From 9920a51ff5a5c6914f5bc72ce60c22245d5f1352 Mon Sep 17 00:00:00 2001 From: unknown <8n-tech@users.noreply.github.com> Date: Fri, 17 Oct 2014 02:32:39 -0500 Subject: [PATCH] - Resolved board creation script throwing SQL error for mismatched column count. - Resolved warnings would be thrown if inc/dnsbls.php did not exist. - Resolved problem where shell_exec_error was incorrectly reporting a success in instances where 'md5sum' was not supported, resulting in "'md5sum'" literally being recorded as the file hash. This then lead to hex2bin throwing an error on page load, preventing access to threads (among other problems). --- inc/functions.php | 40 +++-- inc/instance-config.php | 389 +--------------------------------------- inc/mod/pages.php | 2 +- post.php | 19 +- 4 files changed, 51 insertions(+), 399 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index b61f5bb7..963a1e74 100755 --- a/inc/functions.php +++ b/inc/functions.php @@ -894,10 +894,14 @@ function insertFloodPost(array $post) { $query->bindValue(':board', $board['uri']); $query->bindValue(':time', time()); $query->bindValue(':posthash', make_comment_hex($post['body_nomarkup'])); - if ($post['has_file']) + + if ($post['has_file']) { $query->bindValue(':filehash', $post['filehash']); - else + } + else { $query->bindValue(':filehash', null, PDO::PARAM_NULL); + } + $query->bindValue(':isreply', !$post['op'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); } @@ -2318,24 +2322,38 @@ function DNS($host) { function shell_exec_error($command, $suppress_stdout = false) { global $config, $debug; - - if ($config['debug']) + + if( $config['debug'] ) { + $which = microtime(true); + } + + // Determine if $command is a valid command. If we don't, the following is considered valid output. + // '$command' is not recognized as an internal or external command, operable program or batch file. + if( empty( shell_exec("which $command") ) ) { + return false; + } + + if( $config['debug'] ) { $start = microtime(true); - + } + + $return = trim(shell_exec('PATH="' . escapeshellcmd($config['shell_path']) . ':$PATH";' . $command . ' 2>&1 ' . ($suppress_stdout ? '> /dev/null ' : '') . '&& echo "TB_SUCCESS"')); $return = preg_replace('/TB_SUCCESS$/', '', $return); - - if ($config['debug']) { - $time = microtime(true) - $start; + + if( $config['debug'] ) { + $time_which = $start - $which; + $time = microtime(true) - $start; + $debug['exec'][] = array( - 'command' => $command, - 'time' => '~' . round($time * 1000, 2) . 'ms', + 'command' => $command, + 'time' => '~' . round($time * 1000, 2) . 'ms + ~' . round($time_which * 1000, 2) . 'ms', 'response' => $return ? $return : null ); $debug['time']['exec'] += $time; } - + return $return === 'TB_SUCCESS' ? false : $return; } diff --git a/inc/instance-config.php b/inc/instance-config.php index 699d1a18..db80c4c1 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -7,31 +7,25 @@ * * You can copy values from config.php (defaults) and paste them here. */ - require_once "lib/htmlpurifier-4.5.0/library/HTMLPurifier.auto.php"; - require_once "8chan-functions.php"; - // Note - you may want to change some of these in secrets.php instead of here - // See the secrets.example.php file - $config['db']['server'] = 'localhost'; - $config['db']['database'] = '8chan'; + + $config['db']['server'] = '127.0.0.1:3307'; + $config['db']['database'] = 'chan'; $config['db']['prefix'] = ''; - $config['db']['user'] = 'root'; + $config['db']['user'] = 'chan'; $config['db']['password'] = ''; - $config['timezone'] = 'UTC'; - $config['cache']['enabled'] = 'apc'; $config['cookies']['mod'] = 'mod'; - $config['cookies']['salt'] = ''; - - $config['spam']['hidden_inputs_max_pass'] = 128; - $config['spam']['hidden_inputs_expire'] = 60 * 60 * 4; // three hours + $config['cookies']['salt'] = 'OTRkMWRlYmRlZmE2NGZkNmU5YThkZW'; $config['flood_time'] = 5; $config['flood_time_ip'] = 30; $config['flood_time_same'] = 2; $config['max_body'] = 5000; $config['reply_limit'] = 300; + $config['max_links'] = 40; + $config['max_filesize'] = 8388608; $config['thumb_width'] = 255; $config['thumb_height'] = 255; $config['max_width'] = 10000; @@ -39,371 +33,6 @@ $config['threads_per_page'] = 15; $config['max_pages'] = 15; $config['threads_preview'] = 5; - $config['root'] = '/'; - $config['secure_trip_salt'] = ''; - $config['always_noko'] = true; - $config['allow_no_country'] = true; - $config['thread_subject_in_title'] = true; - $config['spam']['hidden_inputs_max_pass'] = 128; - $config['ayah_enabled'] = true; + $config['root'] = '/8chan/'; + $config['secure_trip_salt'] = 'ZjJmMzg1MzY4MWU3Y2UyNzkxYmQyNW'; - // Load database credentials - require "secrets.php"; - - // Image shit - $config['thumb_method'] = 'gm+gifsicle'; - $config['thumb_ext'] = ''; - $config['thumb_keep_animation_frames'] = 100; - $config['show_ratio'] = true; - //$config['allow_upload_by_url'] = true; - $config['max_filesize'] = 1024 * 1024 * 8; // 8MB - $config['disable_images'] = false; - $config['spoiler_images'] = true; - $config['image_reject_repost'] = true; - $config['allowed_ext_files'][] = 'webm'; - $config['webm']['use_ffmpeg'] = true; - $config['webm']['allow_audio'] = true; - $config['webm']['max_length'] = 60 * 15; - - // Mod shit - $config['mod']['groups'][25] = 'Supermod'; - define_groups(); - $config['mod']['capcode'][MOD] = array('Board Volunteer'); - $config['mod']['capcode'][SUPERMOD] = array('Global Volunteer'); - $config['custom_capcode']['Admin'] = array( - ' %s', - ); - $config['custom_capcode']['Bear'] = array( - ' %s', - ); - //$config['mod']['view_banlist'] = SUPERMOD; - $config['mod']['show_ip'] = SUPERMOD; - $config['mod']['show_ip_less'] = MOD; - $config['mod']['manageusers'] = SUPERMOD; - $config['mod']['noticeboard_post'] = SUPERMOD; - $config['mod']['search'] = SUPERMOD; - $config['mod']['debug_recent'] = ADMIN; - $config['mod']['debug_antispam'] = ADMIN; - $config['mod']['modlog'] = SUPERMOD; - $config['mod']['editpost'] = MOD; - $config['mod']['recent_reports'] = 65535; - $config['ban_show_post'] = true; - - // Board shit - $config['max_links'] = 40; - $config['poster_id_length'] = 6; - $config['ayah_enabled'] = true; - $config['url_banner'] = '/banners.php'; - //$config['default_stylesheet'] = array('Notsuba', 'notsuba.css'); - $config['additional_javascript'][] = 'js/jquery.min.js'; - $config['additional_javascript'][] = 'js/jquery.tablesorter.min.js'; - $config['additional_javascript'][] = 'js/options.js'; - $config['additional_javascript'][] = 'js/style-select.js'; - $config['additional_javascript'][] = 'js/options/general.js'; - $config['additional_javascript'][] = 'js/post-hover.js'; - $config['additional_javascript'][] = 'js/update_boards.js'; - $config['additional_javascript'][] = 'js/favorites.js'; - $config['additional_javascript'][] = 'js/show-op.js'; - $config['additional_javascript'][] = 'js/hide-threads.js'; - $config['additional_javascript'][] = 'js/smartphone-spoiler.js'; - $config['additional_javascript'][] = 'js/inline-expanding.js'; - $config['additional_javascript'][] = 'js/show-backlinks.js'; - $config['additional_javascript'][] = 'js/webm-settings.js'; - $config['additional_javascript'][] = 'js/expand-video.js'; - $config['additional_javascript'][] = 'js/treeview.js'; - $config['additional_javascript'][] = 'js/quick-post-controls.js'; - $config['additional_javascript'][] = 'js/expand-too-long.js'; - $config['additional_javascript'][] = 'js/settings.js'; - $config['additional_javascript'][] = 'js/fix-report-delete-submit.js'; - $config['additional_javascript'][] = 'js/hide-images.js'; - $config['additional_javascript'][] = 'js/expand-all-images.js'; - $config['additional_javascript'][] = 'js/local-time.js'; - $config['additional_javascript'][] = 'js/no-animated-gif.js'; - $config['additional_javascript'][] = 'js/expand.js'; - $config['additional_javascript'][] = 'js/titlebar-notifications.js'; - $config['additional_javascript'][] = 'js/auto-reload.js'; - $config['additional_javascript'][] = 'js/quick-reply.js'; - $config['additional_javascript'][] = 'js/options/user-css.js'; - $config['additional_javascript'][] = 'js/options/user-js.js'; - $config['additional_javascript'][] = 'js/forced-anon.js'; - $config['additional_javascript'][] = 'js/toggle-locked-threads.js'; - $config['additional_javascript'][] = 'js/toggle-images.js'; - $config['additional_javascript'][] = 'js/mobile-style.js'; - $config['additional_javascript'][] = 'js/id_highlighter.js'; - $config['additional_javascript'][] = 'js/id_colors.js'; - $config['additional_javascript'][] = 'js/inline.js'; - $config['additional_javascript'][] = 'js/infinite-scroll.js'; - $config['additional_javascript'][] = 'js/download-original.js'; - $config['additional_javascript'][] = 'js/thread-watcher.js'; - - //$config['font_awesome_css'] = '/netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css'; - - $config['stylesheets']['Dark'] = 'dark.css'; - $config['stylesheets']['Photon'] = 'photon.css'; - - $config['stylesheets_board'] = true; - $config['markup'][] = array("/^[ |\t]*==(.+?)==[ |\t]*$/m", "\$1"); - $config['markup'][] = array("/\[spoiler\](.+?)\[\/spoiler\]/", "\$1"); - $config['markup'][] = array("/~~(.+?)~~/", "\$1"); - - $config['boards'] = array(array('' => '/', '' => '/boards.html', '' => '/faq.html', '' => '/random.php', '' => '/create.php', '' => '/bans.html', '' => '/search.php', '' => '/mod.php', '' => 'https://qchat.rizon.net/?channels=#8chan'), array('b', 'meta', 'int'), array(''=>'https://twitter.com/infinitechan')); - //$config['boards'] = array(array('' => '/', '' => '/boards.html', '' => '/faq.html', '' => '/random.php', '' => '/create.php', '' => '/search.php', '' => '/mod.php', '' => 'https://qchat.rizon.net/?channels=#8chan'), array('b', 'meta', 'int'), array('v', 'a', 'tg', 'fit', 'pol', 'tech', 'mu', 'co', 'sp', 'boards'), array(''=>'https://twitter.com/infinitechan')); - - $config['footer'][] = 'Contribute to 8chan.co development at github'; - $config['footer'][] = 'To make a DMCA request or report illegal content, please email admin@8chan.co or use the "Global Report" functionality on every page.'; - - $config['search']['enable'] = true; - -//$config['debug'] = true; - $config['syslog'] = true; - - $config['wordfilters'][] = array('\rule', ''); // 'true' means it's a regular expression - - if (!function_exists('prettify_textarea')){ - function prettify_textarea($s){ - return str_replace("\t", ' ', str_replace("\n", ' ', htmlentities($s))); - } - } - - if (!function_exists('purify')){ - function purify($s){ - $config = HTMLPurifier_Config::createDefault(); - $purifier = new HTMLPurifier($config); - $clean_html = $purifier->purify($s); - return $clean_html; - } - } - - $config['mod']['custom_pages']['/banners/(\%b)'] = function($b) { - global $config, $mod, $board; - require_once 'inc/image.php'; - - if (!in_array($b, $mod['boards']) and $mod['boards'][0] != '*') - error($config['error']['noaccess']); - - if (!openBoard($b)) - error("Could not open board!"); - - $dir = 'static/banners/'.$b; - - if (!is_dir($dir)){ - mkdir($dir, 0777, true); - } - - - if (isset($_FILES['file'])){ - $upload = $_FILES['file']['tmp_name']; - $banners = array_diff(scandir($dir), array('..', '.')); - - if (!is_readable($upload)) - error($config['error']['nomove']); - - $id = time() . substr(microtime(), 2, 3); - $extension = strtolower(mb_substr($_FILES['file']['name'], mb_strrpos($_FILES['file']['name'], '.') + 1)); - - if (!in_array($extension, array('jpg','jpeg','png','gif'))){ - error('Not an image extension.'); - } - - if (filesize($upload) > 512000){ - error('File too large!'); - } - - if (!$size = @getimagesize($upload)) { - error($config['error']['invalidimg']); - } - - if ($size[0] != 300 or $size[1] != 100){ - error('Image wrong size!'); - } - if (sizeof($banners) >= 50) { - error('Too many banners.'); - } - - copy($upload, "$dir/$id.$extension"); - } - - if (isset($_POST['delete'])){ - foreach ($_POST['delete'] as $i => $d){ - if (!preg_match('/[0-9+]\.(png|jpeg|jpg|gif)/', $d)){ - error('Nice try.'); - } - unlink("$dir/$d"); - } - } - - $banners = array_diff(scandir($dir), array('..', '.')); - mod_page(_('Edit banners'), 'mod/banners.html', array('board'=>$board,'banners'=>$banners,'token'=>make_secure_link_token('banners/'.$board['uri']))); - - }; - - $config['mod']['custom_pages']['/settings/(\%b)'] = function($b) { - global $config, $mod; - - if (!in_array($b, $mod['boards']) and $mod['boards'][0] != '*') - error($config['error']['noaccess']); - - if (!openBoard($b)) - error("Could not open board!"); - - $possible_languages = array_diff(scandir('inc/locale/'), array('..', '.', '.tx', 'README.md')); - - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $title = $_POST['title']; - $subtitle = $_POST['subtitle']; - $country_flags = isset($_POST['country_flags']) ? 'true' : 'false'; - $field_disable_name = isset($_POST['field_disable_name']) ? 'true' : 'false'; - $enable_embedding = isset($_POST['enable_embedding']) ? 'true' : 'false'; - $force_image_op = isset($_POST['force_image_op']) ? 'true' : 'false'; - $disable_images = isset($_POST['disable_images']) ? 'true' : 'false'; - $poster_ids = isset($_POST['poster_ids']) ? 'true' : 'false'; - $show_sages = isset($_POST['show_sages']) ? 'true' : 'false'; - $auto_unicode = isset($_POST['auto_unicode']) ? 'true' : 'false'; - $allow_roll = isset($_POST['allow_roll']) ? 'true' : 'false'; - $image_reject_repost = isset($_POST['image_reject_repost']) ? 'true' : 'false'; - $allow_flash = isset($_POST['allow_flash']) ? '$config[\'allowed_ext_files\'][] = \'swf\';' : ''; - $code_tags = isset($_POST['code_tags']) ? '$config[\'additional_javascript\'][] = \'js/code_tags/run_prettify.js\';$config[\'markup\'][] = array("/\[code\](.+?)\[\/code\]/ms", "
\$1
");' : ''; - $katex = isset($_POST['katex']) ? '$config[\'katex\'] = true;$config[\'additional_javascript\'][] = \'js/katex/katex.min.js\'; $config[\'markup\'][] = array("/\[tex\](.+?)\[\/tex\]/ms", "\$1"); $config[\'additional_javascript\'][] = \'js/katex-enable.js\';' : ''; -$oekaki_js = << $r ) { - if ($r !== '') { - $w = $_POST['with'][$i]; - $replace .= '$config[\'wordfilters\'][] = array(base64_decode(\'' . base64_encode($r) . '\'), base64_decode(\'' . base64_encode($w) . '\'));'; - } - } - } - } - - if (!(strlen($title) < 40)) - error('Invalid title'); - if (!(strlen($subtitle) < 200)) - error('Invalid subtitle'); - - $query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle, `indexed` = :indexed, `public_bans` = :public_bans WHERE `uri` = :uri'); - $query->bindValue(':title', $title); - $query->bindValue(':subtitle', $subtitle); - $query->bindValue(':uri', $b); - $query->bindValue(':indexed', !isset($_POST['meta_noindex'])); - $query->bindValue(':public_bans', isset($_POST['public_bans'])); - $query->execute() or error(db_error($query)); - - - $config_file = <<'Rules', 'subtitle'=>'', 'config'=>$config, 'body'=>'
'.purify($_POST['rules']).'
'))); - file_write($b.'/rules.txt', $_POST['rules']); - openBoard($b); - buildIndex(); - buildJavascript(); - $query = query(sprintf("SELECT `id` FROM ``posts_%s`` WHERE `thread` IS NULL", $b)) or error(db_error()); - while ($post = $query->fetch(PDO::FETCH_ASSOC)) { - buildThread($post['id']); - } - modLog('Edited board settings', $b); - } - - $query = prepare('SELECT * FROM boards WHERE uri = :board'); - $query->bindValue(':board', $b); - $query->execute() or error(db_error($query)); - $board = $query->fetchAll()[0]; - - $rules = @file_get_contents($board['uri'] . '/rules.txt'); - $css = @file_get_contents('stylesheets/board/' . $board['uri'] . '.css'); - - openBoard($b); - - rebuildThemes('bans'); - - if ($config['cache']['enabled']) - cache::delete('board_' . $board['uri']); - cache::delete('all_boards'); - - mod_page(_('Board configuration'), 'mod/settings.html', array('board'=>$board, 'rules'=>prettify_textarea($rules), 'css'=>prettify_textarea($css), 'token'=>make_secure_link_token('settings/'.$board['uri']), 'languages'=>$possible_languages)); - }; - $config['embedding'] = array( - array( - '/^https?:\/\/(\w+\.)?youtube\.com\/watch\?v=([a-zA-Z0-9\-_]{10,11})(&.+)?$/i', - '' - ), - array( - '/^https?:\/\/(\w+\.)?vimeo\.com\/(\d{2,10})(\?.+)?$/i', - '' - ), - array( - '/^https?:\/\/(\w+\.)?dailymotion\.com\/video\/([a-zA-Z0-9]{2,10})(_.+)?$/i', - '' - ), - array( - '/^https?:\/\/(\w+\.)?metacafe\.com\/watch\/(\d+)\/([a-zA-Z0-9_\-.]+)\/(\?.+)?$/i', - '
' - ), - array( - '/^https?:\/\/video\.google\.com\/videoplay\?docid=(\d+)([&#](.+)?)?$/i', - '' - ), - array( - '/^https?:\/\/(\w+\.)?vocaroo\.com\/i\/([a-zA-Z0-9]{2,15})$/i', - '' - ) - ); - -$config['gzip_static'] = false; diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 3cdf1374..52b831aa 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -496,7 +496,7 @@ function mod_new_board() { error(sprintf($config['error']['boardexists'], $board['url'])); } - $query = prepare('INSERT INTO ``boards`` VALUES (:uri, :title, :subtitle)'); + $query = prepare('INSERT INTO ``boards`` (``uri``, ``title``, ``subtitle``) VALUES (:uri, :title, :subtitle)'); $query->bindValue(':uri', $_POST['uri']); $query->bindValue(':title', $_POST['title']); $query->bindValue(':subtitle', $_POST['subtitle']); diff --git a/post.php b/post.php index 40f71555..0781d128 100644 --- a/post.php +++ b/post.php @@ -2,10 +2,13 @@ /* * Copyright (c) 2010-2014 Tinyboard Development Group */ + +require "./inc/functions.php"; +require "./inc/anti-bot.php"; -require 'inc/functions.php'; -require 'inc/anti-bot.php'; -include "inc/dnsbls.php"; +// The dnsbls is an optional DNS blacklist include. +// Squelch warnings if it doesn't exist. +@include "./inc/dnsbls.php"; // Fix for magic quotes if (get_magic_quotes_gpc()) { @@ -573,14 +576,16 @@ if (isset($_POST['delete'])) { } $md5cmd = $config['bsd_md5'] ? 'md5 -r' : 'md5sum'; - - if ($output = shell_exec_error("cat $filenames | $md5cmd")) { + + if( ($output = shell_exec_error("cat $filenames | $md5cmd")) !== false ) { $explodedvar = explode(' ', $output); $hash = $explodedvar[0]; $post['filehash'] = $hash; - } elseif ($config['max_images'] === 1) { + } + elseif ($config['max_images'] === 1) { $post['filehash'] = md5_file($upload); - } else { + } + else { $str_to_hash = ''; foreach (explode(' ', $filenames) as $i => $f) { $str_to_hash .= file_get_contents($f);