Security features
This commit is contained in:
parent
cf45d095da
commit
be0053c827
12
board.php
12
board.php
|
@ -379,6 +379,13 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
|
|||
} else {
|
||||
$post['country'] = 'xx';
|
||||
}
|
||||
if (I0_DISABLE_BAD_PROXY_POSTING && $post['country'] == 'xx') {
|
||||
exitWithErrorPage(_gettext('Posting in forbidden for this ip'));
|
||||
}
|
||||
|
||||
if (I0_DISABLE_TOR_POSTING && $post['country'] == 't1') {
|
||||
exitWithErrorPage(_gettext('Posting in forbidden for this ip'));
|
||||
}
|
||||
$post['board'] = $board_class->board['name'];
|
||||
$post['name'] = mb_substr($name, 0, KU_MAXNAMELENGTH);
|
||||
$post['name_save'] = true;
|
||||
|
@ -497,6 +504,7 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
|
|||
if ($thread_replyto != '0') { // If it's a reply...
|
||||
$page_to = $board_class->GetPageNumber($thread_replyto)['page'];
|
||||
if (
|
||||
!I0_SAGE_DISABLED
|
||||
isset($_POST['em'])
|
||||
&&
|
||||
(
|
||||
|
@ -553,7 +561,7 @@ if (isset($_POST['makepost'])) { // A more evident way to identify post action,
|
|||
// $timer->mark('15_regenerated');
|
||||
|
||||
// Regenerate overboard if it makes sense
|
||||
if ($need_overboard) {
|
||||
if ($need_overboard && I0_OVERBOARD_ENABLED) {
|
||||
RegenerateOverboard($board_class->board['boardlist']);
|
||||
// $timer->mark('16_regen_overboard');
|
||||
}
|
||||
|
@ -936,7 +944,7 @@ elseif (
|
|||
}
|
||||
}
|
||||
// Regenerate overboard if it makes sense
|
||||
if ($need_overboard) {
|
||||
if ($need_overboard && I0_OVERBOARD_ENABLED && isset($over_boardlist)) {
|
||||
RegenerateOverboard($over_boardlist);
|
||||
}
|
||||
|
||||
|
|
15
captcha.php
15
captcha.php
|
@ -148,20 +148,23 @@ function opsmaz($img,$ncolor){
|
|||
}
|
||||
return $img2;
|
||||
}
|
||||
|
||||
if (isset($_GET['lang']) && in_array($_GET['lang'], $langs))
|
||||
if (I0_FORCE_CAPTCHA_LANG === false) {
|
||||
if (isset($_GET['lang']) && in_array($_GET['lang'], $langs))
|
||||
$captchalang = $_GET['lang'];
|
||||
elseif (isset($_COOKIE['captchalang']) && in_array($_COOKIE['captchalang'], $langs)) {
|
||||
elseif (isset($_COOKIE['captchalang']) && in_array($_COOKIE['captchalang'], $langs)) {
|
||||
$captchalang = $_COOKIE['captchalang'];
|
||||
}
|
||||
else
|
||||
}
|
||||
else
|
||||
$captchalang = KU_CAPTCHALANG;
|
||||
if (isset($_GET['switch'])) {
|
||||
if (isset($_GET['switch'])) {
|
||||
$current_lang = array_search($captchalang, $langs) + 1;
|
||||
if ($current_lang >= count($langs))
|
||||
$current_lang = 0;
|
||||
$captchalang = $langs[$current_lang];
|
||||
setcookie('captchalang', $captchalang, time() + 31556926, '/'/*, KU_DOMAIN*/);
|
||||
}
|
||||
} else {
|
||||
$captchalang = KU_CAPTCHALANG;
|
||||
}
|
||||
|
||||
// Generate the word
|
||||
|
|
|
@ -89,6 +89,7 @@ if (!$cache_loaded) {
|
|||
$cf['KU_CAPTCHALANG'] = 'num'; // Default captcha language to be used if no captchalang cookie is present. Supported values: ru, en, num (numeric)
|
||||
$cf['KU_CAPTCHALIFE'] = 150; // Captcha time-to-live in seconds
|
||||
$cf['KU_CAPTCHALENGTH'] = rand(4, 7); // Captcha length in letters, rand(a, b) can be used to create random length from a to b.
|
||||
$cf['I0_FORCE_CAPTCHA_LANG'] = false; // Prevent users from changing captcha lang
|
||||
|
||||
|
||||
// ---------------------------------- Userboards (aka 2.0) ----------------------------------
|
||||
|
@ -117,7 +118,9 @@ if (!$cache_loaded) {
|
|||
$cf['I0_ERASE_DELETED'] = false; // Whether or not the contents of posts deleted by user should be erased
|
||||
$cf['I0_MAX_ACCESS_ATTEMPTS'] = 3; // How many attempts at deleting a post are allowed before it gets locked with catpcha
|
||||
$cf['I0_FULL_ANONYMITY_MODE'] = false; // In full anonymity mode, no information about user will be stored in the posts table. Bans will not work.
|
||||
|
||||
$cf['I0_SAGE_DISABLED'] = false; // Disable sage function if you don't want anyone to abuse CSAM necroposting
|
||||
$cf['I0_DISABLE_BAD_PROXY_POSTING'] = false; // If CF can't get user's GeoIP - then the proxy is marked as bad (xx country)
|
||||
$cf['I0_DISABLE_TOR_POSTING'] = false; // Disable posting with T1 country detected by CF
|
||||
|
||||
// --------------------------------------- CSS styles ---------------------------------------
|
||||
$cf['KU_STYLES'] = 'modern:newdark:photon'; // Styles which are available to be used for the boards, separated by colons, in lower case. These will be displayed next to [Home] [Manage] if KU_STYLESWIKUHER is set to true
|
||||
|
|
Loading…
Reference in New Issue