summaryrefslogtreecommitdiff
path: root/lib/VNDB/Util
AgeCommit message (Collapse)AuthorFilesLines
2018-05-25Add uncensored flag to release entriesYorhel1-1/+1
As discussed in https://vndb.org/t10665
2018-02-08Store d+ pages in the DB as versioned entries + use markdownYorhel2-5/+9
This touches a bunch of things: - Adds a new first-class database entry type - Removes the d+.+.+ BBCode link syntax, adds a new d+#+ and d+#+.+ link syntax (references have been updated where possible) - Adds a new dependency on Text::MultiMarkdown
2018-01-06Use the new BBCode parser in bbSubstLinks()Yorhel1-44/+21
2017-12-16Fix query debugging output with new TUWFYorhel1-4/+6
2017-03-03Add date filters to VN searchYorhel1-1/+1
2017-01-21Don't omit metadata with a value of '0'flan1-1/+1
2017-01-19Add Open Graph tags for the main page and vrspcflan1-2/+20
2016-11-27SQL: Use separate role for the website + disallow access to user dataYorhel1-70/+70
Previously the website was connected to the database with a "database owner" user, which has far too many permissions. Now there's a special vndb_site user with only the necessary permissions. The primary reason to do this is to decrease the impact if the site process is compromised. E.g. it's now no longer possible to delete or modify old entry revisions. An attacker can still do a lot of damage, however. Additionally (and this was the main reason to implement this change in the first place), the user sessions, passwords and email data is now not easily accessible anymore. Hopefully, the new user management abstractions will prevent email and password dumps in case of an SQL injection or RCE vulnerability in the site code. Of course, this only works if my implementation is fully correct and there's no privilige escalation vulnerability somewhere. Furthermore, changing your password now invalidates any existing sessions, and the password reset function is disabled for 'usermods' (because usermods can list email addresses from the database, and the password reset function could still allow an attacker to gain access to anyone's account). I also changed the format of the password reset tokens, as they totally don't need to be salted.
2016-11-03Add duplicate check to producer entryYorhel1-4/+4
2016-07-02Util::ValidateTemplates: Fix forgotten import of kv_validateYorhel1-0/+1
2016-07-02Validate release dates + move validation out of vndb.plYorhel2-0/+103
2016-01-20L10N: Intern all VNDB::Util::* stuffYorhel5-158/+183
With some related edits in other parts of the code, mostly due to interface changes to htmlRevision() and htmlFormError(). Trivial replacements were automated by a super awesome script.
2016-01-19Move some VNDB::L10N stuff to VNDB::Func + intern VNDB::FuncYorhel2-4/+4
2016-01-17L10N: Intern all Javascript strings and rename main JS fileYorhel1-1/+1
This has been mostly automated.
2016-01-17L10N: Intern tag_cats/voiced/animated/*_statusYorhel1-1/+1
2016-01-16L10N: Intern languages/platforms/resolutions/media/ptype/rtype/vnlengthYorhel1-2/+2
2016-01-16L10N: Remove all translationsYorhel1-5/+2
TODO: Intern strings again to simplify the code. The immediate effect of this commit is that starting the util/vndb.pl script and generating the JS file is much faster now and that vndb.pl uses less memory. Translations have already been disabled on the main VNDB for a week now.
2016-01-10Require current password on /u+/edit + only hash password once on /u+/setpassYorhel1-13/+22
2015-12-30Add release filters to VN browserYorhel1-1/+1
2015-11-11Misc poll improvementsYorhel1-2/+2
- Merged polls table into threads table. Not much of a storage/performance difference, and it's a bit simpler this way. - Merged DB::Polls into DB::Discussions. Mainly because of the above change in DB structure. - Add option to remove an existing poll. - Allow preview and recast to be changed without deleting the votes - Set preview option by default. Because personal preferences. :) - Minor form validation differences
2015-11-10Merge branch 'poll' of https://github.com/morkt/vndb into pollsYorhel1-0/+2
2015-11-10Show full date/time at edit history and thread listingsYorhel1-1/+1
Having the time display is quite useful. It does make the listings look more cluttered, but meh.
2015-11-10Merge branch 'master' into pollmorkt5-51/+23
2015-11-10Add 'has screenshots' filter to VN browserYorhel1-1/+1
2015-11-10Add language filter to staff browserYorhel1-1/+1
2015-11-01Util::LayoutHTML: Suppress warning when $o{search} isn't definedYorhel1-1/+1
2015-11-01Remove 'you need to be logged in to edit this page' messageYorhel1-5/+1
While helpful, it's also rather dominant. We're not that desperate for new contributes anymore.
2015-11-01Use HTML5 'placeholder' attribute for main search boxYorhel1-1/+1
Instead of the JS hack.
2015-11-01Switch to HTML5 doctype + s/acronym/abbr/ + s/ / /eYorhel3-11/+8
I'd have preferred to stick with XHTML 1.0, but unfortunately browsers won't allow you to use modern Javascript APIs with an older doctype. Note that most pages don't actually validate correctly as HTML5, I'm relying on browsers to be lenient. In either case, I'd like VNDB to stay valid XML (XHTML5, then), and luckily that shouldn't be a problem.
2015-11-01Removed support for sha256-hashed passwordsYorhel1-21/+2
They had to be deleted from the database at some point, otherwise we still have thousands of easily-cracked password hashes in the database. Note that I could have opted to use scrypt on top of the sha256 hashes so the passwords would remain secure without needing to reset everything, but doing that after one year of switching to scrypt is likely not worth it. Everyone who still actively uses his account has already been converted to scrypt, everyone else should just reset their password whevener they decide to come back.
2015-11-01Remove deprecated 'staffedit' permission flagYorhel1-3/+1
2015-10-18discussion board polls.morkt1-0/+2
2015-10-17SQL: Fix all browsing queries to use the new schemaYorhel2-10/+10
This basically makes VNDB browsable again, but editing entries is still broken. I split off the get-old-revision functionality from the db*Get() methods into db*GetRev(). This split makes sense even with the old SQL schema: db*Get() had to special-case some joins/filters when fetching an older revision, and none of the other filters would work in that case. This split does cause some code duplication in that all db*GetRev() methods look very much alike, and that the columns they fetch is almost identical to the db*Get() methods. Not sure yet how to avoid the duplication elegantly. I didn't do a whole lot of query optimization yet (most issues require extra indices, I'll investigate later which indices will make a big difference), but I did fix some low hanging fruit whenever I encountered something. I don't think I've worsened anything, performance-wise.
2015-10-03Handle JSON data natively when processing form dataYorhel1-3/+4
No more need for extra json_encode/json_decode calls, and the form_compare() function is more lenient w.r.t. integer/string comparison. This is the improvement I described in commit ed86cfd12b0bed7352e2be525b8e63cb4d6d5448
2015-10-01VNEdit: Give error on duplicate alias + improved msg on id/page errorYorhel1-1/+2
2015-09-20formValidate: Created templates for gtin and editsum fieldsYorhel1-2/+7
2015-09-20Use the new reqQuery() + update usage of reqPath() for TUWF 1.0Yorhel2-3/+2
2015-09-07Handler::Discussions: Remove formcode from search formYorhel1-3/+6
It's not verified and only uglifies the URLs.
2015-09-07Implement discussion board search functionYorhel1-1/+2
Inspired by wakaranai's implementation at https://github.com/morkt/vndb/commit/b852c87ad145fdaaa09c79b6378dd819b46f7e87 This version is different in a number of aspects: - Separate search functions for title search and fulltext post search. Perhaps not the most convenient option, but the downside of a combined search is that if the query matches the threads' title, then all of the posts in that thread will show up in the results. This didn't seem very useful. - Sorting is based purely on post date. Rank-based sort is slow without a separate caching column, and in my opinion not all that useful. Implementation differences: - Integrated in the existing DB::Discussions functions, so less code to maintain and more code reuse. - No separate caching column for the tsvector, a functional index is used instead. This is a bit slower (index results need to be re-checked against the actual messages, hence the slowdown), but has the advantage of smaller database dumps and less complexity in updating the cache. Things to fix or look at: - Highlighting of the search query in message contents. - Allow or-style query matching
2015-07-22Util::BrowseHTML: Fix XSS in "order by" link URLsYorhel1-2/+2
Reported by dim0k at https://www.xssposed.org/incidents/74523/
2015-07-19Remove reliance on Referer header for the login formYorhel1-2/+5
2015-07-19Remove the MSIE browser check & warning pageYorhel1-47/+1
It's a relic of the past. IE 6 & 7 are very rarely used nowadays, and people still using it will quickly realize why things don't quite work - they'll be used to it.
2015-05-13Changed layour of staff pagesYorhel1-2/+2
Not entirely sure if this is an improvement, but it's slightly more consistent with other layouts (combination of user page, release page and character page), and leaves more room for the credit/cast listings.
2015-05-13Add staff statistic to main menuYorhel1-1/+1
2015-02-02Add filters to staff browsers + minor layout fix on staff pagesmorkt1-1/+2
2015-01-28bbSubstLinks: Replace staff IDs with namesYorhel1-4/+7
2015-01-28Merge branch 'staff' into masterYorhel1-1/+71
Conflicts: lib/VNDB/DB/VN.pm lib/VNDB/Handler/VNPage.pm
2015-01-27staff: Fix various parts to recognize the new staff databasemorkt1-2/+2
2015-01-25staff: Add staff edit permission + alias layoutingmorkt1-1/+3
2015-01-12bbSubstLinks: Increase titles to fetch to 50 + tweak matching patternmorkt1-8/+9
Patch from https://vndb.org/t2520.116