github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-21 22:03:49 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Some security enhancements (#1505)

Browse source 
* Some security enhancements

* Update CHANGELOG.md
This commit is contained in:
Roman Kelesidis 2024-06-12 13:12:25 +07:00 committed by GitHub
commit 411a756085
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -7,6 +7,7 @@
- Release 2.4.4 🦩 ([belomaxorka](https://github.com/belomaxorka)) - Release 2.4.4 🦩 ([belomaxorka](https://github.com/belomaxorka))
- Some security improvements 🔑 [\#1503](https://github.com/torrentpier/torrentpier/pull/1503) ([belomaxorka](https://github.com/belomaxorka)) - Some security improvements 🔑 [\#1503](https://github.com/torrentpier/torrentpier/pull/1503) ([belomaxorka](https://github.com/belomaxorka))
- Some security enhancements (Part 2) [\#1505](https://github.com/torrentpier/torrentpier/pull/1505) ([belomaxorka](https://github.com/belomaxorka))
- Some improvements for integrity checker [\#1501](https://github.com/torrentpier/torrentpier/pull/1501) ([belomaxorka](https://github.com/belomaxorka)) - Some improvements for integrity checker [\#1501](https://github.com/torrentpier/torrentpier/pull/1501) ([belomaxorka](https://github.com/belomaxorka))
- Minor improvements [\#1502](https://github.com/torrentpier/torrentpier/pull/1502) ([belomaxorka](https://github.com/belomaxorka)) - Minor improvements [\#1502](https://github.com/torrentpier/torrentpier/pull/1502) ([belomaxorka](https://github.com/belomaxorka))
- New Crowdin updates [\#1504](https://github.com/torrentpier/torrentpier/pull/1504) ([Exileum](https://github.com/Exileum)) - New Crowdin updates [\#1504](https://github.com/torrentpier/torrentpier/pull/1504) ([Exileum](https://github.com/Exileum))

3
library/ajax/posts.php
View file

@ -76,9 +76,10 @@ switch ($this->request['type']) {
$message = "[quote=\"" . $quote_username . "\"][qpost=" . $post['post_id'] . "]" . $post['post_text'] . "[/quote]\r"; $message = "[quote=\"" . $quote_username . "\"][qpost=" . $post['post_id'] . "]" . $post['post_text'] . "[/quote]\r";
// hide user passkey // hide user passkey
$message = preg_replace('#(?<=\?uk=)[a-zA-Z0-9](?=&)#', 'passkey', $message); $message = preg_replace('#(?<=[\?&;]' . $bb_cfg['passkey_key'] . '=)[a-zA-Z0-9]#', 'passkey', $message);
// hide sid // hide sid
$message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]#', 'sid', $message); $message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]#', 'sid', $message);
$message = $wordCensor->censorString($message); $message = $wordCensor->censorString($message);
if ($post['post_id'] == $post['topic_first_post_id']) { if ($post['post_id'] == $post['topic_first_post_id']) {

4
library/config.php
View file

@ -108,8 +108,8 @@ $bb_cfg['client_ban'] = [
// The second argument is being shown in the torrent client as a failure message // The second argument is being shown in the torrent client as a failure message
// Handy client list: https://github.com/transmission/transmission/blob/f85c3b6f8db95d5363f6ec38eee603f146c6adb6/libtransmission/clients.cc#L504 // Handy client list: https://github.com/transmission/transmission/blob/f85c3b6f8db95d5363f6ec38eee603f146c6adb6/libtransmission/clients.cc#L504
'clients' => [ 'clients' => [
'-UT' => "uTorrent — NOT ad-free and open-source", '-UT' => 'uTorrent — NOT ad-free and open-source',
'-MG' => 'Mostly leeching client' '-MG' => 'Mostly leeching client',
] ]
]; ];

2
posting.php
View file

@ -463,7 +463,7 @@ if ($refresh || $error_msg || ($submit && $topic_has_new_posts)) {
$message = '[quote="' . $quote_username . '"][qpost=' . $post_info['post_id'] . ']' . $message . '[/quote]'; $message = '[quote="' . $quote_username . '"][qpost=' . $post_info['post_id'] . ']' . $message . '[/quote]';
// hide user passkey // hide user passkey
$message = preg_replace('#(?<=\?uk=)[a-zA-Z0-9](?=&)#', 'passkey', $message); $message = preg_replace('#(?<=[\?&;]' . $bb_cfg['passkey_key'] . '=)[a-zA-Z0-9]#', 'passkey', $message);
// hide sid // hide sid
$message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]#', 'sid', $message); $message = preg_replace('#(?<=[\?&;]sid=)[a-zA-Z0-9]#', 'sid', $message);