summaryrefslogtreecommitdiff
path: root/lib/VNDB/Handler
AgeCommit message (Collapse)AuthorFilesLines
2016-11-27SQL: Use separate role for the website + disallow access to user dataYorhel1-32/+35
Previously the website was connected to the database with a "database owner" user, which has far too many permissions. Now there's a special vndb_site user with only the necessary permissions. The primary reason to do this is to decrease the impact if the site process is compromised. E.g. it's now no longer possible to delete or modify old entry revisions. An attacker can still do a lot of damage, however. Additionally (and this was the main reason to implement this change in the first place), the user sessions, passwords and email data is now not easily accessible anymore. Hopefully, the new user management abstractions will prevent email and password dumps in case of an SQL injection or RCE vulnerability in the site code. Of course, this only works if my implementation is fully correct and there's no privilige escalation vulnerability somewhere. Furthermore, changing your password now invalidates any existing sessions, and the password reset function is disabled for 'usermods' (because usermods can list email addresses from the database, and the password reset function could still allow an attacker to gain access to anyone's account). I also changed the format of the password reset tokens, as they totally don't need to be salted.
2016-11-03List deleted releases when adding a new releaseYorhel1-0/+23
2016-11-03Add duplicate check to producer entryYorhel1-6/+70
2016-10-16Support more than 100 characters per VNYorhel2-2/+2
2016-10-16VNPage: Add gender icons to character summaryYorhel1-0/+1
2016-07-31Handler::VNEdit: Fix bug with new staff/cast being removed on form errorYorhel1-6/+5
The names of the staff were fetched from the existing VN entry, so any newly added staff were not present in that list, and would thus not show up when the form validation failed. This fix makes sure to always fetch the required data from the database.
2016-07-03Generalize substring search relevance + apply to most dropdown searchesYorhel4-32/+6
This is a generalization of the search improvements made in 7da2edeaa0f6cf7794f4f8f68960497dc1be893c and 92235222dba4e5d0c7713d53ef12e0f10e371b83 And has been applied to the dropdown searches for producers, staff, tags and traits. For all those searches, exact matches are listed first, followed by prefix matches, and then substring matches. Relevance is currently only based on the primary name/title and ignores aliases (except for staff). This is fixable, but not trivial, and I'm not sure it's all that useful.
2016-07-03Charedit/traits: Prioritize exact match when finding traitsYorhel1-1/+13
2016-07-03Various staff search improvementsYorhel2-17/+22
- Exact match is now case-insensitive - Main staff search supports exact match with =-prefix - On VN edit dropdown: exact matches are sorted before other matches - VN edit dropdown now also displays original name
2016-07-02JS: Use alias ID in dropdown search to fix selectionYorhel1-1/+1
2016-07-02Validate release dates + move validation out of vndb.plYorhel1-1/+1
2016-06-05Fix typo on release page.Albin Bernhardsson1-1/+1
2016-04-11Handler::Discussions: Increase boards limitYorhel1-1/+1
2016-02-12Minor fixes / behaviour reverts related to the removal of L10NYorhel4-7/+7
- Fix mouse-over text of language flag on homepage - Capitalize release types in edit form - Use plural form of character roles on VN page listing
2016-01-26Handler::Misc: Fix perl warning on 404 */histYorhel1-1/+1
2016-01-23L10N: Intern all VNDB::Handler::* stuffYorhel13-811/+902
Most of these replacements were automated. This ended up being less work than I had anticipated. I also fixed a few minor bugs along the way, but probably introduced more than I fixed.
2016-01-20L10N: Intern all VNDB::Util::* stuffYorhel10-110/+111
With some related edits in other parts of the code, mostly due to interface changes to htmlRevision() and htmlFormError(). Trivial replacements were automated by a super awesome script.
2016-01-19Move some VNDB::L10N stuff to VNDB::Func + intern VNDB::FuncYorhel11-41/+36
2016-01-18Fix display of spoiler in chartraits.js + warning in Handler/Chars.pmYorhel1-1/+1
2016-01-17L10N: Intern blood_types/genders/(char|staff)_roles/discussion_boardsYorhel6-41/+41
I definitely needed the Tie::IxHash thing for these.
2016-01-17Use Tie::IxHash for some global.pl listsYorhel7-19/+20
This removes the reliance on sort() to provide meaningful ordering (the keys aren't always good for ordering) and removes the 'order' hack used for (vn|prod)_relations.
2016-01-17L10N: Intern VN/producer relations + update relation graphsYorhel3-12/+6
Now that graphviz knows the actual strings, it has a better opportunity to create better graphs. (Most of them still look messy tho)
2016-01-17L10N: Intern tag_cats/voiced/animated/*_statusYorhel5-51/+52
2016-01-16L10N: Intern languages/platforms/resolutions/media/ptype/rtype/vnlengthYorhel8-103/+78
2016-01-14Handler::Discussions: Some search query normalization fixesYorhel1-0/+3
2016-01-10Add 'more'/'less' buttons to staff/character boxes on VN pagesYorhel1-2/+2
2016-01-10Require current password on /u+/edit + only hash password once on /u+/setpassYorhel1-1/+9
2015-12-30Add release filters to VN browserYorhel6-16/+37
2015-11-28VNPage: Generalize seiyuu listing to character summary listingYorhel2-62/+74
The comment already suggested this: I wonder whether it's better to just ask database for character list instead of doing this manual group/sort So yeah, let's just do that.
2015-11-26Modified cast block layout.morkt1-18/+24
2015-11-26Handler::VNPage: Fix character listing tabYorhel1-1/+1
2015-11-26Handler::Discussions: Fix display of username when editing postYorhel1-1/+1
2015-11-26Handler::VNPage: Move staff tab into main VN page + some styling changesYorhel1-42/+23
The styling of the staff info can be a bit awkward at times, but it looks slightly better than a table, IMO. I didn't really know what to do with the the seiyuu info - it wastes a lot of screen space in its current implementation, but I can't think of anything better at the moment.
2015-11-26Handler::Releases: Fix bug when editing release with lots of VNsYorhel1-1/+1
2015-11-11Misc poll improvementsYorhel1-101/+99
- Merged polls table into threads table. Not much of a storage/performance difference, and it's a bit simpler this way. - Merged DB::Polls into DB::Discussions. Mainly because of the above change in DB structure. - Add option to remove an existing poll. - Allow preview and recast to be changed without deleting the votes - Set preview option by default. Because personal preferences. :) - Minor form validation differences
2015-11-10Merge branch 'poll' of https://github.com/morkt/vndb into pollsYorhel1-1/+160
2015-11-10various fixes.morkt1-45/+46
2015-11-10Show full date/time at edit history and thread listingsYorhel1-1/+1
Having the time display is quite useful. It does make the listings look more cluttered, but meh.
2015-11-10Merge branch 'master' into pollmorkt8-67/+76
2015-11-01Image viewer: Use HTML5 data- attribute instead of 'rel' for dataYorhel1-2/+2
The possible values of the rel attribute is fixed, it's not supposed to be a free-form field.
2015-11-01Switch to HTML5 doctype + s/acronym/abbr/ + s/ / /eYorhel1-2/+2
I'd have preferred to stick with XHTML 1.0, but unfortunately browsers won't allow you to use modern Javascript APIs with an older doctype. Note that most pages don't actually validate correctly as HTML5, I'm relying on browsers to be lenient. In either case, I'd like VNDB to stay valid XML (XHTML5, then), and luckily that shouldn't be a problem.
2015-11-01Remove deprecated 'staffedit' permission flagYorhel1-1/+1
2015-11-01Handler::VNEdit: Also increase size of title fields in VN add formYorhel1-2/+2
2015-10-28Handler::(Releases|VNEdit): Increase width of title/orig input fieldsYorhel2-4/+4
2015-10-28Handler::Users: Don't hide list stats from own user or usermodsYorhel1-3/+4
2015-10-25Staff: Add error msg when removing used alias + fix bug in alias editingYorhel1-1/+7
The new database schema doesn't allow an alias to be removed when it is still linked to a VN.
2015-10-21Improve SQL in dbRevisionGet()Yorhel2-3/+2
Two main improvements: - Filtering on (non)hidden items now doesn't join any of the item tables, instead it looks up the latest revision from the changes table itself, using the index on (type,itemid,rev). It's still not super fast, but a pretty large improvement nonetheless. - The item titles/names are obtained in a separate query. I tried to modify the main query in various ways, but couldn't make it as fast as I'd have liked. I also removed the 'what' flag while I was at it, all uses of the method request all information anyway.
2015-10-21SQL: Fix editing + func.sql + triggers.sql + autocreate editing funcsYorhel5-19/+19
This changes quite a bit to the way the editing functions work. Because these functions are very repetitive and it's easy to keep things out of sync, I created a script to generate them automatically. I had to rename a few function and table names for consistency to make this work. Since database entries don't have a 'latest' column anymore, and since the order in which tables are updated doesn't have to be fixed, I dropped many of the SQL triggers and replaced them with a edit_committed() function which is called from edit_*_commit() and checks for stuff to be done. Don't forget to run 'make' before importing the update script.
2015-10-18discussion board polls.morkt1-1/+159
2015-10-17SQL: Fix all browsing queries to use the new schemaYorhel7-31/+34
This basically makes VNDB browsable again, but editing entries is still broken. I split off the get-old-revision functionality from the db*Get() methods into db*GetRev(). This split makes sense even with the old SQL schema: db*Get() had to special-case some joins/filters when fetching an older revision, and none of the other filters would work in that case. This split does cause some code duplication in that all db*GetRev() methods look very much alike, and that the columns they fetch is almost identical to the db*Get() methods. Not sure yet how to avoid the duplication elegantly. I didn't do a whole lot of query optimization yet (most issues require extra indices, I'll investigate later which indices will make a big difference), but I did fix some low hanging fruit whenever I encountered something. I don't think I've worsened anything, performance-wise.