Merge pull request #572 from im-mi/video-playback-options
Added video playback options for autoplay and loop
2016-08-20 14:57:16 +01:00
Shish 61b86da5fe Merge pull request #571 from im-mi/develop
Clean up a few superficial errors
2016-08-20 14:56:18 +01:00
im-mi 980e3b686b Fix log info section name 2016-08-19 21:52:48 -04:00
im-mi cce24f9e80 Added video playback options for autoplay and loop 2016-08-19 21:25:58 -04:00
im-mi 8fe9212882 Fixed assertion failure upon upload due to incorrect type check 2016-08-19 15:55:18 -04:00
im-mi d8e1346b78 Replace deprecated DefaultType directive 2016-08-19 15:55:18 -04:00
Shish 89dffd569a and mass tagger 2016-07-30 23:41:42 +01:00
Shish 28c10d1748 unit tests are input too 2016-07-30 23:08:08 +01:00
Shish 26b2cd5c16 derp 2016-07-30 23:06:42 +01:00
Shish bed04a1230 assert that metadata['tags'] is an array 2016-07-30 23:02:14 +01:00
Shish ffce1a4683 more hinting 2016-07-30 22:54:42 +01:00
Shish b81e8a2db8 also explode tags on transload input 2016-07-30 22:45:44 +01:00
Shish 7be951b271 Convert tags from user-supplied string to array once, on input
This results in a fuckton of refactoring and code cancelling out
other code -- we no longer have a whole bunch of places trying
to support string params and array params, and doing their own
esaping and unescaping, never being quite sure if the data they've
been passed is escaped or not.

Also adds a bunch of type hinting, since we can now know what
data we're dealing with better.
2016-07-30 22:11:49 +01:00
Shish bc3e482247 more image report display options 2016-07-30 15:04:34 +01:00
Shish b533a43428 Merge branch 'develop' of https://github.com/shish/shimmie2 into develop 2016-07-11 13:01:05 +01:00
Shish c14a36079c add option to force a specific base url 2016-07-11 13:00:54 +01:00
Shish b6ad316d20 linting 2016-07-03 12:07:54 +01:00
Shish 68d58a6f11 Merge branch 'develop' of https://github.com/shish/shimmie2 into develop 2016-07-03 11:48:16 +01:00