vndb - Source code of VNDB.org

Age	Commit message (Collapse)	Author	Files	Lines
2015-01-28	Apply bbSubstLinks to database description fields	Yorhel	4	-0/+4

2015-01-28	bbSubstLinks: Replace staff IDs with names	Yorhel	1	-4/+7

2015-01-28	Merge branch 'staff' into master	Yorhel	9	-15/+88
	Conflicts: lib/VNDB/DB/VN.pm lib/VNDB/Handler/VNPage.pm
2015-01-27	staff: Fix various parts to recognize the new staff database	morkt	4	-6/+7

2015-01-25	staff: Fix adding/editing staff with >10 aliasses	Yorhel	1	-1/+1
	Another bug related to query limits. It's become a common theme now.
2015-01-25	staff: Add staff edit permission + alias layouting	morkt	2	-9/+14

2015-01-17	DB: No need to use double-%% in like queries	Yorhel	3	-3/+3

2015-01-17	staff: Fix search to ignore spaces in Japanese names	morkt	1	-1/+6

2015-01-17	Handler::VNPage: Conditionally disable warnings for smartmatch	morkt	1	-1/+1
	Only recent perl versions need it, on older versions the 'no warnings' line would cause an error.
2015-01-17	Fix bug with language icon not being displayed for release in user list	morkt	1	-6/+5
	This happened when a release was linked to multiple visual novel entries, the language icon would show on one VN but not on the other.
2015-01-17	Fix placing of add/edit tabs on VN pages when tags are hidden	morkt	1	-0/+1

2015-01-16	staff: More form verification + support more chars for VN seiyuu linking	morkt	1	-4/+12

2015-01-15	Double the limit of number of traits to a character	Yorhel	1	-1/+1
	As per t2520.119 and t2520.120.
2015-01-12	staff: Remove some remnants of the staff images	Yorhel	2	-2/+1

2015-01-12	staff: Make Multi::IRC aware of the staff database	Yorhel	1	-5/+10

2015-01-12	staff: Stronger verification of form data	morkt	2	-21/+29

2015-01-12	bbSubstLinks: Increase titles to fetch to 50 + tweak matching pattern	morkt	1	-8/+9
	Patch from https://vndb.org/t2520.116
2015-01-04	staff: Add some link fields and guidelines	morkt	2	-13/+28

2015-01-03	staff: Various JS fixes	morkt	1	-1/+1

2015-01-02	staff: Don't allow empty staff revisions	Yorhel	2	-5/+8

2015-01-02	staff: Fix warning of comparison against undef	Yorhel	1	-1/+1

2015-01-02	staff: Fix duplicate listing of seiyuu for chars with multiple releases	Yorhel	1	-3/+3
	This unfortunately means I had to remove the order-by-character-role feature. It's possible to get that back, but it's not quite as trivial.
2015-01-02	staff: Fix deleting of staff + use JSON to pass data + minor fixes	morkt	7	-47/+101

2014-12-29	staff: Some bug fixes and styling improvements	morkt	2	-29/+57

2014-12-29	staff: Don't use inline script to pass seiyuu import data	morkt	1	-14/+8
	Same reasoning as 0d191b5cd8c79eef3cef63c40ded96506a40382a
2014-12-28	staff: Import cast from other VN + some styling + more improvements	morkt	6	-65/+99

2014-12-28	More progress on the staff + cast DB	morkt	7	-94/+193

2014-12-24	Further progress on the staff database	morkt	5	-75/+57
	- Moves staff<->vn linking form to the main VN edit form - Fixes a bug with linking staff aliases to VNs - Adds staff changes to the VN revisions - And some misc. improvements
2014-12-23	bbSubstLinks: Fix minor parsing issue	morkt	1	-2/+2
	Patch from https://vndb.org/t5564.18
2014-12-22	DB: Merge name/title fetching in main fetching functions	Yorhel	7	-45/+15
	And call bbSubstLinks() from Handler::Discussions rather than DB::Discussions - it's not a transformation that the DB layer should do, IMO.
2014-12-22	bbcode: Replace [vcpgi][0-9]+ links with a [url] tag	morkt	6	-6/+109
	Patch from https://vndb.org/t5564.13
2014-12-22	Initial implementation of a staff/seiyuu database	morkt	10	-22/+669

2014-12-02	Completely drop l_vnn column from VN info	Yorhel	2	-5/+4
	Used to link to a visual-novels.net review or something. Links have been hidden and dead since ages. No need to keep the column around.
2014-12-02	Handler::VNEdit: Fix 500 when editing VN without screenshots	Yorhel	1	-1/+1
	Broken in 44b11883da3a7e6f1138984ceeba162e0f90dc35
2014-12-01	Replace some 'onclick' attributes with JS-generated events	Yorhel	3	-8/+8
	I think this was the last piece of inline JS.
2014-12-01	Don't use inline script to pass screenshot sizes in VN edit	Yorhel	1	-7/+6
	Same reasoning as 0d191b5cd8c79eef3cef63c40ded96506a40382a
2014-12-01	Don't use inline script tag to pass pref_code to JS	Yorhel	4	-14/+7
	This also simplifies the code a bit, as the value of the preference data was never used so doesn't need to be included now. Primary reason for this change is to work towards disabling inline JS with a CSP header. There's still more stuff to fix before the CSP header can be applied, though.
2014-10-21	Use TUWF's reqBaseURI() instead of $self->{uri} on site links	Yorhel	5	-11/+16
	TUWF properly detects HTTPS and includes this in the returned URL, so this change ensures that all URLs adopt properly to HTTP and HTTPS.
2014-10-21	Disable warning about switch statement	Yorhel	1	-1/+2
	I really want to rewrite that code to not use the very unperlish switch statement, but the code is rather... complex and hairy. :(
2014-10-20	Fix tabindex on edit summary	Yorhel	1	-1/+1
	Per https://vndb.org/t5864
2014-10-16	Fix tabindex on the date selector	Yorhel	1	-1/+1

2014-10-16	Completely get rid of the old charedit perm flag	Yorhel	5	-15/+10

2014-10-16	Add a positive tabindex to all generated form elements	Yorhel	1	-12/+16
	This should result in a more natural tabbing order, skipping over any links around the forms.
2014-10-16	Set httponly flag on auth cookie	Yorhel	1	-1/+1

2014-10-16	Hash session tokens with SHA-1 when storing in DB	Yorhel	2	-23/+25
	This ensures that, if an attacker evers gets read access to the database, he will not be able to compromise any accounts. SHA-1 suffices here, because the data being hashed is a random 20 byte string. The search space is so damn large that you can't sanely brute force it, nor are rainbow tables any use at that scale. They're not salted. The password reset tokens are also hashed in the database and do include salt, but I've no idea why we did that.
2014-10-15	Multi::API: Fix login with the new password format changes	Yorhel	1	-5/+19

2014-10-15	Multi::API: Fix crash on failed login	Yorhel	1	-2/+2
	I broke this when changing the column type of login_throttle.timeout.
2014-10-15	Use scrypt for new password hashes	Yorhel	2	-9/+29
	I increased the N parameter to approximate about 500ms to generate the hash. This is quite a paranoid setting for a website, but login attempts are throttled so there's not much of a DoS factor. (Alright, password changing feature isn't throttled so the DoS factor still exists. But really, there's some pages with longer page generation times anyway.) I did lower the size of the salt a bit (Crypt::ScryptKDF uses 256 bits by default), because 64 bits of randomness should have low enough chance of collision with only ~100k users (even with a million users, seriously).
2014-10-15	Auth: Use a proper CSPRNG for generating salt and tokens	Yorhel	1	-6/+10

2014-10-15	SQL: Merge users.(passwd\|salt) in one column + document values	Yorhel	3	-41/+32
	It doesn't make a whole lot to separate the hashed password and the salt from each other, you need both to do anything with them, and from the database perspective they're both completely opaque strings only usable for direct comparison with other hashed strings. This change is mostly as preparation for switching to a proper key derivation function (sha256 isn't...) and to add support for longer and/or binary salt. Because the passwd field now needs to be interpreted in Perl, it's being passed around as a binary string rather than a hex-encoded value. API login is broken in this commit. I'll get to that.