Shish
33f5b5ef1a
[core] use salted sha3 instead of md5 for session tokens
2024-08-31 21:53:30 +01:00
Shish
399a56ac79
[dev] bump phpstan strictness
...
no more null surprises
2024-08-31 21:25:20 +01:00
Shish
845c8b3d85
[core] Make User::by_name / User::by_id not-null
...
Nearly everywhere that these functions are called, the result is assumed to be not-null, and a null will break things
2024-08-31 20:39:36 +01:00
Shish
8b20fa3bc2
Add preg_replace_ex
...
having preg_replace return string|array|null is a pain, string|exception is much cleaner
2024-08-31 19:56:27 +01:00
Shish
2e8f38cce0
[core] merge Config and BaseConfig
...
Multiple layers of inheritance were confusing both humans and tools...
2024-08-31 19:33:27 +01:00
Shish
8efa960e5d
Make some more things null-safe
...
(in preparation for bumping up the phpstan strictness to disallow null-unsafe code)
2024-08-31 19:19:24 +01:00
Shish
8f8c0d151a
Update dependency versions
2024-08-31 17:06:39 +01:00
Shish
d4c17598fb
[core] add PetalBot to the list of bots
2024-06-30 01:25:36 +01:00
Shish
7150af6b9e
[core] use sha3 instead of md5 for csrf tokens
2024-06-21 19:35:47 +01:00
Shish
17b0b4e94f
[core] remove config->set_XXX("foo", null) -- use config->delete("foo") instead
2024-06-21 19:17:44 +01:00
Shish
f84bcaec01
microhtml for everything in <head>
...
I wanted to ensure that all pages (even the downtime page, terms page, home page, etc) had the appropriate `data-` attributes on `<body>` (because those are required for certain javascript, eg autocomplete, to work). One thing led to another and now everything in `head` is microhtml'ed
2024-06-21 18:52:05 +01:00
discomrade
38a7bb542b
use <code> where appropriate
2024-06-21 18:24:38 +01:00
Shish
24d6aff794
[core] remove unusued isnull SQL function
2024-06-21 18:03:39 +01:00
Shish
5b083c9ad4
[core] different errors for missing vs invalid CSRF token
2024-06-21 00:24:57 +01:00
Shish
be842308d9
[core] have a system level SECRET variable, to be used as a salt separate from DATABASE_DSN
2024-06-21 00:18:43 +01:00
Shish
8cb87b2469
[core] add a test suite for SQL features
2024-06-20 23:22:58 +01:00
Shish
61f13c6794
[core] have User::by_session() check session ID on the PHP side
...
Generating the token on the PHP side is more consistent than getting the databases to do it
2024-06-20 01:13:10 +01:00
Shish
8a3d5b5b11
[core] move get_session_id and set_login_cookie into User class
2024-06-20 01:07:11 +01:00
Shish
a59b9f706c
[core] use || for SQL concatenation
...
MySQL supports this now?
2024-06-19 23:57:41 +01:00
Shish
069fb92f54
[core] test for bool_escape(null) == false
2024-06-19 15:24:05 +01:00
Shish
63c6f9d2ac
[core] config->save() is implicit in set_XXX(), no need to call it from outside of there
2024-06-19 15:23:42 +01:00
discomrade
60f96fa128
[blur] blur thumbs with explicit rating
2024-06-10 14:16:30 +01:00
discomrade
6ad54565c5
[core] allow relative url in contact link
2024-06-09 17:01:37 +01:00
Shish
2f07d4c71c
[core] make request cookies configurable
2024-06-07 14:47:30 +01:00
Shish
d04407d3bc
bump
...
`main` branch is working towards 2.12, not 2.11
2024-06-05 14:06:10 +01:00
Shish
db148da479
[core] add shm_make_link JS function, to generate links from JS which work both with and without niceurls, fixes #1160 , fixes #1151
2024-06-05 14:01:40 +01:00
discomrade
baf55a26fa
[terms] add terms and conditions gate
2024-06-04 20:04:38 +01:00
Shish
5cbbe5e1b3
[core] remove is_logged_in
...
This was only used in a couple of places, and user classes are more useful
2024-05-04 16:06:08 +01:00
Shish
f6973fd01f
[core] make PageRequest->page_starts_with be less weird
2024-04-27 01:12:39 +01:00
Shish
b59fe4c694
Have a common PartListBuildingEvent, fixes #1124
2024-03-28 16:17:18 +00:00
Shish
517f8c0019
[core] differentiate permission denied due to missing permission vs error, see #1103
2024-03-12 13:13:02 +00:00
Shish
b6cca42f73
[core/polyfills] remove mb_ functions - there are standard polyfills for that
2024-02-27 13:05:22 +00:00
Shish
b9c7d632fd
[graphql] custom field resolver, fixes #1089
2024-02-25 19:32:05 +00:00
Shish
2be141327a
[graphql] fix graphql field access, fixes #1089
2024-02-25 16:54:13 +00:00
Shish
2f4d8572b7
[core] don't limit searchable tag length, only writable length, fixes #1087
2024-02-24 17:47:22 +00:00
Shish
ac14d1e4c6
[core] search code docs and test function
2024-02-24 14:44:17 +00:00
Shish
4cc9b2f5d3
[core] don't crash when REMOTE_ADDR is 'unix:', fixes #1076
2024-02-22 23:18:38 +00:00
Shish
ae92e42300
[core] Utils tests
2024-02-21 23:51:10 +00:00
Shish
dd6c47484d
[core] UserClass tests
2024-02-21 23:38:52 +00:00
Shish
0890de35c1
[core] don't crash if TRUSTED_PROXIES isn't defined, fixes #1061
2024-02-21 14:59:19 +00:00
Shish
b407bad7c5
[core] give admin all permissions
2024-02-21 12:55:39 +00:00
discomrade
aff227ac31
[core] fix permissions in forum and notes
...
This includes preventing silent failures when permission is denied, preventing unauthorized users from being shown the note edit form, patching typos, and extracting NOTES_REQUEST to its own permission
2024-02-21 11:27:19 +00:00
discomrade
ac86cb1302
[core] rename FORUM_CREATE permission
...
This permission is for more than creating threads, making the previous name misleading
2024-02-21 11:27:19 +00:00
Noz
100d86dfbd
fix installer
...
form POSTs to the wrong location if the booru is in a sub directory
2024-02-21 10:15:18 +00:00
Noz
343a858898
fix static file paths
2024-02-21 10:15:18 +00:00
Shish
db0e788a67
[core] Deduplicate ImageAdditionEvent & ImageInfoSetEvent
...
Rather than ImageAddition triggering TagsSet/SourceSet/LockSet etc in one way, and ImageInfoSet triggering TagsSet/SourceSet/LockSet in a different way, why not have ImageAddition *just* deal with image addition, and then send a separate ImageInfoSet to deal with all of the metadata setting?
2024-02-20 22:15:24 +00:00
Shish
2136be80ab
[core] test truncate() properly, and then fix it, and then use it
2024-02-20 15:04:38 +00:00
Shish
e80d235fe9
[core] use Safe library, reduce StdLibEx
2024-02-20 10:38:20 +00:00
Shish
06db4a12e0
[core] test for order=random_1234
2024-02-17 12:38:16 +00:00
Marcos Del Sol Vives
08b01502a5
Do not cast hard drive size to integer - fixes #1037
2024-02-17 12:32:47 +00:00