From 29c46fcc4eab13753e8aee179fd39b473d82b7a8 Mon Sep 17 00:00:00 2001 From: daichimarukana Date: Thu, 21 Dec 2023 20:29:41 +0900 Subject: [PATCH] uwuzu version 1.2.29 --- authlogin.php | 38 +++++++++++++++++++++++++++++++++++ check.php | 38 +++++++++++++++++++++++++++++++++++ css/home.css | 17 ++++++++++++++++ errorpage/400.php | 12 ++++++++--- errorpage/401.php | 12 ++++++++--- errorpage/403.php | 12 ++++++++--- errorpage/404.php | 12 ++++++++--- errorpage/500.php | 12 ++++++++--- errorpage/503.php | 12 ++++++++--- errorpage/serverstop.php | 12 ++++++++--- index.php | 19 +++++++++++++++--- new.php | 4 ++-- nextpage/notificationview.php | 27 ++++++++++++++++++++++++- nextpage/view.php | 4 ++-- server/serversettings.ini | 2 +- server/uwuzuinfo.txt | 4 ++-- server/uwuzurelease.txt | 10 +++++++++ user/index.php | 2 +- 18 files changed, 216 insertions(+), 33 deletions(-) diff --git a/authlogin.php b/authlogin.php index 63dcc45..b75a264 100644 --- a/authlogin.php +++ b/authlogin.php @@ -213,6 +213,44 @@ if( !empty($_POST['btn_submit']) ) { } clearstatcache(); + + if (isset($_SERVER['HTTP_COOKIE'])) { + $cookies = explode(';', $_SERVER['HTTP_COOKIE']); + foreach($cookies as $cookie) { + $parts = explode('=', $cookie); + $name = trim($parts[0]); + setcookie($name, '', time()-1000); + } + } + + setcookie('userid', $userid,[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); + setcookie('loginid', $row["loginid"],[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); + setcookie('username', $row["username"],[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); + setcookie('admin_login', true,[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); $_SESSION['admin_login'] = true; diff --git a/check.php b/check.php index b9eca9f..91a74b5 100644 --- a/check.php +++ b/check.php @@ -171,6 +171,44 @@ if( !empty($_POST['btn_submit']) ) { clearstatcache(); + if (isset($_SERVER['HTTP_COOKIE'])) { + $cookies = explode(';', $_SERVER['HTTP_COOKIE']); + foreach($cookies as $cookie) { + $parts = explode('=', $cookie); + $name = trim($parts[0]); + setcookie($name, '', time()-1000); + } + } + + setcookie('userid', $userid,[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); + setcookie('loginid', $userData["loginid"],[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); + setcookie('username', $username,[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); + setcookie('admin_login', true,[ + 'expires' => time() + 60 * 60 * 24 * 14, + 'path' => '/', + 'samesite' => 'lax', + 'secure' => true, + 'httponly' => true, + ]); + $_SESSION['admin_login'] = true; $_SESSION['userid'] = $userid; $_SESSION['loginid'] = $userData["loginid"]; diff --git a/css/home.css b/css/home.css index f9a236f..5ba3f14 100644 --- a/css/home.css +++ b/css/home.css @@ -1132,6 +1132,14 @@ main h1{ font-weight: bold; transition: all 250ms ease-out; } +.ueuse .mta img{ + margin-top: auto; + margin-bottom: auto; + margin-left: 4px; + margin-right: 4px; + height: 14px; + vertical-align: middle; +} .ueuse .mta:hover{ font-size: 14px; background-color: var(--main-color); @@ -1368,6 +1376,15 @@ main h1{ font-family: 'BIZ UDPGothic', sans-serif; font-weight: bold; } +.ueuse .abi .back h1 img{ + margin-top: auto; + margin-bottom: auto; + margin-left: 4px; + margin-right: 4px; + height: 16px; + vertical-align: middle; +} + .ueuse .abi h1{ overflow-wrap: break-word; margin-top: auto; diff --git a/errorpage/400.php b/errorpage/400.php index 7d447e8..b1e1e2c 100644 --- a/errorpage/400.php +++ b/errorpage/400.php @@ -29,9 +29,15 @@ $domain = $_SERVER['HTTP_HOST'];
- + + + + +
diff --git a/errorpage/401.php b/errorpage/401.php index 1266ae3..8721643 100644 --- a/errorpage/401.php +++ b/errorpage/401.php @@ -29,9 +29,15 @@ $domain = $_SERVER['HTTP_HOST'];
- + + + + +
diff --git a/errorpage/403.php b/errorpage/403.php index 44065c8..1217f7f 100644 --- a/errorpage/403.php +++ b/errorpage/403.php @@ -29,9 +29,15 @@ $domain = $_SERVER['HTTP_HOST'];
- + + + + +
diff --git a/errorpage/404.php b/errorpage/404.php index ec5bf8d..a96eb4a 100644 --- a/errorpage/404.php +++ b/errorpage/404.php @@ -31,9 +31,15 @@ $domain = $_SERVER['HTTP_HOST'];
- + + + + +
diff --git a/errorpage/500.php b/errorpage/500.php index b98d5db..4e46f94 100644 --- a/errorpage/500.php +++ b/errorpage/500.php @@ -28,9 +28,15 @@ $domain = $_SERVER['HTTP_HOST'];
- + + + + +
diff --git a/errorpage/503.php b/errorpage/503.php index 61c3430..e69c4bb 100644 --- a/errorpage/503.php +++ b/errorpage/503.php @@ -34,9 +34,15 @@ $domain = $_SERVER['HTTP_HOST'];
- + + + + +
diff --git a/errorpage/serverstop.php b/errorpage/serverstop.php index 1c20212..ac8cf60 100644 --- a/errorpage/serverstop.php +++ b/errorpage/serverstop.php @@ -32,9 +32,15 @@ if(!empty(file_get_contents($serverstopfile))){
- + + + + +
diff --git a/index.php b/index.php index a95f38a..dc7656b 100644 --- a/index.php +++ b/index.php @@ -63,6 +63,17 @@ $serverinfo = file_get_contents($serverinfofile); //------------------------------------- +//------------------------- +$softwarefile = "server/uwuzuinfo.txt"; +$softwaredata = file_get_contents($softwarefile); + +$softwaredata = explode( "\n", $softwaredata ); +$cnt = count( $softwaredata ); +for( $i=0;$i<$cnt;$i++ ){ + $uwuzuinfo[$i] = ($softwaredata[$i]); +} +//------------------------- + $domain = $_SERVER['HTTP_HOST']; //------------------------ @@ -135,9 +146,9 @@ if ("serviceWorker" in navigator) {
- +
diff --git a/new.php b/new.php index db0479f..988a803 100644 --- a/new.php +++ b/new.php @@ -607,8 +607,8 @@ $pdo = null;
- 利用規約 - プライバシーポリシー + 利用規約 + プライバシーポリシー

登録を押すと利用規約とプライバシーポリシーに同意したこととなります。
未確認の場合は上のボタンよりお読みください。

diff --git a/nextpage/notificationview.php b/nextpage/notificationview.php index c166949..1d6d2bb 100644 --- a/nextpage/notificationview.php +++ b/nextpage/notificationview.php @@ -1,4 +1,29 @@ PDO::ERRMODE_EXCEPTION, + PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, + PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true, + )); + $emoji_Query = $dbh->prepare("SELECT emojifile, emojiname FROM emoji WHERE emojiname = :emojiname"); + $emoji_Query->bindValue(':emojiname', $emojiName); + $emoji_Query->execute(); + $emoji_row = $emoji_Query->fetch(); + if(empty($emoji_row["emojifile"])){ + $emoji_path = "img/sysimage/errorimage/emoji_404.png"; + }else{ + $emoji_path = $emoji_row["emojifile"]; + } + return ":$emojiName:"; + }, $postText); + return $postTextWithImages; +} function replaceEmojisWithImages($postText) { // ユーズ内で絵文字名(:emoji:)を検出して画像に置き換える $emojiPattern = '/:(\w+):/'; @@ -41,7 +66,7 @@ function replaceEmojisWithImages($postText) { if(empty($mentionsuserData)){ return "@$username"; }else{ - return "@".$mentionsuserData["username"].""; + return "@".replaceProfileEmojiImages(htmlentities($mentionsuserData["username"])).""; } }, $postTextWithImages); diff --git a/nextpage/view.php b/nextpage/view.php index 8f2c275..c9f2148 100644 --- a/nextpage/view.php +++ b/nextpage/view.php @@ -85,7 +85,7 @@ function replaceEmojisWithImages($postText) { if(empty($mentionsuserData)){ return "@$username"; }else{ - return "@".$mentionsuserData["username"].""; + return "@".replaceProfileEmojiImages(htmlentities($mentionsuserData["username"])).""; } }, $postTextWithImages); @@ -304,7 +304,7 @@ class MessageDisplay { if(!($this->value['abi'] == "none")){ echo '
'; echo '
'; - echo '

' . htmlentities($this->value['username']) . 'さんが追記しました

'; + echo '

' . replaceProfileEmojiImages(htmlentities($this->value['username'])) . 'さんが追記しました

'; echo '
'; echo '

'.processMarkdownAndWrapEmptyLines(replaceEmojisWithImages(replaceURLsWithLinks(nl2br($this->value['abi'])))) . '

'; echo '
追記日時 : '. date("Y年m月d日 H:i", strtotime(htmlentities($this->value['abidate']))) . '
'; diff --git a/server/serversettings.ini b/server/serversettings.ini index a3d3bb1..168fb85 100644 --- a/server/serversettings.ini +++ b/server/serversettings.ini @@ -9,7 +9,7 @@ server_logo_home = "" server_logo_login = "" ;管理者関係 - server_admin = "admin" + server_admin = "あどみん" server_admin_mailadds = "admin@localhost" ;招待のオンオフ server_invitation = "false" diff --git a/server/uwuzuinfo.txt b/server/uwuzuinfo.txt index 078d368..1a306ae 100644 --- a/server/uwuzuinfo.txt +++ b/server/uwuzuinfo.txt @@ -1,4 +1,4 @@ uwuzu -1.2.28 -2023/12/20 +1.2.29 +2023/12/21 daichimarukana,putonfps \ No newline at end of file diff --git a/server/uwuzurelease.txt b/server/uwuzurelease.txt index 789aea3..269fb34 100644 --- a/server/uwuzurelease.txt +++ b/server/uwuzurelease.txt @@ -1,6 +1,16 @@ ## リリースノートだぜぇぇぇぇぇぇい!!!!!!! ここにはuwuzuの更新情報を載せてくぜぇ~!(いやまてテンションおかしいだろ...) +## Version 1.2.29 +リリース日:2023/12/21 +fix: ログインがうまくできない・ログインループを起こしてしまう問題を修正しました。 +fix: サーバーのindexページでサーバーロゴが適用されない問題を修正しました。 +fix: 脆弱性を修正しました。 +chg: アカウント作成画面で利用規約を新しいタブで開くようにしました。 +chg: 追記欄でのユーザー名にも絵文字が表示されるようにしました。 +chg: メンション時にカスタム絵文字を表示されるようにしました。 +new: 404ページなどエラーページにもサーバーロゴを適用しました。 + ## Version 1.2.28 リリース日:2023/12/20 fix: モバイル表示時にメニューを開くとその他が2つになってしまっている問題を修正しました! diff --git a/user/index.php b/user/index.php index 390f57b..5eb3fc6 100644 --- a/user/index.php +++ b/user/index.php @@ -267,7 +267,7 @@ if( !empty($pdo) ) { if(empty($mentionsuserData)){ return "@$username"; }else{ - return "@".$mentionsuserData["username"].""; + return "@".replaceProfileEmojiImages(htmlentities($mentionsuserData["username"])).""; } }, $postTextWithImages);