50 most recent check-ins
|
2026-03-31
| ||
| 07:12:28 | delete forgotten commented-out code in batchoperate.asm Leaf check-in: 4f3b54e787 user: unmush tags: trunk | |
| 05:06:38 | Add /!batchoperate/RANGES command. Add a new permission, permMoveAll, to govern whether a user is allowed to move anyone's posts. This is still subject to thread locking limitations. Add [special:canmove], which takes into account the current thread, its lock status, permIgnoreLock, permAdmin, and permMoveAll. Modify ShowThread and the thread view templates to include a form for selecting posts when the user has permissions to make use of it (permDelAll, permMoveAll, or permAdmin). Add a /!batchspec/THREADID command that takes range specifications from POST parameters and a thread id and turns them into a thread-qualified range specifications string, and redirects to the appropriate /!batchoperate/RANGES location. Add a /!batchoperate command, with 5 different operations: 1. refresh the view after manually editing the range specifications string 2. narrow the view to the POST range specifications (set intersection) 3. exclude the POST range specifications from the view (set difference) 4. delete the specified posts 5. move the specified posts to target thread given by thread ID or slug Add a trigger to PostsAU in create.sql that removes posts from UnreadPosts when they are moved to a limited thread that the user specified in UnreadPosts is not invited to. Add /!message/error_cant_move and /!message/error_bad_ranges. Create a DeletePosts procedure that accepts an arbitrary query, refactor DeleteUserPosts to use it. check-in: b29b1a81d5 user: unmush tags: trunk | |
|
2026-01-17
| ||
| 07:28:44 | s/uaRegister/uaRegistering/ check-in: c2d1546a27 user: unmush tags: trunk | |
| 07:26:46 | Always log user activity for uaRegister. The saved ticket is necessary for registration to actually work, and it shouldn't arbitrarily break under high load. check-in: 7d96d49643 user: unmush tags: trunk | |
|
2025-12-22
| ||
| 08:45:26 | Add !ban command, fix some memory leaks, adjust purge UI. New permission: permBan. This controls whether a user is permitted to ban a non-admin user. Banning consists of removing all permissions, including login permissions, changing the target user's description (typically to add something along the lines of "this user is banned" at the top), and immediately forcibly logging the user out. Any user with permAdmin can also use !ban, and is not limited to targeting only non-admin users. The ban page for a user USERNAME can be reached at /!ban/USERNAME. This page is linked to (for users with the appropriate permission) from any post by the user in question via the hammer icon, and also from /!userinfo/USERNAME. The "delete posts" button has been moved to be next to the ban button on the userinfo page so that non-admin users with permDelAll can also see it even when looking at another user's userinfo page. Added uaPurgingPosts so that that specific type of deletion can be more precisely logged. Added [special:canban]. If the user for whom the template is being rendered isn't an admin but does have permBan, this will determine the target user's permissions based on the user id in the [userid] field. If that field doesn't exist in the statement used for rendering this template, then in this situation it will default to no (that is, it will be replaced with "0"). Added source/migration6.sql for adding /!message/error_cant_ban to the Messages table and documented it in README-notes.org. Fixed a memory leak in RenderTemplate introduced when I changed it to always come up with a skin directory even when pSpecial is 0. The purpose for that change was to make [include:...] available even in those cases. Fixed a memory leak in GetDefaultSkin introduced when I added validation of the user-supplied skin cookie. Previously the value wouldn't be freed when it was determined to be invalid. check-in: 6fd314a615 user: unmush tags: trunk | |
|
2025-12-17
| ||
| 08:22:20 | Add !purge command for mass-deleting posts of an individual user. Add a DeleteUserPosts procedure that can delete all of a user's posts that match certain constraints. These constraints can be "no constraint", "posts visible to the specified user", "public posts", "posts in limited threads that are visible to the specified user", and "posts in limited threads". It is the caller's responsibility to enforce permissions. Additionally, a flag can be supplied indicating whether to allow posts in locked threads to be deleted. Add a DeleteUserPostsCmd procedure that renders form_purge.tpl when reached via GET and calls DeleteUserPosts when reached via POST. Add a [special:candelall0] command to RenderTemplate to indicate permDelAll. The 0 suffix is because there was a collision in the tableSpecial table, and I suspect that shuffling tpl_func would have a high probability of causing another collision somewhere, so it may take some effort. Add form_purge.tpl for Urban Sunrise and Wasp, and link the other skins to the Wasp one. Add a button linking to !purge for the user being examined from the !userinfo page when viewed by authorized users. Minor change to SearchFieldHash to make the "success" path linear, consistent with other procedures. check-in: 378fb7973c user: unmush tags: trunk | |
|
2025-12-13
| ||
| 10:29:41 | Allow admin to use !by_id for limited-access threads. check-in: d9e9a94d55 user: unmush tags: trunk | |
| 09:51:45 | Allow admin to edit limited threads. The wording of the nearby comment "other users must have permission ..." suggests that something like this probably existed before but got accidentally moved or removed. check-in: df34820228 user: unmush tags: trunk | |
| 09:48:30 | Non-admin users can only lock visible-to-them threads. check-in: d696ff8807 user: unmush tags: trunk | |
| 09:43:52 | Properly reset pointer to input field name on each iteration in SearchFieldHash check-in: 2fee8d6741 user: unmush tags: trunk | |
| 05:18:30 | Fix CheckLimitedAccess to use the userID passed in. Previously it would just assume that there was a TSpecialParams in esi and fetch [esi+TSpecialParams.userID] instead. Due to the regularity of register selection, this happened to work in all existing cases. check-in: e809e661e9 user: unmush tags: trunk | |
|
2025-12-11
| ||
| 19:30:16 | Add notes, send-message.sh, and xmppc-patches. These were previously being passed around in a tarball along with the patches against asmbb-3.0, but since we have a proper repository now they should be made available here. check-in: 1a60d3a903 user: unmush tags: trunk | |
| 17:18:43 | Adjust userinfo.tpl for all skins to include the current permLock and permIgnoreLock status. check-in: 73fa878567 user: unmush tags: trunk | |
| 17:14:48 | Add thread locking. Adds a 'Locked' flag field to the Threads table. Adds two new permissions, permLock and permIgnoreLock. Adds a 'threadlocked' result column to showthread.sql, threadinfo.sql, and threadlist.sql. Adjusts 'EditUserMessage', 'DeletePost', 'Vote', [special:canpost], [special:candelete], [special:canedit], and [special:canvote] to honor the combination of 'Locked' flag and permIgnoreLock. In the process, adds SearchFieldHash and uses it in RenderTemplate.complex_permission, where previously no handling of hash collisions was done (!). Adds template commands [special:canlock] and [special:canignorelock]. Adds '!lock' and '!unlock' commands, both implemented by LockThread. Adds new Message rows for 'error_cant_lock' and 'error_cant_unlock'. Adjusts thread_info.tpl for all skins to include a homegrown, ethically-sourced, organic, artisanal lock icon when the thread being shown is locked. Adjusts form_editinfo.tpl and form_settings.tpl for all skins to support showing and editing the new permLock and permIgnoreLock permissions. Adjusts nav_thread.tpl for all skins to include ' (locked)' after the caption if the thread is locked, and if the requesting client has the permLock permission, show either a 'Lock' or 'Unlock' button depending on whether the thread is currently locked. Adjusts the Urban Sunrise post_view.tpl to not show a quote button when a logged-in user doesn't have permission to post in the thread containing that post. This brings it in line with the other skins. It still shows the quote button when a non-locked thread is viewed without being logged in, but links to the login page instead. In other words, we assume it is better for users with permIgnoreLock to have to find their own way to the login page than to have regular users confused why they have a quote button that goes away when they log in ("did a mod do something to my account??? Did (((they))) shut it down?"). check-in: e18db73c74 user: unmush tags: trunk | |
| 17:14:45 | Fix double-free in CreateAtomFeed. A double-free would previously occur whenever a tag existed but had no associated threads. This would be triggered by accessing /TAGNAME/!feed, causing a crash. To my knowledge such tags aren't linked to anywhere, but the vile foe, bingbot, will remember them from when they were referenced and try to access it anyway. check-in: ea6d673c22 user: unmush tags: trunk | |
| 17:14:43 | Add support for account activation addresses other than email. In addition to an address (formerly an email address), each user now has an address_type. This is a lowercase-canonicalized string indicating the type of the address. For example, email is represented by the string "smtp". This requires a database schema change, which can be accomplished using the new source/migration4.sql file. Other types can be implemented using the new message_exec parameter. It is passed 5 named arguments: --type (address type), --from (sender account username, --to (full target address), --host (smtp_host), and --subject. All included skins have been updated to support specifying the address type for normal registration, address change, admin account creation, and password reset. Some other miscellaneous changes: the "mirrors" parameter now has a proper UI in the settings page. Sending emails longer than PIPE_BUF to smtp_exec no longer causes the calling thread to hang indefinitely. check-in: b808cdca53 user: unmush tags: trunk | |
| 17:14:41 | Prevent newlines in email addresses. Newlines in email addresses can cause a mail client to interpret part of the email address as different headers, potentially allowing arbitrary headers to be set, so that mail may be sent to an email address different from the one used to register. check-in: 7162d80b76 user: unmush tags: trunk | |
| 17:14:39 | Fix behavior of [case:...] with large values. "case" treats digits as part of a number, whitespace as nonexistent, and everything else as a unary digit (that is, it increments the accumulator by 1). For example: a5b6 would be interpreted as ((((1 * 10) + 5) + 1) * 10) + 6 = 166. If an arbitrary string is used, it is therefore possible for extremely large corresponding case values to be used. Previously, this would cause problems because the appropriate case clause is located by decrementing the case value for each non-nested "|" encountered and checking whether this makes the case value *negative* when treated as a signed 32-bit twos-complement value. But when it is being constructed it is treated as an *unsigned* 32-bit value. This can lead to *all* of the clauses being deleted (that is, none of them being "chosen"). To resolve this, increment the case value after it is constructed, and check when decrementing makes it zero, instead of negative. Additionally, it is possible for the case value to wrap around as it is being constructed, such that a sufficiently large case string may end up causing clause 0 to be expanded. To resolve this, use saturated arithmetic such that the largest possible case value is 0xFFFFFFFE, and any larger than that will be clamped to that value. check-in: c316316f60 user: unmush tags: trunk | |
| 17:14:37 | Validate skin cookie. Previously, the only requirement was that this string, when prefixed with $CWD/templates/ and suffixed with "/main_html_start.tpl", corresponded to an existing filename. This meant that anybody with the permission to create a suitable directory on the same system could cause asmbb to expand arbitrary templates, which could do things like exfiltrate any file that asmbb has read access to, such as the database. check-in: 647f456d4f user: unmush tags: trunk | |
| 17:14:34 | Always use English in email body template, add "mirrors" param support. [special:lang] currently is never expanded in this template, so it always chooses German, which is a bad default. This removes all the other languages for now - if [special:lang] starts working again they can come back. This also adds activation links to any mirrors in the comma-separated list in [param:mirrors]. It does this using [head:...], [tail:...], the fact that [equ:...] can reassign to the same key, and two helper templates, string_join.tpl and string_join2.tpl. check-in: 7513efe9fd user: unmush tags: trunk | |
| 17:14:32 | Fix email subject template. Two problems with the subject template previously: 1. [special:lang] is never expanded for this template, so it will always choose case option 14, which in practice means it's always German. This is not a good default. 2. It includes a newline prior to the actual subject. check-in: bdf2058987 user: unmush tags: trunk | |
| 17:14:30 | Fix processing of [include:...] when a null TSpecialParams is passed. This rearranges the setup and teardown for RenderTemplate so that the directory of the current skin directory is always saved in [.skinDir] for future use from the start. The initial process of computing the skin directory properly checks for .pSpecial = 0 and uses a fallback, whereas .cmd_include does not, so modify .cmd_include to use [.skinDir]. Finally, modify teardown to free [.skinDir]. check-in: f3cdf770f4 user: unmush tags: trunk | |
| 17:14:28 | Add [param:...], [head:...], and [tail:...] commands. [param:KEY] looks up the string with id KEY in the Params table. If it is not found, an empty string is substituted instead. If KEY is the empty string, no substitution is performed. [head:STRING] is substituted with the longest prefix of STRING that does not contain a comma. [tail:STRING] is substituted with the suffix following the first comma in STRING or, if there are no commas, with the empty string. The first command makes it possible for templates to directly use values from Params. The latter two make it possible, together with a self-including trick, to process comma-delimited lists. check-in: c46acaaeeb user: unmush tags: trunk | |
| 17:14:26 | Don't allow any part of the case value to be re-expanded. Case commands are processed like so: 1. A '[' is encountered and its position is pushed on the stack for later use. 2. The text following it is parsed and expanded as normal, until a '|' outside of any nested square brackets is encountered. 3. The expanded text following the initial '[' is checked to see whether it matches 'case:'. If it does, the expanded text following the 'case:' is parsed up to the first '|' and converted into a number. 4. In an inner loop, each clause is parsed (but not expanded). When the end of a clause is reached, it is deleted unless its index matches the number obtained in (3) or it ends with a ']'. 5. This leaves exactly one clause remaining, which is parsed and expanded as usual. The problem is between steps (3) and (4): the clauses are currently parsed starting from the '|' where (3) left off, instead of from the '|' encountered in (2). But (3) may have left off in the middle of expanded commands, including ones with attacker-controlled results. check-in: 38d3c8e093 user: unmush tags: trunk | |
| 17:14:24 | SendActivationEmail: verify that user email is not null. It's possible to end up with rows in the WaitingActivation table that have a null email address at the same time as email activation is enabled. This happens if someone registers when email activation is not enabled (so an email address is not required), and then email activation is later enabled and ProcessActivationEmails is called. In this case, SendActivationEmail would segfault. Since the sqlCleanWaiting statement is only run after attempting to send activation emails, the segfault always prevents it from happening, so the failure is persistent. This fixes that. check-in: d69d4cb114 user: unmush tags: trunk | |
| 17:14:22 | Add blank line to separate headers from email body in smtp_exec case. check-in: b13c11d862 user: unmush tags: trunk | |
| 17:14:20 | Allow null user agent to match null user agent when checking login ticket. In SQL, NULL != NULL. Consequently, a ticket issued without a user agent would never be able to match any submitted form, even if it also had no user agent. We resolve this by explicitly checking for the case in which both ticket and form have a null user agent. check-in: 84939fbdeb user: unmush tags: trunk | |
| 17:14:18 | Redirect to front page on spoofed skincookie page referrer. check-in: e1b0f81bd5 user: unmush tags: trunk | |
| 17:14:16 | Redirect to front page on spoofed logout page referrer. check-in: 96526c8d6a user: unmush tags: trunk | |
| 16:48:47 | Prevent newlines in email addresses. Newlines in email addresses can cause a mail client to interpret part of the email address as different headers, potentially allowing arbitrary headers to be set, so that mail may be sent to an email address different from the one used to register. Leaf check-in: 9043aaccbd user: unmush tags: trunk | |
| 16:47:34 | Fix behavior of [case:...] with large values. "case" treats digits as part of a number, whitespace as nonexistent, and everything else as a unary digit (that is, it increments the accumulator by 1). For example: a5b6 would be interpreted as ((((1 * 10) + 5) + 1) * 10) + 6 = 166. If an arbitrary string is used, it is therefore possible for extremely large corresponding case values to be used. Previously, this would cause problems because the appropriate case clause is located by decrementing the case value for each non-nested "|" encountered and checking whether this makes the case value *negative* when treated as a signed 32-bit twos-complement value. But when it is being constructed it is treated as an *unsigned* 32-bit value. This can lead to *all* of the clauses being deleted (that is, none of them being "chosen"). To resolve this, increment the case value after it is constructed, and check when decrementing makes it zero, instead of negative. Additionally, it is possible for the case value to wrap around as it is being constructed, such that a sufficiently large case string may end up causing clause 0 to be expanded. To resolve this, use saturated arithmetic such that the largest possible case value is 0xFFFFFFFE, and any larger than that will be clamped to that value. check-in: e386b87de6 user: unmush tags: trunk | |
| 16:46:33 | Validate skin cookie. Previously, the only requirement was that this string, when prefixed with $CWD/templates/ and suffixed with "/main_html_start.tpl", corresponded to an existing filename. This meant that anybody with the permission to create a suitable directory on the same system could cause asmbb to expand arbitrary templates, which could do things like exfiltrate any file that asmbb has read access to, such as the database. check-in: 806699256c user: unmush tags: trunk | |
| 16:45:07 | Always use English in email body template, add "mirrors" param support. [special:lang] currently is never expanded in this template, so it always chooses German, which is a bad default. This removes all the other languages for now - if [special:lang] starts working again they can come back. This also adds activation links to any mirrors in the comma-separated list in [param:mirrors]. It does this using [head:...], [tail:...], the fact that [equ:...] can reassign to the same key, and two helper templates, string_join.tpl and string_join2.tpl. check-in: ce8c530db0 user: unmush tags: trunk | |
| 16:27:28 | Fix email subject template. Two problems with the subject template previously: 1. [special:lang] is never expanded for this template, so it will always choose case option 14, which in practice means it's always German. This is not a good default. 2. It includes a newline prior to the actual subject. check-in: acdd4c286b user: unmush tags: trunk | |
| 16:26:14 | Fix processing of [include:...] when a null TSpecialParams is passed. This rearranges the setup and teardown for RenderTemplate so that the directory of the current skin directory is always saved in [.skinDir] for future use from the start. The initial process of computing the skin directory properly checks for .pSpecial = 0 and uses a fallback, whereas .cmd_include does not, so modify .cmd_include to use [.skinDir]. Finally, modify teardown to free [.skinDir]. check-in: 75cd98b6dd user: unmush tags: trunk | |
| 16:25:06 | Add [param:...], [head:...], and [tail:...] commands. [param:KEY] looks up the string with id KEY in the Params table. If it is not found, an empty string is substituted instead. If KEY is the empty string, no substitution is performed. [head:STRING] is substituted with the longest prefix of STRING that does not contain a comma. [tail:STRING] is substituted with the suffix following the first comma in STRING or, if there are no commas, with the empty string. The first command makes it possible for templates to directly use values from Params. The latter two make it possible, together with a self-including trick, to process comma-delimited lists. check-in: ca05ca6c3a user: unmush tags: trunk | |
| 16:24:10 | Don't allow any part of the case value to be re-expanded. Case commands are processed like so: 1. A '[' is encountered and its position is pushed on the stack for later use. 2. The text following it is parsed and expanded as normal, until a '|' outside of any nested square brackets is encountered. 3. The expanded text following the initial '[' is checked to see whether it matches 'case:'. If it does, the expanded text following the 'case:' is parsed up to the first '|' and converted into a number. 4. In an inner loop, each clause is parsed (but not expanded). When the end of a clause is reached, it is deleted unless its index matches the number obtained in (3) or it ends with a ']'. 5. This leaves exactly one clause remaining, which is parsed and expanded as usual. The problem is between steps (3) and (4): the clauses are currently parsed starting from the '|' where (3) left off, instead of from the '|' encountered in (2). But (3) may have left off in the middle of expanded commands, including ones with attacker-controlled results. check-in: fa56fe0fbf user: unmush tags: trunk | |
| 16:12:44 | SendActivationEmail: verify that user email is not null. It's possible to end up with rows in the WaitingActivation table that have a null email address at the same time as email activation is enabled. This happens if someone registers when email activation is not enabled (so an email address is not required), and then email activation is later enabled and ProcessActivationEmails is called. In this case, SendActivationEmail would segfault. Since the sqlCleanWaiting statement is only run after attempting to send activation emails, the segfault always prevents it from happening, so the failure is persistent. This fixes that. check-in: 0305cd92ca user: unmush tags: trunk | |
| 16:11:57 | Add blank line to separate headers from email body in smtp_exec case. check-in: 27595c0747 user: unmush tags: trunk | |
| 16:10:50 | Allow null user agent to match null user agent when checking login ticket. In SQL, NULL != NULL. Consequently, a ticket issued without a user agent would never be able to match any submitted form, even if it also had no user agent. We resolve this by explicitly checking for the case in which both ticket and form have a null user agent. check-in: aa5c2097ca user: unmush tags: trunk | |
| 16:10:15 | Redirect to front page on spoofed skincookie page referrer. check-in: 30b7ba4389 user: unmush tags: trunk | |
| 16:08:50 | Redirect to front page on spoofed logout page referrer. check-in: e129263c00 user: unmush tags: trunk | |
|
2024-11-13
| ||
| 07:40:03 | Another stupid bug. Leaf check-in: 7544654b24 user: johnfound tags: SkinNoCSS | |
| 07:17:36 | Fixed bug in __StrCatMinimag. check-in: a5d67a3ca9 user: johnfound tags: SkinNoCSS | |
|
2024-11-10
| ||
| 20:14:24 | Better processing of the minimag markup in __StrCatMinimag. Should be tested more. check-in: 31ce1bf757 user: johnfound tags: SkinNoCSS | |
| 18:55:43 | Fixed small bug in edit.asm. Fixed the autocomplete function in the editor. The problem was a duplicated tag ID in the main_html_start.tpl. check-in: 9146b624e3 user: johnfound tags: SkinNoCSS | |
| 15:37:14 | Sync the themes with the latest changes in the backend. check-in: 0eab86e6da user: johnfound tags: SkinNoCSS | |
|
2024-11-09
| ||
| 18:32:15 | Remove the </li> tag from the themes. check-in: 4de41bb25a user: johnfound tags: SkinNoCSS | |
| 08:56:14 | Clean the start and end whitespace from the quoted post (for BBCode). check-in: fa96f90abd user: johnfound tags: SkinNoCSS | |
| 08:55:17 | Removed the useless button "Reset" from the editor form. check-in: edc8320c7f user: johnfound tags: SkinNoCSS | |