Update express-fileupload dependency to clean tempfiles on numFilesLimitHandler
Add a proper error message for max num files instead of allowing unlimited and limiting in board post method
If a user is board owner/mod, use higher capcode only if explicitly entered, else use board owner/mod capcode
Strip extra repititions
Default back to stafflevel for perm if theres a mismatch
The splitregex in the markdown function didnt include ther ```'s in the match, because it doesnt include them in the code block
So when the prepare function ran, and joined the text back together, it wouldn't have any ```'s, so the code blocks would never be split or rendered.
So quick fix was add a second one that includes the ```'s when doing the dice prepare function, so it wont break the code blocks
references #214
In the old implementation, if you had for example 2 dice, you could only roll
even numbers, which is clearly wrong.
Also reduced the max numdice to 99 to not DoS the server with large numdice
values.
***DO NOT USE***
This still has some issues and needs testing.
- needs updated nginx configs added, expects "TOR" in the x-country-code header under a separate vhost
- need to make sure bans work properly still
- need to implement system to prevent captcha ddos, since i cant just to IP ratelimit now
- im 99% sure post history of tor users is broken if viewed by non-global staff
- manual input ban form will also be broken for non-global staff
- could still use some improvement on the middleware having a little more complicated flor for tor users
But for the most part it works. Basically it will use the bypass id of a tor user as their "ip".
This prevents prolems like `/` giving 404 in devel mode (when
`static/html/index.html` is missing) or `/captcha` redirecting to
`/captcha/` (then breaking).
authenticated: same as `user != null`
user.authLevel, user.ownedBoards, user.modBoards: refreshed by sessionrefresh on
each request anyways, so it doesn't make much sense to store them in the session
store too.
* properly escape goto parameter
* do not redirect to anywhere, only to the same server, no query parameters
This should still allow valid targets, like `/account.html`,
`/boardname/manage/whatever` while disallow things like `https://othersite.com`.
some random guy