New revs
Plugin revs »

Nao

  • Dadman with a boy
  • Posts: 16,082
Re: New revs
« Reply #2835, on January 16th, 2017, 11:45 PM »
[Commit revision 3acb8b9]
Author: C3realGuy
Date: Mon, 16 Jan 2017 13:36:42 +0100
Stats: 1 file changed; +15 (insertions), -5 (deletions)
  • Login now looks better on small screens
  • Some .login rules got overwritten on screens
  •  smaller than 600px. Added !important flag to
  •  them.
  • Besides that the overflow rule looked
  •  bad.
  • And the password input missed the max-width
  •  rule.
  • On very small screens (<= 450px) we now
  •  break lines between dt and dd
[Commit revision 8a8596b]
Author: Nao
Date: Mon, 16 Jan 2017 23:45:31 +0100
Stats: 1 file changed; +15 (insertions), -5 (deletions)
  • Merge pull request #48 from C3realGuy/fix_css_login
  • Login looks bad on small screens
Re: New revs
« Reply #2836, on January 16th, 2017, 11:46 PM »
[Commit revision f2f0a94]
Author: C3realGuy
Date: Sun, 15 Jan 2017 14:21:52 +0100
Stats: 1 file changed; +1 (insertion), -0 (deletion)
  • quote bbc misbehaved when centered
[Commit revision f84a913]
Author: Nao
Date: Mon, 16 Jan 2017 23:46:27 +0100
Stats: 1 file changed; +1 (insertion), -0 (deletion)
  • Merge pull request #47 from C3realGuy/fix_css_bbc_center_align
  • quote bbc misbehaved when centered
Re: New revs
« Reply #2837, on January 16th, 2017, 11:48 PM »
[Commit revision fd22890]
Author: Nao
Date: Mon, 16 Jan 2017 23:48:14 +0100
Stats: 2 files changed; +2 (insertions), -2 (deletions)
  • Spacinazi! (index.css, sections.css)
Re: New revs
« Reply #2838, on January 16th, 2017, 11:51 PM »
[Commit revision 9b2ce98]
Author: C3realGuy
Date: Sat, 14 Jan 2017 12:36:08 +0100
Stats: 1 file changed; +13 (insertions), -6 (deletions)
  • Fixed possible sql injections in various functions in SSI.php.
  • Parameterized all limits.
[Commit revision 5c40f54]
Author: Nao
Date: Mon, 16 Jan 2017 23:51:45 +0100
Stats: 1 file changed; +13 (insertions), -6 (deletions)
  • Merge pull request #44 from C3realGuy/fix_ssi_sqlis
  • Tightened security in some SSI SQL queries.
Re: New revs
« Reply #2839, on January 16th, 2017, 11:55 PM »
[Commit revision f1557f9]
Author: Nao
Date: Mon, 16 Jan 2017 23:55:13 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Fixed PHP 7 incompatibility. Thank halojoy! (Class-DB.php)
[Commit revision 323986d]
Author: Nao
Date: Mon, 16 Jan 2017 23:55:31 +0100
Stats: 1 file changed; +13 (insertions), -6 (deletions)
Re: New revs
« Reply #2840, on January 19th, 2017, 11:57 AM »
[Commit revision c3dda12]
Author: C3realGuy
Date: Wed, 18 Jan 2017 21:41:25 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • check if ['page_title'] is set
[Commit revision 5522202]
Author: Nao
Date: Thu, 19 Jan 2017 11:57:20 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Merge pull request #52 from C3realGuy/fix_template_page_title
  • check if $context['page_title'] is set
Re: New revs
« Reply #2841, on January 20th, 2017, 06:55 PM »
[Commit revision d0fe5c4]
Author: Nao
Date: Fri, 20 Jan 2017 18:55:04 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • scandir() returns a filename, not a fully qualified path, making the captcha code sketchy at best. Hey Pete, I miss you fixing your own bugs! ;) (Subs-Captcha.php)
Re: New revs
« Reply #2842, on January 24th, 2017, 11:58 PM »
[Commit revision f1bbb2a]
Author: Nao
Date: Sat, 21 Jan 2017 23:48:29 +0100
Stats: 2 files changed; +2 (insertions), -6 (deletions)
  • Fixed a couple of scandir calls to be more fault-tolerant. I think. (ManageAttachments.php, Post.php)
[Commit revision 7ae7331]
Author: Nao
Date: Tue, 24 Jan 2017 23:38:27 +0100
Stats: 1 file changed; +9 (insertions), -1 (deletion)
  • Closing a potential security hole when posting external links in a message. (Subs-BBC.php)
[Commit revision fa107a7]
Author: Nao
Date: Tue, 24 Jan 2017 23:42:23 +0100
Stats: 1 file changed; +1 (insertion), -0 (deletion)
  • The '%3b' fix for URLs followed from e-mail clients (or even some weird spam bots following these links) was only applied in case semicolons are accepted by the server setup. It is also very much a problem for other setups, believe me I've gone through it, so I'm fixing it as well for them. (QueryString.php)
[Commit revision 7bd17c2]
Author: Nao
Date: Tue, 24 Jan 2017 23:45:16 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Preventing bots from seeing the skin selector page. As I mentioned in my previous commit, I've seen weird things where Baidu and another bot seem to develop romantic feelings towards any page with action=skin in its name. Maybe because of the name..? I don't know. You tell me. (Subs.php)
[Commit revision 933a87e]
Author: Nao
Date: Tue, 24 Jan 2017 23:50:31 +0100
Stats: 1 file changed; +8 (insertions), -3 (deletions)
  • Unix-based servers see similar folder names like 'Hello' and 'heLLo' as different names. This causes a problem when moving a folder from one server to another. Again, I LIVED THROUGH THAT HORROR. Media gallery folders will now be case insensitive, and simply go through adding a number to the folder name if it already exists, regardless of whether Linux etc. accepts it. Plus, you know I'm a sucker for writing cool geeky one-liners like this one. (Subs-Media.php)
[Commit revision ed2e23e]
Author: Nao
Date: Tue, 24 Jan 2017 23:51:42 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • PHP 7 doesn't like break commands outside of their natural habitat. Let's just assume the author of that library just meant to say 'return'. (getid3/getid3.lib.php)
[Commit revision 174ad41]
Author: Nao
Date: Tue, 24 Jan 2017 23:57:48 +0100
Stats: 1 file changed; +2 (insertions), -2 (deletions)
  • Attempting to fix database errors that come up in MySQL 5.7+ because of strict mode being enabled by default. This is only the beginning, as thought pages also have the problem. (Aeva-Foxy.php)
  • Also a very, very minor bug fix when counting files. I'm not sure it even deserves its own description. You know, the line you're reading right now. Which, if you could just stop for a second and think about it, really says something about your priorities in life. You could be teaching kids how to make pasta, learning a new local language, reading up about agricultural politics in Thailand, and yet you chose to read a changelog about a minor bug in a library that no one uses because, let's be honest here, I'd probably make the world a better place by doing one of the aforementioned things. (Aeva-Subs-Vital.php)
Re: New revs
« Reply #2843, on January 25th, 2017, 11:24 PM »
[Commit revision 3b7dbd4]
Author: Nao
Date: Wed, 25 Jan 2017 23:20:34 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Fixed another one of those annoying ONLY_FULL_GROUP_BY errors that show up in MySQL 5.7+ and tend to make it skedaddle. Again, I'm using the 'safe' solution (backwards compatible), although ANY_VALUE() would be best. Adding the related field to the GROUP BY clause is also a solution, but it makes it about 10% slower. Ideally, one should disable that directive entirely, and I have something in the works for that, because it's about 10% faster this time. (Thoughts.php)
Re: New revs
« Reply #2844, on January 25th, 2017, 11:26 PM »
[Commit revision e108c9a]
Author: Nao
Date: Wed, 25 Jan 2017 23:25:56 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Another GROUP BY fix I forgot to commit. (Aeva-Foxy.php)
Re: New revs
« Reply #2845, on January 26th, 2017, 11:48 PM »
[Commit revision 34c8223]
Author: C3realGuy
Date: Sun, 15 Jan 2017 13:10:09 +0100
Stats: 1 file changed; +3 (insertions), -3 (deletions)
  • now displaying more clear why we failed to apply the plugin modifications
[Commit revision dca5de1]
Author: Nao
Date: Thu, 26 Jan 2017 23:48:39 +0100
Stats: 1 file changed; +3 (insertions), -3 (deletions)
  • Merge pull request #50 from C3realGuy/dev_more_detailed_errors_on_plugin_mods
  • Plugin Attempt should show why it failed on mods.xml
Re: New revs
« Reply #2846, on January 27th, 2017, 11:55 PM »
[Commit revision db87766]
Author: Nao
Date: Thu, 26 Jan 2017 11:07:31 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Commenazi. Just wanted to make it clear that ini_set() only works on a subset of php.ini settings, and the previous comment implied that it could override a PHP_INI_PERDIR setting. (OriginalFiles.php)
[Commit revision c988813]
Author: Nao
Date: Thu, 26 Jan 2017 23:48:50 +0100
Stats: 1 file changed; +3 (insertions), -3 (deletions)
[Commit revision 14f9311]
Author: Nao
Date: Fri, 27 Jan 2017 23:17:11 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Commenazi. Sorry, had to fix that typo... (OriginalFiles.php)
[Commit revision 8e86565]
Author: Nao
Date: Fri, 27 Jan 2017 23:55:13 +0100
Stats: 2 files changed; +47 (insertions), -44 (deletions)
  • In my continuing quest to make Wedge work better behind a proxy, I've fixed an error triggered by a misunderstanding around the concept of HTTP headers. The latest official documentation indicates that they should be case-insensitive. Bad Behavior treats them as case-sensitive, even though it only differentiates case in a single case (which may not even be valid anymore). So...
  • Modified get_http_headers() to return lowercase-only header names. Updated all code using get_http_headers() to match that. Basically, it's really only about Bad Behavior here. (QueryString.php, Security.php)
  • Removed that single instance of Bad Behavior checking for a specific header ('Via'), because with the new system it just wouldn't work. (Security.php)
  • Updated Bad Behavior-inspired code to v2.2.19. It's only about syncing with its exploit/spam/bot user agent list, because there are other additions that don't seem to be related to existing code in Wedge. (Security.php)
  • Note: this WILL break any plugins that use get_http_headers(). But I don't think any do. At least, none of those hosted on Wedge.org.
Re: New revs
« Reply #2847, on February 5th, 2017, 03:45 AM »
[Commit revision 4ccaed6]
Author: Nao
Date: Sun, 05 Feb 2017 03:45:06 +0100
Stats: 3 files changed; +5 (insertions), -5 (deletions)
  • Not that it matters, but I updated jQuery to v3.1.1, since it's been out for a few months now. (I try not to jump on the latest version immediately, in case it's buggy.) (Load.php, jquery-*.min.js)
  • (What am I doing awake at nearly 4am. Help.)
Re: New revs
« Reply #2848, on February 5th, 2017, 08:33 PM »
[Commit revision 435c54a]
Author: Nao
Date: Sun, 05 Feb 2017 20:20:36 +0100
Stats: 1 file changed; +1 (insertion), -1 (deletion)
  • Intrusion logger wouldn't check for request URI size before trying to insert it into a 255-char field... Usually this wouldn't be a problem, but MySQL exploits can hold entire scripts into the URL. Should probably increase size to 1024 chars or something, but it's already a huge table that never gets trimmed, so... No thanks. (Security.php)
[Commit revision 0e3578e]
Author: Nao
Date: Sun, 05 Feb 2017 20:22:13 +0100
Stats: 1 file changed; +3 (insertions), -5 (deletions)
  • Slightly shorter default htaccess files, and a small fix for the expiry date. I don't remember why it was hardcoded. 20 years from install date should be enough... Although maybe it won't work. I don't really see any differences anyway. (OriginalFiles.php)
[Commit revision b1dd9cc]
Author: Nao
Date: Sun, 05 Feb 2017 20:23:36 +0100
Stats: 1 file changed; +2 (insertions), -4 (deletions)
  • Logic error in a scheduled task query. I think I saw that in an older SMF fix that Pete didn't backport or maybe he had already left. I need some sleep. (ScheduledTasks.php)
[Commit revision e7c5413]
Author: Nao
Date: Sun, 05 Feb 2017 20:25:38 +0100
Stats: 3 files changed; +3 (insertions), -3 (deletions)
  • Other minor fixes. I think they're also inspired by SMF fixes. Sorry, I didn't even notice I'd made these changes weeks ago. (Search2.php, Subs-Auth.php, Subs-Graphics.php)
[Commit revision 73538f9]
Author: Nao
Date: Sun, 05 Feb 2017 20:27:04 +0100
Stats: 2 files changed; +2 (insertions), -2 (deletions)
  • Oh, and that SMF fix too... (Subs-Post.php)
  • And while I'm at it, a small improvement to an array length calculation. I know, it's petty, but it was hurting my eyes. (Aeva-Subs-Vital.php)
[Commit revision 143e827]
Author: Nao
Date: Sun, 05 Feb 2017 20:33:23 +0100
Stats: 3 files changed; +40 (insertions), -37 (deletions)
  • Merged two functions related to PHP caching into cache_source_file(), which should be easier to understand. The fact that the function applies plugin mods and minifies the file is implied in its contents. Dunno about you, I find it cleaner. (Subs-CachePHP.php, Subs-Template.php, index.php)
  • Also added some debug code to help catch the problem with the latest-news.js error. It's a very minor thing, but it's always better to redirect people to the homepage rather than just show them the page crash, anyway. Maybe remove the code later if I end up fixing the bug. (index.php)
  • Note: don't forget to update your root folder's index.php file!
Re: New revs
« Reply #2849, on February 6th, 2017, 10:45 AM »
[Commit revision 9bc6cba]
Author: Nao
Date: Mon, 06 Feb 2017 10:45:41 +0100
Stats: 2 files changed; +10 (insertions), -6 (deletions)
  • Wow, what a mess... Nginx proxy handling was broken from the start. In revision 1b8aa5d, Pete added support for non-CloudFlare proxies, but documented it improperly, by suggesting the use of 'X-Real-Ip', but not bother to convert dashes to underscores internally. As a result, Wedge.org itself just spent the last few weeks rejecting every single Googlebot request. Isn't that nice? (QueryString.php)
  • Additionally, I'm committing a temporary fix to use BAN_CHECK_IP for BadBehavior purposes (that is, the 'real' client IP beyond server proxies), as opposed to REMOTE_ADDR. I'm not sure it's really going to be temporary, but I first need to check whether it makes sense to 'trust' those headers. Suggestions welcome. (Security.php)
Plugin revs »