Tag: Branch: Tree: 2a51aabf92

develop

indiachan

indiachan-spamvector

jschan

master

0.1.4

v0.1.1

v0.1.10

v0.1.2

v0.1.3

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.10.0

v0.10.1

v0.10.2

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.8.0

v0.8.1

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v1.6.0

v1.6.1

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from '2a51aabf92'

${ noResults }

Commit Graph

268 Commits (2a51aabf92410b9ef1e2c4680272f139a343607e)

Author	SHA1	Message	Date
Thomas Lynch	edd2f0392d	npm update	3 years ago
Thomas Lynch	2d26328dc9	update package lock	4 years ago
Thomas Lynch	5ff814de62	npm audit fix https://npmjs.com/advisories/1594	4 years ago
Thomas Lynch	56562a9e52	update deps	4 years ago
Thomas Lynch	e65015540a	run npm audit fix	4 years ago
Thomas Lynch	c6f9744013	ran npm audit fix	4 years ago
Thomas Lynch	4ebea1c084	ran npm audit fix	4 years ago
Thomas Lynch	9215dcbf17	test only, blockhash option	4 years ago
Thomas Lynch	0bc6a80c96	update deps	4 years ago
Thomas Lynch	22f582f3a7	Insecure tripcodes reference #282	4 years ago
Thomas Lynch	ecb9550693	update some deps	4 years ago
Thomas Lynch	26dd43f251	update express-fileupload middleware to fix issue with abort event incorrectly deleting temp files between file upload middleware and later middlewares	4 years ago
Thomas Lynch	48d6721ecc	update deps	4 years ago
Thomas Lynch	f212f67aa4	update package lock	4 years ago
Thomas Lynch	24574862a2	Add file-type moodule to check file mime types strictly, with 2 optiosn in config about it ... Update express-fileupload dependency to clean tempfiles on numFilesLimitHandler Add a proper error message for max num files instead of allowing unlimited and limiting in board post method	4 years ago
Thomas Lynch	7d87819ad4	Update node-fetch dependency for security advisory https://npmjs.com/advisories/1556	4 years ago
Thomas Lynch	f5e44011dd	npm audit fix	4 years ago
Thomas Lynch	2d1af818aa	Update some deps	4 years ago
some random guy	e30ec2737e	normalize IP addresses ... Currently jschan takes the IP address as a string from the `X-Real-Ip` header, which based on the frontend proxy configuration, OS settings, etc. can take various forms: IPv4 addresses can be given in normal IPv4 dotted notation (e.g. `1.2.3.4`) or as an IPv4-mapped IPv6 address (e.g. `::ffff:1.2.3.4`). The problem is, that in the latter case, node's `isIP` will report 6, so the code will try to split it along colons, breaking hrange and qrange. With IPv6 addresses, it's possible to elide runs of zeroes, so `::1` and `0:0:0:0:0:0:0:1` (and also `0000:0000:0000:0000:0000:0000:0000:0001`) represents the same address. Since it's pretty easy to get a /64 IPv6 block, a spammer can abuse it, by spamming from `a🅱️c:d::1` (`qrange=a🅱️c:d`, `hrange=a🅱️c`), then from `a🅱️c:d::1:1` (`qrange=a🅱️c:d:`, `hrange=a🅱️c`), `a🅱️c:d::1:1:1` (`qrange=a🅱️c:d::1`, `hrange=a🅱️c:d`) and `a🅱️c:d:1:1:1:1` (`qrange=a🅱️c:d:1:1`, `hrange=a🅱️c:d`). He practically got two hranges and qrange is pretty much pointless for IPv6 addresses. This change uses the `ip6addr` package to parse IP addresses and convert it to some canonical form. This means: * IPv4 and IPv4-mapped IPv6 addresses are converted to normal IPv4 notation. * Zero are not elided in IPv6 (so you'll never see `::`). * IPv6 addresses are not zero padded (so `..:1` instead of `..:0001`). * Even though it's not documented, it seems like `ip6addr` always generates lower-case letters. This will unfortunately mean that some IP hashes may change after the update. Normal IPv4 hashes will most probably remain the same though.	4 years ago
Thomas Lynch	1f7e670c7c	modlog records for non-delete actions now link to posts closes #193	4 years ago
Thomas Lynch	8935ca5c28	Customisable header for IP and country code, and improve how country names are handled	4 years ago
Thomas Lynch	f4717b35a3	explicit version for express-fileupload, which should now be fixed	4 years ago
Thomas Lynch	39bbedfe53	Get session in websocket	4 years ago
Thomas Lynch	9f47b05f0d	update deps	4 years ago
Thomas Lynch	ce0bfab6c2	switch to getting packages from gitgud.io	4 years ago
Thomas Lynch	708a6e0b9b	remove dupe dependency with same path	4 years ago
dependabot-preview[bot]	d4705d6f3c	Bump bcrypt from 4.0.1 to 5.0.0 (#166) ... Bumps [bcrypt](https://github.com/kelektiv/node.bcrypt.js) from 4.0.1 to 5.0.0. - [Release notes](https://github.com/kelektiv/node.bcrypt.js/releases) - [Changelog](https://github.com/kelektiv/node.bcrypt.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/kelektiv/node.bcrypt.js/compare/v4.0.1...v5.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	4 years ago
dependabot-preview[bot]	bd427b929e	Bump socket.io-redis from 5.2.0 to 5.3.0 (#159) ... Bumps [socket.io-redis](https://github.com/socketio/socket.io-redis) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/socketio/socket.io-redis/releases) - [Changelog](https://github.com/socketio/socket.io-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/socketio/socket.io-redis/compare/5.2.0...5.3.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	4 years ago
dependabot-preview[bot]	ec76dfa0fe	Bump sanitize-html from 1.25.0 to 1.26.0 (#157) ... Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 1.25.0 to 1.26.0. - [Release notes](https://github.com/apostrophecms/sanitize-html/releases) - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/sanitize-html/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	4 years ago
dependabot-preview[bot]	285bee3f31	Bump fs-extra from 9.0.0 to 9.0.1 (#156) ... Bumps [fs-extra](https://github.com/jprichardson/node-fs-extra) from 9.0.0 to 9.0.1. - [Release notes](https://github.com/jprichardson/node-fs-extra/releases) - [Changelog](https://github.com/jprichardson/node-fs-extra/blob/master/CHANGELOG.md) - [Commits](https://github.com/jprichardson/node-fs-extra/compare/9.0.0...9.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	4 years ago
dependabot-preview[bot]	523d0975f7	Bump ioredis from 4.17.1 to 4.17.3 (#150) ... Bumps [ioredis](https://github.com/luin/ioredis) from 4.17.1 to 4.17.3. - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md) - [Commits](https://github.com/luin/ioredis/compare/v4.17.1...v4.17.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	4 years ago
dependabot-preview[bot]	0351b9c688	Bump sanitize-html from 1.24.0 to 1.25.0 (#151) ... Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 1.24.0 to 1.25.0. - [Release notes](https://github.com/apostrophecms/sanitize-html/releases) - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/sanitize-html/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	4 years ago
fatchan	eed27c414a	Update package-lock.json closes #148	4 years ago
Thomas Lynch	b32f3a76c0	bring across dependabot merges (#147) ... * Bump ioredis from 4.16.3 to 4.17.1 Bumps [ioredis](https://github.com/luin/ioredis) from 4.16.3 to 4.17.1. - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md) - [Commits](https://github.com/luin/ioredis/compare/v4.16.3...v4.17.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump sanitize-html from 1.23.0 to 1.24.0 Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 1.23.0 to 1.24.0. - [Release notes](https://github.com/apostrophecms/sanitize-html/releases) - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/sanitize-html/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump pug from 2.0.4 to 3.0.0 Bumps [pug](https://github.com/pugjs/pug) from 2.0.4 to 3.0.0. - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> * Bump mongodb from 3.5.7 to 3.5.8 Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 3.5.7 to 3.5.8. - [Release notes](https://github.com/mongodb/node-mongodb-native/releases) - [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md) - [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>	4 years ago
dependabot-preview[bot]	ec2f3a68c7	Bump mongodb from 3.5.7 to 3.5.8 ... Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 3.5.7 to 3.5.8. - [Release notes](https://github.com/mongodb/node-mongodb-native/releases) - [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md) - [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.7...v3.5.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	c1ea23a6a8	Bump pug from 2.0.4 to 3.0.0 ... Bumps [pug](https://github.com/pugjs/pug) from 2.0.4 to 3.0.0. - [Release notes](https://github.com/pugjs/pug/releases) - [Commits](https://github.com/pugjs/pug/compare/pug@2.0.4...pug@3.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	f5961af0b0	Bump sanitize-html from 1.23.0 to 1.24.0 ... Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 1.23.0 to 1.24.0. - [Release notes](https://github.com/apostrophecms/sanitize-html/releases) - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/master/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/sanitize-html/commits) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	c73c306068	Bump ioredis from 4.16.3 to 4.17.1 ... Bumps [ioredis](https://github.com/luin/ioredis) from 4.16.3 to 4.17.1. - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md) - [Commits](https://github.com/luin/ioredis/compare/v4.16.3...v4.17.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	d72e9e9df4	Bump highlight.js from 10.0.2 to 10.0.3 ... Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/highlightjs/highlight.js/releases) - [Changelog](https://github.com/highlightjs/highlight.js/blob/10.0.3/CHANGES.md) - [Commits](https://github.com/highlightjs/highlight.js/compare/10.0.2...10.0.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	4e0915b172	Bump bull from 3.13.0 to 3.14.0 ... Bumps [bull](https://github.com/OptimalBits/bull) from 3.13.0 to 3.14.0. - [Release notes](https://github.com/OptimalBits/bull/releases) - [Changelog](https://github.com/OptimalBits/bull/blob/develop/CHANGELOG.md) - [Commits](https://github.com/OptimalBits/bull/compare/v3.13.0...v3.14.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	2576586e51	Bump highlight.js from 10.0.1 to 10.0.2 ... Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.0.1 to 10.0.2. - [Release notes](https://github.com/highlightjs/highlight.js/releases) - [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md) - [Commits](https://github.com/highlightjs/highlight.js/compare/10.0.1...10.0.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
fatchan	6e1f552304	Bugfix quote difference/intersection when updating for edits references #121	4 years ago
dependabot-preview[bot]	87fad7e661	Bump socks-proxy-agent from 4.0.2 to 5.0.0 ... Bumps [socks-proxy-agent](https://github.com/TooTallNate/node-socks-proxy-agent) from 4.0.2 to 5.0.0. - [Release notes](https://github.com/TooTallNate/node-socks-proxy-agent/releases) - [Commits](https://github.com/TooTallNate/node-socks-proxy-agent/compare/4.0.2...5.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	588e63d51f	Bump mongodb from 3.5.6 to 3.5.7 ... Bumps [mongodb](https://github.com/mongodb/node-mongodb-native) from 3.5.6 to 3.5.7. - [Release notes](https://github.com/mongodb/node-mongodb-native/releases) - [Changelog](https://github.com/mongodb/node-mongodb-native/blob/master/CHANGES_3.0.0.md) - [Commits](https://github.com/mongodb/node-mongodb-native/compare/v3.5.6...v3.5.7) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	caed7de6a8	Bump highlight.js from 10.0.0 to 10.0.1 ... Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 10.0.0 to 10.0.1. - [Release notes](https://github.com/highlightjs/highlight.js/releases) - [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md) - [Commits](https://github.com/highlightjs/highlight.js/compare/10.0.0...10.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	cef5d352b1	Bump pm2 from 4.3.1 to 4.4.0 ... Bumps [pm2](https://github.com/Unitech/pm2) from 4.3.1 to 4.4.0. - [Release notes](https://github.com/Unitech/pm2/releases) - [Changelog](https://github.com/Unitech/pm2/blob/master/CHANGELOG.md) - [Commits](https://github.com/Unitech/pm2/compare/4.3.1...4.4.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	51450aa0dd	Bump express-fileupload from `9aada2e` to `ecc5ad4` ... Bumps [express-fileupload](https://github.com/fatchan/express-fileupload) from `9aada2e` to `ecc5ad4`. - [Release notes](https://github.com/fatchan/express-fileupload/releases) - [Commits](9aada2ecde...ecc5ad4f41) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	17bcfa4621	Bump highlight.js from 9.18.1 to 10.0.0 ... Bumps [highlight.js](https://github.com/highlightjs/highlight.js) from 9.18.1 to 10.0.0. - [Release notes](https://github.com/highlightjs/highlight.js/releases) - [Changelog](https://github.com/highlightjs/highlight.js/blob/master/CHANGES.md) - [Commits](https://github.com/highlightjs/highlight.js/compare/9.18.1...10.0.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
dependabot-preview[bot]	966aba4e6d	Bump ioredis from 4.16.2 to 4.16.3 ... Bumps [ioredis](https://github.com/luin/ioredis) from 4.16.2 to 4.16.3. - [Release notes](https://github.com/luin/ioredis/releases) - [Changelog](https://github.com/luin/ioredis/blob/master/Changelog.md) - [Commits](https://github.com/luin/ioredis/compare/v4.16.2...v4.16.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	4 years ago
fatchan	88d27a848f	fix tht forms script being broken and forcing nonjs blockbypass when no files form	4 years ago