From b621699a22463fd9f47e0d1f5c9d366b1e2ab6ed Mon Sep 17 00:00:00 2001 From: anonfagola Date: Sat, 27 Sep 2014 13:19:39 -0700 Subject: [PATCH 1/3] Update instance-config.php @ctrlcctrlv said to me over IRC he removed the threadscroll script because on some browsers, it would refresh the page when scrolling. This has been fixed in #98, so it should be back in as a default addditional JS. and i remembered the semicolon this time --- inc/instance-config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/instance-config.php b/inc/instance-config.php index d74b97fd..2501e20f 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -122,6 +122,7 @@ $config['additional_javascript'][] = 'js/mobile-style.js'; $config['additional_javascript'][] = 'js/id_highlighter.js'; $config['additional_javascript'][] = 'js/id_colors.js'; + $config['additional_javascript'][] = 'js/threadscroll.js'; $config['font_awesome_css'] = '//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css'; From e9773f3fb0c6087d6274061dfef8479220cf0433 Mon Sep 17 00:00:00 2001 From: Bui Date: Mon, 6 Oct 2014 19:35:37 +0900 Subject: [PATCH 2/3] do security checks *after* checking captcha --- post.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/post.php b/post.php index b8996fac..61c3eb78 100644 --- a/post.php +++ b/post.php @@ -192,20 +192,6 @@ if (isset($_POST['delete'])) { if (!openBoard($post['board'])) error($config['error']['noboard']); - if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) || - (!$post['op'] && $_POST['post'] == $config['button_reply']))) - error($config['error']['bot']); - - // Check the referrer - if ($config['referer_match'] !== false && - (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) - error($config['error']['referer']); - - checkDNSBL(); - - // Check if banned - checkBan($board['uri']); - // Check for CAPTCHA right after opening the board so the "return" link is in there if ($config['recaptcha']) { if (!isset($_POST['recaptcha_challenge_field']) || !isset($_POST['recaptcha_response_field'])) @@ -219,7 +205,21 @@ if (isset($_POST['delete'])) { error($config['error']['captcha']); } } + + if (!(($post['op'] && $_POST['post'] == $config['button_newtopic']) || + (!$post['op'] && $_POST['post'] == $config['button_reply']))) + error($config['error']['bot']); + // Check the referrer + if ($config['referer_match'] !== false && + (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], rawurldecode($_SERVER['HTTP_REFERER'])))) + error($config['error']['referer']); + + checkDNSBL(); + + // Check if banned + checkBan($board['uri']); + if ($post['mod'] = isset($_POST['mod']) && $_POST['mod']) { require 'inc/mod/auth.php'; if (!$mod) { From ba3f0f25fe29f806dcd1a0f9c19f6f2b6ee0f346 Mon Sep 17 00:00:00 2001 From: wopot Date: Mon, 6 Oct 2014 17:50:05 +0200 Subject: [PATCH 3/3] 4 times "elseif" is not the way and precalc. value sometimes help if well commentent --- inc/functions.php | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 686a7e22..1b77c191 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -681,36 +681,38 @@ function listBoards($just_uri = false) { function until($timestamp) { $difference = $timestamp - time(); - if ($difference < 60) { + switch(TRUE){ + case ($difference < 60): return $difference . ' ' . ngettext('second', 'seconds', $difference); - } elseif ($difference < 60*60) { + case ($difference < 3600): //60*60 = 3600 return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num); - } elseif ($difference < 60*60*24) { - return ($num = round($difference/(60*60))) . ' ' . ngettext('hour', 'hours', $num); - } elseif ($difference < 60*60*24*7) { - return ($num = round($difference/(60*60*24))) . ' ' . ngettext('day', 'days', $num); - } elseif ($difference < 60*60*24*365) { - return ($num = round($difference/(60*60*24*7))) . ' ' . ngettext('week', 'weeks', $num); + case ($difference < 86400): //60*60*24 = 86400 + return ($num = round($difference/(3600))) . ' ' . ngettext('hour', 'hours', $num); + case ($difference < 604800): //60*60*24*7 = 604800 + return ($num = round($difference/(86400))) . ' ' . ngettext('day', 'days', $num); + case ($difference < 31536000): //60*60*24*365 = 31536000 + return ($num = round($difference/(604800))) . ' ' . ngettext('week', 'weeks', $num); + default: + return ($num = round($difference/(31536000))) . ' ' . ngettext('year', 'years', $num); } - - return ($num = round($difference/(60*60*24*365))) . ' ' . ngettext('year', 'years', $num); } function ago($timestamp) { $difference = time() - $timestamp; - if ($difference < 60) { + switch(TRUE){ + case ($difference < 60) : return $difference . ' ' . ngettext('second', 'seconds', $difference); - } elseif ($difference < 60*60) { + case ($difference < 3600): //60*60 = 3600 return ($num = round($difference/(60))) . ' ' . ngettext('minute', 'minutes', $num); - } elseif ($difference < 60*60*24) { - return ($num = round($difference/(60*60))) . ' ' . ngettext('hour', 'hours', $num); - } elseif ($difference < 60*60*24*7) { - return ($num = round($difference/(60*60*24))) . ' ' . ngettext('day', 'days', $num); - } elseif ($difference < 60*60*24*365) { - return ($num = round($difference/(60*60*24*7))) . ' ' . ngettext('week', 'weeks', $num); + case ($difference < 86400): //60*60*24 = 86400 + return ($num = round($difference/(3600))) . ' ' . ngettext('hour', 'hours', $num); + case ($difference < 604800): //60*60*24*7 = 604800 + return ($num = round($difference/(86400))) . ' ' . ngettext('day', 'days', $num); + case ($difference < 31536000): //60*60*24*365 = 31536000 + return ($num = round($difference/(604800))) . ' ' . ngettext('week', 'weeks', $num); + default: + return ($num = round($difference/(31536000))) . ' ' . ngettext('year', 'years', $num); } - - return ($num = round($difference/(60*60*24*365))) . ' ' . ngettext('year', 'years', $num); } function displayBan($ban) {