From 5843aae4f2e8a7d1a194859bd4bb626e3de5da16 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 5 Feb 2012 04:20:42 +0000 Subject: [PATCH 1/5] random unused global o_O --- ext/comment/main.php | 1 - 1 file changed, 1 deletion(-) diff --git a/ext/comment/main.php b/ext/comment/main.php index 9300b50d..d2d7f32b 100644 --- a/ext/comment/main.php +++ b/ext/comment/main.php @@ -173,7 +173,6 @@ class CommentList extends SimpleExtension { $h_comment_rate = sprintf("%.1f", ($i_comment_count / $i_days_old)); $event->add_stats("Comments made: $i_comment_count, $h_comment_rate per day"); - global $user; $recent = $this->get_user_recent_comments($event->display_user->id, 10); $this->theme->display_user_comments($recent); } From a55eca44622b7f492d4d091e663fbe2ab37ba2e4 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 5 Feb 2012 04:21:03 +0000 Subject: [PATCH 2/5] so many bots crawling the infinite search space... --- core/imageboard.pack.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/core/imageboard.pack.php b/core/imageboard.pack.php index bac574b7..97ff62a8 100644 --- a/core/imageboard.pack.php +++ b/core/imageboard.pack.php @@ -109,13 +109,19 @@ class Image { assert(is_numeric($start)); assert(is_numeric($limit)); assert(is_array($tags)); - global $database; + global $database, $user; $images = array(); if($start < 0) $start = 0; if($limit < 1) $limit = 1; + if(SPEED_HAX) { + if($user->is_anonymous() and count($tags) > 3) { + die("Anonymous users may only search for up to 3 tags at a time"); // FIXME: throw an exception? + } + } + $querylet = Image::build_search_querylet($tags); $querylet->append(new Querylet("ORDER BY images.id DESC LIMIT :limit OFFSET :offset", array("limit"=>$limit, "offset"=>$start))); #var_dump($querylet->sql); var_dump($querylet->variables); From 0b13db8ed71fa873d715741a3947614db72f7c28 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 5 Feb 2012 04:25:50 +0000 Subject: [PATCH 3/5] hide anonymous's user page - having made a million comments, it was taking upwards of 60 seconds to process that one page, triggering the DOS defences... --- ext/comment/theme.php | 15 ++++++++++----- ext/user/main.php | 2 +- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ext/comment/theme.php b/ext/comment/theme.php index 56afa513..c054a80b 100644 --- a/ext/comment/theme.php +++ b/ext/comment/theme.php @@ -144,12 +144,17 @@ class CommentListTheme extends Themelet { $i_comment_id = int_escape($comment->comment_id); $i_image_id = int_escape($comment->image_id); - $anoncode = ""; - if($h_name == "Anonymous" && $this->anon_id >= 0) { - $anoncode = ''.$this->anon_id.''; - $this->anon_id++; + if($h_name == "Anonymous") { + $anoncode = ""; + if($this->anon_id >= 0) { + $anoncode = ''.$this->anon_id.''; + $this->anon_id++; + } + $h_userlink = $h_name . $anoncode; + } + else { + $h_userlink = ''.$h_name.''; } - $h_userlink = ''.$h_name.''.$anoncode; $stripped_nonl = str_replace("\n", "\\n", substr($tfe->stripped, 0, 50)); $stripped_nonl = str_replace("\r", "\\r", $stripped_nonl); $h_dellink = $user->is_admin() ? diff --git a/ext/user/main.php b/ext/user/main.php index 33a1d4a5..7348b490 100644 --- a/ext/user/main.php +++ b/ext/user/main.php @@ -158,7 +158,7 @@ class UserPage extends SimpleExtension { $this->theme->display_error($page, "Not Logged In", "You aren't logged in. First do that, then you can see your stats."); } - else if(!is_null($display_user)) { + else if(!is_null($display_user) && ($display_user->id != $config->get_int("anon_id"))) { send_event(new UserPageBuildingEvent($display_user)); } else { From 2d334e08ea1ae1c3d815f6cff6b723ade45654b5 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 5 Feb 2012 05:06:55 +0000 Subject: [PATCH 4/5] How did this typo get back in here? :/ --- core/extension.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/extension.class.php b/core/extension.class.php index e5ce13d2..b54956de 100644 --- a/core/extension.class.php +++ b/core/extension.class.php @@ -191,7 +191,7 @@ abstract class DataHandlerExtension extends SimpleExtension { } } - public function onThumnbnailGeneration(ThumbnailGenerationEvent $event) { + public function onThumbnailGeneration(ThumbnailGenerationEvent $event) { if($this->supported_ext($event->type)) { if (method_exists($this, 'create_thumb_force') && $event->force == true) { $this->create_thumb_force($event->hash); From 9db912d996ff38f0eba2d432ff884eafc5931d54 Mon Sep 17 00:00:00 2001 From: Shish Date: Sun, 5 Feb 2012 06:59:55 +0000 Subject: [PATCH 5/5] now that the cache key has changed, the invalidation needs updating... --- contrib/ipban/main.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/ipban/main.php b/contrib/ipban/main.php index 06e86b1d..bd9a11d0 100644 --- a/contrib/ipban/main.php +++ b/contrib/ipban/main.php @@ -92,7 +92,7 @@ class IPBan extends SimpleExtension { public function onRemoveIPBan($event) { global $database; $database->Execute("DELETE FROM bans WHERE id = :id", array("id"=>$event->id)); - $database->cache->delete("ip_bans"); + $database->cache->delete("ip_bans_sorted"); } // installer {{{ @@ -261,7 +261,7 @@ class IPBan extends SimpleExtension { global $database; $sql = "INSERT INTO bans (ip, reason, end_timestamp, banner_id) VALUES (:ip, :reason, :end, :admin_id)"; $database->Execute($sql, array("ip"=>$ip, "reason"=>$reason, "end"=>strtotime($end), "admin_id"=>$user->id)); - $database->cache->delete("ip_bans"); + $database->cache->delete("ip_bans_sorted"); log_info("ipban", "'$user->name' has banned '$ip' because '$reason' until '$end'"); } // }}}