Age | Commit message (Collapse) | Author | Files | Lines |
|
Tried some malicious multiline inputs, wasn't a big issue given that
HTML doesn't render newlines, but could still be surprising in some
places.
|
|
Fixes https://vndb.org/t2520.831
|
|
See TUWF commit fd3d2ca6a18222dafaa13dbcb7a6ccce1c4d9e6e
Fixes https://vndb.org/t2520.822 and a few related bugs.
(I may have introduced a few new bugs with this, let's see...)
|
|
Turns out I *can* just merge all fields into the top-level edit object,
but only if I split out the admin part of the form. Which makes sense,
anyway, as it's much easier to keep the forms secure with those two
functions separated.
|
|
|
|
Slowly preparing to get rid of Elm, starting with the easy stuff.
This is the real test: let's see if I can write Javascript without
introducing too many bugs.
I wasted three days trying to figure out how to integrate and use
Preact, only to come to the conclusion that I hate it. Its API has so
many awkward issues and rough edges that it makes one wonder how it ever
got so popular. So back to fiddling with mithril.js, which sure feels a
lot better designed. I threw out its routing & request features so
what's left is just a tiny vdom library - exactly what I wanted from
Preact.
The Subscribe widget code is kind of ugly, but that's unrelated to this
Elm->JS rewrite. I might look into cleaning it up later.
|
|
This way a URL with multiple ?q= parameters won't fail validation, it'll
just assume there's no search query.
|
|
Requires TUWF commit f683126abd6ee17c6d868d3d8735b416c466f8af
Fixes #42
|
|
But with some limitations:
- counts are only displayed if the search can be done with trigrams
- The counts include hidden entries (will fix later for most types)
- The counts ignore any saved filters
|
|
I made a thinking error with the 'searchquerya' validation; multiple
queries need to be OR'ed and thus can't be combined into a single
SearchQuery object.
|
|
|
|
With this ranking system, searching for titles like 'L' and 'ONE.' is
now at least possible, and YU-NO at least shows up on the first page
when searching for "yu no". The actual normalization and matching
algorithm hasn't really changed, except that all search terms must now
match a single title, but there's still a whole bunch of false
positives.
Ranking is not available through the API yet.
The trigram index should make it possible to do site-wide searching at a
more reasonable speed, I'll experiment with that later.
|
|
|
|
|
|
|
|
|
|
Currently has 851 million password hashes, taking about 8G of space with
the current approach. It's simple and fast, so should be worth it.
inb4 complains about "why can't I use my password anymore!?"
|
|
Fixes #37.
|
|
It's looking pretty powerful and functional already.
|
|
This should save me considerable time in finding duplicate account
voters.
|
|
Broken since 8c1fcdb94b46373c4e9c8d533e645edf6aba6f7a (!?)
|
|
Requires upgrading TUWF to commit
cbff0b7e7841ffce68cacea763fe3e59385f73e4
|
|
|
|
|
|
Usernames are now case-insensitive and name changes and new
registrations are now checked for homograph attacks.
|
|
|
|
|
|
I had wanted to split this up into multiple commits and roll out in
stages, but couldn't really find a natural way to do so. There are
several places that take a generic identifier and expect it to work the
same for all entries they support, so changing one entry at a time
wasn't going to be any easier. Only the tags & traits haven't been
updated yet, I'll convert those later.
While this is a major change and affects a lot of code, the individual
changes are all pretty simple. I'm surprised how much code did not have
to be updated at all. No doubt I've missed a few places, though, so this
commit will almost certainly break something.
|
|
|
|
of tuwf->{..}
Config had been in a separate config->{..} object for a while now, old
code doesn't need it anymore so we can finally get rid of the tuwf->{..}
compact.
vndb.pl is not really the place for library code, so moved that around.
The old imgpath() and imgurl() functions weren't used anymore, so could
be safely replaced with the new functions that take the new vndbid
format.
(All this to make it easier to write separate scripts that call into
VNDB::/VNWeb:: code as a library)
|
|
Tag weights are in 0.2 increments, to keep the selection list short
enough. https://vndb.org/t14995.5
This (again) breaks the query encoding format, but provides a means for
filters to define their own compact query encoding instead of having to
force their fully normalized value in some way that it also somehow fits
the compact form. This allowed me to save one character on the tag
filter encoding by using a Tuple value rather than Triple. I don't
foresee any other uses for Triples, so removed that as value type.
|
|
Even if it the server accepts a regular number as well, the form expects
the input to be a proper identifier.
|
|
This required some changes to the query model and encoded form, since it
doing this with only <= and => operators is too limited.
I changed the compact encoding of strings to only encode the length in
the type field for specific (common) lengths and fallback to an
end-of-string character for everything else. This leaves room for more
custom types.
|
|
First attempt to add filters that reference database entries. Will need
to be refined.
|
|
It's still missing a few mod features, will add those later.
|
|
This is a minor start towards rewriting the filter logic in the new v2rw
code. Filters were never validated before (I didn't have a good
framework for it - now I do) and invalid filters would result in a 500.
The new validation code is not yet applied, but failed validations will
be logged so that I can see if it's working correctly.
I mean, what better way to test than to throw it in production?
I'll write new (and more flexible) SQL generation functions for these
filters later, so that v2rw code can get filtered results and I can make
a start on rewriting the pages that depend on the functionality. The
validation schema can also be used to validate the filters stored in the
DB, so I can use it to get rid of the complex handling of stored invalid
filters.
|
|
|
|
|
|
|
|
The image voting is now handled separately from form submission and
image IDs are validated when changed.
This abstraction is hopefully also usable for the VN form.
|
|
Auto-wiping request-local storage is easier and more reliable than using
hooks. (See TUWF commit 7cc84ca99b1d93f7f08cc95e9a776f1926e80417)
|
|
dbmods can now change other users' "edit" permission, tagmods "tag",
etc. As I hinted to from be5ee198129301d84912380ed8d1636ad32f68b3
This required the user edit form to be restructured a bit so only people
with the proper permissions get to see the proper form sections.
|
|
Easier than moderating the site to prevent people from creating internal
links to sensitive pages. It also turns out that SameSite cookies are
included when opening a bookmark (okayish) or clicking on a link from
outside the browser (not okay), this protects against those scenarios as
well.
|
|
Decided to make the "vote difference" sort option a non-moderator
feature, too. It's too useful to hide, I think.
The NSFW warning makes use of the 'show_nsfw' setting and the
viewget/viewset machinery to do this somewhat safely. In the future I
suppose this would use a "Show Explicit / Brutal images by default"
setting.
|
|
The 'id' validation is to be used for internal VNDB ids only and
associativity of << and - were different from what I had expected.
|
|
|
|
|
|
Problem is that the 'uint' validation does not allow leading zeros,
which are very valid as part of GTIN codes, thus resulting in an error
when validating a normalized GTIN code.
|
|
As its now being used from two distinct places.
|
|
Crawlers unsurprisingly hit that protection a lot. I've not seen any
problems so far, the pages loads fine for everyone else.
|