2017/10/29 11:41 UTC (current) Revision 18 . . . . AaronGraves (216.105.250.127) – Preferences Storage API was introduced yesterday.Going to look at using this internally in Aneuch, for things like the content blocking rules, IP bans, etc.I've placed an emphasis in the code that the preferences database be read only once per "session" within Aneuch. There is a small concern about the speed reduction that may take place loading a large preferences database. Ultimately I think putting the content blocking rules into this system would be a big indicator of performance as that's the largest bit of data that gets loaded every session.Then again, I don't think it would significantly impact things, as it's already being leaded once per session. I guess time will tell. 2017/10/22 12:26 UTC Revision 17 . . . . AaronGraves (216.105.250.127) – Updated Russ' comments for formatting 2017/07/16 16:39 UTC Revision 16 . . . . AaronGraves (216.105.250.127) – I should add UTF8 encoding for saving/reading files as well in this version. 2016/07/23 16:42 UTC Revision 15 . . . . AaronGraves (216.105.250.127) – Images now have the class 'img-responsive' so they are actually, you know, responsive. 2016/07/14 17:56 UTC Revision 14 . . . . AaronGraves (174.71.115.113) – I've also written a sitemap plugin. Debating including the functionality into Aneuch itself. 17:55 UTC Revision 13 . . . . AaronGraves (174.71.115.113) – Update on bootstrap: The framework has been implemented. The administration screen has been updated to use the framework as well. The site is completely mobile friendly (including the admin screen). Small tweaks are likely to continue up until release. 2016/07/12 13:54 UTC Revision 12 . . . . AaronGraves (174.71.115.113) – [[http://www.w3schools.com/bootstrap/default.asp|Nice bootstrap tutorial]] 2016/07/04 14:21 UTC Revision 11 . . . . AaronGraves (174.71.115.113) – Thanks Russ, I did miss a few places. I'll go through again and make sure they are all mopped up. 03:46 UTC Revision 10 . . . . Russ (24.113.55.207) – I re-downloaded aneuch.pl today and think I found two more:2869: unlink $file; (DoMaintPurgeTemp)1384: if(! -d "$PageDir/$archive") { mkdir "$PageDir/$archive"; } (WritePage) 2016/06/28 19:50 UTC Revision 9 . . . . AaronGraves (107.167.116.86) – Untainting should be completed. 01:33 UTC Revision 8 . . . . AaronGraves (107.167.108.182) – Thanks Russ, actually what I used was:{{{my ($UIP) = ($UserIP =~ /^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/g); # nnn.nnn.nnn.nnn}}} 2016/06/26 19:21 UTC Revision 7 . . . . Russ (24.113.55.207) – For 3179 I would suggest something like this for line 253:$UserIP = $q->remote_addr; #$ENV{'REMOTE_ADDR'}; if ($UserIP =~ /^([0-9.]+)$/) { $UserIP=$1; } else { $UserIP='000.000.000.000'; # Redirect to an error page instead? } 2016/06/24 04:23 UTC Revision 6 . . . . AaronGraves (107.167.108.182) – For untainting, see [[https://github.com/ajgraves/aneuch/issues/32]] 2016/06/23 17:33 UTC Revision 5 . . . . AaronGraves (107.167.108.182) – In addition to the above, this will have to be corrected in ListAllFiles, ListAllTemplates, and ListDeletedPages. 17:15 UTC Revision 4 . . . . AaronGraves (107.167.108.182) – In `DoSearch`, line 2394:{{{open my($FILES), "grep -Erli '($search|$altsearch)' $PageDir 2>/dev/null |";}}}This needs to be untainted too. 16:10 UTC Revision 3 . . . . AaronGraves (107.167.108.182) – Some untainting methods: [[http://www.perlmonks.org/?node_id=516577]] 04:21 UTC Revision 2 . . . . AaronGraves (107.167.108.182) – Lines 1400, 1516, 2289, and 2990 have been untainted. 3179 (now 3194) remains. 03:57 UTC Revision 1 . . . . AaronGraves (107.167.108.182) – Taint mode (-T) is turned on, however not all shell expansions are untainted. This will generate errors in some installations (apparently not in my dev environment though... weird).Here are the lines that include shell expansion:{{{654: $line =~ s#\`{1}(.*?)\`{1}#<tt>$1</tt>#g;741: '`<tt>teletype</tt>`</dd>'.1400: $diff = `diff $TempDir/old $TempDir/new`;1516: my $diff = `diff $TempDir/old $TempDir/new`;1645: print $q->p("perl: ".`perl -v`);1646: print $q->p("diff: ".`diff --version`);1647: print $q->p("grep: ".`grep --version`);1648: print $q->p("awk: ".`awk --version`);2289: chomp(my @files = `grep -Prl '$Param{'search'}' $PageDir`);2990: my $diff = `diff $TempDir/old $TempDir/new`;3179: chomp(my @counts = split(/\n/,`grep ^$UserIP $VisitorLog | awk '\$2>$spts'`));}}}For sure lines 1400, 1516, 2289, 2990, and 3179 should be examined closely.