summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)AuthorFilesLines
2016-11-27SQL: Use separate role for the website + disallow access to user dataYorhel1-0/+1
Previously the website was connected to the database with a "database owner" user, which has far too many permissions. Now there's a special vndb_site user with only the necessary permissions. The primary reason to do this is to decrease the impact if the site process is compromised. E.g. it's now no longer possible to delete or modify old entry revisions. An attacker can still do a lot of damage, however. Additionally (and this was the main reason to implement this change in the first place), the user sessions, passwords and email data is now not easily accessible anymore. Hopefully, the new user management abstractions will prevent email and password dumps in case of an SQL injection or RCE vulnerability in the site code. Of course, this only works if my implementation is fully correct and there's no privilige escalation vulnerability somewhere. Furthermore, changing your password now invalidates any existing sessions, and the password reset function is disabled for 'usermods' (because usermods can list email addresses from the database, and the password reset function could still allow an attacker to gain access to anyone's account). I also changed the format of the password reset tokens, as they totally don't need to be salted.
2016-10-16Doc update + IRC bot language fixYorhel1-1/+7
2016-09-11API: Add VN relations "official" fieldYorhel1-1/+3
2016-09-11Fix http->https in d14 + increase IRC quote spam intervalYorhel1-3/+3
2016-08-31API: Add simple "get user" commandYorhel1-0/+48
2016-08-09Add Croatian languageYorhel2-0/+1
2016-07-31vnstaff.js: Show error message when staff is credited multiple timesYorhel1-1/+20
The backend does this validation as well, but if that validation fails it will show an unhelpful "Malformed JSON" error. This JS message should be more helpful.
2016-07-31Add Thai languageYorhel2-0/+1
2016-07-31API: Support array mathing in "get character" vn filterYorhel1-3/+3
2016-07-03Fix adding tags to VNs after last commitYorhel1-1/+1
I changed the exact matching syntax of the tag search to be '='-prefixed rather than 'name:'-prefixed, to be similar to exact staff search. But I forgot that the JS code relied on the name-prefix.
2016-07-03Various staff search improvementsYorhel2-0/+2
- Exact match is now case-insensitive - Main staff search supports exact match with =-prefix - On VN edit dropdown: exact matches are sorted before other matches - VN edit dropdown now also displays original name
2016-07-02JS: Use alias ID in dropdown search to fix selectionYorhel2-4/+4
2016-06-19API: Add "tags" filter to "get vn" + increase throttle throttleYorhel1-0/+17
2016-06-12API: Increase some limits + set custom TCP keepalive valuesYorhel1-2/+4
2016-05-15API: Allow sorting 'get vn' on stats fieldsYorhel1-1/+2
2016-04-11API: Added "vns" flag and member to "get character"Yorhel1-0/+11
2016-03-01JS: Increase staff/cast box summarization cut-off pointYorhel1-1/+1
It's rather annoying to have to click "more" only to see one or two more lines. Let's just show everything in that case.
2016-02-15Add Tagalog languageYorhel2-0/+1
2016-02-12JS: Fix char_roles bug + CSS: Minor tweaks to main VN info layoutYorhel1-2/+2
2016-02-12Minor fixes / behaviour reverts related to the removal of L10NYorhel1-4/+4
- Fix mouse-over text of language flag on homepage - Capitalize release types in edit form - Use plural form of character roles on VN page listing
2016-01-29Multi::API: added 'screens' flag to 'get vn'Yorhel1-0/+14
2016-01-26d2: VN guideline changeYorhel1-18/+45
2016-01-23L10N: Remove all remaining traces of the interface translation featureYorhel1-3617/+0
...unless I missed something.
2016-01-23L10N: Intern all VNDB::Handler::* stuffYorhel1-1/+0
Most of these replacements were automated. This ended up being less work than I had anticipated. I also fixed a few minor bugs along the way, but probably introduced more than I fixed.
2016-01-20L10N: Intern all VNDB::Util::* stuffYorhel1-255/+0
With some related edits in other parts of the code, mostly due to interface changes to htmlRevision() and htmlFormError(). Trivial replacements were automated by a super awesome script.
2016-01-19Move some VNDB::L10N stuff to VNDB::Func + intern VNDB::FuncYorhel1-35/+0
2016-01-19global.pl: Fix incorrect naming of producer relation typesYorhel1-6/+6
2016-01-18Fix display of spoiler in chartraits.js + warning in Handler/Chars.pmYorhel1-1/+1
2016-01-17L10N: Intern all Javascript strings and rename main JS fileYorhel20-240/+217
This has been mostly automated.
2016-01-17L10N: Intern blood_types/genders/(char|staff)_roles/discussion_boardsYorhel3-110/+31
I definitely needed the Tie::IxHash thing for these.
2016-01-17Use Tie::IxHash for some global.pl listsYorhel1-34/+43
This removes the reliance on sort() to provide meaningful ordering (the keys aren't always good for ordering) and removes the 'order' hack used for (vn|prod)_relations.
2016-01-17L10N: Intern VN/producer relations + update relation graphsYorhel3-92/+19
Now that graphviz knows the actual strings, it has a better opportunity to create better graphs. (Most of them still look messy tho)
2016-01-17L10N: Intern tag_cats/voiced/animated/*_statusYorhel2-90/+11
2016-01-16L10N: Intern languages/platforms/resolutions/media/ptype/rtype/vnlengthYorhel2-339/+115
2016-01-16L10N: Remove all translationsYorhel74-18384/+0
TODO: Intern strings again to simplify the code. The immediate effect of this commit is that starting the util/vndb.pl script and generating the JS file is much faster now and that vndb.pl uses less memory. Translations have already been disabled on the main VNDB for a week now.
2016-01-10Add 'more'/'less' buttons to staff/character boxes on VN pagesYorhel2-1/+34
2016-01-10Require current password on /u+/edit + only hash password once on /u+/setpassYorhel1-10/+34
2016-01-10Support zopfli/zopflipng for all static asset generatorsYorhel2-3/+14
Compresses a little better. I reduced the number of iterations required to find the optimal image size in spritegen.pl, but generating the icons.png is *incredibly slow* when combining zopflipng with the 'slow' option. It's possible to parallelize the calculation and use multiple cores to speed it up, but that seems overkill. Some icons.png compression stats: METHOD SIZE RUNTIME default 18103 <1sec slow 17941 few secs pngcrush 15385 <1sec pngcrush+slow 15148 few mins zopflipng 14986 few secs zopflipng+slow 14898 ~1 hour
2016-01-03CSS: Add overflow property to <pre> and fix the thread layoutsYorhel1-1/+2
https://vndb.org/t2520.185
2016-01-02js/filter: Fix passing null to selectCat() in IEYorhel1-1/+3
Apparently IE doesn't like it when you put a HTMLCollection object inside a DOM value.
2015-12-30Combine some tabs in release filters to avoid line wrapYorhel3-35/+35
2015-12-30Add release filters to VN browserYorhel2-137/+209
2015-12-29Multi::API: Add support for TLSYorhel1-3/+9
2015-11-28doc: Minor d7 staff updateYorhel1-1/+1
2015-11-28VNPage: Generalize seiyuu listing to character summary listingYorhel2-14/+10
The comment already suggested this: I wonder whether it's better to just ask database for character list instead of doing this manual group/sort So yeah, let's just do that.
2015-11-26Modified cast block layout.morkt1-0/+17
2015-11-26Handler::VNPage: Move staff tab into main VN page + some styling changesYorhel2-50/+6
The styling of the staff info can be a bit awkward at times, but it looks slightly better than a table, IMO. I didn't really know what to do with the the seiyuu info - it wastes a lot of screen space in its current implementation, but I can't think of anything better at the moment.
2015-11-11Misc poll improvementsYorhel2-27/+181
- Merged polls table into threads table. Not much of a storage/performance difference, and it's a bit simpler this way. - Merged DB::Polls into DB::Discussions. Mainly because of the above change in DB structure. - Add option to remove an existing poll. - Allow preview and recast to be changed without deleting the votes - Set preview option by default. Because personal preferences. :) - Minor form validation differences
2015-11-10Merge branch 'poll' of https://github.com/morkt/vndb into pollsYorhel5-0/+103
2015-11-10added poll error message.morkt1-0/+3