Age | Commit message (Collapse) | Author | Files | Lines |
|
https://vndb.org/t950.517
|
|
Compatability is hard...
|
|
filFetchDB() is not used for the release filter on the VN browsing
interface, so I've moved the compatibility stuff into a separate
filCompat() method that can be called from Handler::VNBrowse.
|
|
Been wanting to do this for a long time - using an integer index into an
array that changes once in a while is way too fragile. Doubly so when
said indices are also used in filters and URLs that can't be updated
every time a new resolution is added.
|
|
https://vndb.org/t950.512
|
|
https://vndb.org/t11296.3
(And I forgot to add update_20180929.sql in the previous commit)
|
|
https://vndb.org/t11296
|
|
https://vndb.org/t950.456
|
|
Icon created by fuukanou: https://vndb.org/t10665.49
File size reduced a bit further by removing metadata and using scour
Closes #3
|
|
As discussed in https://vndb.org/t10665
|
|
|
|
https://vndb.org/t950.432
|
|
https://vndb.org/t10472
|
|
There's still a glitch that, when a character is linked to a deleted
release, the release selection will not show up in the form. But that's
much easier to work around.
|
|
https://vndb.org/t950.416
|
|
Fixes https://vndb.org/t2520.250
|
|
|
|
|
|
https://vndb.org/t950.410
|
|
This touches a bunch of things:
- Adds a new first-class database entry type
- Removes the d+.+.+ BBCode link syntax, adds a new d+#+ and d+#+.+
link syntax (references have been updated where possible)
- Adds a new dependency on Text::MultiMarkdown
|
|
For consistency with the VN & character alias fields. It's also less
ambiguous, as there are a few aliases that contain commas.
|
|
|
|
Should fix https://vndb.org/t2520.237
|
|
inmediate container <abbr>.
|
|
https://vndb.org/t2520.233
The old bb2html() blindly replaced [url=..] anywhere inside the matched
token, and did not require that the [url=..] was itself the token. I've
made the tag matching more strict to make sure that [something[url=..]
is now properly tokenized.
This also affects other tags, so it's likely that there's some input
that the old bb2html() would still have handled differently.
|
|
https://vndb.org/t9992.16
|
|
|
|
|
|
|
|
This is based on the API that I described in https://vndb.org/t5564.12
It's mostly bug-compatible with the old bb2html(), main differences:
- <br /> -> <br> for no reason
- Doesn't sporadically add a wrong </div>
- $rmwhitespace now also after [/code]
Most of the test cases were contributed by flan <flan@flande.re>
|
|
|
|
These are just style consistency changes, functionally equivalent.
|
|
It's been a while since I had static/f/ in git, so I had to adjust
.gitignore a bit.
The CSS changes are purely opinion, but it does integrate better with
the existing layout.
Everything else are bug fixes.
|
|
|
|
|
|
Fixes https://vndb.org/t2520.229
|
|
|
|
https://vndb.org/t950.339
|
|
Fixes https://vndb.org/t2520.222
|
|
This makes the relation graphs useful again for several large (mostly)
independent graphs that are sometimes linked together by unofficial
relations.
e.g. https://vndb.org/t8985
|
|
Fixes https://vndb.org/t2520.215
|
|
|
|
|
|
Fixes https://vndb.org/t2520.213
|
|
https://vndb.org/t2520.209
|
|
https://vndb.org/t2520.210
|
|
|
|
|
|
Previously the website was connected to the database with a "database
owner" user, which has far too many permissions. Now there's a special
vndb_site user with only the necessary permissions. The primary
reason to do this is to decrease the impact if the site process is
compromised. E.g. it's now no longer possible to delete or modify old
entry revisions. An attacker can still do a lot of damage, however.
Additionally (and this was the main reason to implement this change in
the first place), the user sessions, passwords and email data is now not
easily accessible anymore. Hopefully, the new user management
abstractions will prevent email and password dumps in case of an SQL
injection or RCE vulnerability in the site code. Of course, this only
works if my implementation is fully correct and there's no privilige
escalation vulnerability somewhere.
Furthermore, changing your password now invalidates any existing
sessions, and the password reset function is disabled for 'usermods'
(because usermods can list email addresses from the database, and the
password reset function could still allow an attacker to gain access to
anyone's account).
I also changed the format of the password reset tokens, as they totally
don't need to be salted.
|
|
|