From 0c570e2ca5498d15e93f539eee7bcf49dff8a8f4 Mon Sep 17 00:00:00 2001 From: 8chan Date: Sat, 11 Oct 2014 15:41:16 -0700 Subject: [PATCH 1/6] SECURITY: imagemagick/graphicsmagick was ignoring all errors So, in a much older patch I had a problem where an incorrect RGB profile would make image uploads fail. I fixed this by using strpos against the error message...but didn't check the return value correctly. That means that any error from gm/im was ignored. This caused people to upload too large images and flood /b/ with 1 x 10000 pixel images My fault, patched now. Sorry about that. --- inc/image.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/inc/image.php b/inc/image.php index ab2dfee8..3a678cdf 100644 --- a/inc/image.php +++ b/inc/image.php @@ -330,6 +330,7 @@ class ImageConvert extends ImageBase { $convert_args = str_replace('-auto-orient', '', $config['convert_args']); else $convert_args = &$config['convert_args']; + if (($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' . sprintf($convert_args, $this->width, @@ -361,9 +362,9 @@ class ImageConvert extends ImageBase { $this->width, $this->height, escapeshellarg($this->temp)))) || !file_exists($this->temp)) { - if (strpos($error, "known incorrect sRGB profile") === "false") { + if (strpos($error, "known incorrect sRGB profile") === false) { $this->destroy(); - error('Failed to resize image!', null, $error); + error('Failed to resize image!', null, array('convert_error' => $error)); } if (!file_exists($this->temp)) { $this->destroy(); From 9bf6ebec4334c49ffa0ddbb5ad483bb1f4f9857a Mon Sep 17 00:00:00 2001 From: 8chan Date: Sun, 12 Oct 2014 16:34:34 -0700 Subject: [PATCH 2/6] SECURITY: IPs were still being shown on IP_less in a few places --- inc/functions.php | 9 ++++++++- inc/mod/pages.php | 6 +++--- templates/mod/view_ip_less.html | 2 +- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index 85146834..b61f5bb7 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -2409,6 +2409,13 @@ function diceRoller($post) { function less_ip($ip) { $ipv6 = (strstr($ip, ':') !== false); + $has_range = (strstr($ip, '/') !== false); + + if ($has_range) { + $ip_a = explode('/', $ip); + $ip = $ip_a[0]; + $range = $ip_a[1]; + } $in_addr = inet_pton($ip); @@ -2420,7 +2427,7 @@ function less_ip($ip) { } $final = inet_ntop($in_addr & $mask); - return str_replace(array(':0', '.0'), array(':x', '.x'), $final); + return str_replace(array(':0', '.0'), array(':x', '.x'), $final) . (isset($range) ? '/'.$range : ''); } function less_hostmask($hostmask) { diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 913a9f54..3cdf1374 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -892,7 +892,7 @@ function mod_page_ip_less($b, $id) { Bans::delete($_POST['ban_id'], true); - header('Location: ?/IP/' . $ip . '#bans', true, $config['redirect_http']); + header('Location: ?/IP_less/' . $b . '/' . $id . '#bans', true, $config['redirect_http']); return; } @@ -911,7 +911,7 @@ function mod_page_ip_less($b, $id) { modLog("Added a note for {$ip}"); - header('Location: ?/IP/' . $ip . '#notes', true, $config['redirect_http']); + header('Location: ?/IP_less/' . $b . '/' . $id . '#notes', true, $config['redirect_http']); return; } @@ -926,7 +926,7 @@ function mod_page_ip_less($b, $id) { $query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $b)); $query->bindValue(':ip', $ip); - $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); + $query->bindValue(':limit', $config['mod']['ip_less_recentposts'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); while ($post = $query->fetch(PDO::FETCH_ASSOC)) { diff --git a/templates/mod/view_ip_less.html b/templates/mod/view_ip_less.html index a93ee6a3..a5e5e70c 100644 --- a/templates/mod/view_ip_less.html +++ b/templates/mod/view_ip_less.html @@ -103,7 +103,7 @@ {% trans 'IP' %} - {{ ban.mask }} + {{ ban.mask|less_ip }} {% trans 'Reason' %} From 16c613dad07a081a19e8baf1f9968bde48e85c57 Mon Sep 17 00:00:00 2001 From: 8chan Date: Sun, 12 Oct 2014 18:31:00 -0700 Subject: [PATCH 3/6] SECURITY: Stop showing all mods poster IDs I'm retarded --- templates/post/poster_id.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/post/poster_id.html b/templates/post/poster_id.html index cc6abb48..f23f8df6 100644 --- a/templates/post/poster_id.html +++ b/templates/post/poster_id.html @@ -1,4 +1,4 @@ -{% if config.poster_ids or mod %} +{% if config.poster_ids or (mod|hasPermission(config.mod.show_ip_less, board.uri)) %} {% if post.thread %} ID: {{ poster_id(post.ip, post.thread, board.uri) }} {% else %} From 0f00902353a4e1c6046fd54596033c29116911e4 Mon Sep 17 00:00:00 2001 From: ro Date: Tue, 14 Oct 2014 12:43:31 -0700 Subject: [PATCH 4/6] Gloval -> Global --- faq.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/faq.php b/faq.php index 462ccdaf..f612ec5e 100644 --- a/faq.php +++ b/faq.php @@ -11,7 +11,7 @@ $body = <<The largest board owners are promoted to Global Volunteers. This is devised by an algorithm, but volunteers are only promoted with my express approval.

-

All new global volunteers are sent a message congratulating them on becoming global volunteers and explaining the position. Gloval volunteers simply delete CP, excessive spam and other illegal content that comes on the server and ban the posting users and their IP ranges.

+

All new global volunteers are sent a message congratulating them on becoming global volunteers and explaining the position. Global volunteers simply delete CP, excessive spam and other illegal content that comes on the server and ban the posting users and their IP ranges.

There is a large penalty for abusing their powers to ban users for other reasons. That penalty is that I will not only remove their global volunteer position, but also commandeer their board. I will then find another suitable owner for it among the board's users and give it to them.

From 6073c9e73ad6c7f400c560ce8b9d0e8a93233317 Mon Sep 17 00:00:00 2001 From: clsr Date: Thu, 16 Oct 2014 17:08:39 +0200 Subject: [PATCH 5/6] Fix API: Swap image width/height, make replies an integer, fix original filename --- inc/api.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/inc/api.php b/inc/api.php index 31cf2293..600b1096 100644 --- a/inc/api.php +++ b/inc/api.php @@ -43,10 +43,9 @@ class Api { $this->fileFields = array( 'thumbheight' => 'tn_h', 'thumbwidth' => 'tn_w', - 'height' => 'w', - 'width' => 'h', + 'height' => 'h', + 'width' => 'w', 'size' => 'fsize', - 'file' => 'filename', ); if (isset($config['api']['extra_fields']) && gettype($config['api']['extra_fields']) == 'array'){ @@ -65,6 +64,8 @@ class Api { 'fsize' => 1, 'omitted_posts' => 1, 'omitted_images' => 1, + 'replies' => 1, + 'images' => 1, 'sticky' => 1, 'locked' => 1, 'last_modified' => 1 @@ -108,10 +109,9 @@ class Api { if (isset($post->files) && $post->files && !$threadsPage) { $file = $post->files[0]; $this->translateFields($this->fileFields, $file, $apiPost); + $apiPost['filename'] = substr($file->name, 0, strrpos($file->name, '.')); $dotPos = strrpos($file->file, '.'); - $apiPost['filename'] = substr($file->file, 0, $dotPos); $apiPost['ext'] = substr($file->file, $dotPos); - $dotPos = strrpos($file->file, '.'); $apiPost['tim'] = substr($file->file, 0, $dotPos); $apiPost['md5'] = base64_encode(hex2bin($post->filehash)); } From 7e3fd0dcc590cb6d6b8ef663e27a99e196b0b8d1 Mon Sep 17 00:00:00 2001 From: clsr Date: Thu, 16 Oct 2014 17:26:58 +0200 Subject: [PATCH 6/6] Fix expanded tabs --- inc/api.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/api.php b/inc/api.php index 600b1096..c9608f06 100644 --- a/inc/api.php +++ b/inc/api.php @@ -64,8 +64,8 @@ class Api { 'fsize' => 1, 'omitted_posts' => 1, 'omitted_images' => 1, - 'replies' => 1, - 'images' => 1, + 'replies' => 1, + 'images' => 1, 'sticky' => 1, 'locked' => 1, 'last_modified' => 1 @@ -109,7 +109,7 @@ class Api { if (isset($post->files) && $post->files && !$threadsPage) { $file = $post->files[0]; $this->translateFields($this->fileFields, $file, $apiPost); - $apiPost['filename'] = substr($file->name, 0, strrpos($file->name, '.')); + $apiPost['filename'] = substr($file->name, 0, strrpos($file->name, '.')); $dotPos = strrpos($file->file, '.'); $apiPost['ext'] = substr($file->file, $dotPos); $apiPost['tim'] = substr($file->file, 0, $dotPos);