From c5044d2c0ee909a27ccc93429a8ba18d546b484b Mon Sep 17 00:00:00 2001 From: STJrInuyasha Date: Wed, 30 Dec 2015 04:51:49 -0800 Subject: [PATCH 1/3] Attempt to curtail password autofill when it shouldn't happen e.g. when you're editing another user. Web browser devs think they're so smart... --- edituser.php | 16 ++++++++++++---- newreply.php | 5 +++++ newthread.php | 5 +++++ 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/edituser.php b/edituser.php index 766f3e5..8363fd2 100644 --- a/edituser.php +++ b/edituser.php @@ -101,11 +101,19 @@ print "
$tblstart -
+ + $hlft Login information $hrgt - $lft User name $rgt$inpt=username VALUE=\"$user[name]\" SIZE=25 MAXLENGTH=25 autocomplete=off> - $lft Also known as $rgt$inpt=aka VALUE=\"$user[aka]\" SIZE=25 MAXLENGTH=25 autocomplete=off> - $lft Password $rgt$inpp=password VALUE=\"\" SIZE=13 MAXLENGTH=64 autocomplete=off> + $lft User name $rgt$inpt=username VALUE=\"$user[name]\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\"> + $lft Also known as $rgt$inpt=aka VALUE=\"$user[aka]\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\"> + + + + + + $lft Password $rgt$inpp=password VALUE=\"\" SIZE=13 MAXLENGTH=64 autocomplete=\"new-password\"> $hlft Administrative bells and whistles $hrgt $lft Power level $rgt$levellist diff --git a/newreply.php b/newreply.php index c519343..2d72246 100644 --- a/newreply.php +++ b/newreply.php @@ -111,6 +111,11 @@ $tccell1>{$passhint} $tccell2l colspan=2> {$altloginjs} Username: $inpt=username VALUE=\"".htmlspecialchars($username)."\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\"> + + + + + Password: $inpp=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\"> $tccell1>Reply: diff --git a/newthread.php b/newthread.php index ff8427d..7833fc0 100644 --- a/newthread.php +++ b/newthread.php @@ -147,6 +147,11 @@ $tccell1>{$passhint} $tccell2l colspan=2> {$altloginjs} Username: $inpt=username VALUE=\"".htmlspecialchars($username)."\" SIZE=25 MAXLENGTH=25 autocomplete=\"off\"> + + + + + Password: $inpp=password SIZE=13 MAXLENGTH=64 autocomplete=\"off\"> "; print $form; From 4573b590163185307aa185ee68b0d3fcc8c69b87 Mon Sep 17 00:00:00 2001 From: STJrInuyasha Date: Wed, 30 Dec 2015 05:46:06 -0800 Subject: [PATCH 2/3] Slightly less #defcon spam (/lib/function.php #413) MySQL error: SQL syntax error near '' at line 1 Due to trying to make tags when there's no user. --- lib/function.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/function.php b/lib/function.php index 487e909..c812a3e 100644 --- a/lib/function.php +++ b/lib/function.php @@ -402,6 +402,12 @@ function dotags($msg, $user, &$tags = array()) { $tags = json_decode($tags, true); } + if (empty($tags) && empty($user)) { + // settags sent us here and we have nothing to go off of. + // Shrug our shoulders, and move on. + return $msg; + } + if (empty($tags)) { $tags = array( '/me ' => "*". $user['username'] ." ", From 3f5b4145b952e2efe6b82974c83bcf1a3bb78be2 Mon Sep 17 00:00:00 2001 From: STJrInuyasha Date: Wed, 30 Dec 2015 06:21:14 -0800 Subject: [PATCH 3/3] fix the other #defcon spam issue. (/newthread.php #3) MySQL error: SQL syntax error near '' at line 1 $id is expected to be an int at all times by a lot of the code. May as well ensure it is. (Also, explicit check for === filter_int's failure condition, because 0 is still false.) --- lib/function.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/function.php b/lib/function.php index c812a3e..4abed71 100644 --- a/lib/function.php +++ b/lib/function.php @@ -7,8 +7,11 @@ // Awful old legacy thing. Too much code relies on register globals, // and doesn't distinguish between _GET and _POST, so we have to do it here. fun - $id = filter_int($_POST['id']) ? $_POST['id'] : filter_int($_GET['id']); - + $id = filter_int($_POST['id']); + if ($id === null) + $id = filter_int($_GET['id']); + if ($id === null) + $id = 0; // Wait for the midnight backup to finish... if ((int)date("Gi") < 5) {