path: root/lib
AgeCommit message (Collapse)AuthorFilesLines
2015-09-20formValidate: Created templates for gtin and editsum fieldsYorhel6-14/+13
2015-09-20Use plural version of reqPostsYorhel1-1/+1
Surprisingly, this was the only change I needed to make to comply with the TUWF reqGet-style function split.
2015-09-20Use the new reqQuery() + update usage of reqPath() for TUWF 1.0Yorhel2-3/+2
2015-09-20Update usage kv_validate() to upcoming TUWF 1.0Yorhel13-81/+73
And added new 'page' and 'id' templates for more strict validation.
2015-09-17Handler::Discussions: Add search box to non-item thread listsYorhel1-22/+31
As requested at
2015-09-17Handler::VNEdit: Use json_validate() for the VN staff/cast dataYorhel1-36/+38
This (only very slightly) simplified further processing of the data. It does add more validation than was present: Previously it was possible to send invalid roles (would give a 500) or invalid numeric IDs (would throw some perl warnings). These issues are now handled earlier on. This change also puts a maximum length on the notes field, but nobody has passed the 300 characters so far.
2015-09-17Rename jsonEncode/Decode to C-style namingYorhel3-13/+13
CamelCase is used for methods, C-style names for functions. I'm just nitpicking now.
2015-09-17Created json_validate() for JSON form data, used for Staff alias editorYorhel3-25/+44
The intention is to move more JS editing forms to use JSON, but manually verifying JSON objects is both painful and likely to introduce errors or vulnerabilities. json_validate() is a bit of a hack, but has the advantage that its validation syntax is the same as for normal forms, and it automatically strips whitespace. I intent to give kv_validate() an upgrade to be more flexible/modular so it can do more custom normalization. But that's for later. I've been meaning to rewrite the JS forms anyway together with the large JS rewrite, but I'm rather lazy. This is one small step in the right direction anyway. Note that json_validate() assumes that the JS code will provide user-friendly messages on bad input, but the staff alias editor doesn't quite do this yet.
2015-09-08Multi::API: Set keepalive on sockets to detect dead TCP connectionsYorhel1-0/+1
Hopefully prevents issues like
2015-09-07Handler::Discussions: Fix two bugs introduced in last commitYorhel2-2/+2
2015-09-07Handler::Discussions: Use ts_headline() to format search resultsYorhel2-5/+33
And also fix strip_bb_tags() to be case-insensitive and fix a bug in converting the query into a tsquery.
2015-09-07Handler::Discussions: Remove formcode from search formYorhel2-4/+7
It's not verified and only uglifies the URLs.
2015-09-07Implement discussion board search functionYorhel3-13/+130
Inspired by wakaranai's implementation at This version is different in a number of aspects: - Separate search functions for title search and fulltext post search. Perhaps not the most convenient option, but the downside of a combined search is that if the query matches the threads' title, then all of the posts in that thread will show up in the results. This didn't seem very useful. - Sorting is based purely on post date. Rank-based sort is slow without a separate caching column, and in my opinion not all that useful. Implementation differences: - Integrated in the existing DB::Discussions functions, so less code to maintain and more code reuse. - No separate caching column for the tsvector, a functional index is used instead. This is a bit slower (index results need to be re-checked against the actual messages, hence the slowdown), but has the advantage of smaller database dumps and less complexity in updating the cache. Things to fix or look at: - Highlighting of the search query in message contents. - Allow or-style query matching
2015-09-06SQL: Convert threads_board.type to ENUMYorhel1-2/+2
The char(2) solution is both inefficient and ugly. Also needed to be careful with handling the extra space that Postgres would automatically add to single-character types.
2015-08-31Handler::VNPage: Increase limit on number of visible releasesYorhel1-2/+2
From 50 to 200.
2015-08-17js: Clean up misc.jsYorhel2-6/+8
- Individual blocks don't leak variables into the parent scope anymore. Previously some blocks would re-use variables from other blocks, creating (almost invisible) dependencies between te blocks. - More consistent code for ulist-change-dropdowns, and all of them have a ref= argument now. - Use 'hidden' class instead of style.display wherever that makes sense. - Remove dead 'advselect' code. Hasn't been used since the addition of search filters. - lang_select doesn't rely on the position of the language class in className anymore (seriously that stuff is fragile...)
2015-08-17js: Add L10N strings to all relevant varsYorhel1-6/+1
This simplifies the JS code in some places and removes a whole number of L10N strings from the "l10n_str" var, thus shrinking the JS size a bit (uncompressed about 1500 bytes, in fact. 500 bytes after gzip).
2015-08-10Split script.js into multiple smaller filesYorhel1-0/+2
First part of a Javascript cleanup.
2015-08-08Char page: Dynamically show/hide trait groups depending on visible traitsYorhel1-7/+1
2015-08-08Hide sexual traits by default + Add profile option to change defaultYorhel2-5/+7
2015-08-08Add sexual trait toggle to character informationYorhel3-29/+24
It's not a preference yet and the sexual traits are still visible by default. I'll fix that later.
2015-07-27Handler::VNPage: Bunch of fixes for release page comparison rewriteYorhel1-5/+4
- Remove the obsolete 'use's - Re-add max-width style when requested - Fix comparison in displaying media - Fix sorting on animation column
2015-07-26Handler::VNPage: Rewrite release comparison pageYorhel1-408/+227
The previous code was using experimental perl features (switch / smartmatch) that weren't really needed, and the information about individual columns was spread around in multiple functions. This rewrite makes the code consistent with the rest of VNDB, and has *all* of the column-specific information in one data structure. I did not replicate the similar-cell-merging feature, partly because the code for it is definitely not trivial and partly because it doesn't make the table look any less cluttered. In fact, I feel that it only makes the table harder to interpret because it looks messy. This is a matter opinion, of course, so I might reimplement the feature if people who actually use this comparison page want to. Overall, I'm still undecided on whether this comparison page should exist at all in its current form - it's not very user-friendly and often looks cluttered. I'm keeping it because it does have some use-cases where it avoids opening every release page to do a manual comparison, but I'd love a more friendly-looking alternative.
2015-07-25Handler::Misc: Fix minor calculation error in determining "admin" userYorhel1-1/+1
2015-07-22Util::BrowseHTML: Fix XSS in "order by" link URLsYorhel1-2/+2
Reported by dim0k at
2015-07-21Add profile option for the default spoiler settingYorhel6-31/+30
This fixes the unexpected behaviour that changing the spoiler setting on one page will change it for all pages. All manual spoiler changing options are temporary now.
2015-07-21L10N: Combine spoiler setting stringsYorhel4-19/+18
2015-07-21Add profile option for default visible tag categories on VN pagesYorhel2-3/+9
The name of the profile setting isn't very clear. Not sure what to do with it.
2015-07-21Add profile option to show or summarize tags on VN pages by defaultYorhel2-4/+6
2015-07-21Multi::API: Support IPv6Yorhel1-1/+5
This was more trivial than I had expected. I already took ipv6 into account when rewriting the API for AnyEvent (including the use of norm_ip()), so that part was fine. The only part I had to fix was the listening socket, and I had to ensure that the $c->{ip} was correct. The first was easy, and the latter was properly handled by AnyEvent automatically. Looks like AnyEvent automatically 'unpacks' IPv4-mapped IPv6 addresses, so I didn't have to deal with that myself.
2015-07-20Multi::API: Throttle "throttled" error repliesYorhel1-3/+13
This is to save system resources when a misbehaving client keeps sending commands while it's being throttled. It also protects against trivial DoS attacks.
2015-07-20L10N: Support plural forms for charrolesYorhel2-4/+4
Used /v+/chars, other occurrences just use singular.
2015-07-19Remove reliance on Referer header for the login formYorhel2-5/+8
2015-07-19Remove reliance on Referer header for /[vr]+/list modificationsYorhel1-6/+6
2015-07-19Remove the MSIE browser check & warning pageYorhel1-47/+1
It's a relic of the past. IE 6 & 7 are very rarely used nowadays, and people still using it will quickly realize why things don't quite work - they'll be used to it.
2015-07-19Remove reliance on Referer header for language switchingYorhel1-9/+9
First step in removing the use of the Referer header for redirects. The Referer header is ugly and not always reliable, it's better to encode the required information in the URL.
2015-07-18Multi::Maintenance: Fix bug in calculating timer for monthly cronYorhel1-1/+1
AE::timer accepts a time interval as argument, not a complete timestamp. So the monthly cron job hasn't run in a while...
2015-07-18Handler::(VNEdit|Chars): Fix removal of alpha layer in imagesYorhel2-2/+4
Apparently, imagemagick's Flatten() has some odd corner cases where it seems to do more than just remove the alpha layer. The current approach is the one recommended by the official docs:
2015-07-17tladmin: Fix wrapping of lang.txt textareasYorhel1-1/+1
2015-07-12Handler::VNEdit: Use better resizing algorithmYorhel1-1/+6
Same as 2f61c4f6772f852f9e0b9ede6228de4e4dbf71a0
2015-07-12tladmin: Various improvementsYorhel1-10/+20
- Allow non-logged in visitors to browse the translations - Add 'Recent changes' link to the doc pages - Add 'incomplete' indication to the doc page links
2015-07-12d17: Document the interface translation procedureYorhel1-15/+1
2015-07-01Handler::Chars: Use better image resizing algorithmYorhel1-1/+5
As suggested at I also like how the 'amount' option isn't documented for UnsharpMask(). All documentation says 'gain' instead, but that option throws an error.
2015-06-21Multi::IRC: Increase delay between random quotesYorhel1-1/+1
2015-06-15Multi::IRC: Some fixes wrt. chat loggingYorhel1-8/+6
2015-06-15d7: Replace "top 5 contributors" with "special users" listingYorhel2-6/+13
Having a proper and up-to-date list of moderators is an often requested feature.
2015-05-13Changed layour of staff pagesYorhel2-129/+107
Not entirely sure if this is an improvement, but it's slightly more consistent with other layouts (combination of user page, release page and character page), and leaves more room for the credit/cast listings.
2015-05-13Add staff statistic to main menuYorhel2-1/+2
2015-05-12Handler::Tags: Don't allow adding deleted tags to a VNYorhel1-0/+3
2015-05-12Fix display of 'external' iconYorhel2-2/+2
Broken in commit 887607bb3744c727ec617508c17b2b7df46c2287