Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-01-28 | Apply bbSubstLinks to database description fields | Yorhel | 4 | -0/+4 | |
2015-01-28 | bbSubstLinks: Replace staff IDs with names | Yorhel | 1 | -4/+7 | |
2015-01-28 | Merge branch 'staff' into master | Yorhel | 9 | -15/+88 | |
Conflicts: lib/VNDB/DB/VN.pm lib/VNDB/Handler/VNPage.pm | |||||
2015-01-27 | staff: Fix various parts to recognize the new staff database | morkt | 4 | -6/+7 | |
2015-01-25 | staff: Fix adding/editing staff with >10 aliasses | Yorhel | 1 | -1/+1 | |
Another bug related to query limits. It's become a common theme now. | |||||
2015-01-25 | staff: Add staff edit permission + alias layouting | morkt | 2 | -9/+14 | |
2015-01-17 | DB: No need to use double-%% in like queries | Yorhel | 3 | -3/+3 | |
2015-01-17 | staff: Fix search to ignore spaces in Japanese names | morkt | 1 | -1/+6 | |
2015-01-17 | Handler::VNPage: Conditionally disable warnings for smartmatch | morkt | 1 | -1/+1 | |
Only recent perl versions need it, on older versions the 'no warnings' line would cause an error. | |||||
2015-01-17 | Fix bug with language icon not being displayed for release in user list | morkt | 1 | -6/+5 | |
This happened when a release was linked to multiple visual novel entries, the language icon would show on one VN but not on the other. | |||||
2015-01-17 | Fix placing of add/edit tabs on VN pages when tags are hidden | morkt | 1 | -0/+1 | |
2015-01-16 | staff: More form verification + support more chars for VN seiyuu linking | morkt | 1 | -4/+12 | |
2015-01-15 | Double the limit of number of traits to a character | Yorhel | 1 | -1/+1 | |
As per t2520.119 and t2520.120. | |||||
2015-01-12 | staff: Remove some remnants of the staff images | Yorhel | 2 | -2/+1 | |
2015-01-12 | staff: Make Multi::IRC aware of the staff database | Yorhel | 1 | -5/+10 | |
2015-01-12 | staff: Stronger verification of form data | morkt | 2 | -21/+29 | |
2015-01-12 | bbSubstLinks: Increase titles to fetch to 50 + tweak matching pattern | morkt | 1 | -8/+9 | |
Patch from https://vndb.org/t2520.116 | |||||
2015-01-04 | staff: Add some link fields and guidelines | morkt | 2 | -13/+28 | |
2015-01-03 | staff: Various JS fixes | morkt | 1 | -1/+1 | |
2015-01-02 | staff: Don't allow empty staff revisions | Yorhel | 2 | -5/+8 | |
2015-01-02 | staff: Fix warning of comparison against undef | Yorhel | 1 | -1/+1 | |
2015-01-02 | staff: Fix duplicate listing of seiyuu for chars with multiple releases | Yorhel | 1 | -3/+3 | |
This unfortunately means I had to remove the order-by-character-role feature. It's possible to get that back, but it's not quite as trivial. | |||||
2015-01-02 | staff: Fix deleting of staff + use JSON to pass data + minor fixes | morkt | 7 | -47/+101 | |
2014-12-29 | staff: Some bug fixes and styling improvements | morkt | 2 | -29/+57 | |
2014-12-29 | staff: Don't use inline script to pass seiyuu import data | morkt | 1 | -14/+8 | |
Same reasoning as 0d191b5cd8c79eef3cef63c40ded96506a40382a | |||||
2014-12-28 | staff: Import cast from other VN + some styling + more improvements | morkt | 6 | -65/+99 | |
2014-12-28 | More progress on the staff + cast DB | morkt | 7 | -94/+193 | |
2014-12-24 | Further progress on the staff database | morkt | 5 | -75/+57 | |
- Moves staff<->vn linking form to the main VN edit form - Fixes a bug with linking staff aliases to VNs - Adds staff changes to the VN revisions - And some misc. improvements | |||||
2014-12-23 | bbSubstLinks: Fix minor parsing issue | morkt | 1 | -2/+2 | |
Patch from https://vndb.org/t5564.18 | |||||
2014-12-22 | DB: Merge name/title fetching in main fetching functions | Yorhel | 7 | -45/+15 | |
And call bbSubstLinks() from Handler::Discussions rather than DB::Discussions - it's not a transformation that the DB layer should do, IMO. | |||||
2014-12-22 | bbcode: Replace [vcpgi][0-9]+ links with a [url] tag | morkt | 6 | -6/+109 | |
Patch from https://vndb.org/t5564.13 | |||||
2014-12-22 | Initial implementation of a staff/seiyuu database | morkt | 10 | -22/+669 | |
2014-12-02 | Completely drop l_vnn column from VN info | Yorhel | 2 | -5/+4 | |
Used to link to a visual-novels.net review or something. Links have been hidden and dead since ages. No need to keep the column around. | |||||
2014-12-02 | Handler::VNEdit: Fix 500 when editing VN without screenshots | Yorhel | 1 | -1/+1 | |
Broken in 44b11883da3a7e6f1138984ceeba162e0f90dc35 | |||||
2014-12-01 | Replace some 'onclick' attributes with JS-generated events | Yorhel | 3 | -8/+8 | |
I think this was the last piece of inline JS. | |||||
2014-12-01 | Don't use inline script to pass screenshot sizes in VN edit | Yorhel | 1 | -7/+6 | |
Same reasoning as 0d191b5cd8c79eef3cef63c40ded96506a40382a | |||||
2014-12-01 | Don't use inline script tag to pass pref_code to JS | Yorhel | 4 | -14/+7 | |
This also simplifies the code a bit, as the value of the preference data was never used so doesn't need to be included now. Primary reason for this change is to work towards disabling inline JS with a CSP header. There's still more stuff to fix before the CSP header can be applied, though. | |||||
2014-10-21 | Use TUWF's reqBaseURI() instead of $self->{uri} on site links | Yorhel | 5 | -11/+16 | |
TUWF properly detects HTTPS and includes this in the returned URL, so this change ensures that all URLs adopt properly to HTTP and HTTPS. | |||||
2014-10-21 | Disable warning about switch statement | Yorhel | 1 | -1/+2 | |
I really want to rewrite that code to not use the very unperlish switch statement, but the code is rather... complex and hairy. :( | |||||
2014-10-20 | Fix tabindex on edit summary | Yorhel | 1 | -1/+1 | |
Per https://vndb.org/t5864 | |||||
2014-10-16 | Fix tabindex on the date selector | Yorhel | 1 | -1/+1 | |
2014-10-16 | Completely get rid of the old charedit perm flag | Yorhel | 5 | -15/+10 | |
2014-10-16 | Add a positive tabindex to all generated form elements | Yorhel | 1 | -12/+16 | |
This should result in a more natural tabbing order, skipping over any links around the forms. | |||||
2014-10-16 | Set httponly flag on auth cookie | Yorhel | 1 | -1/+1 | |
2014-10-16 | Hash session tokens with SHA-1 when storing in DB | Yorhel | 2 | -23/+25 | |
This ensures that, if an attacker evers gets read access to the database, he will not be able to compromise any accounts. SHA-1 suffices here, because the data being hashed is a random 20 byte string. The search space is so damn large that you can't sanely brute force it, nor are rainbow tables any use at that scale. They're not salted. The password reset tokens are also hashed in the database and do include salt, but I've no idea why we did that. | |||||
2014-10-15 | Multi::API: Fix login with the new password format changes | Yorhel | 1 | -5/+19 | |
2014-10-15 | Multi::API: Fix crash on failed login | Yorhel | 1 | -2/+2 | |
I broke this when changing the column type of login_throttle.timeout. | |||||
2014-10-15 | Use scrypt for new password hashes | Yorhel | 2 | -9/+29 | |
I increased the N parameter to approximate about 500ms to generate the hash. This is quite a paranoid setting for a website, but login attempts are throttled so there's not much of a DoS factor. (Alright, password changing feature isn't throttled so the DoS factor still exists. But really, there's some pages with longer page generation times anyway.) I did lower the size of the salt a bit (Crypt::ScryptKDF uses 256 bits by default), because 64 bits of randomness should have low enough chance of collision with only ~100k users (even with a million users, seriously). | |||||
2014-10-15 | Auth: Use a proper CSPRNG for generating salt and tokens | Yorhel | 1 | -6/+10 | |
2014-10-15 | SQL: Merge users.(passwd|salt) in one column + document values | Yorhel | 3 | -41/+32 | |
It doesn't make a whole lot to separate the hashed password and the salt from each other, you need both to do anything with them, and from the database perspective they're both completely opaque strings only usable for direct comparison with other hashed strings. This change is mostly as preparation for switching to a proper key derivation function (sha256 isn't...) and to add support for longer and/or binary salt. Because the passwd field now needs to be interpreted in Perl, it's being passed around as a binary string rather than a hex-encoded value. API login is broken in this commit. I'll get to that. |