server ver

2021-06-20 13:49:07 +00:00
parent 36a8c92dec
commit 8877c0bad0
975 changed files with 555 additions and 6596 deletions
--- a/app/Console/Commands/AddTags.php
+++ b/app/Console/Commands/AddTags.php
--- a/app/Console/Commands/Inspire.php
+++ b/app/Console/Commands/Inspire.php
--- a/app/Console/Commands/ReadException.php
+++ b/app/Console/Commands/ReadException.php
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
--- a/app/Events/Event.php
+++ b/app/Events/Event.php
--- a/app/Exceptions/Handler.php
+++ b/app/Exceptions/Handler.php
--- a/app/Helpers/HumanReadable.php
+++ b/app/Helpers/HumanReadable.php
--- a/app/Http/Controllers/CategoryController.php
+++ b/app/Http/Controllers/CategoryController.php
--- a/app/Http/Controllers/CommentController.php
+++ b/app/Http/Controllers/CommentController.php
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
--- a/app/Http/Controllers/MessageController.php
+++ b/app/Http/Controllers/MessageController.php
--- a/app/Http/Controllers/ReportController.php
+++ b/app/Http/Controllers/ReportController.php
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -126,7 +126,7 @@ class UserController extends Controller
            \Session::flash('info', 'Cannot register when logged in');
            return redirect('/');
        }
-        return view('apply');
+        return view('apply_open');
    }

        public function loggain()
--- a/app/Http/Controllers/VideoController.php
+++ b/app/Http/Controllers/VideoController.php
@@ -125,9 +125,9 @@ class VideoController extends Controller
            return new JsonResponse(['error' => 'erroneous_file_encoding']);
        }
        $video->videotitle = $request->get('videotitle', null);
-        $video->interpret = $request->get('interpret', null);
-        $video->songtitle = $request->get('songtitle', null);
-        $video->imgsource = $request->get('imgsource', null);
+        $video->interpret = htmlspecialchars($request->get('interpret', null));
+        $video->songtitle = htmlspecialchars($request->get('songtitle', null));
+        $video->imgsource = htmlspecialchars($request->get('imgsource', null));
        $video->user()->associate($user);
        $video->category()->associate(Category::findOrFail($request->get('category')));
        $video->hash = $hash;
--- a/app/Http/Controllers/aboutController.php
+++ b/app/Http/Controllers/aboutController.php
--- a/app/Http/Controllers/rulezController.php
+++ b/app/Http/Controllers/rulezController.php
--- a/app/Http/Controllers/tmp/.gitkeep
+++ b/app/Http/Controllers/tmp/.gitkeep
--- a/app/Http/Controllers/tmp/test.png
+++ b/app/Http/Controllers/tmp/test.png
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
--- a/app/Http/Middleware/Authenticate.php
+++ b/app/Http/Middleware/Authenticate.php
--- a/app/Http/Middleware/EncryptCookies.php
+++ b/app/Http/Middleware/EncryptCookies.php
--- a/app/Http/Middleware/Jsonp.php
+++ b/app/Http/Middleware/Jsonp.php
--- a/app/Http/Middleware/LogoutBanned.php
+++ b/app/Http/Middleware/LogoutBanned.php
--- a/app/Http/Middleware/RedirectIfAuthenticated.php
+++ b/app/Http/Middleware/RedirectIfAuthenticated.php
--- a/app/Http/Middleware/Theme.php
+++ b/app/Http/Middleware/Theme.php
--- a/app/Http/Middleware/VerifyCsrfToken.php
+++ b/app/Http/Middleware/VerifyCsrfToken.php
--- a/app/Http/Requests/Request.php
+++ b/app/Http/Requests/Request.php
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -130,7 +130,7 @@ Route::group(["middleware" => "theme"], function() {
 	Route::get('upload', 'VideoController@create')->middleware('auth');
 	Route::get('categories', 'CategoryController@index')->middleware('auth');
 	Route::get('webm', function() { return view('webm'); })->middleware('auth');
-    Route::get('settings', function() { return view('settings'); })->middleware('auth');
+    Route::get('settings', function() { return 404; })->middleware('auth');
    Route::get('matrix', function() { return view('matrix'); })->middleware('auth');
 	#Route::get('about', function() { return view('about'); })->middleware('auth');
    Route::get('about', 'aboutController@index')->middleware('auth');
--- a/app/Jobs/Job.php
+++ b/app/Jobs/Job.php
--- a/app/Listeners/.gitkeep
+++ b/app/Listeners/.gitkeep
--- a/app/Models/About.php
+++ b/app/Models/About.php
--- a/app/Models/Banner.php
+++ b/app/Models/Banner.php
--- a/app/Models/Category.php
+++ b/app/Models/Category.php
--- a/app/Models/Comment.php
+++ b/app/Models/Comment.php
--- a/app/Models/Donation.php
+++ b/app/Models/Donation.php
--- a/app/Models/Icon.php
+++ b/app/Models/Icon.php
--- a/app/Models/Message.php
+++ b/app/Models/Message.php
--- a/app/Models/ModeratorLog.php
+++ b/app/Models/ModeratorLog.php
--- a/app/Models/Role.php
+++ b/app/Models/Role.php
--- a/app/Models/Rulez.php
+++ b/app/Models/Rulez.php
--- a/app/Models/User.php
+++ b/app/Models/User.php
--- a/app/Models/UserFavorite.php
+++ b/app/Models/UserFavorite.php
--- a/app/Models/Video.php
+++ b/app/Models/Video.php
--- a/app/Models/aboutController.php
+++ b/app/Models/aboutController.php
--- a/app/Policies/.gitkeep
+++ b/app/Policies/.gitkeep
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
--- a/app/Providers/AuthServiceProvider.php
+++ b/app/Providers/AuthServiceProvider.php
--- a/app/Providers/BladeServiceProvider.php
+++ b/app/Providers/BladeServiceProvider.php
--- a/app/Providers/EventServiceProvider.php
+++ b/app/Providers/EventServiceProvider.php
--- a/app/Providers/MarkdownServiceProvider.php
+++ b/app/Providers/MarkdownServiceProvider.php
--- a/app/Providers/RouteServiceProvider.php
+++ b/app/Providers/RouteServiceProvider.php
--- a/app/Services/Markdown.php
+++ b/app/Services/Markdown.php
@@ -258,6 +258,7 @@ class Markdown extends \Parsedown {
    protected function inlineUrl($Excerpt) {
        $e = parent::inlineUrl($Excerpt);
        if (is_null($e)) return;
+	$e['element']['attributes']['href'] = htmlspecialchars($e['element']['attributes']['href']);
        if (static::isImage($e['element']['attributes']['href'])) {
            $e['element']['name'] = 'img';
            $e['element']['attributes']['src'] = $e['element']['attributes']['href'];