From d58adad48d6114f2593f0d75ffdbea6311786d43 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Tue, 7 Oct 2014 20:54:00 -0700
Subject: [PATCH] SECURITY: Move indexed option to table...fixes unindexed
 boards appearing in search/random

---
 boards.php                 | 2 +-
 inc/functions.php          | 7 ++++---
 inc/instance-config.php    | 5 ++---
 random.php                 | 2 +-
 search.php                 | 2 +-
 templates/8chan/index.html | 2 +-
 templates/header.html      | 2 +-
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/boards.php b/boards.php
index c4e42651..f5d440d4 100644
--- a/boards.php
+++ b/boards.php
@@ -57,8 +57,8 @@ foreach ($boards as $i => &$board) {
 		$board_config = str_replace('$config', '$boardCONFIG', $board_config);
 		$board_config = str_replace('<?php', '', $board_config);
 		eval($board_config);
-		$showboard = (!isset($boardCONFIG['meta_noindex']) || !$boardCONFIG['meta_noindex']);
 	}
+	$showboard = $board['indexed'];
 	$locale = isset($boardCONFIG['locale'])?$boardCONFIG['locale']:'en';
 
 	$board['title'] = utf8tohtml($board['title']);
diff --git a/inc/functions.php b/inc/functions.php
index 4a4bf9d5..7fe1a6b3 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -652,20 +652,21 @@ function hasPermission($action = null, $board = null, $_mod = null) {
 	return true;
 }
 
-function listBoards($just_uri = false) {
+function listBoards($just_uri = false, $indexed_only = false) {
 	global $config;
 	
 	$just_uri ? $cache_name = 'all_boards_uri' : $cache_name = 'all_boards';
+	$indexed_only ? $cache_name .= 'indexed' : false;
 
 	if ($config['cache']['enabled'] && ($boards = cache::get($cache_name)))
 		return $boards;
 
 	if (!$just_uri) {
-		$query = query("SELECT ``boards``.`uri` uri, ``boards``.`title` title, ``boards``.`subtitle` subtitle, ``board_create``.`time` time FROM ``boards`` LEFT JOIN ``board_create`` ON ``boards``.`uri` = ``board_create``.`uri` ORDER BY ``boards``.`uri`") or error(db_error());
+		$query = query("SELECT ``boards``.`uri` uri, ``boards``.`title` title, ``boards``.`subtitle` subtitle, ``board_create``.`time` time, ``boards``.`indexed` indexed FROM ``boards``" . ( $indexed_only ? " WHERE `indexed` = 1 " : "" ) . "LEFT JOIN ``board_create`` ON ``boards``.`uri` = ``board_create``.`uri` ORDER BY ``boards``.`uri`") or error(db_error());
 		$boards = $query->fetchAll();
 	} else {
 		$boards = array();
-		$query = query("SELECT `uri` FROM ``boards``") or error(db_error());
+		$query = query("SELECT `uri` FROM ``boards``" . ( $indexed_only ? " WHERE `indexed` = 1" : "" ) . " ORDER BY ``boards``.`uri`") or error(db_error());
 		while (true) {
 			$board = $query->fetchColumn();
 			if ($board === FALSE) break;
diff --git a/inc/instance-config.php b/inc/instance-config.php
index 456e0ca2..3779663d 100644
--- a/inc/instance-config.php
+++ b/inc/instance-config.php
@@ -255,7 +255,6 @@
 			$poster_ids = isset($_POST['poster_ids']) ? 'true' : 'false';
 			$show_sages = isset($_POST['show_sages']) ? 'true' : 'false';
 			$auto_unicode = isset($_POST['auto_unicode']) ? 'true' : 'false';
-			$meta_noindex = isset($_POST['meta_noindex']) ? 'true' : 'false';
 			$allow_roll = isset($_POST['allow_roll']) ? 'true' : 'false';
 			$image_reject_repost = isset($_POST['image_reject_repost']) ? 'true' : 'false';
 			$allow_flash = isset($_POST['allow_flash']) ? '$config[\'allowed_ext_files\'][] = \'swf\';' : '';
@@ -311,10 +310,11 @@ OEKAKI;
 			if (!(strlen($subtitle) < 200))
 				error('Invalid subtitle');
 
-			$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle WHERE `uri` = :uri');
+			$query = prepare('UPDATE ``boards`` SET `title` = :title, `subtitle` = :subtitle, `indexed` = :indexed WHERE `uri` = :uri');
 			$query->bindValue(':title', $title);
 			$query->bindValue(':subtitle', $subtitle);
 			$query->bindValue(':uri', $b);
+			$query->bindValue(':indexed', !isset($_POST['meta_noindex']));
 			$query->execute() or error(db_error($query));
 
 
@@ -328,7 +328,6 @@ OEKAKI;
 \$config['poster_ids'] = $poster_ids;
 \$config['show_sages'] = $show_sages;
 \$config['auto_unicode'] = $auto_unicode;
-\$config['meta_noindex'] = $meta_noindex;
 \$config['allow_roll'] = $allow_roll;
 \$config['image_reject_repost'] = $image_reject_repost;
 \$config['anonymous'] = base64_decode('$anonymous');
diff --git a/random.php b/random.php
index 08102b02..8bf354f5 100644
--- a/random.php
+++ b/random.php
@@ -2,7 +2,7 @@
 
 include "inc/functions.php";
 
-$boards = listBoards(TRUE);
+$boards = listBoards(TRUE, TRUE);
 $board = array_rand($boards);
 header('Location: /'.$boards[$board]);
 ?>
diff --git a/search.php b/search.php
index 71f4ae5e..39c03b7d 100644
--- a/search.php
+++ b/search.php
@@ -12,7 +12,7 @@
 	if (isset($config['search']['boards'])) {
 		$boards = $config['search']['boards'];
 	} else {
-		$boards = listBoards(TRUE);
+		$boards = listBoards(TRUE, TRUE);
 	}
 	
 	$body = Element('search_form.html', Array('boards' => $boards, 'b' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '&quot;', utf8tohtml($_GET['search'])) : false));
diff --git a/templates/8chan/index.html b/templates/8chan/index.html
index 4e73a046..459e7e8e 100644
--- a/templates/8chan/index.html
+++ b/templates/8chan/index.html
@@ -239,7 +239,7 @@
           <strong>{% trans %}Featured boards:{% endtrans %}</strong>
           <span class="favorite-boards"></span>
           <br>
-          <strong>{% trans %}Board of the week:{% endtrans %} /<a href="/ebola">ebola</a>/</strong>
+          <strong>{% trans %}Board of the week:{% endtrans %} /<a href="/cow">cow</a>/, /<a href="/fringe">fringe</a>/, /<a href="/desu">desu</a>/</strong>
         </div>
       </header>
 
diff --git a/templates/header.html b/templates/header.html
index 2ab33bcb..75f885c7 100644
--- a/templates/header.html
+++ b/templates/header.html
@@ -4,7 +4,7 @@
 		<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
 		{% if config.meta_keywords %}<meta name="keywords" content="{{ config.meta_keywords }}">{% endif %}
 		{% if config.meta_description %}<meta name="description" content="{{ config.meta_description }}">{% endif %}
-		{% if config.meta_noindex %}<meta name="robots" content="noindex" />{% endif %}
+		{% if not board.indexed %}<meta name="robots" content="noindex" />{% endif %}
 		{% if config.default_stylesheet.1 != '' and not mod %}<link rel="stylesheet" type="text/css" id="stylesheet" href="{{ config.uri_stylesheets }}{{ config.default_stylesheet.1 }}">{% endif %}
 		{% if config.font_awesome %}<link rel="stylesheet" media="screen" href="{{ config.root }}{{ config.font_awesome_css }}">{% endif %}
 		{% if config.country_flags_condensed %}<link rel="stylesheet" href="{{ config.root }}{{ config.country_flags_condensed_css }}">{% endif %}