summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-11-27SQL: Use separate role for Multi2.26Yorhel3-27/+93
2016-11-27SQL: Use separate role for the website + disallow access to user dataYorhel9-139/+377
Previously the website was connected to the database with a "database owner" user, which has far too many permissions. Now there's a special vndb_site user with only the necessary permissions. The primary reason to do this is to decrease the impact if the site process is compromised. E.g. it's now no longer possible to delete or modify old entry revisions. An attacker can still do a lot of damage, however. Additionally (and this was the main reason to implement this change in the first place), the user sessions, passwords and email data is now not easily accessible anymore. Hopefully, the new user management abstractions will prevent email and password dumps in case of an SQL injection or RCE vulnerability in the site code. Of course, this only works if my implementation is fully correct and there's no privilige escalation vulnerability somewhere. Furthermore, changing your password now invalidates any existing sessions, and the password reset function is disabled for 'usermods' (because usermods can list email addresses from the database, and the password reset function could still allow an attacker to gain access to anyone's account). I also changed the format of the password reset tokens, as they totally don't need to be salted.
2016-11-03List deleted releases when adding a new releaseYorhel2-5/+29
2016-11-03Add duplicate check to producer entryYorhel3-12/+76
2016-10-16Support more than 100 characters per VNYorhel2-2/+2
2016-10-16VNPage: Add gender icons to character summaryYorhel1-0/+1
2016-10-16Doc update + IRC bot language fixYorhel2-2/+8
2016-09-18Suppress silly Perl 5.22 warnings about extra sprintf argsYorhel4-2/+5
2016-09-11API: Add VN relations "official" fieldYorhel2-6/+5
2016-09-11Fix http->https in d14 + increase IRC quote spam intervalYorhel2-4/+4
2016-08-31API: Add simple "get user" commandYorhel2-4/+72
2016-08-09Add Croatian languageYorhel4-1/+6
2016-07-31SQL: Improve trait cache update from 206 to 16 secondsYorhel3-4/+12
VNDB tends to get unresponsive for a few minutes when the daily cron is run. This should help somewhat.
2016-07-31vnstaff.js: Show error message when staff is credited multiple timesYorhel1-1/+20
The backend does this validation as well, but if that validation fails it will show an unhelpful "Malformed JSON" error. This JS message should be more helpful.
2016-07-31Handler::VNEdit: Fix bug with new staff/cast being removed on form errorYorhel1-6/+5
The names of the staff were fetched from the existing VN entry, so any newly added staff were not present in that list, and would thus not show up when the form validation failed. This fix makes sure to always fetch the required data from the database.
2016-07-31Add Thai languageYorhel4-1/+6
2016-07-31API: Support array mathing in "get character" vn filterYorhel2-3/+4
2016-07-03Fix adding tags to VNs after last commitYorhel1-1/+1
I changed the exact matching syntax of the tag search to be '='-prefixed rather than 'name:'-prefixed, to be similar to exact staff search. But I forgot that the JS code relied on the name-prefix.
2016-07-03Generalize substring search relevance + apply to most dropdown searchesYorhel10-51/+66
This is a generalization of the search improvements made in 7da2edeaa0f6cf7794f4f8f68960497dc1be893c and 92235222dba4e5d0c7713d53ef12e0f10e371b83 And has been applied to the dropdown searches for producers, staff, tags and traits. For all those searches, exact matches are listed first, followed by prefix matches, and then substring matches. Relevance is currently only based on the primary name/title and ignores aliases (except for staff). This is fixable, but not trivial, and I'm not sure it's all that useful.
2016-07-03DB::Tags::dbTTTree: Use hash lookup for parent IDsYorhel1-3/+4
Reduces page load time of the trait index from 200ms to 20ms. Also provides a slight improvement for other tag/trait tree views.
2016-07-03Charedit/traits: Prioritize exact match when finding traitsYorhel2-2/+15
2016-07-03Various staff search improvementsYorhel5-19/+27
- Exact match is now case-insensitive - Main staff search supports exact match with =-prefix - On VN edit dropdown: exact matches are sorted before other matches - VN edit dropdown now also displays original name
2016-07-02JS: Use alias ID in dropdown search to fix selectionYorhel3-5/+5
2016-07-02Util::ValidateTemplates: Fix forgotten import of kv_validateYorhel2-1/+2
2016-07-02Validate release dates + move validation out of vndb.plYorhel4-76/+104
2016-06-19API: Add "tags" filter to "get vn" + increase throttle throttleYorhel2-4/+25
2016-06-12API: Increase some limits + set custom TCP keepalive valuesYorhel2-5/+19
2016-06-05Fix typo on release page.Albin Bernhardsson1-1/+1
2016-05-15API: Allow sorting 'get vn' on stats fieldsYorhel2-2/+6
2016-04-11API: Added "vns" flag and member to "get character"Yorhel2-0/+20
2016-04-11Handler::Discussions: Increase boards limitYorhel1-1/+1
2016-03-01JS: Increase staff/cast box summarization cut-off pointYorhel1-1/+1
It's rather annoying to have to click "more" only to see one or two more lines. Let's just show everything in that case.
2016-02-15Add Tagalog languageYorhel4-1/+6
2016-02-12JS: Fix char_roles bug + CSS: Minor tweaks to main VN info layoutYorhel2-3/+3
2016-02-12Minor fixes / behaviour reverts related to the removal of L10NYorhel5-11/+11
- Fix mouse-over text of language flag on homepage - Capitalize release types in edit form - Use plural form of character roles on VN page listing
2016-01-29Multi::API: added 'screens' flag to 'get vn'Yorhel2-0/+32
2016-01-26d2: VN guideline changeYorhel1-18/+45
2016-01-26Handler::Misc: Fix perl warning on 404 */histYorhel1-1/+1
2016-01-23L10N: Remove all remaining traces of the interface translation featureYorhel7-4399/+1
...unless I missed something.
2016-01-23L10N: Intern all VNDB::Handler::* stuffYorhel15-813/+911
Most of these replacements were automated. This ended up being less work than I had anticipated. I also fixed a few minor bugs along the way, but probably introduced more than I fixed.
2016-01-20L10N: Intern all VNDB::Util::* stuffYorhel17-524/+309
With some related edits in other parts of the code, mostly due to interface changes to htmlRevision() and htmlFormError(). Trivial replacements were automated by a super awesome script.
2016-01-19Move some VNDB::L10N stuff to VNDB::Func + intern VNDB::FuncYorhel16-137/+104
2016-01-19global.pl: Fix incorrect naming of producer relation typesYorhel1-6/+6
2016-01-18Fix display of spoiler in chartraits.js + warning in Handler/Chars.pmYorhel2-2/+2
2016-01-17L10N: Intern all Javascript strings and rename main JS fileYorhel23-346/+227
This has been mostly automated.
2016-01-17L10N: Intern blood_types/genders/(char|staff)_roles/discussion_boardsYorhel11-160/+76
I definitely needed the Tie::IxHash thing for these.
2016-01-17Use Tie::IxHash for some global.pl listsYorhel11-75/+80
This removes the reliance on sort() to provide meaningful ordering (the keys aren't always good for ordering) and removes the 'order' hack used for (vn|prod)_relations.
2016-01-17L10N: Intern VN/producer relations + update relation graphsYorhel7-114/+38
Now that graphviz knows the actual strings, it has a better opportunity to create better graphs. (Most of them still look messy tho)
2016-01-17L10N: Intern tag_cats/voiced/animated/*_statusYorhel10-150/+68
2016-01-16VNDBUtil: Consider 'wo' and 'o' the same in search normalizationYorhel1-1/+9