Created
April 15, 2025 17:58
-
-
Save lcfr-eth/7dca545c30adfad673904013c7b6f942 to your computer and use it in GitHub Desktop.
4chan semgrep
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ┌───────────────────┐ | |
| │ 371 Code Findings │ | |
| └───────────────────┘ | |
| admin-test.php | |
| ❯❯❱ php.lang.security.exec-use.exec-use | |
| Executing non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/5Q1j | |
| 71┆ exec( $cmd ); | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 382┆ $query = mysql_board_call("SELECT no, host FROM `" . SQLLOG . "` WHERE resto = $no AND | |
| host != '$op_host' GROUP BY host"); | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 579┆ unlink(IMG_DIR . "$filename") or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 589┆ unlink(THUMB_DIR . "$filename") or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 598┆ unlink( RES_DIR . "$filename" ) or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 662┆ unlink( $filename ) or print "Couldn't delete!<br>"; | |
| ❯❯❱ php.lang.security.exec-use.exec-use | |
| Executing non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/5Q1j | |
| 668┆ exec( "find $phptmp/ -mtime +2h -name php*", $tmpfiles ); | |
| ⋮┆---------------------------------------- | |
| 669┆ exec( "find -E " . INDEX_DIR . " -regex '.*/(gz)?tmp.*$' -mtime +2h", $indextmp ); | |
| ⋮┆---------------------------------------- | |
| 670┆ exec( "find -E " . RES_DIR . " -regex '.*/(gz)?tmp.*$' -mtime +2h", $restmp ); | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 680┆ unlink( $filename ) or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 1352┆ unlink($dest); | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 1565┆ $query = "UPDATE reports SET cleared = 1, cleared_by = '%s' WHERE board = '%s' AND no = | |
| $pid"; | |
| ⋮┆---------------------------------------- | |
| 1573┆ $query = <<<SQL | |
| 1574┆ UPDATE reports_for_posts | |
| 1575┆ SET cleared = 1, clearedby = '%s' | |
| 1576┆ WHERE board = '%s' AND postid = $pid | |
| 1577┆ SQL; | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 1686┆ unlink( $delfile ); //delete | |
| ⋮┆---------------------------------------- | |
| 1687┆ unlink( THUMB_DIR . $tim . 's.jpg' ); //delete | |
| ⋮┆---------------------------------------- | |
| 1704┆ unlink( $delfile ); //Delete | |
| ⋮┆---------------------------------------- | |
| 1705┆ unlink( THUMB_DIR . $tim . 's.jpg' ); //Delete | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 1715┆ mysql_global_do( "INSERT INTO " . SQLLOGDEL . " | |
| (imgonly,postno,resto,board,name,sub,com,img,filename,admin,admin_ip) | |
| values('$imgonly','$no',$resto,'" . SQLLOG . | |
| "','$adname','$sub','$com','$adfsize','$filename$ext','$auser', '" . | |
| mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "')" ); // FIXME do all this in one | |
| insert outside the write lock | |
| ⋮┆---------------------------------------- | |
| 1777┆ if( !$result = mysql_board_call( "(SELECT child.*,parent.root proot from `" . SQLLOG . "` | |
| child LEFT OUTER JOIN `" . SQLLOG . "` parent ON child.resto=parent.no) UNION (SELECT | |
| *,root proot from `" . SQLLOG . "` parent WHERE resto=0) ORDER BY proot DESC, no ASC LIMIT | |
| " . $from . ", " . $max_results ) ) { | |
| ⋮┆---------------------------------------- | |
| 1782┆ if( !$result = mysql_board_call( "select * FROM `" . SQLLOG . $resq . " order BY no DESC | |
| LIMIT " . $from . ", " . $max_results ) ) { | |
| ❯❯❱ php.lang.security.deserialization.extract-user-data | |
| Do not call 'extract()' on user-controllable data. If you must, then you must also provide the | |
| EXTR_SKIP flag to prevent overwriting existing variables. | |
| Details: https://sg.run/6bv1 | |
| 1791┆ extract( $row, EXTR_OVERWRITE ); | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 2100┆ @unlink( $file ); | |
| ❯❯❱ generic.secrets.security.detected-generic-secret.detected-generic-secret | |
| Generic Secret detected | |
| Details: https://sg.run/l2o5 | |
| 2667┆ $secret = | |
| 'BusEFdduVhgVKIMAx1ndhvzrgMyA5uCcfRnvIKq4+0X2vL8elzf6wHZCpWS9fsTsNG/XdlwiIBV68hzlGm6sGQ==' | |
| ; | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 2968┆ if( !$result = mysql_board_call( "UPDATE `" . SQLLOG . "` SET root=root,com=CONCAT(com,' | |
| <br><br><strong style=\"color: red;\">($samessage)</strong>') WHERE no=%d", $postid ) ) { | |
| ⋮┆---------------------------------------- | |
| 3004┆ mysql_global_do( "insert into blacklist | |
| (field,contents,description,addedby,ban,banlength,banreason)" . | |
| 3005┆ "values ('md5','%s','%s','%s','$blban','$len','%s')", | |
| ⋮┆---------------------------------------- | |
| 3862┆ if( !$result = mysql_board_call( "SELECT `host`, `no` FROM `%s` WHERE (no=%d OR | |
| resto=%d)$where", SQLLOG, $thread, $thread ) ) { | |
| ⋮┆---------------------------------------- | |
| 4090┆ $html = <<<HTML | |
| 4091┆ <form action="" method="post">$csrf_tag | |
| 4092┆ <table border="0" cellspacing="0" cellpadding="0" class="bantable"> | |
| 4093┆ <tr> | |
| 4094┆ <td class="postblock">Autocomplete</td> | |
| 4095┆ <td colspan="2"> | |
| 4096┆ <input type="text" name="autocomplete" placeholder="Start typing..." | |
| id="autocomplete" size="40"$autofocus_html autocomplete="off" style="width: 100%;"> | |
| 4097┆ </td> | |
| 4098┆ </tr> | |
| 4099┆ | |
| [hid 72 additional lines, adjust with --max-lines-per-finding] | |
| admin.php | |
| ❯❯❱ php.lang.security.exec-use.exec-use | |
| Executing non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/5Q1j | |
| 71┆ exec( $cmd ); | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 382┆ $query = mysql_board_call("SELECT no, host FROM `" . SQLLOG . "` WHERE resto = $no AND | |
| host != '$op_host' GROUP BY host"); | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 579┆ unlink(IMG_DIR . "$filename") or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 589┆ unlink(THUMB_DIR . "$filename") or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 598┆ unlink( RES_DIR . "$filename" ) or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 662┆ unlink( $filename ) or print "Couldn't delete!<br>"; | |
| ❯❯❱ php.lang.security.exec-use.exec-use | |
| Executing non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/5Q1j | |
| 668┆ exec( "find $phptmp/ -mtime +2h -name php*", $tmpfiles ); | |
| ⋮┆---------------------------------------- | |
| 669┆ exec( "find -E " . INDEX_DIR . " -regex '.*/(gz)?tmp.*$' -mtime +2h", $indextmp ); | |
| ⋮┆---------------------------------------- | |
| 670┆ exec( "find -E " . RES_DIR . " -regex '.*/(gz)?tmp.*$' -mtime +2h", $restmp ); | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 680┆ unlink( $filename ) or print "Couldn't delete!<br>"; | |
| ⋮┆---------------------------------------- | |
| 1352┆ unlink($dest); | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 1565┆ $query = "UPDATE reports SET cleared = 1, cleared_by = '%s' WHERE board = '%s' AND no = | |
| $pid"; | |
| ⋮┆---------------------------------------- | |
| 1573┆ $query = <<<SQL | |
| 1574┆ UPDATE reports_for_posts | |
| 1575┆ SET cleared = 1, clearedby = '%s' | |
| 1576┆ WHERE board = '%s' AND postid = $pid | |
| 1577┆ SQL; | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 1686┆ unlink( $delfile ); //delete | |
| ⋮┆---------------------------------------- | |
| 1687┆ unlink( THUMB_DIR . $tim . 's.jpg' ); //delete | |
| ⋮┆---------------------------------------- | |
| 1704┆ unlink( $delfile ); //Delete | |
| ⋮┆---------------------------------------- | |
| 1705┆ unlink( THUMB_DIR . $tim . 's.jpg' ); //Delete | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 1715┆ mysql_global_do( "INSERT INTO " . SQLLOGDEL . " | |
| (imgonly,postno,resto,board,name,sub,com,img,filename,admin,admin_ip) | |
| values('$imgonly','$no',$resto,'" . SQLLOG . | |
| "','$adname','$sub','$com','$adfsize','$filename$ext','$auser', '" . | |
| mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "')" ); // FIXME do all this in one | |
| insert outside the write lock | |
| ⋮┆---------------------------------------- | |
| 1777┆ if( !$result = mysql_board_call( "(SELECT child.*,parent.root proot from `" . SQLLOG . "` | |
| child LEFT OUTER JOIN `" . SQLLOG . "` parent ON child.resto=parent.no) UNION (SELECT | |
| *,root proot from `" . SQLLOG . "` parent WHERE resto=0) ORDER BY proot DESC, no ASC LIMIT | |
| " . $from . ", " . $max_results ) ) { | |
| ⋮┆---------------------------------------- | |
| 1782┆ if( !$result = mysql_board_call( "select * FROM `" . SQLLOG . $resq . " order BY no DESC | |
| LIMIT " . $from . ", " . $max_results ) ) { | |
| ❯❯❱ php.lang.security.deserialization.extract-user-data | |
| Do not call 'extract()' on user-controllable data. If you must, then you must also provide the | |
| EXTR_SKIP flag to prevent overwriting existing variables. | |
| Details: https://sg.run/6bv1 | |
| 1791┆ extract( $row, EXTR_OVERWRITE ); | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 2100┆ @unlink( $file ); | |
| ❯❯❱ generic.secrets.security.detected-generic-secret.detected-generic-secret | |
| Generic Secret detected | |
| Details: https://sg.run/l2o5 | |
| 2614┆ $secret = | |
| 'BusEFdduVhgVKIMAx1ndhvzrgMyA5uCcfRnvIKq4+0X2vL8elzf6wHZCpWS9fsTsNG/XdlwiIBV68hzlGm6sGQ==' | |
| ; | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 2915┆ if( !$result = mysql_board_call( "UPDATE `" . SQLLOG . "` SET root=root,com=CONCAT(com,' | |
| <br><br><strong style=\"color: red;\">($samessage)</strong>') WHERE no=%d", $postid ) ) { | |
| ⋮┆---------------------------------------- | |
| 2951┆ mysql_global_do( "insert into blacklist | |
| (field,contents,description,addedby,ban,banlength,banreason)" . | |
| 2952┆ "values ('md5','%s','%s','%s','$blban','$len','%s')", | |
| ⋮┆---------------------------------------- | |
| 3803┆ if( !$result = mysql_board_call( "SELECT `host`, `no` FROM `%s` WHERE (no=%d OR | |
| resto=%d)$where", SQLLOG, $thread, $thread ) ) { | |
| ⋮┆---------------------------------------- | |
| 4031┆ $html = <<<HTML | |
| 4032┆ <form action="" method="post">$csrf_tag | |
| 4033┆ <table border="0" cellspacing="0" cellpadding="0" class="bantable"> | |
| 4034┆ <tr> | |
| 4035┆ <td class="postblock">Autocomplete</td> | |
| 4036┆ <td colspan="2"> | |
| 4037┆ <input type="text" name="autocomplete" placeholder="Start typing..." | |
| id="autocomplete" size="40"$autofocus_html autocomplete="off" style="width: 100%;"> | |
| 4038┆ </td> | |
| 4039┆ </tr> | |
| 4040┆ | |
| [hid 72 additional lines, adjust with --max-lines-per-finding] | |
| derefer.php | |
| ❯❱ php.lang.security.injection.tainted-url-host.tainted-url-host | |
| User data flows into the host portion of this manually-constructed URL. This could allow an attacker | |
| to send data to their own server, potentially exposing sensitive data such as cookies or | |
| authorization information sent with this request. They could also probe internal servers or other | |
| resources that the server running this code can access. (This is called server-side request forgery, | |
| or SSRF.) Do not allow arbitrary hosts. Instead, create an allowlist for approved hosts, or hardcode | |
| the correct host. | |
| Details: https://sg.run/Y8no | |
| 21┆ $url = 'http://' . $url; | |
| forms/ban.php | |
| ❯❱ php.lang.security.unserialize-use.unserialize-use | |
| Calling `unserialize()` with user input in the pattern can lead to arbitrary code execution. | |
| Consider using JSON or structured data approaches (e.g. Google Protocol Buffers). | |
| Details: https://sg.run/b24E | |
| 192┆ $post = unserialize($row['spost']); | |
| imgboard-test.php | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 334┆ unlink( $u ); | |
| ⋮┆---------------------------------------- | |
| 341┆ unlink($src); | |
| ⋮┆---------------------------------------- | |
| 2643┆ @unlink($delfile); // delete image | |
| ⋮┆---------------------------------------- | |
| 2651┆ @unlink( $delfile ); // delete image | |
| ⋮┆---------------------------------------- | |
| 2652┆ @unlink( $delthumb ); // delete thumb | |
| ⋮┆---------------------------------------- | |
| 2655┆ unlink(IMG_DIR . $delrow['tim'] . '.tgkr'); | |
| ⋮┆---------------------------------------- | |
| 2663┆ @unlink(IMG_DIR . $delrow['tim'] . 'm.jpg'); // delete mobile | |
| ⋮┆---------------------------------------- | |
| 2698┆ @unlink( RES_DIR . $delrow['no'] . PHP_EXT . '.gz' ); | |
| ⋮┆---------------------------------------- | |
| 2699┆ @unlink( RES_DIR . $delrow['no'] . '.json.gz' ); | |
| ⋮┆---------------------------------------- | |
| 2702┆ @unlink( RES_DIR . $delrow['no'] . PHP_EXT ); | |
| ⋮┆---------------------------------------- | |
| 2703┆ @unlink( RES_DIR . $delrow['no'] . '.json' ); | |
| ⋮┆---------------------------------------- | |
| 3765┆ @unlink( $dest ); | |
| ⋮┆---------------------------------------- | |
| 3766┆ @unlink( $upfile ); | |
| ❯❯❱ php.lang.security.md5-loose-equality.md5-loose-equality | |
| Make sure comparisons involving md5 values are strict (use `===` not `==`) to avoid type juggling | |
| issues | |
| Details: https://sg.run/Do4G | |
| 5634┆ $ma = ( $capcode == 'admin_highlight') ? 'admin' : $capcode; | |
| ⋮┆---------------------------------------- | |
| 5637┆ if( DISP_ID == 1 && $ma != 'None' ) { | |
| ⋮┆---------------------------------------- | |
| 5641┆ if( $ma != 'None' && STRIP_EXIF_ON_CAPCODE && $ext == ".jpg" ) { | |
| ⋮┆---------------------------------------- | |
| 5760┆ if (!$capcode || $capcode == 'none') { | |
| ⋮┆---------------------------------------- | |
| 5837┆ if( $namearr[0] != S_ANONAME ) | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 6542┆ $query = "insert into `" . SQLLOG . "` (now,name,sub,com,host,pwd,email,filename,ext,w,h, | |
| tn_w,tn_h,tim,time,last_modified,md5,fsize,root,resto$flag_cols,tmd5,id,country$board_flag_ | |
| col) values (" . | |
| 6543┆ "'" . $now . "'," . | |
| 6544┆ "'" . mysql_real_escape_string( $name ) . "'," . | |
| 6545┆ mysql_nullify( mysql_real_escape_string( $sub ) ) . "," . | |
| 6546┆ "'" . mysql_real_escape_string( $com ) . "'," . | |
| 6547┆ "'" . mysql_real_escape_string( $host ) . "'," . | |
| 6548┆ "'" . mysql_real_escape_string( $pass ) . "'," . | |
| 6549┆ "'" . mysql_real_escape_string($user_meta) . "'," . | |
| 6550┆ "'" . mysql_real_escape_string( $insfile ) . "'," . | |
| 6551┆ mysql_nullify( $ext ) . "," . | |
| [hid 15 additional lines, adjust with --max-lines-per-finding] | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 7165┆ if( !file_exists( $pdfjpeg ) ) unlink( $fname ); | |
| ⋮┆---------------------------------------- | |
| 7172┆ unlink($fname); | |
| ⋮┆---------------------------------------- | |
| 7302┆ unlink($pdfjpeg); | |
| ⋮┆---------------------------------------- | |
| 7306┆ unlink($webm_thumb); | |
| ⋮┆---------------------------------------- | |
| 8664┆ unlink($file_path); | |
| ⋮┆---------------------------------------- | |
| 9002┆ return unlink($fname); | |
| imgboard.php | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 334┆ unlink( $u ); | |
| ⋮┆---------------------------------------- | |
| 341┆ unlink($src); | |
| ⋮┆---------------------------------------- | |
| 2627┆ @unlink($delfile); // delete image | |
| ⋮┆---------------------------------------- | |
| 2635┆ @unlink( $delfile ); // delete image | |
| ⋮┆---------------------------------------- | |
| 2636┆ @unlink( $delthumb ); // delete thumb | |
| ⋮┆---------------------------------------- | |
| 2639┆ unlink(IMG_DIR . $delrow['tim'] . '.tgkr'); | |
| ⋮┆---------------------------------------- | |
| 2647┆ @unlink(IMG_DIR . $delrow['tim'] . 'm.jpg'); // delete mobile | |
| ⋮┆---------------------------------------- | |
| 2682┆ @unlink( RES_DIR . $delrow['no'] . PHP_EXT . '.gz' ); | |
| ⋮┆---------------------------------------- | |
| 2683┆ @unlink( RES_DIR . $delrow['no'] . '.json.gz' ); | |
| ⋮┆---------------------------------------- | |
| 2686┆ @unlink( RES_DIR . $delrow['no'] . PHP_EXT ); | |
| ⋮┆---------------------------------------- | |
| 2687┆ @unlink( RES_DIR . $delrow['no'] . '.json' ); | |
| ⋮┆---------------------------------------- | |
| 3749┆ @unlink( $dest ); | |
| ⋮┆---------------------------------------- | |
| 3750┆ @unlink( $upfile ); | |
| ❯❯❱ php.lang.security.md5-loose-equality.md5-loose-equality | |
| Make sure comparisons involving md5 values are strict (use `===` not `==`) to avoid type juggling | |
| issues | |
| Details: https://sg.run/Do4G | |
| 5618┆ $ma = ( $capcode == 'admin_highlight') ? 'admin' : $capcode; | |
| ⋮┆---------------------------------------- | |
| 5621┆ if( DISP_ID == 1 && $ma != 'None' ) { | |
| ⋮┆---------------------------------------- | |
| 5625┆ if( $ma != 'None' && STRIP_EXIF_ON_CAPCODE && $ext == ".jpg" ) { | |
| ⋮┆---------------------------------------- | |
| 5737┆ if (!$capcode || $capcode == 'none') { | |
| ⋮┆---------------------------------------- | |
| 5814┆ if( $namearr[0] != S_ANONAME ) | |
| ❯❯❱ php.lang.security.injection.tainted-sql-string.tainted-sql-string | |
| User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL | |
| strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL | |
| strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate | |
| data from the database. Instead, use prepared statements (`$mysqli->prepare("INSERT INTO test(id, | |
| label) VALUES (?, ?)");`) or a safe library. | |
| Details: https://sg.run/lZYG | |
| 6525┆ $query = "insert into `" . SQLLOG . "` (now,name,sub,com,host,pwd,email,filename,ext,w,h, | |
| tn_w,tn_h,tim,time,last_modified,md5,fsize,root,resto$flag_cols,tmd5,id,country$board_flag_ | |
| col) values (" . | |
| 6526┆ "'" . $now . "'," . | |
| 6527┆ "'" . mysql_real_escape_string( $name ) . "'," . | |
| 6528┆ mysql_nullify( mysql_real_escape_string( $sub ) ) . "," . | |
| 6529┆ "'" . mysql_real_escape_string( $com ) . "'," . | |
| 6530┆ "'" . mysql_real_escape_string( $host ) . "'," . | |
| 6531┆ "'" . mysql_real_escape_string( $pass ) . "'," . | |
| 6532┆ "'" . mysql_real_escape_string($user_meta) . "'," . | |
| 6533┆ "'" . mysql_real_escape_string( $insfile ) . "'," . | |
| 6534┆ mysql_nullify( $ext ) . "," . | |
| [hid 15 additional lines, adjust with --max-lines-per-finding] | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 7134┆ if( !file_exists( $pdfjpeg ) ) unlink( $fname ); | |
| ⋮┆---------------------------------------- | |
| 7141┆ unlink($fname); | |
| ⋮┆---------------------------------------- | |
| 7271┆ unlink($pdfjpeg); | |
| ⋮┆---------------------------------------- | |
| 7275┆ unlink($webm_thumb); | |
| ⋮┆---------------------------------------- | |
| 8633┆ unlink($file_path); | |
| ⋮┆---------------------------------------- | |
| 8971┆ return unlink($fname); | |
| imgtop/banned_dev.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 181┆ container.innerHTML = | |
| 182┆ '<div class="postInfo desktop" id="pi' + data.no + '">' + | |
| 183┆ '<input type="checkbox" name="' + data.no + '" value="delete"> ' + | |
| 184┆ '<span class="subject">' + subject + '</span> ' + | |
| 185┆ '<span class="nameBlock' + capcodeClass + '">' + emailStart + | |
| 186┆ '<span class="name">' + name + '</span>' + | |
| 187┆ tripcode + capcodeStart + emailEnd + capcode + userId + flag + | |
| 188┆ ' </span> ' + | |
| 189┆ '<span class="dateTime" data-utc="' + data.time + '">' + data.now + '</span> ' + | |
| 190┆ '<span class="postNum desktop">' + | |
| [hid 6 additional lines, adjust with --max-lines-per-finding] | |
| js/catalog-test.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 322┆ el.innerHTML = '<a href="#bottom">▼</a>' | |
| 323┆ + '<a href="javascript:void(0);" id="settingsWindowLinkClassic">Settings</a>' | |
| 324┆ + '<a href="//www.' + $L.d(catalog.slug) + '" target="_top">Home</a></div>'; | |
| ⋮┆---------------------------------------- | |
| 860┆ td.innerHTML = '<span class="button clickbox" style="background:' | |
| 861┆ + options.filterColors[i][j] + '"></span>'; | |
| ⋮┆---------------------------------------- | |
| 1342┆ $.id('fhc-' + j.id.slice(7)) | |
| 1343┆ .innerHTML = activeFilters[i] ? 'x' + activeFilters[i].hits : ''; | |
| ⋮┆---------------------------------------- | |
| 1487┆ style.innerHTML = customTheme.css; | |
| ⋮┆---------------------------------------- | |
| 2138┆ $threads.innerHTML = formatImageThreads(threads); | |
| ⋮┆---------------------------------------- | |
| 2141┆ $threads.innerHTML = formatTextThreads(threads); | |
| ⋮┆---------------------------------------- | |
| 2258┆ el.innerHTML = tip; | |
| ⋮┆---------------------------------------- | |
| 2379┆ this.entities.innerHTML | |
| 2380┆ = post.com.replace(/<br>/g, '\n').replace(/[<[^>]+>/g, ''); | |
| ⋮┆---------------------------------------- | |
| 2669┆ ThreadWatcher.listNode.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 3016┆ dummy.innerHTML = posts[i].com; | |
| ⋮┆---------------------------------------- | |
| 3433┆ el.innerHTML = FC.panelHTML[id]; | |
| ⋮┆---------------------------------------- | |
| 3575┆ div.innerHTML = html + '</ul>'; | |
| js/catalog.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 322┆ el.innerHTML = '<a href="#bottom">▼</a>' | |
| 323┆ + '<a href="javascript:void(0);" id="settingsWindowLinkClassic">Settings</a>' | |
| 324┆ + '<a href="//www.' + $L.d(catalog.slug) + '" target="_top">Home</a></div>'; | |
| ⋮┆---------------------------------------- | |
| 860┆ td.innerHTML = '<span class="button clickbox" style="background:' | |
| 861┆ + options.filterColors[i][j] + '"></span>'; | |
| ⋮┆---------------------------------------- | |
| 1342┆ $.id('fhc-' + j.id.slice(7)) | |
| 1343┆ .innerHTML = activeFilters[i] ? 'x' + activeFilters[i].hits : ''; | |
| ⋮┆---------------------------------------- | |
| 1487┆ style.innerHTML = customTheme.css; | |
| ⋮┆---------------------------------------- | |
| 2138┆ $threads.innerHTML = formatImageThreads(threads); | |
| ⋮┆---------------------------------------- | |
| 2141┆ $threads.innerHTML = formatTextThreads(threads); | |
| ⋮┆---------------------------------------- | |
| 2258┆ el.innerHTML = tip; | |
| ⋮┆---------------------------------------- | |
| 2379┆ this.entities.innerHTML | |
| 2380┆ = post.com.replace(/<br>/g, '\n').replace(/[<[^>]+>/g, ''); | |
| ⋮┆---------------------------------------- | |
| 2669┆ ThreadWatcher.listNode.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 3016┆ dummy.innerHTML = posts[i].com; | |
| ⋮┆---------------------------------------- | |
| 3433┆ el.innerHTML = FC.panelHTML[id]; | |
| ⋮┆---------------------------------------- | |
| 3575┆ div.innerHTML = html + '</ul>'; | |
| js/core-test.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 547┆ TCaptcha.msgNode.innerHTML = `<div>${txt}</div>`; | |
| ⋮┆---------------------------------------- | |
| 733┆ el.innerHTML = data; | |
| ⋮┆---------------------------------------- | |
| 890┆ cnt.innerHTML = '<img alt="4chan" src="//s.4cdn.org/image/title/' | |
| 891┆ + cnt.getAttribute('data-src') + '">'; | |
| ⋮┆---------------------------------------- | |
| 934┆ el.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 1260┆ cnt.innerHTML = `<div class="adg-rects desktop"><div class="adg adp-90" data- | |
| abc="${fb.t_abc_d}"></div></div>`; | |
| ⋮┆---------------------------------------- | |
| 1264┆ cnt.innerHTML = `<div class="adg-rects mobile"><div class="adg-m adp-250" data- | |
| abc="${fb.t_abc_m}"></div></div>`; | |
| ⋮┆---------------------------------------- | |
| 1281┆ cnt.innerHTML = `<div class="adg-rects mobile"><div class="adg-m adp-250" data- | |
| abc="${fb.b_abc_m}"></div></div>`; | |
| ⋮┆---------------------------------------- | |
| 1498┆ document.write('<script type="text/javascript" src="https://s.4cdn.org/js/' + path + '.' | |
| + jsVersion + '.js"></script>'); | |
| ❯❱ javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag | |
| Cannot determine what 'path' is and it is used with a '<script>' tag. This could be susceptible to | |
| cross-site scripting (XSS). Ensure 'path' is not externally controlled, or sanitize this data. | |
| Details: https://sg.run/1Zy1 | |
| 1498┆ document.write('<script type="text/javascript" src="https://s.4cdn.org/js/' + path + '.' | |
| + jsVersion + '.js"></script>'); | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 1572┆ el.children[1].innerHTML = '<div style="padding: 5px;">' + msg + '</div>'; | |
| ⋮┆---------------------------------------- | |
| 1842┆ el.innerHTML = msg; | |
| ⋮┆---------------------------------------- | |
| 1883┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| ❯❱ javascript.browser.security.raw-html-concat.raw-html-concat | |
| User controlled data in a HTML string may result in XSS | |
| Details: https://sg.run/4xAx | |
| 1883┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 1890┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| ❯❱ javascript.browser.security.raw-html-concat.raw-html-concat | |
| User controlled data in a HTML string may result in XSS | |
| Details: https://sg.run/4xAx | |
| 1890┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| js/core.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 563┆ TCaptcha.msgNode.innerHTML = `<div>${txt}</div>`; | |
| ⋮┆---------------------------------------- | |
| 751┆ el.innerHTML = data; | |
| ⋮┆---------------------------------------- | |
| 908┆ cnt.innerHTML = '<img alt="4chan" src="//s.4cdn.org/image/title/' | |
| 909┆ + cnt.getAttribute('data-src') + '">'; | |
| ⋮┆---------------------------------------- | |
| 952┆ el.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 1278┆ cnt.innerHTML = `<div class="adg-rects desktop"><div class="adg adp-90" data- | |
| abc="${fb.t_abc_d}"></div></div>`; | |
| ⋮┆---------------------------------------- | |
| 1282┆ cnt.innerHTML = `<div class="adg-rects mobile"><div class="adg-m adp-250" data- | |
| abc="${fb.t_abc_m}"></div></div>`; | |
| ⋮┆---------------------------------------- | |
| 1299┆ cnt.innerHTML = `<div class="adg-rects mobile"><div class="adg-m adp-250" data- | |
| abc="${fb.b_abc_m}"></div></div>`; | |
| ⋮┆---------------------------------------- | |
| 1516┆ document.write('<script type="text/javascript" src="https://s.4cdn.org/js/' + path + '.' | |
| + jsVersion + '.js"></script>'); | |
| ❯❱ javascript.lang.security.audit.unknown-value-with-script-tag.unknown-value-with-script-tag | |
| Cannot determine what 'path' is and it is used with a '<script>' tag. This could be susceptible to | |
| cross-site scripting (XSS). Ensure 'path' is not externally controlled, or sanitize this data. | |
| Details: https://sg.run/1Zy1 | |
| 1516┆ document.write('<script type="text/javascript" src="https://s.4cdn.org/js/' + path + '.' | |
| + jsVersion + '.js"></script>'); | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 1590┆ el.children[1].innerHTML = '<div style="padding: 5px;">' + msg + '</div>'; | |
| ⋮┆---------------------------------------- | |
| 1860┆ el.innerHTML = msg; | |
| ⋮┆---------------------------------------- | |
| 1901┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| ❯❱ javascript.browser.security.raw-html-concat.raw-html-concat | |
| User controlled data in a HTML string may result in XSS | |
| Details: https://sg.run/4xAx | |
| 1901┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 1908┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| ❯❱ javascript.browser.security.raw-html-concat.raw-html-concat | |
| User controlled data in a HTML string may result in XSS | |
| Details: https://sg.run/4xAx | |
| 1908┆ css.innerHTML = '<meta http-equiv="refresh" content="0;URL=' + url + '">'; | |
| js/extension-test-sync2.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 531┆ container.innerHTML = | |
| 532┆ (isOP ? '' : '<div class="sideArrows" id="sa' + data.no + '">>></div>') + | |
| 533┆ '<div id="p' + data.no + '" class="post ' + postType + highlight + '">' + | |
| 534┆ '<div class="postInfoM mobile" id="pim' + data.no + '">' + | |
| 535┆ '<span class="nameBlock' + capcodeClass + '">' + | |
| 536┆ '<span class="name">' + name + '</span>' + tripcode + | |
| 537┆ capcodeStart + capcode + userId + flag + | |
| 538┆ '<br>' + subject + | |
| 539┆ '</span><span class="dateTime postNum" data-utc="' + data.time + '">' + | |
| 540┆ data.now + ' <a href="' + data.no + '#p' + data.no + '" title="Link to this | |
| post">No.</a>' + | |
| [hid 23 additional lines, adjust with --max-lines-per-finding] | |
| 653┆ el.innerHTML = '<img alt="H" class="extButton threadHideButton"' | |
| 654┆ + 'data-cmd="hide" data-id="' + tid + '" src="' | |
| 655┆ + Main.icons.minus + '" title="Hide thread">'; | |
| ⋮┆---------------------------------------- | |
| 813┆ el.innerHTML = prettyPrintOne(el.innerHTML); | |
| ⋮┆---------------------------------------- | |
| 910┆ filename.firstElementChild.innerHTML = txt; | |
| ⋮┆---------------------------------------- | |
| 989┆ bl.innerHTML = '<a href="' + href + '" class="quotelink">>>' + pid + '</a> '; | |
| ⋮┆---------------------------------------- | |
| 992┆ bl.innerHTML = '<a href="' + href + '" class="quotelink">>>' + pid | |
| 993┆ + '</a><a href="' + href + '" class="quoteLink"> #</a> '; | |
| ⋮┆---------------------------------------- | |
| 1031┆ el.innerHTML = oRep + oImg | |
| 1032┆ + ' omitted. <a href="thread/' | |
| 1033┆ + tid + '" class="replylink">Click here</a> to view.'; | |
| ⋮┆---------------------------------------- | |
| 1398┆ div.innerHTML = html + '</ul>'; | |
| ⋮┆---------------------------------------- | |
| 2820┆ cnt.innerHTML = | |
| 2821┆ '<div id="qrHeader" class="drag postblock">Reply to Thread No.<span id="qrTid">' | |
| 2822┆ + tid + '</span><img alt="X" src="' + Main.icons.cross + '" id="qrClose" ' | |
| 2823┆ + 'class="extButton" title="Close Window"></div>'; | |
| ⋮┆---------------------------------------- | |
| 2827┆ form.innerHTML = | |
| 2828┆ '<input type="hidden" value="' | |
| 2829┆ + $.byName('MAX_FILE_SIZE')[0].value + '" name="MAX_FILE_SIZE">' | |
| 2830┆ + '<input type="hidden" value="regist" name="mode">' | |
| 2831┆ + '<input id="qrResto" type="hidden" value="' + tid + '" name="resto">'; | |
| ⋮┆---------------------------------------- | |
| 2881┆ row.innerHTML = fields[i].children[1].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 2937┆ spoiler.innerHTML = '<label>[<input type="checkbox" tabindex="' | |
| 2938┆ + (el.tabIndex + 20) + '" value="on" name="spoiler">Spoiler?]</label>'; | |
| ⋮┆---------------------------------------- | |
| 3099┆ el.innerHTML = '<div class="placeholder">' | |
| 3100┆ + el.getAttribute('data-placeholder') + '</div>'; | |
| ⋮┆---------------------------------------- | |
| 3114┆ row.innerHTML = '<img id="qrCaptcha" title="Reload" width="300" height="57" src="' | |
| 3115┆ + $.id('recaptcha_challenge_image').src + '" alt="reCAPTCHA challenge image">' | |
| 3116┆ + (window.preupload_captcha ? '<input id="qrCapToken" type="hidden" | |
| name="captcha_token" disabled>' : '') | |
| 3117┆ + '<input id="qrCapField" tabindex="25" name="recaptcha_response_field" ' | |
| 3118┆ + 'placeholder="Type the text (Required)" ' | |
| 3119┆ + 'type="text" autocomplete="off" autocorrect="off" autocapitalize="off" | |
| spellcheck="false">' | |
| 3120┆ + '<input id="qrChallenge" name="recaptcha_challenge_field" type="hidden" value="' | |
| 3121┆ + $.id('recaptcha_challenge_field').value + '">'; | |
| ⋮┆---------------------------------------- | |
| 3222┆ qrError.innerHTML = msg; | |
| ⋮┆---------------------------------------- | |
| 3893┆ cnt.innerHTML = '<div class="drag" id="twHeader">' | |
| 3894┆ + (Main.hasMobileLayout ? ('<img id="twClose" class="pointer" src="' | |
| 3895┆ + Main.icons.cross + '" alt="X">') : '') | |
| 3896┆ + 'Thread Watcher' | |
| 3897┆ + (UA.hasCORS ? ('<img id="twPrune" class="pointer right" src="' | |
| 3898┆ + Main.icons.refresh + '" alt="R" title="Refresh"></div>') : '</div>'); | |
| ⋮┆---------------------------------------- | |
| 4004┆ ThreadWatcher.listNode.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 4324┆ msg.innerHTML = $.cls('postMessage', post)[0].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 4370┆ msg.innerHTML = expmsg.textContent; | |
| ⋮┆---------------------------------------- | |
| 4381┆ msg.innerHTML = expmsg.textContent; | |
| ⋮┆---------------------------------------- | |
| 4443┆ msg.innerHTML = posts[0].com + '<br><br>'; | |
| ⋮┆---------------------------------------- | |
| 4447┆ msg.innerHTML = posts[0].com; | |
| ⋮┆---------------------------------------- | |
| 5115┆ this.statusNode.innerHTML | |
| 5116┆ = this.statusNodeBot.innerHTML | |
| 5117┆ = '<span class="tu-error">' + msg + '</span>'; | |
| ⋮┆---------------------------------------- | |
| 5210┆ this.nodeTop.innerHTML = this.nodeBot.innerHTML | |
| 5211┆ = stats.join(' / '); | |
| ⋮┆---------------------------------------- | |
| 5356┆ this.entities.innerHTML | |
| 5357┆ = msg.innerHTML.replace(/<br>/g, '\n').replace(/[<[^>]+>/g, ''); | |
| ⋮┆---------------------------------------- | |
| 5413┆ el.innerHTML = '[<a data-filtered="1" href="thread/' + tid + '">View</a>]'; | |
| ⋮┆---------------------------------------- | |
| 5554┆ cnt.innerHTML = '\ | |
| 5555┆ <div class="extPanel reply"><div class="panelHeader">Filters & Highlights Help\ | |
| 5556┆ <span><img alt="Close" title="Close" class="pointer" data-cmd="filters-help-close" | |
| src="' | |
| 5557┆ + Main.icons.cross + '"></span></div>\ | |
| 5558┆ <h4>Tripcode, Name and ID filters:</h4>\ | |
| 5559┆ <ul><li>Those use simple string comparison.</li>\ | |
| 5560┆ <li>Type them exactly as they appear on 4chan, including the exclamation mark for | |
| tripcode filters.</li>\ | |
| 5561┆ <li>Example: <code>!Ep8pui8Vw2</code></li></ul>\ | |
| 5562┆ <h4>Comment, Subject and E-mail filters:</h4>\ | |
| 5563┆ <ul><li><strong>Matching whole words:</strong></li>\ | |
| [hid 20 additional lines, adjust with --max-lines-per-finding] | |
| 5610┆ cnt.innerHTML = '\ | |
| 5611┆ <div class="extPanel reply"><div class="panelHeader">Filters & Highlights\ | |
| 5612┆ <span><img alt="Help" class="pointer" title="Help" data-cmd="filters-help-open" src="' | |
| 5613┆ + Main.icons.help | |
| 5614┆ + '"><img alt="Close" title="Close" class="pointer" data-cmd="filters-close" src="' | |
| 5615┆ + Main.icons.cross + '"></span></div>\ | |
| 5616┆ <table><thead><tr>\ | |
| 5617┆ <th>Order</th>\ | |
| 5618┆ <th>On</th>\ | |
| 5619┆ <th>Pattern</th>\ | |
| [hid 9 additional lines, adjust with --max-lines-per-finding] | |
| 5795┆ tr.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 5834┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 6015┆ el.innerHTML = '[<a href="' + src.href + '">Embed</a>]'; | |
| ⋮┆---------------------------------------- | |
| 6168┆ msg.innerHTML = msg.innerHTML.replace(this.matchSC, this.replaceSoundCloud); | |
| ⋮┆---------------------------------------- | |
| 6195┆ el.innerHTML = JSON.parse(this.responseText).html; | |
| ⋮┆---------------------------------------- | |
| 6210┆ msg.innerHTML = msg.innerHTML.replace(this.matchYT, this.replaceYouTube); | |
| ⋮┆---------------------------------------- | |
| 6281┆ el.innerHTML = '<iframe src="//www.youtube.com/embed/' | |
| 6282┆ + vid | |
| 6283┆ + '" width="640" height="360" frameborder="0"></iframe>' | |
| ⋮┆---------------------------------------- | |
| 6296┆ msg.innerHTML = msg.innerHTML.replace(this.matchVocaroo, this.replaceVocaroo); | |
| ⋮┆---------------------------------------- | |
| 6319┆ el.innerHTML = '<embed width="220" height="140" class="media-embed" ' | |
| 6320┆ + 'src="//vocaroo.com/mediafoo.swf?playMediaID=' + vid + '&autoplay=0">'; | |
| ⋮┆---------------------------------------- | |
| 6367┆ cnt.innerHTML = '\ | |
| 6368┆ <div class="extPanel reply"><div class="panelHeader">Custom CSS\ | |
| 6369┆ <span><img alt="Close" title="Close" class="pointer" data-cmd="css-close" src="' | |
| 6370┆ + Main.icons.cross + '"></span></div>\ | |
| 6371┆ <textarea id="customCSSBox"></textarea>\ | |
| 6372┆ <div class="center"><button data-cmd="css-save">Save CSS</button></div>\ | |
| 6373┆ </td></tr></tfoot></table></div>'; | |
| ⋮┆---------------------------------------- | |
| 6506┆ cnt.innerHTML = '\ | |
| 6507┆ <div class="extPanel reply"><div class="panelHeader">Keyboard Shortcuts\ | |
| 6508┆ <span><img data-cmd="keybinds-close" class="pointer" alt="Close" title="Close" src="' | |
| 6509┆ + Main.icons.cross + '"></span></div>\ | |
| 6510┆ <ul>\ | |
| 6511┆ <li><strong>Global</strong></li>\ | |
| 6512┆ <li><kbd>A</kbd> — Toggle auto-updater</li>\ | |
| 6513┆ <li><kbd>Q</kbd> — Open Quick Reply</li>\ | |
| 6514┆ <li><kbd>R</kbd> — Update thread</li>\ | |
| 6515┆ <li><kbd>W</kbd> — Watch/Unwatch thread</li>\ | |
| [hid 11 additional lines, adjust with --max-lines-per-finding] | |
| 6686┆ cnt.innerHTML = '\ | |
| 6687┆ <div class="extPanel reply"><div class="panelHeader">Custom Board List\ | |
| 6688┆ <span><img alt="Close" title="Close" class="pointer" data-close="1" src="' | |
| 6689┆ + Main.icons.cross + '"></a></span></div>\ | |
| 6690┆ <input placeholder="Example: jp tg mu" id="customMenuBox" type="text" value="">\ | |
| 6691┆ <div class="center"><button data-save="1">Save</button></div></div>'; | |
| ⋮┆---------------------------------------- | |
| 7159┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 7183┆ cnt.innerHTML = '\ | |
| 7184┆ <div class="extPanel reply"><div class="panelHeader">Export Settings\ | |
| 7185┆ <span><img data-cmd="export-close" class="pointer" alt="Close" title="Close" src="' | |
| 7186┆ + Main.icons.cross + '"></span></div>\ | |
| 7187┆ <p class="center">Copy and save the URL below, and visit it from another \ | |
| 7188┆ browser or computer to restore your extension and catalog settings.</p>\ | |
| 7189┆ <p class="center">\ | |
| 7190┆ <input class="export-field" type="text" readonly="readonly" value="' + str + '"></p>\ | |
| 7191┆ <p style="margin-top:15px" class="center">Alternatively, you can drag the link below into | |
| your \ | |
| 7192┆ bookmarks bar and click it to restore.</p>\ | |
| [hid 2 additional lines, adjust with --max-lines-per-finding] | |
| ❯❱ javascript.browser.security.raw-html-concat.raw-html-concat | |
| User controlled data in a HTML string may result in XSS | |
| Details: https://sg.run/4xAx | |
| 7183┆ cnt.innerHTML = '\ | |
| 7184┆ <div class="extPanel reply"><div class="panelHeader">Export Settings\ | |
| 7185┆ <span><img data-cmd="export-close" class="pointer" alt="Close" title="Close" src="' | |
| 7186┆ + Main.icons.cross + '"></span></div>\ | |
| 7187┆ <p class="center">Copy and save the URL below, and visit it from another \ | |
| 7188┆ browser or computer to restore your extension and catalog settings.</p>\ | |
| 7189┆ <p class="center">\ | |
| 7190┆ <input class="export-field" type="text" readonly="readonly" value="' + str + '"></p>\ | |
| 7191┆ <p style="margin-top:15px" class="center">Alternatively, you can drag the link below into | |
| your \ | |
| 7192┆ bookmarks bar and click it to restore.</p>\ | |
| [hid 2 additional lines, adjust with --max-lines-per-finding] | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 7285┆ el.innerHTML = message || 'Change your settings'; | |
| ⋮┆---------------------------------------- | |
| 7720┆ hdr.innerHTML = '<img class="pointer" src="' | |
| 7721┆ + Main.icons.up + '" data-cmd="totop" alt="▲" title="Top">' | |
| 7722┆ + '<img class="pointer" src="' + Main.icons.down | |
| 7723┆ + '" data-cmd="tobottom" alt="▼" title="Bottom">'; | |
| js/extension-test.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 862┆ container.innerHTML = | |
| 863┆ (isOP ? '' : '<div class="sideArrows" id="sa' + data.no + '">>></div>') + | |
| 864┆ '<div id="p' + data.no + '" class="post ' + postType + highlight + '">' + | |
| 865┆ '<div class="postInfoM mobile" id="pim' + data.no + '">' + | |
| 866┆ '<span class="nameBlock' + capcodeClass + '">' + boardTag + | |
| 867┆ mName + tripcode + | |
| 868┆ capcodeStart + capcode + userId + flag + | |
| 869┆ '<br>' + subject + | |
| 870┆ '</span><span class="dateTime postNum" data-utc="' + data.time + '">' + | |
| 871┆ data.now + ' <a href="' + noLink + '" title="Link to this post">No.</a><a href="' + | |
| [hid 26 additional lines, adjust with --max-lines-per-finding] | |
| 985┆ el.innerHTML = '<img alt="H" class="extButton threadHideButton"' | |
| 986┆ + 'data-cmd="hide" data-id="' + tid + '" src="' | |
| 987┆ + Main.icons.minus + '" title="Hide thread">'; | |
| ⋮┆---------------------------------------- | |
| 1154┆ el.innerHTML = window.prettyPrintOne(el.innerHTML); | |
| ⋮┆---------------------------------------- | |
| 1181┆ filename.firstElementChild.innerHTML = txt; | |
| ⋮┆---------------------------------------- | |
| 1304┆ el.innerHTML = ' <a href="#" data-pid="' + pid + '" data-tid="' | |
| 1305┆ + tid + '" data-tip="Open in Tegaki" data-cmd="qr-painter-edit">Edit</a>'; | |
| ⋮┆---------------------------------------- | |
| 1367┆ bl.innerHTML = '<a href="' + href + '" class="quotelink">>>' + pid + '</a> '; | |
| ⋮┆---------------------------------------- | |
| 1370┆ bl.innerHTML = '<a href="' + href + '" class="quotelink">>>' + pid | |
| 1371┆ + '</a><a href="' + href + '" class="quoteLink"> #</a> '; | |
| ⋮┆---------------------------------------- | |
| 1411┆ el.innerHTML = oRep + oImg | |
| 1412┆ + ' omitted. <a href="thread/' | |
| 1413┆ + tid + '" class="replylink">Click here</a> to view.'; | |
| ⋮┆---------------------------------------- | |
| 1702┆ div.innerHTML = html + '</ul>'; | |
| ⋮┆---------------------------------------- | |
| 2087┆ cnt.innerHTML = '<div id="js-sf-status" class="js-sf-' + cls + '">' + msg + '</div>'; | |
| ⋮┆---------------------------------------- | |
| 3438┆ fileEl.innerHTML = el.getAttribute('title') || el.innerHTML; | |
| ⋮┆---------------------------------------- | |
| 3674┆ el.innerHTML = '\ | |
| 3675┆ <div class="extPanel reply"><div class="panelHeader"><span class="tex- | |
| logo">T<sub>e</sub>X</span> Preview\ | |
| 3676┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-cmd="close- | |
| tex-preview" src="' | |
| 3677┆ + Main.icons.cross + '"></span></div><div id="tex-protip">Use [math][/math] tags for | |
| inline, and [eqn][/eqn] tags for block equations.</div><textarea id="input-tex- | |
| preview"></textarea>\ | |
| 3678┆ <div id="output-tex-preview"></div></div>'; | |
| ⋮┆---------------------------------------- | |
| 4091┆ cnt.innerHTML = | |
| 4092┆ '<div id="qrHeader" class="drag postblock">' | |
| 4093┆ + (window.math_tags ? '<a data-cmd="open-tex-preview" class="desktop pointer left tex- | |
| logo" ' | |
| 4094┆ + 'data-tip="Preview TeX equations">T<sub>e</sub>X</a>' : '') | |
| 4095┆ + 'Reply to Thread No.<span id="qrTid">' | |
| 4096┆ + tid + '</span><img alt="X" src="' + Main.icons.cross + '" id="qrClose" ' | |
| 4097┆ + 'class="extButton" title="Close Window"></div>'; | |
| ⋮┆---------------------------------------- | |
| 4102┆ form.innerHTML = | |
| 4103┆ ( | |
| 4104┆ (mfs = $.byName('MAX_FILE_SIZE')[0]) | |
| 4105┆ ? ('<input type="hidden" value="' + mfs.value + '" name="MAX_FILE_SIZE">') | |
| 4106┆ : '' | |
| 4107┆ ) | |
| 4108┆ + '<input type="hidden" value="regist" name="mode">' | |
| 4109┆ + '<input id="qrResto" type="hidden" value="' + tid + '" name="resto">'; | |
| ⋮┆---------------------------------------- | |
| 4143┆ row.innerHTML = fields[i].children[1].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 4151┆ row.innerHTML = fields[i].children[1].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 4481┆ qrError.innerHTML = msg; | |
| ⋮┆---------------------------------------- | |
| 5279┆ cnt.innerHTML = '<div class="drag" id="twHeader">' | |
| 5280┆ + (Main.hasMobileLayout ? ('<img id="twClose" class="pointer" src="' | |
| 5281┆ + Main.icons.cross + '" alt="X">') : '') | |
| 5282┆ + 'Thread Watcher' | |
| 5283┆ + (UA.hasCORS ? ('<img id="twPrune" class="pointer right" src="' | |
| 5284┆ + Main.icons.refresh + '" alt="R" title="Refresh"></div>') : '</div>'); | |
| ⋮┆---------------------------------------- | |
| 5418┆ ThreadWatcher.listNode.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 5834┆ dummy.innerHTML = posts[i].com; | |
| ⋮┆---------------------------------------- | |
| 5919┆ msg.innerHTML = $.cls('postMessage', post)[0].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 5965┆ msg.innerHTML = expmsg.textContent; | |
| ⋮┆---------------------------------------- | |
| 5976┆ msg.innerHTML = expmsg.textContent; | |
| ⋮┆---------------------------------------- | |
| 6043┆ msg.innerHTML = posts[0].com + '<br><br>'; | |
| ⋮┆---------------------------------------- | |
| 6047┆ msg.innerHTML = posts[0].com; | |
| ⋮┆---------------------------------------- | |
| 6702┆ this.statusNode.innerHTML | |
| 6703┆ = this.statusNodeBot.innerHTML | |
| 6704┆ = '<span class="tu-error">' + msg + '</span>'; | |
| ⋮┆---------------------------------------- | |
| 6812┆ this.nodeTop.innerHTML = this.nodeBot.innerHTML | |
| 6813┆ = stats.join(' / '); | |
| ⋮┆---------------------------------------- | |
| 6953┆ this.entities.innerHTML | |
| 6954┆ = post.com.replace(/<br>/g, '\n').replace(/[<[^>]+>/g, ''); | |
| ⋮┆---------------------------------------- | |
| 7023┆ this.entities.innerHTML | |
| 7024┆ = msg.innerHTML.replace(/<br>/g, '\n').replace(/[<[^>]+>/g, ''); | |
| ⋮┆---------------------------------------- | |
| 7085┆ el.innerHTML = '[<a data-cmd="unfilter" data-filtered="1" href="thread/' | |
| 7086┆ + tid + '">View</a>]'; | |
| ⋮┆---------------------------------------- | |
| 7238┆ cnt.innerHTML = '\ | |
| 7239┆ <div class="extPanel reply"><div class="panelHeader">Filters & Highlights Help\ | |
| 7240┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-cmd="filters- | |
| help-close" src="' | |
| 7241┆ + Main.icons.cross + '"></span></div>\ | |
| 7242┆ <h4>Tripcode, Name and ID filters:</h4>\ | |
| 7243┆ <ul><li>Those use simple string comparison.</li>\ | |
| 7244┆ <li>Type them exactly as they appear on 4chan, including the exclamation mark for | |
| tripcode filters.</li>\ | |
| 7245┆ <li>Example: <code>!Ep8pui8Vw2</code></li></ul>\ | |
| 7246┆ <h4>Comment, Subject and E-mail filters:</h4>\ | |
| 7247┆ <ul><li><strong>Matching whole words:</strong></li>\ | |
| [hid 22 additional lines, adjust with --max-lines-per-finding] | |
| 7296┆ cnt.innerHTML = '\ | |
| 7297┆ <div class="extPanel reply"><div class="panelHeader">Filters & Highlights\ | |
| 7298┆ <span class="panelCtrl"><img alt="Help" class="pointer" title="Help" data-cmd="filters- | |
| help-open" src="' | |
| 7299┆ + Main.icons.help | |
| 7300┆ + '"><img alt="Close" title="Close" class="pointer" data-cmd="filters-close" src="' | |
| 7301┆ + Main.icons.cross + '"></span></div>\ | |
| 7302┆ <table><thead><tr>\ | |
| 7303┆ <th></th>\ | |
| 7304┆ <th>On</th>\ | |
| 7305┆ <th>Pattern</th>\ | |
| [hid 10 additional lines, adjust with --max-lines-per-finding] | |
| 7489┆ tr.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 7528┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 7709┆ el.innerHTML = '[<a href="' + src.href + '">Embed</a>]'; | |
| ⋮┆---------------------------------------- | |
| 7869┆ el.innerHTML = el.innerHTML | |
| 7870┆ .replace(/<wbr>/g, '\u200b') | |
| 7871┆ .replace(this.linkRe, this.funk) | |
| 7872┆ .replace(/\u200b/g, '<wbr>'); | |
| ⋮┆---------------------------------------- | |
| 7936┆ msg.innerHTML = msg.innerHTML.replace(this.matchSC, this.replaceSoundCloud); | |
| ⋮┆---------------------------------------- | |
| 7977┆ el.innerHTML = JSON.parse(this.responseText).html; | |
| ⋮┆---------------------------------------- | |
| 7992┆ msg.innerHTML = msg.innerHTML.replace(this.matchYT, this.replaceYouTube); | |
| ⋮┆---------------------------------------- | |
| 8083┆ el.innerHTML = '<iframe src="//www.youtube.com/embed/' | |
| 8084┆ + vid | |
| 8085┆ + '" width="640" height="360" frameborder="0" allowfullscreen></iframe>'; | |
| ⋮┆---------------------------------------- | |
| 8172┆ cnt.innerHTML = '\ | |
| 8173┆ <div class="extPanel reply"><div class="panelHeader">Custom CSS\ | |
| 8174┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-cmd="css- | |
| close" src="' | |
| 8175┆ + Main.icons.cross + '"></span></div>\ | |
| 8176┆ <textarea id="customCSSBox"></textarea>\ | |
| 8177┆ <div class="center"><button data-cmd="css-save">Save CSS</button></div>\ | |
| 8178┆ </td></tr></tfoot></table></div>'; | |
| ⋮┆---------------------------------------- | |
| 8315┆ cnt.innerHTML = '\ | |
| 8316┆ <div class="extPanel reply"><div class="panelHeader">Keyboard Shortcuts\ | |
| 8317┆ <span class="panelCtrl"><img data-cmd="keybinds-close" class="pointer" alt="Close" | |
| title="Close" src="' | |
| 8318┆ + Main.icons.cross + '"></span></div>\ | |
| 8319┆ <ul>\ | |
| 8320┆ <li><strong>Global</strong></li>\ | |
| 8321┆ <li><kbd>A</kbd> — Toggle auto-updater</li>\ | |
| 8322┆ <li><kbd>Q</kbd> — Open Quick Reply</li>\ | |
| 8323┆ <li><kbd>R</kbd> — Update thread</li>\ | |
| 8324┆ <li><kbd>W</kbd> — Watch/Unwatch thread</li>\ | |
| [hid 11 additional lines, adjust with --max-lines-per-finding] | |
| 8615┆ cnt.innerHTML = '\ | |
| 8616┆ <div class="extPanel reply"><div class="panelHeader">Custom Board List\ | |
| 8617┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-close="1" | |
| src="' | |
| 8618┆ + Main.icons.cross + '"></span></div>\ | |
| 8619┆ <input placeholder="Example: jp tg mu" id="customMenuBox" type="text" value="">\ | |
| 8620┆ <div class="center"><button data-save="1">Save</button></div></div>'; | |
| ⋮┆---------------------------------------- | |
| 9130┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 9154┆ cnt.innerHTML = '\ | |
| 9155┆ <div class="extPanel reply"><div class="panelHeader">Export Settings\ | |
| 9156┆ <span class="panelCtrl"><img data-cmd="export-close" class="pointer" alt="Close" | |
| title="Close" src="' | |
| 9157┆ + Main.icons.cross + '"></span></div>\ | |
| 9158┆ <p class="center">Copy and save the URL below, and visit it from another \ | |
| 9159┆ browser or computer to restore your extension and catalog settings.</p>\ | |
| 9160┆ <p class="center">\ | |
| 9161┆ <input class="export-field" type="text" readonly="readonly" value="' + str + '"></p>\ | |
| 9162┆ <p style="margin-top:15px" class="center">Alternatively, you can drag the link below into | |
| your \ | |
| 9163┆ bookmarks bar and click it to restore.</p>\ | |
| [hid 2 additional lines, adjust with --max-lines-per-finding] | |
| ❯❱ javascript.browser.security.raw-html-concat.raw-html-concat | |
| User controlled data in a HTML string may result in XSS | |
| Details: https://sg.run/4xAx | |
| 9154┆ cnt.innerHTML = '\ | |
| 9155┆ <div class="extPanel reply"><div class="panelHeader">Export Settings\ | |
| 9156┆ <span class="panelCtrl"><img data-cmd="export-close" class="pointer" alt="Close" | |
| title="Close" src="' | |
| 9157┆ + Main.icons.cross + '"></span></div>\ | |
| 9158┆ <p class="center">Copy and save the URL below, and visit it from another \ | |
| 9159┆ browser or computer to restore your extension and catalog settings.</p>\ | |
| 9160┆ <p class="center">\ | |
| 9161┆ <input class="export-field" type="text" readonly="readonly" value="' + str + '"></p>\ | |
| 9162┆ <p style="margin-top:15px" class="center">Alternatively, you can drag the link below into | |
| your \ | |
| 9163┆ bookmarks bar and click it to restore.</p>\ | |
| [hid 2 additional lines, adjust with --max-lines-per-finding] | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 9255┆ el.innerHTML = '<span class="feedback-' + type + '">' + msg + '</span>'; | |
| ⋮┆---------------------------------------- | |
| 9311┆ el.innerHTML = message || 'Change your settings'; | |
| ⋮┆---------------------------------------- | |
| 9386┆ el.innerHTML = '<a href="#bottom">▼</a>' | |
| 9387┆ + '<a href="javascript:void(0);" id="settingsWindowLinkClassic">Settings</a>' | |
| 9388┆ + '<a href="//www.' + $L.d(Main.board) + '" target="_top">Home</a></div>'; | |
| ⋮┆---------------------------------------- | |
| 9821┆ hdr.innerHTML = '<img class="pointer" src="' | |
| 9822┆ + Main.icons.up + '" data-cmd="totop" alt="▲" title="Top">' | |
| 9823┆ + '<img class="pointer" src="' + Main.icons.down | |
| 9824┆ + '" data-cmd="tobottom" alt="▼" title="Bottom">'; | |
| js/extension.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 862┆ container.innerHTML = | |
| 863┆ (isOP ? '' : '<div class="sideArrows" id="sa' + data.no + '">>></div>') + | |
| 864┆ '<div id="p' + data.no + '" class="post ' + postType + highlight + '">' + | |
| 865┆ '<div class="postInfoM mobile" id="pim' + data.no + '">' + | |
| 866┆ '<span class="nameBlock' + capcodeClass + '">' + boardTag + | |
| 867┆ mName + tripcode + | |
| 868┆ capcodeStart + capcode + userId + flag + | |
| 869┆ '<br>' + subject + | |
| 870┆ '</span><span class="dateTime postNum" data-utc="' + data.time + '">' + | |
| 871┆ data.now + ' <a href="' + noLink + '" title="Link to this post">No.</a><a href="' + | |
| [hid 26 additional lines, adjust with --max-lines-per-finding] | |
| 985┆ el.innerHTML = '<img alt="H" class="extButton threadHideButton"' | |
| 986┆ + 'data-cmd="hide" data-id="' + tid + '" src="' | |
| 987┆ + Main.icons.minus + '" title="Hide thread">'; | |
| ⋮┆---------------------------------------- | |
| 1154┆ el.innerHTML = window.prettyPrintOne(el.innerHTML); | |
| ⋮┆---------------------------------------- | |
| 1181┆ filename.firstElementChild.innerHTML = txt; | |
| ⋮┆---------------------------------------- | |
| 1304┆ el.innerHTML = ' <a href="#" data-pid="' + pid + '" data-tid="' | |
| 1305┆ + tid + '" data-tip="Open in Tegaki" data-cmd="qr-painter-edit">Edit</a>'; | |
| ⋮┆---------------------------------------- | |
| 1367┆ bl.innerHTML = '<a href="' + href + '" class="quotelink">>>' + pid + '</a> '; | |
| ⋮┆---------------------------------------- | |
| 1370┆ bl.innerHTML = '<a href="' + href + '" class="quotelink">>>' + pid | |
| 1371┆ + '</a><a href="' + href + '" class="quoteLink"> #</a> '; | |
| ⋮┆---------------------------------------- | |
| 1411┆ el.innerHTML = oRep + oImg | |
| 1412┆ + ' omitted. <a href="thread/' | |
| 1413┆ + tid + '" class="replylink">Click here</a> to view.'; | |
| ⋮┆---------------------------------------- | |
| 1702┆ div.innerHTML = html + '</ul>'; | |
| ⋮┆---------------------------------------- | |
| 2087┆ cnt.innerHTML = '<div id="js-sf-status" class="js-sf-' + cls + '">' + msg + '</div>'; | |
| ⋮┆---------------------------------------- | |
| 3438┆ fileEl.innerHTML = el.getAttribute('title') || el.innerHTML; | |
| ⋮┆---------------------------------------- | |
| 3674┆ el.innerHTML = '\ | |
| 3675┆ <div class="extPanel reply"><div class="panelHeader"><span class="tex- | |
| logo">T<sub>e</sub>X</span> Preview\ | |
| 3676┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-cmd="close- | |
| tex-preview" src="' | |
| 3677┆ + Main.icons.cross + '"></span></div><div id="tex-protip">Use [math][/math] tags for | |
| inline, and [eqn][/eqn] tags for block equations.</div><textarea id="input-tex- | |
| preview"></textarea>\ | |
| 3678┆ <div id="output-tex-preview"></div></div>'; | |
| ⋮┆---------------------------------------- | |
| 4091┆ cnt.innerHTML = | |
| 4092┆ '<div id="qrHeader" class="drag postblock">' | |
| 4093┆ + (window.math_tags ? '<a data-cmd="open-tex-preview" class="desktop pointer left tex- | |
| logo" ' | |
| 4094┆ + 'data-tip="Preview TeX equations">T<sub>e</sub>X</a>' : '') | |
| 4095┆ + 'Reply to Thread No.<span id="qrTid">' | |
| 4096┆ + tid + '</span><img alt="X" src="' + Main.icons.cross + '" id="qrClose" ' | |
| 4097┆ + 'class="extButton" title="Close Window"></div>'; | |
| ⋮┆---------------------------------------- | |
| 4102┆ form.innerHTML = | |
| 4103┆ ( | |
| 4104┆ (mfs = $.byName('MAX_FILE_SIZE')[0]) | |
| 4105┆ ? ('<input type="hidden" value="' + mfs.value + '" name="MAX_FILE_SIZE">') | |
| 4106┆ : '' | |
| 4107┆ ) | |
| 4108┆ + '<input type="hidden" value="regist" name="mode">' | |
| 4109┆ + '<input id="qrResto" type="hidden" value="' + tid + '" name="resto">'; | |
| ⋮┆---------------------------------------- | |
| 4143┆ row.innerHTML = fields[i].children[1].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 4151┆ row.innerHTML = fields[i].children[1].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 4481┆ qrError.innerHTML = msg; | |
| ⋮┆---------------------------------------- | |
| 5279┆ cnt.innerHTML = '<div class="drag" id="twHeader">' | |
| 5280┆ + (Main.hasMobileLayout ? ('<img id="twClose" class="pointer" src="' | |
| 5281┆ + Main.icons.cross + '" alt="X">') : '') | |
| 5282┆ + 'Thread Watcher' | |
| 5283┆ + (UA.hasCORS ? ('<img id="twPrune" class="pointer right" src="' | |
| 5284┆ + Main.icons.refresh + '" alt="R" title="Refresh"></div>') : '</div>'); | |
| ⋮┆---------------------------------------- | |
| 5418┆ ThreadWatcher.listNode.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 5834┆ dummy.innerHTML = posts[i].com; | |
| ⋮┆---------------------------------------- | |
| 5919┆ msg.innerHTML = $.cls('postMessage', post)[0].innerHTML; | |
| ⋮┆---------------------------------------- | |
| 5965┆ msg.innerHTML = expmsg.textContent; | |
| ⋮┆---------------------------------------- | |
| 5976┆ msg.innerHTML = expmsg.textContent; | |
| ⋮┆---------------------------------------- | |
| 6043┆ msg.innerHTML = posts[0].com + '<br><br>'; | |
| ⋮┆---------------------------------------- | |
| 6047┆ msg.innerHTML = posts[0].com; | |
| ⋮┆---------------------------------------- | |
| 6702┆ this.statusNode.innerHTML | |
| 6703┆ = this.statusNodeBot.innerHTML | |
| 6704┆ = '<span class="tu-error">' + msg + '</span>'; | |
| ⋮┆---------------------------------------- | |
| 6812┆ this.nodeTop.innerHTML = this.nodeBot.innerHTML | |
| 6813┆ = stats.join(' / '); | |
| ⋮┆---------------------------------------- | |
| 6953┆ this.entities.innerHTML | |
| 6954┆ = post.com.replace(/<br>/g, '\n').replace(/[<[^>]+>/g, ''); | |
| ⋮┆---------------------------------------- | |
| 7023┆ this.entities.innerHTML | |
| 7024┆ = msg.innerHTML.replace(/<br>/g, '\n').replace(/[<[^>]+>/g, ''); | |
| ⋮┆---------------------------------------- | |
| 7085┆ el.innerHTML = '[<a data-cmd="unfilter" data-filtered="1" href="thread/' | |
| 7086┆ + tid + '">View</a>]'; | |
| ⋮┆---------------------------------------- | |
| 7238┆ cnt.innerHTML = '\ | |
| 7239┆ <div class="extPanel reply"><div class="panelHeader">Filters & Highlights Help\ | |
| 7240┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-cmd="filters- | |
| help-close" src="' | |
| 7241┆ + Main.icons.cross + '"></span></div>\ | |
| 7242┆ <h4>Tripcode, Name and ID filters:</h4>\ | |
| 7243┆ <ul><li>Those use simple string comparison.</li>\ | |
| 7244┆ <li>Type them exactly as they appear on 4chan, including the exclamation mark for | |
| tripcode filters.</li>\ | |
| 7245┆ <li>Example: <code>!Ep8pui8Vw2</code></li></ul>\ | |
| 7246┆ <h4>Comment, Subject and E-mail filters:</h4>\ | |
| 7247┆ <ul><li><strong>Matching whole words:</strong></li>\ | |
| [hid 22 additional lines, adjust with --max-lines-per-finding] | |
| 7296┆ cnt.innerHTML = '\ | |
| 7297┆ <div class="extPanel reply"><div class="panelHeader">Filters & Highlights\ | |
| 7298┆ <span class="panelCtrl"><img alt="Help" class="pointer" title="Help" data-cmd="filters- | |
| help-open" src="' | |
| 7299┆ + Main.icons.help | |
| 7300┆ + '"><img alt="Close" title="Close" class="pointer" data-cmd="filters-close" src="' | |
| 7301┆ + Main.icons.cross + '"></span></div>\ | |
| 7302┆ <table><thead><tr>\ | |
| 7303┆ <th></th>\ | |
| 7304┆ <th>On</th>\ | |
| 7305┆ <th>Pattern</th>\ | |
| [hid 10 additional lines, adjust with --max-lines-per-finding] | |
| 7489┆ tr.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 7528┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 7709┆ el.innerHTML = '[<a href="' + src.href + '">Embed</a>]'; | |
| ⋮┆---------------------------------------- | |
| 7869┆ el.innerHTML = el.innerHTML | |
| 7870┆ .replace(/<wbr>/g, '\u200b') | |
| 7871┆ .replace(this.linkRe, this.funk) | |
| 7872┆ .replace(/\u200b/g, '<wbr>'); | |
| ⋮┆---------------------------------------- | |
| 7936┆ msg.innerHTML = msg.innerHTML.replace(this.matchSC, this.replaceSoundCloud); | |
| ⋮┆---------------------------------------- | |
| 7977┆ el.innerHTML = JSON.parse(this.responseText).html; | |
| ⋮┆---------------------------------------- | |
| 7992┆ msg.innerHTML = msg.innerHTML.replace(this.matchYT, this.replaceYouTube); | |
| ⋮┆---------------------------------------- | |
| 8083┆ el.innerHTML = '<iframe src="//www.youtube.com/embed/' | |
| 8084┆ + vid | |
| 8085┆ + '" width="640" height="360" frameborder="0" allowfullscreen></iframe>'; | |
| ⋮┆---------------------------------------- | |
| 8172┆ cnt.innerHTML = '\ | |
| 8173┆ <div class="extPanel reply"><div class="panelHeader">Custom CSS\ | |
| 8174┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-cmd="css- | |
| close" src="' | |
| 8175┆ + Main.icons.cross + '"></span></div>\ | |
| 8176┆ <textarea id="customCSSBox"></textarea>\ | |
| 8177┆ <div class="center"><button data-cmd="css-save">Save CSS</button></div>\ | |
| 8178┆ </td></tr></tfoot></table></div>'; | |
| ⋮┆---------------------------------------- | |
| 8315┆ cnt.innerHTML = '\ | |
| 8316┆ <div class="extPanel reply"><div class="panelHeader">Keyboard Shortcuts\ | |
| 8317┆ <span class="panelCtrl"><img data-cmd="keybinds-close" class="pointer" alt="Close" | |
| title="Close" src="' | |
| 8318┆ + Main.icons.cross + '"></span></div>\ | |
| 8319┆ <ul>\ | |
| 8320┆ <li><strong>Global</strong></li>\ | |
| 8321┆ <li><kbd>A</kbd> — Toggle auto-updater</li>\ | |
| 8322┆ <li><kbd>Q</kbd> — Open Quick Reply</li>\ | |
| 8323┆ <li><kbd>R</kbd> — Update thread</li>\ | |
| 8324┆ <li><kbd>W</kbd> — Watch/Unwatch thread</li>\ | |
| [hid 11 additional lines, adjust with --max-lines-per-finding] | |
| 8615┆ cnt.innerHTML = '\ | |
| 8616┆ <div class="extPanel reply"><div class="panelHeader">Custom Board List\ | |
| 8617┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-close="1" | |
| src="' | |
| 8618┆ + Main.icons.cross + '"></span></div>\ | |
| 8619┆ <input placeholder="Example: jp tg mu" id="customMenuBox" type="text" value="">\ | |
| 8620┆ <div class="center"><button data-save="1">Save</button></div></div>'; | |
| ⋮┆---------------------------------------- | |
| 9130┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 9154┆ cnt.innerHTML = '\ | |
| 9155┆ <div class="extPanel reply"><div class="panelHeader">Export Settings\ | |
| 9156┆ <span class="panelCtrl"><img data-cmd="export-close" class="pointer" alt="Close" | |
| title="Close" src="' | |
| 9157┆ + Main.icons.cross + '"></span></div>\ | |
| 9158┆ <p class="center">Copy and save the URL below, and visit it from another \ | |
| 9159┆ browser or computer to restore your extension and catalog settings.</p>\ | |
| 9160┆ <p class="center">\ | |
| 9161┆ <input class="export-field" type="text" readonly="readonly" value="' + str + '"></p>\ | |
| 9162┆ <p style="margin-top:15px" class="center">Alternatively, you can drag the link below into | |
| your \ | |
| 9163┆ bookmarks bar and click it to restore.</p>\ | |
| [hid 2 additional lines, adjust with --max-lines-per-finding] | |
| ❯❱ javascript.browser.security.raw-html-concat.raw-html-concat | |
| User controlled data in a HTML string may result in XSS | |
| Details: https://sg.run/4xAx | |
| 9154┆ cnt.innerHTML = '\ | |
| 9155┆ <div class="extPanel reply"><div class="panelHeader">Export Settings\ | |
| 9156┆ <span class="panelCtrl"><img data-cmd="export-close" class="pointer" alt="Close" | |
| title="Close" src="' | |
| 9157┆ + Main.icons.cross + '"></span></div>\ | |
| 9158┆ <p class="center">Copy and save the URL below, and visit it from another \ | |
| 9159┆ browser or computer to restore your extension and catalog settings.</p>\ | |
| 9160┆ <p class="center">\ | |
| 9161┆ <input class="export-field" type="text" readonly="readonly" value="' + str + '"></p>\ | |
| 9162┆ <p style="margin-top:15px" class="center">Alternatively, you can drag the link below into | |
| your \ | |
| 9163┆ bookmarks bar and click it to restore.</p>\ | |
| [hid 2 additional lines, adjust with --max-lines-per-finding] | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 9255┆ el.innerHTML = '<span class="feedback-' + type + '">' + msg + '</span>'; | |
| ⋮┆---------------------------------------- | |
| 9311┆ el.innerHTML = message || 'Change your settings'; | |
| ⋮┆---------------------------------------- | |
| 9386┆ el.innerHTML = '<a href="#bottom">▼</a>' | |
| 9387┆ + '<a href="javascript:void(0);" id="settingsWindowLinkClassic">Settings</a>' | |
| 9388┆ + '<a href="//www.' + $L.d(Main.board) + '" target="_top">Home</a></div>'; | |
| ⋮┆---------------------------------------- | |
| 9821┆ hdr.innerHTML = '<img class="pointer" src="' | |
| 9822┆ + Main.icons.up + '" data-cmd="totop" alt="▲" title="Top">' | |
| 9823┆ + '<img class="pointer" src="' + Main.icons.down | |
| 9824┆ + '" data-cmd="tobottom" alt="▼" title="Bottom">'; | |
| js/janitor-unminified.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 66┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 251┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 369┆ this.banReqCnt.innerHTML = | |
| 370┆ '<div id="banReqHeader" class="drag postblock">Ban Request No.' + id | |
| 371┆ + '<img alt="X" src="' + Main.icons.cross + '" id="banReqClose" ' | |
| 372┆ + 'class="extButton" title="Close Window"></div>' | |
| 373┆ + '<iframe src="https://sys.' + $L.d(Main.board) + '/' | |
| 374┆ + Main.board + '/admin?mode=admin&admin=banreq&id=' + id | |
| 375┆ + '&noheader=true" width="400" height="230" frameborder="0"></iframe>'; | |
| ⋮┆---------------------------------------- | |
| 611┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 772┆ cnt.innerHTML = '\ | |
| 773┆ <div class="extPanel reply"><div class="panelHeader">Boards\ | |
| 774┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data- | |
| cmd="boardlist-close" src="' | |
| 775┆ + Main.icons.cross + '"></a></span></div>\ | |
| 776┆ <input placeholder="Example: jp tg mu or all" id="boardListBox" type="text" value="' | |
| 777┆ + (localStorage.getItem('4chan-boardlist') || '') + '">\ | |
| 778┆ <div class="center"><button id="boardListSave" data-cmd="boardlist- | |
| save">Save</button></div>\ | |
| 779┆ </td></tr></tfoot></table></div>'; | |
| ⋮┆---------------------------------------- | |
| 909┆ el.innerHTML = message || 'Change your settings'; | |
| js/janitor.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 1┆ !function(){var e={cacheTTL:6e4,autoRefreshDelay:12e4,autoRefreshTimeout:null};e.initVisibi | |
| lityAPI=function(){this.hidden="hidden",this.visibilitychange="visibilitychange","undefined | |
| "==typeof document.hidden&&("mozHidden"in document?(this.hidden="mozHidden",this.visibility | |
| change="mozvisibilitychange"):"webkitHidden"in document?(this.hidden="webkitHidden",this.vi | |
| sibilitychange="webkitvisibilitychange"):"msHidden"in document&&(this.hidden="msHidden",thi | |
| s.visibilitychange="msvisibilitychange")),document.addEventListener(this.visibilitychange,t | |
| his.onVisibilityChange,!1)},e.init=function(){var | |
| n,o;e.initVisibilityAPI(),(n=document.createElement("div")).className="extPanel | |
| reply",n.id="adminToolbox",n.setAttribute("data-trackpos","AT-position"),Config["AT- | |
| position"]?n.style.cssText=Config["AT-position"]:(n.style.right="10px",n.style.top="380px") | |
| ,n.style.position=Config.fixedAdminToolbox?"fixed":"",o='<div class="drag" | |
| id="atHeader">Janitor Tools<img alt="Refresh" title="Refresh" src="'+Main.icons.refresh+'" | |
| id="atRefresh" data-cmd="at-refresh" class="pointer right"></div><h4><a | |
| href="https://'+t.reportsSubDomain+'.4chan.org/" target="_blank">Reports</a>: <span | |
| title="Total" id="at-total">?</span> (<span title="Illegal" id="at- | |
| illegal">?</span>)</h4><h4 id="at-msg-cnt"><a data-cmd="at-msg" | |
| href="https://'+t.reportsSubDomain+'.4chan.org/?action=staffmessages" | |
| target="_blank">Messages</a>: <span id="at-msg">?</span></h4>',n.innerHTML=o,document.body. | |
| appendChild(n),e.refreshReportCount(),Draggable.set($.id("atHeader"))},e.onVisibilityChange | |
| =function(){var t;t=e,document[e.hidden]?(clearInterval(t.autoRefreshTimeout),t.autoRefresh | |
| Timeout=null):(t.refreshReportCount(),t.autoRefreshTimeout=setInterval(t.refreshReportCount | |
| ,t.autoRefreshDelay))},e.refreshReportCount=function(n){var | |
| o,i;if(!0!==n&&(i=localStorage.getItem("4chan-cache- | |
| rc"))&&(i=JSON.parse(i)).ts>Date.now()-e.cacheTTL)return $.id("at- | |
| total").textContent=i.data[0],$.id("at-illegal").textContent=i.data[1],$.id("at-msg- | |
| cnt").style.display=i.data[2]?"block":"",void($.id("at- | |
| msg").textContent=i.data[2]||0);(o=new XMLHttpRequest).open("GET","https://"+t.reportsSubDo | |
| main+".4chan.org/H429f6uIsUqU.php",!0),o.withCredentials=!0,o.onload=function(){var | |
| e,t,n,o;if(200==this.status){try{t=JSON.parse(this.responseText)}catch(i){return void | |
| console.log(i)}if("success"!==t.status)return void | |
| console.log(t.message);o=(n=t.data).msg||0,$.id("at-msg- | |
| cnt").style.display=o?"block":"",$.id("at-msg").textContent=o,$.id("at- | |
| total").textContent=n.total,$.id("at-illegal").textContent=n.illegal,e={ts:Date.now(),data: | |
| [n.total,n.illegal,o]},e=JSON.stringify(e),localStorage.setItem("4chan-cache- | |
| rc",e),document.dispatchEvent(new CustomEvent("4chanATUpdated"))}else | |
| this.onerror()},o.onerror=function(){console.log("Error while refreshing the report count | |
| (Status: "+this.status+").")},o.onloadend=function(){$.id("atRefresh").src=Main.icons.refre | |
| sh},$.id("atRefresh").src=Main.icons.rotate,o.send(null)},e.resetMsgCount=function(){var | |
| e;$.id("at-msg").textContent=0,(e=localStorage.getItem("4chan-cache- | |
| rc"))&&((e=JSON.parse(e)).data[2]=0,e=JSON.stringify(e),localStorage.setItem("4chan-cache- | |
| rc",e))};var t={nextChunkIndex:0,nextChunk:null,chunkSize:100,reportsSubDomain:"reports"};t | |
| .initIconsCatalog=function(){var e,t,n;if(Main.icons={up:"arrow_up.png",down:"arrow_down.pn | |
| g",right:"arrow_right.png",download:"arrow_down2.png",refresh:"refresh.png",cross:"cross.pn | |
| g",gis:"gis.png",iqdb:"iqdb.png",minus:"post_expand_minus.png",plus:"post_expand_plus.png", | |
| rotate:"post_expand_rotate.gif",quote:"quote.png",report:"report.png",notwatched:"watch_thr | |
| ead_off.png",watched:"watch_thread_on.png",help:"question.png"},t={yotsuba_new:"futaba/",fu | |
| taba_new:"futaba/",yotsuba_b_new:"burichan/",burichan_new:"burichan/",tomorrow:"tomorrow/", | |
| photon:"photon/"},n="//s.4cdn.org/image/",window.devicePixelRatio>=2)for(e in Main.icons)Ma | |
| in.icons[e]=Main.icons[e].replace(".","@2x.");n+="buttons/"+t[Main.stylesheet];for(e in | |
| Main.icons)Main.icons[e]=n+Main.icons[e]},t.apiUrlFilter=function(e){return | |
| e+"?"+Math.round(Date.now()/1e3/3)},t.openDeletePrompt=function(e){var n,o;n='<div | |
| class="extPanel reply"><div class="panelHeader">Delete Post No.'+(e=e.getAttribute("data- | |
| id"))+'<span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data- | |
| cmd="close-delete-prompt" src="'+Main.icons.cross+'"></a></span></div><span id="delete- | |
| prompt-inner"><input type="button" value="Delete Post" tabindex="-1" data-cmd="delete-post" | |
| data-id="'+e+'"> <input type="button" value="Delete Image Only" data-cmd="delete-image" | |
| data-id="'+e+'">',(o=document.createElement("div")).className="UIPanel",o.id="delete-prompt | |
| ",o.innerHTML=n,o.addEventListener("click",t.closeDeletePrompt,!1),document.body.appendChil | |
| d(o),$.id("delete-prompt- | |
| inner").firstElementChild.focus()},t.closeDeletePrompt=function(e){var n;e&&"delete- | |
| prompt"!=e.target.id||(n=$.id("delete-prompt"))&&(n.removeEventListener("click",t.closeDele | |
| tePrompt,!1),document.body.removeChild(n))},t.deletePost=function(e,n){var | |
| o,i,a,s,r,d,l,c;o=e.getAttribute("data-id"),c=$.id("t"+o),a=new FormData,r="https://sys."+$ | |
| L.d(Main.board)+"/"+Main.board+"/post",d=window.thread_archived?"arcdel":"usrdel",n&&("Dele | |
| te Image No.",a.append("onlyimgdel","on")),a.append(o,"delete"),a.append("mode",d),a.append | |
| ("pwd","janitorise"),(l=$.id("delete-prompt-inner")).textContent="Deleting...",(i=new XMLHt | |
| tpRequest).open("POST",r),i.withCredentials=!0,i.onload=function(){if(e.src=Main.icons.cros | |
| s,200==this.status)if(- | |
| 1!=this.responseText.indexOf("Updating")){if(n)(s=$.id("f"+o)).innerHTML='<span | |
| class="fileThumb"><img alt="File deleted." src="//s.4cdn.org/image/filedeleted'+(c?"":"- | |
| res")+'.gif"></span>';else{if(o==Main.tid)return void(location.href="//boards."+$L.d(Main.b | |
| oard)+"/"+Main.board+"/");c?((s=c.parentNode).removeChild(c.nextElementSibling),s.removeChi | |
| ld(c)):(s=$.id("pc"+o)).parentNode.removeChild(s)}t.closeDeletePrompt()}else | |
| l.textContent="Error: Post might have already been deleted, or is a sticky.";else | |
| l.textContent="Error: Wrong status while deleting No."+o+" (Status: | |
| "+this.status+")."},i.onerror=function(){l.textContent="Error: Error while deleting | |
| No."+o+" (Status: "+this.status+")."},i.send(a)},t.openBanReqWindow=function(e){var | |
| t;t=e.getAttribute("data-id"),window.open("https://sys."+$L.d(Main.board)+"/"+Main.board+"/ | |
| admin?mode=admin&admin=banreq&id="+t,"_blank","scrollBars=yes,resizable=no,toolbar=no,menub | |
| ar=no,location=no,directories=no,width=400,height=245")},t.openBanReqFrame=function(e){var | |
| n;this.banReqCnt&&this.close(),n=e.getAttribute("data-id"),this.banReqCnt=document.createEl | |
| ement("div"),this.banReqCnt.id="banReq",this.banReqCnt.className="extPanel | |
| reply",this.banReqCnt.setAttribute("data-trackpos","banReq-position"),Config["banReq- | |
| position"]?this.banReqCnt.style.cssText=Config["banReq-position"]:(this.banReqCnt.style.rig | |
| ht="0px",this.banReqCnt.style.top="50px"),this.banReqCnt.innerHTML='<div id="banReqHeader" | |
| class="drag postblock">Ban Request No.'+n+'<img alt="X" src="'+Main.icons.cross+'" | |
| id="banReqClose" class="extButton" title="Close Window"></div><iframe src="https://sys.'+$L | |
| .d(Main.board)+"/"+Main.board+"/admin?mode=admin&admin=banreq&id="+n+'&noheader=true" | |
| width="400" height="230" frameborder="0"></iframe>',document.body.appendChild(this.banReqCn | |
| t),window.addEventListener("message",t.onMessage,!1),document.addEventListener("keydown",t. | |
| onKeyDown,!1),$.id("banReqClose").addEventListener("click",t.closeBanReqFrame,!1),Draggable | |
| .set($.id("banReqHeader"))},t.closeBanReqFrame=function(){window.removeEventListener("messa | |
| ge",t.onMessage,!1),document.removeEventListener("keydown",t.onKeyDown,!1),Draggable.unset( | |
| $.id("banReqHeader")),$.id("banReqClose").removeEventListener("click",t.closeBanReqFrame,!1 | |
| ),document.body.removeChild(t.banReqCnt),t.banReqCnt=null},t.processMessage=function(e){ret | |
| urn e?{cmd:(e=e.split("-"))[0],type:e[1],id:e.slice(2).join("- | |
| ")}:{}},t.onKeyDown=function(e){27!=e.keyCode||e.ctrlKey||e.altKey||e.shiftKey||e.metaKey|| | |
| t.closeBanReqFrame()},t.onMessage=function(e){var n;e.origin==="https://sys."+$L.d(Main.boa | |
| rd)&&"ban"===(n=t.processMessage(e.data)).type&&("done"!==n.cmd&&"cancel"!==n.cmd||t.closeB | |
| anReqFrame())},t.onClick=function(n){var | |
| o,i;if((o=n.target)!=document&&(i=o.getAttribute("data-cmd")))switch(i){case"at- | |
| refresh":e.refreshReportCount(!0);break;case"delete-post":case"delete- | |
| image":t.deletePost(o,"delete-image"===i);break;case"open-delete- | |
| prompt":t.openDeletePrompt(o);break;case"close-delete- | |
| prompt":t.closeDeletePrompt();break;case"open-banreq- | |
| prompt":Config.inlinePopups?t.openBanReqFrame(o):t.openBanReqWindow(o);break;case"at- | |
| msg":e.resetMsgCount();break;case"toggle-file- | |
| spoiler":t.setFileSpoiler(o);break;case"prompt-spoiler":confirm("Toggle | |
| spoiler?")&&t.setFileSpoiler(o);break;case"boardlist- | |
| open":t.openBoardList();break;case"boardlist- | |
| close":t.closeBoardList();break;case"boardlist- | |
| save":t.saveBoardList(),t.closeBoardList()}},t.onScroll=function(){for(var e;t.nextChunk.of | |
| fsetTop<document.documentElement.clientHeight+window.scrollY;){if((e=t.nextChunkIndex+t.chu | |
| nkSize)>=t.postCount)return t.parseRange(t.nextChunkIndex,t.postCount),window.removeEventLi | |
| stener("scroll",t.onScroll,!1),!1;t.parseRange(t.nextChunkIndex,e)}return!0},t.parseRange=f | |
| unction(e,n){var o,i,a;for(a=document.getElementById("t"+Main.tid).getElementsByClassName(" | |
| postInfo"),o=e;o<n&&(i=a[o]);++o)t.parsePost(i);t.nextChunkIndex=o,t.nextChunk=a[o]},t.onPa | |
| rsingDone=function(e){var n,o,i,a,s;if(Config.useIconButtons)for(e?(o=e.detail.threadId,i=e | |
| .detail.offset,a=e.detail.limit,s=document.getElementById("t"+o).getElementsByClassName("po | |
| stInfo")):(i=0,a=(s=document.getElementsByClassName("postInfo")).length),n=i;n<a;++n)t.pars | |
| ePost(s[n])},t.onPostMenuReady=function(e){var | |
| t,n,o,i;n=e.detail.postId,o=e.detail.node,(t=document.createElement("li")).className="dd- | |
| admin",t.setAttribute("data-cmd","open-delete-prompt"),t.setAttribute("data-id",n),t.textCo | |
| ntent="Delete",o.appendChild(t),window.spoilers&&(t=$.id("fT"+n))&&(i=$.cls("imgspoiler",t. | |
| parentNode)[0]?0:1,(t=document.createElement("li")).className="dd- | |
| admin",t.setAttribute("data-cmd","toggle-file-spoiler"),t.setAttribute("data- | |
| id",n),t.setAttribute("data-flag",i),t.textContent=(i?"Set":"Unset")+" Spoiler",o.appendChi | |
| ld(t)),window.thread_archived||((t=document.createElement("li")).className="dd- | |
| admin",t.setAttribute("data-cmd","open-banreq-prompt"),t.setAttribute("data- | |
| id",n),t.textContent="Ban request",o.appendChild(t))},t.parsePost=function(e){var | |
| n,o,i,a;o='<img class="extButton" alt="X" data-cmd="open-delete-prompt" data- | |
| id="'+(n=e.id.slice(2))+'" src="'+Main.icons.cross+'" | |
| title="Delete">',window.spoilers&&(el=$.id("fT"+n))&&(o+='<img class="extButton" alt="S" | |
| data-cmd="prompt-spoiler" data-id="'+n+'" src="'+t.icons.spoiler+'" title="Toggle | |
| Spoiler">'),window.thread_archived||(o+='<img class="extButton" alt="B" data-cmd="open- | |
| banreq-prompt" data-id="'+n+'" src="'+t.icons.ban+'" title="Ban Request">'),(i=document.cre | |
| ateElement("div")).className="extControls",i.innerHTML=o,a=e.getElementsByClassName("postMe | |
| nuBtn")[0],e.insertBefore(i,a)},t.displayJCount=function(e,t,n,o){var | |
| i;$.addClass(e,"j-newposts"),$.addClass(t,"j-newposts"),e.setAttribute("data- | |
| no",n),t.setAttribute("data-no",n),e.textContent=t.textContent="j +"+o,i=o+" new | |
| post"+(o>1?"s":""),Main.addTooltip(e,i,"j-tooltip"),Main.addTooltip(t,i,"j-tooltip- | |
| bot")},t.refreshJCount=function(){var e,n,o,i;n=$.id("j-link"),o=$.id("j-link- | |
| bot"),n&&o&&(n=n.firstElementChild,o=o.firstElementChild,(e=localStorage.getItem("4chan-j- | |
| count"))&&(e=JSON.parse(e)),!e||Date.now()-e.time>=1e4?((i=new XMLHttpRequest).open("GET"," | |
| https://sys.4chan.org/j/1mcQTXbjW5WO.php?&"+Date.now()),i.withCredentials=!0,i.onloadend=fu | |
| nction(){var i,a,s;200==this.status||304==this.status?(i=JSON.parse(this.responseText),e&&" | |
| j"!=Main.board?i.no>e.no&&(s=i.no- | |
| e.no,t.displayJCount(n,o,i.no,s),a={time:Date.now(),no:e.no,delta:s}):a={time:Date.now(),no | |
| :i.no},a&&localStorage.setItem("4chan-j-count",JSON.stringify(a))):console.log("Error: | |
| Could not load /j/ post count (Status: "+this.status+").")},i.send(null)):e.delta&&t.displa | |
| yJCount(n,o,e.no,e.delta))},t.clearJCount=function(){var | |
| e,t,n,o;n=$.id("j-tooltip"),o=$.id("j-tooltip-bot"),n&&(t=this.getAttribute("data- | |
| no"),e={time:Date.now(),no:t},localStorage.setItem("4chan-j-count",JSON.stringify(e)),n.par | |
| entNode.removeChild(n),o.parentNode.removeChild(o),setTimeout(function(){var e=$.cls("j- | |
| newposts");e[0]&&(e[0].textContent="j",$.removeClass(e[0],"j- | |
| newposts"),e[0].textContent="j",$.removeClass(e[0],"j- | |
| newposts"))},10))},t.icons={ban:"ban.png",spoiler:"s.png"},t.initIcons=function(){var e,n;i | |
| f(n="//s.4cdn.org/image/buttons/"+{yotsuba_new:"futaba/",futaba_new:"futaba/",yotsuba_b_new | |
| :"burichan/",burichan_new:"burichan/",tomorrow:"tomorrow/",photon:"photon/"}[Main.styleshee | |
| t],window.devicePixelRatio>=2)for(e in | |
| t.icons)t.icons[e]=t.icons[e].replace(".","@2x.");for(e in | |
| t.icons)t.icons[e]=n+t.icons[e]},t.initNavLinks=function(){var e,n,o;n=$.id("navtopright"), | |
| o=$.id("navbotright"),(e=document.createElement("span")).id="j-link",e.innerHTML='[<a | |
| href="https://sys.4chan.org/j/" title="Janitor & Moderator Discussion">j</a>]',e.firstE | |
| lementChild.addEventListener("mouseup",t.clearJCount,!1),n.parentNode.insertBefore(e,n),(e= | |
| e.cloneNode(!0)).id="j-link-bot",e.firstElementChild.addEventListener("mouseup",t.clearJCou | |
| nt,!1),o.parentNode.insertBefore(e,o),t.refreshJCount()},t.openBoardList=function(){var e; | |
| $.id("boardList")||((e=document.createElement("div")).id="boardList",e.className="UIPanel", | |
| e.setAttribute("data-cmd","boardlist-close"),e.innerHTML='<div class="extPanel reply"><div | |
| class="panelHeader">Boards<span class="panelCtrl"><img alt="Close" title="Close" | |
| class="pointer" data-cmd="boardlist-close" | |
| src="'+Main.icons.cross+'"></a></span></div><input placeholder="Example: jp tg mu or all" | |
| id="boardListBox" type="text" value="'+(localStorage.getItem("4chan- | |
| boardlist")||"")+'"><div class="center"><button id="boardListSave" data-cmd="boardlist-save | |
| ">Save</button></div></td></tr></tfoot></table></div>',document.body.appendChild(e),e.addEv | |
| entListener("click",this.onClick,!1))},t.saveBoardList=function(){var | |
| e;(e=$.id("boardListBox"))&&localStorage.setItem("4chan- | |
| boardlist",e.value)},t.closeBoardList=function(){var e;(e=$.id("boardList"))&&(e.removeEven | |
| tListener("click",this.onClick,!1),document.body.removeChild(e))},t.setFileSpoiler=function | |
| (e){var n,o,i,a;o=e.getAttribute("data-id"),i=e.getAttribute("data-flag"),o&&(a=$.id("f"+o) | |
| ,i||(i=$.cls("imgspoiler",a.parentNode)[0]?0:1),a&&!a.hasAttribute("data- | |
| processing")&&((n=new XMLHttpRequest).open("GET","https://sys."+$L.d(Main.board)+"/"+Main.b | |
| oard+"/admin.php?admin=spoiler&pid="+o+"&flag="+i,!0),n.withCredentials=!0,n.onload=t.onFil | |
| eSpoilerLoad,n.onerror=t.onFileSpoilerError,n._pid=+o,n._flag=+i,Feedback.notify("Processin | |
| g...",null),a.setAttribute("data- | |
| processing","1"),n.send(null)))},t.onFileSpoilerLoad=function(){var e,t;Feedback.hideMessag | |
| e(),"1"===this.responseText?(e=$.id("f"+this._pid))&&(e.removeAttribute("data-processing"), | |
| (e=$.cls("fileThumb",e)[0])&&(this._flag?($.addClass(e,"imgspoiler"),(t=e.previousElementSi | |
| bling).setAttribute("title",t.firstElementChild.textContent),Config.revealSpoilers||((e=$.t | |
| ag("img",e)[0]).style.width=e.style.height="100px",e.src="//s.4cdn.org/image/spoiler- | |
| "+Main.board+".png")):(Config.revealSpoilers||Parser.revealImageSpoiler(e),$.removeClass(e, | |
| "imgspoiler")))):"-1"===this.responseText?Feedback.error("You are not logged | |
| in"):Feedback.error("Couldn't set spoiler flag for post | |
| No."+this._pid)},t.onFileSpoilerError=function(){var | |
| e;(e=$.id("f"+this._pid))&&(e.removeAttribute("data-processing"),Feedback.error("Couldn't | |
| update the spoiler flag for post No."+this.pid))},t.initCatalog=function(){window.Main={boa | |
| rd:location.pathname.split(/\//)[1]},window.Main.addTooltip=function(e,t,n){var | |
| o,i;return(o=document.createElement("div")).className="click- | |
| me",n&&(o.id=n),o.innerHTML=t||"Change your settings",e.parentNode.appendChild(o),i=(e.offs | |
| etWidth-o.offsetWidth+e.offsetLeft- | |
| o.offsetLeft)/2,o.style.marginLeft=i+"px",o},(t.stylesheet=t.getCookie(window.style_group)) | |
| ?t.stylesheet=t.stylesheet.toLowerCase().replace(/ /g,"_"):t.stylesheet="nws_style"==style_ | |
| group?"yotsuba_new":"yotsuba_b_new",Main.stylesheet=t.stylesheet,t.initIconsCatalog(),t.add | |
| Css(),document.addEventListener("click",t.onClick,!1),t.runCatalog()},t.runCatalog=function | |
| (){var n;t.initNavLinks(),FC.hasMobileLayout||e.init(),n=$.id("threads"),$.on(n,"mouseover" | |
| ,t.onThreadMouseOver)},t.init=function(){Config.boardList=!0,SettingsMenu.options.Janitor={ | |
| boardList:['Janitor Boards [<a href="javascript:;" data-cmd="boardlist- | |
| open">Select</a>]',"Select boards to enable janitor buttons on",!0],useIconButtons:["Use | |
| icon buttons","Display old-style buttons instead of using drop- | |
| down"],changeUpdateDelay:["Reduce auto-update delay","Reduce the thread updater | |
| delay",!0],fixedAdminToolbox:["Pin Janitor Tools to the page","Janitor Tools will scroll | |
| with you"],inlinePopups:["Inline ban request panel","Open ban request panel in browser | |
| window, instead of a popup"],disableMngExt:["Disable janitor extension","Completely disable | |
| the janitor extension (overrides any checked boxes)",!0]},Config.disableMngExt||(t.addCss() | |
| ,Config.useIconButtons&&t.initIcons(),QR.noCooldown=QR.noCaptcha=!0,document.addEventListen | |
| er("click",t.onClick,!1),document.addEventListener("DOMContentLoaded",t.run,!1))},t.run=fun | |
| ction(){var n,o,i,a;document.removeEventListener("DOMContentLoaded",t.run,!1),t.initNavLink | |
| s(),Main.hasMobileLayout||e.init(),Config.revealSpoilers&&$.addClass(document.body,"reveal- | |
| img-spoilers"),Config.threadUpdater&&Main.tid&&Config.changeUpdateDelay&&(ThreadUpdater.del | |
| ayIdHidden=3,ThreadUpdater.delayRange=[5,10,15,20,30,60],ThreadUpdater.apiUrlFilter=t.apiUr | |
| lFilter),n=localStorage.getItem("4chan- | |
| boardlist")||"","j"==Main.board||"all"!=n&&-1==n.split(/[, ]+/).indexOf(Main.board)||(Confi | |
| g.useIconButtons&&!Main.hasMobileLayout&&(Main.tid?(o=document.getElementById("t"+Main.tid) | |
| .getElementsByClassName("postInfo"),t.postCount=o.length,t.postCount>t.chunkSize?(t.nextChu | |
| nk=o[0],window.addEventListener("scroll",t.onScroll,!1),t.onScroll()):t.onParsingDone()):t. | |
| onParsingDone(),document.addEventListener("4chanParsingDone",t.onParsingDone,!1)),document. | |
| addEventListener("4chanPostMenuReady",t.onPostMenuReady,!1)),(i=$.id("boardSelectMobile"))& | |
| &((a=document.createElement("option")).value="j",a.textContent="/j/ - Janitors & | |
| Moderators",i.insertBefore(a,i.firstElementChild))},t.getCookie=function(e){var | |
| t,n,o,i;for(i=e+"=",o=document.cookie.split(";"),t=0;n=o[t];++t){for(;" | |
| "==n.charAt(0);)n=n.substring(1,n.length);if(0===n.indexOf(i))return | |
| decodeURIComponent(n.substring(i.length,n.length))}return null},t.addCss=function(){var | |
| e,t;t='#adminToolbox { max-width: 256px; display: block; position: absolute; padding: | |
| 3px;}#adminToolbox h4 { font-size: 12px; margin: 2px 0 0; padding: 0; font-weight: | |
| normal;}#adminToolbox li { list-style: none;}#adminToolbox ul { padding: 0; margin: 2px | |
| 0 0 10px;}#atHeader { height: 17px; font-weight: bold; padding-bottom: 2px;}#atRefresh { | |
| margin: -1px 0 0 3px;}.post-ip { margin-left: 5px;}#delete-prompt > div { text-align: | |
| center;}#watchList li:first-child { margin-top: 3px; padding-top: 2px; border-top: 1px | |
| solid rgba(0, 0, 0, 0.20);}.photon #atHeader { border-bottom: 1px solid #ccc;}.yotsuba_new | |
| #atHeader { border-bottom: 1px solid #d9bfb7;}.yotsuba_b_new #atHeader { border-bottom: | |
| 1px solid #b7c5d9;}.tomorrow #atHeader { border-bottom: 1px solid #111;}#at-illegal { | |
| color: red;}#at-msg-cnt { display: none;}.j-newposts { font-weight: bold | |
| !important;}#j-link,#j-link-bot { margin-right: 3px; display: inline-block; margin-left: | |
| 3px;}#boardList input { width: 385px; margin: auto; display: block;}#boardListSave { | |
| margin-top: 5px;}#banReqClose { float: right;}#banReq iframe { overflow: hidden;}#banReq | |
| { display: block; position: fixed; padding: 2px; font-size: 10pt; height: | |
| 250px;}#banReqHeader { text-align: center; margin-bottom: 1px; padding: 0; height: | |
| 18px; line-height: 18px;}#captchaFormPart { display: none;}.mobileExtControls { float: | |
| right; font-size: 11px; margin-bottom: 3px;}.ws .mobileExtControls { color: | |
| #34345C;}.nws .mobileExtControls { color: #0000EE;}.reply .mobileExtControls { margin- | |
| right: 5px;}.mobileExtControls span { margin-left: 10px;}.mobileExtControls span:after { | |
| content: "]";}.mobileExtControls span:before { content: "[";}.nws .mobileExtControls | |
| span:after { color: #800000;}.nws .mobileExtControls span:before { color: #800000;}.ws | |
| .mobileExtControls span:after { color: #000;}.ws .mobileExtControls span:before { color: | |
| #000;}.m-dark .mobileExtControls,.m-dark .mobileExtControls span:after,.m-dark | |
| .mobileExtControls span:before { color: #707070 !important;}.dd-admin { text-indent: | |
| 5px;}.dd-admin:before { color: #FF0000; content: "\u2022"; left: -3px; position: | |
| absolute;}.extPanel { border: 1px solid rgba(0, 0, 0, 0.2);}.extPanel img.pointer { width: | |
| 18px; height: 18px }.drag { -moz-user-select: none !important; cursor: move | |
| !important;}.reveal-img-spoilers .imgspoiler::before { content: " "; width:0.75em; | |
| height:0.75em; border-radius: 0.5em; position: absolute; display: block; background: | |
| red; margin-top: 1px; margin-left: 1px; pointer-events: none;}.reveal-img- | |
| spoilers.is_catalog .imgspoiler::before { margin-top: 4px; margin-left: 12px;}.reveal-img- | |
| spoilers .imgspoiler:hover::before { background: #fff; }',(e=document.createElement("style" | |
| )).setAttribute("type","text/css"),e.textContent=t,document.head.appendChild(e)},/https?:\/ | |
| \/boards\.(?:4chan|4channel)\.org\/[a-z0- | |
| 9]+\/catalog($|#.*$)/.test(location.href)?t.initCatalog():t.init()}(); | |
| ⋮┆---------------------------------------- | |
| 1┆ !function(){var e={cacheTTL:6e4,autoRefreshDelay:12e4,autoRefreshTimeout:null};e.initVisibi | |
| lityAPI=function(){this.hidden="hidden",this.visibilitychange="visibilitychange","undefined | |
| "==typeof document.hidden&&("mozHidden"in document?(this.hidden="mozHidden",this.visibility | |
| change="mozvisibilitychange"):"webkitHidden"in document?(this.hidden="webkitHidden",this.vi | |
| sibilitychange="webkitvisibilitychange"):"msHidden"in document&&(this.hidden="msHidden",thi | |
| s.visibilitychange="msvisibilitychange")),document.addEventListener(this.visibilitychange,t | |
| his.onVisibilityChange,!1)},e.init=function(){var | |
| n,o;e.initVisibilityAPI(),(n=document.createElement("div")).className="extPanel | |
| reply",n.id="adminToolbox",n.setAttribute("data-trackpos","AT-position"),Config["AT- | |
| position"]?n.style.cssText=Config["AT-position"]:(n.style.right="10px",n.style.top="380px") | |
| ,n.style.position=Config.fixedAdminToolbox?"fixed":"",o='<div class="drag" | |
| id="atHeader">Janitor Tools<img alt="Refresh" title="Refresh" src="'+Main.icons.refresh+'" | |
| id="atRefresh" data-cmd="at-refresh" class="pointer right"></div><h4><a | |
| href="https://'+t.reportsSubDomain+'.4chan.org/" target="_blank">Reports</a>: <span | |
| title="Total" id="at-total">?</span> (<span title="Illegal" id="at- | |
| illegal">?</span>)</h4><h4 id="at-msg-cnt"><a data-cmd="at-msg" | |
| href="https://'+t.reportsSubDomain+'.4chan.org/?action=staffmessages" | |
| target="_blank">Messages</a>: <span id="at-msg">?</span></h4>',n.innerHTML=o,document.body. | |
| appendChild(n),e.refreshReportCount(),Draggable.set($.id("atHeader"))},e.onVisibilityChange | |
| =function(){var t;t=e,document[e.hidden]?(clearInterval(t.autoRefreshTimeout),t.autoRefresh | |
| Timeout=null):(t.refreshReportCount(),t.autoRefreshTimeout=setInterval(t.refreshReportCount | |
| ,t.autoRefreshDelay))},e.refreshReportCount=function(n){var | |
| o,i;if(!0!==n&&(i=localStorage.getItem("4chan-cache- | |
| rc"))&&(i=JSON.parse(i)).ts>Date.now()-e.cacheTTL)return $.id("at- | |
| total").textContent=i.data[0],$.id("at-illegal").textContent=i.data[1],$.id("at-msg- | |
| cnt").style.display=i.data[2]?"block":"",void($.id("at- | |
| msg").textContent=i.data[2]||0);(o=new XMLHttpRequest).open("GET","https://"+t.reportsSubDo | |
| main+".4chan.org/H429f6uIsUqU.php",!0),o.withCredentials=!0,o.onload=function(){var | |
| e,t,n,o;if(200==this.status){try{t=JSON.parse(this.responseText)}catch(i){return void | |
| console.log(i)}if("success"!==t.status)return void | |
| console.log(t.message);o=(n=t.data).msg||0,$.id("at-msg- | |
| cnt").style.display=o?"block":"",$.id("at-msg").textContent=o,$.id("at- | |
| total").textContent=n.total,$.id("at-illegal").textContent=n.illegal,e={ts:Date.now(),data: | |
| [n.total,n.illegal,o]},e=JSON.stringify(e),localStorage.setItem("4chan-cache- | |
| rc",e),document.dispatchEvent(new CustomEvent("4chanATUpdated"))}else | |
| this.onerror()},o.onerror=function(){console.log("Error while refreshing the report count | |
| (Status: "+this.status+").")},o.onloadend=function(){$.id("atRefresh").src=Main.icons.refre | |
| sh},$.id("atRefresh").src=Main.icons.rotate,o.send(null)},e.resetMsgCount=function(){var | |
| e;$.id("at-msg").textContent=0,(e=localStorage.getItem("4chan-cache- | |
| rc"))&&((e=JSON.parse(e)).data[2]=0,e=JSON.stringify(e),localStorage.setItem("4chan-cache- | |
| rc",e))};var t={nextChunkIndex:0,nextChunk:null,chunkSize:100,reportsSubDomain:"reports"};t | |
| .initIconsCatalog=function(){var e,t,n;if(Main.icons={up:"arrow_up.png",down:"arrow_down.pn | |
| g",right:"arrow_right.png",download:"arrow_down2.png",refresh:"refresh.png",cross:"cross.pn | |
| g",gis:"gis.png",iqdb:"iqdb.png",minus:"post_expand_minus.png",plus:"post_expand_plus.png", | |
| rotate:"post_expand_rotate.gif",quote:"quote.png",report:"report.png",notwatched:"watch_thr | |
| ead_off.png",watched:"watch_thread_on.png",help:"question.png"},t={yotsuba_new:"futaba/",fu | |
| taba_new:"futaba/",yotsuba_b_new:"burichan/",burichan_new:"burichan/",tomorrow:"tomorrow/", | |
| photon:"photon/"},n="//s.4cdn.org/image/",window.devicePixelRatio>=2)for(e in Main.icons)Ma | |
| in.icons[e]=Main.icons[e].replace(".","@2x.");n+="buttons/"+t[Main.stylesheet];for(e in | |
| Main.icons)Main.icons[e]=n+Main.icons[e]},t.apiUrlFilter=function(e){return | |
| e+"?"+Math.round(Date.now()/1e3/3)},t.openDeletePrompt=function(e){var n,o;n='<div | |
| class="extPanel reply"><div class="panelHeader">Delete Post No.'+(e=e.getAttribute("data- | |
| id"))+'<span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data- | |
| cmd="close-delete-prompt" src="'+Main.icons.cross+'"></a></span></div><span id="delete- | |
| prompt-inner"><input type="button" value="Delete Post" tabindex="-1" data-cmd="delete-post" | |
| data-id="'+e+'"> <input type="button" value="Delete Image Only" data-cmd="delete-image" | |
| data-id="'+e+'">',(o=document.createElement("div")).className="UIPanel",o.id="delete-prompt | |
| ",o.innerHTML=n,o.addEventListener("click",t.closeDeletePrompt,!1),document.body.appendChil | |
| d(o),$.id("delete-prompt- | |
| inner").firstElementChild.focus()},t.closeDeletePrompt=function(e){var n;e&&"delete- | |
| prompt"!=e.target.id||(n=$.id("delete-prompt"))&&(n.removeEventListener("click",t.closeDele | |
| tePrompt,!1),document.body.removeChild(n))},t.deletePost=function(e,n){var | |
| o,i,a,s,r,d,l,c;o=e.getAttribute("data-id"),c=$.id("t"+o),a=new FormData,r="https://sys."+$ | |
| L.d(Main.board)+"/"+Main.board+"/post",d=window.thread_archived?"arcdel":"usrdel",n&&("Dele | |
| te Image No.",a.append("onlyimgdel","on")),a.append(o,"delete"),a.append("mode",d),a.append | |
| ("pwd","janitorise"),(l=$.id("delete-prompt-inner")).textContent="Deleting...",(i=new XMLHt | |
| tpRequest).open("POST",r),i.withCredentials=!0,i.onload=function(){if(e.src=Main.icons.cros | |
| s,200==this.status)if(- | |
| 1!=this.responseText.indexOf("Updating")){if(n)(s=$.id("f"+o)).innerHTML='<span | |
| class="fileThumb"><img alt="File deleted." src="//s.4cdn.org/image/filedeleted'+(c?"":"- | |
| res")+'.gif"></span>';else{if(o==Main.tid)return void(location.href="//boards."+$L.d(Main.b | |
| oard)+"/"+Main.board+"/");c?((s=c.parentNode).removeChild(c.nextElementSibling),s.removeChi | |
| ld(c)):(s=$.id("pc"+o)).parentNode.removeChild(s)}t.closeDeletePrompt()}else | |
| l.textContent="Error: Post might have already been deleted, or is a sticky.";else | |
| l.textContent="Error: Wrong status while deleting No."+o+" (Status: | |
| "+this.status+")."},i.onerror=function(){l.textContent="Error: Error while deleting | |
| No."+o+" (Status: "+this.status+")."},i.send(a)},t.openBanReqWindow=function(e){var | |
| t;t=e.getAttribute("data-id"),window.open("https://sys."+$L.d(Main.board)+"/"+Main.board+"/ | |
| admin?mode=admin&admin=banreq&id="+t,"_blank","scrollBars=yes,resizable=no,toolbar=no,menub | |
| ar=no,location=no,directories=no,width=400,height=245")},t.openBanReqFrame=function(e){var | |
| n;this.banReqCnt&&this.close(),n=e.getAttribute("data-id"),this.banReqCnt=document.createEl | |
| ement("div"),this.banReqCnt.id="banReq",this.banReqCnt.className="extPanel | |
| reply",this.banReqCnt.setAttribute("data-trackpos","banReq-position"),Config["banReq- | |
| position"]?this.banReqCnt.style.cssText=Config["banReq-position"]:(this.banReqCnt.style.rig | |
| ht="0px",this.banReqCnt.style.top="50px"),this.banReqCnt.innerHTML='<div id="banReqHeader" | |
| class="drag postblock">Ban Request No.'+n+'<img alt="X" src="'+Main.icons.cross+'" | |
| id="banReqClose" class="extButton" title="Close Window"></div><iframe src="https://sys.'+$L | |
| .d(Main.board)+"/"+Main.board+"/admin?mode=admin&admin=banreq&id="+n+'&noheader=true" | |
| width="400" height="230" frameborder="0"></iframe>',document.body.appendChild(this.banReqCn | |
| t),window.addEventListener("message",t.onMessage,!1),document.addEventListener("keydown",t. | |
| onKeyDown,!1),$.id("banReqClose").addEventListener("click",t.closeBanReqFrame,!1),Draggable | |
| .set($.id("banReqHeader"))},t.closeBanReqFrame=function(){window.removeEventListener("messa | |
| ge",t.onMessage,!1),document.removeEventListener("keydown",t.onKeyDown,!1),Draggable.unset( | |
| $.id("banReqHeader")),$.id("banReqClose").removeEventListener("click",t.closeBanReqFrame,!1 | |
| ),document.body.removeChild(t.banReqCnt),t.banReqCnt=null},t.processMessage=function(e){ret | |
| urn e?{cmd:(e=e.split("-"))[0],type:e[1],id:e.slice(2).join("- | |
| ")}:{}},t.onKeyDown=function(e){27!=e.keyCode||e.ctrlKey||e.altKey||e.shiftKey||e.metaKey|| | |
| t.closeBanReqFrame()},t.onMessage=function(e){var n;e.origin==="https://sys."+$L.d(Main.boa | |
| rd)&&"ban"===(n=t.processMessage(e.data)).type&&("done"!==n.cmd&&"cancel"!==n.cmd||t.closeB | |
| anReqFrame())},t.onClick=function(n){var | |
| o,i;if((o=n.target)!=document&&(i=o.getAttribute("data-cmd")))switch(i){case"at- | |
| refresh":e.refreshReportCount(!0);break;case"delete-post":case"delete- | |
| image":t.deletePost(o,"delete-image"===i);break;case"open-delete- | |
| prompt":t.openDeletePrompt(o);break;case"close-delete- | |
| prompt":t.closeDeletePrompt();break;case"open-banreq- | |
| prompt":Config.inlinePopups?t.openBanReqFrame(o):t.openBanReqWindow(o);break;case"at- | |
| msg":e.resetMsgCount();break;case"toggle-file- | |
| spoiler":t.setFileSpoiler(o);break;case"prompt-spoiler":confirm("Toggle | |
| spoiler?")&&t.setFileSpoiler(o);break;case"boardlist- | |
| open":t.openBoardList();break;case"boardlist- | |
| close":t.closeBoardList();break;case"boardlist- | |
| save":t.saveBoardList(),t.closeBoardList()}},t.onScroll=function(){for(var e;t.nextChunk.of | |
| fsetTop<document.documentElement.clientHeight+window.scrollY;){if((e=t.nextChunkIndex+t.chu | |
| nkSize)>=t.postCount)return t.parseRange(t.nextChunkIndex,t.postCount),window.removeEventLi | |
| stener("scroll",t.onScroll,!1),!1;t.parseRange(t.nextChunkIndex,e)}return!0},t.parseRange=f | |
| unction(e,n){var o,i,a;for(a=document.getElementById("t"+Main.tid).getElementsByClassName(" | |
| postInfo"),o=e;o<n&&(i=a[o]);++o)t.parsePost(i);t.nextChunkIndex=o,t.nextChunk=a[o]},t.onPa | |
| rsingDone=function(e){var n,o,i,a,s;if(Config.useIconButtons)for(e?(o=e.detail.threadId,i=e | |
| .detail.offset,a=e.detail.limit,s=document.getElementById("t"+o).getElementsByClassName("po | |
| stInfo")):(i=0,a=(s=document.getElementsByClassName("postInfo")).length),n=i;n<a;++n)t.pars | |
| ePost(s[n])},t.onPostMenuReady=function(e){var | |
| t,n,o,i;n=e.detail.postId,o=e.detail.node,(t=document.createElement("li")).className="dd- | |
| admin",t.setAttribute("data-cmd","open-delete-prompt"),t.setAttribute("data-id",n),t.textCo | |
| ntent="Delete",o.appendChild(t),window.spoilers&&(t=$.id("fT"+n))&&(i=$.cls("imgspoiler",t. | |
| parentNode)[0]?0:1,(t=document.createElement("li")).className="dd- | |
| admin",t.setAttribute("data-cmd","toggle-file-spoiler"),t.setAttribute("data- | |
| id",n),t.setAttribute("data-flag",i),t.textContent=(i?"Set":"Unset")+" Spoiler",o.appendChi | |
| ld(t)),window.thread_archived||((t=document.createElement("li")).className="dd- | |
| admin",t.setAttribute("data-cmd","open-banreq-prompt"),t.setAttribute("data- | |
| id",n),t.textContent="Ban request",o.appendChild(t))},t.parsePost=function(e){var | |
| n,o,i,a;o='<img class="extButton" alt="X" data-cmd="open-delete-prompt" data- | |
| id="'+(n=e.id.slice(2))+'" src="'+Main.icons.cross+'" | |
| title="Delete">',window.spoilers&&(el=$.id("fT"+n))&&(o+='<img class="extButton" alt="S" | |
| data-cmd="prompt-spoiler" data-id="'+n+'" src="'+t.icons.spoiler+'" title="Toggle | |
| Spoiler">'),window.thread_archived||(o+='<img class="extButton" alt="B" data-cmd="open- | |
| banreq-prompt" data-id="'+n+'" src="'+t.icons.ban+'" title="Ban Request">'),(i=document.cre | |
| ateElement("div")).className="extControls",i.innerHTML=o,a=e.getElementsByClassName("postMe | |
| nuBtn")[0],e.insertBefore(i,a)},t.displayJCount=function(e,t,n,o){var | |
| i;$.addClass(e,"j-newposts"),$.addClass(t,"j-newposts"),e.setAttribute("data- | |
| no",n),t.setAttribute("data-no",n),e.textContent=t.textContent="j +"+o,i=o+" new | |
| post"+(o>1?"s":""),Main.addTooltip(e,i,"j-tooltip"),Main.addTooltip(t,i,"j-tooltip- | |
| bot")},t.refreshJCount=function(){var e,n,o,i;n=$.id("j-link"),o=$.id("j-link- | |
| bot"),n&&o&&(n=n.firstElementChild,o=o.firstElementChild,(e=localStorage.getItem("4chan-j- | |
| count"))&&(e=JSON.parse(e)),!e||Date.now()-e.time>=1e4?((i=new XMLHttpRequest).open("GET"," | |
| https://sys.4chan.org/j/1mcQTXbjW5WO.php?&"+Date.now()),i.withCredentials=!0,i.onloadend=fu | |
| nction(){var i,a,s;200==this.status||304==this.status?(i=JSON.parse(this.responseText),e&&" | |
| j"!=Main.board?i.no>e.no&&(s=i.no- | |
| e.no,t.displayJCount(n,o,i.no,s),a={time:Date.now(),no:e.no,delta:s}):a={time:Date.now(),no | |
| :i.no},a&&localStorage.setItem("4chan-j-count",JSON.stringify(a))):console.log("Error: | |
| Could not load /j/ post count (Status: "+this.status+").")},i.send(null)):e.delta&&t.displa | |
| yJCount(n,o,e.no,e.delta))},t.clearJCount=function(){var | |
| e,t,n,o;n=$.id("j-tooltip"),o=$.id("j-tooltip-bot"),n&&(t=this.getAttribute("data- | |
| no"),e={time:Date.now(),no:t},localStorage.setItem("4chan-j-count",JSON.stringify(e)),n.par | |
| entNode.removeChild(n),o.parentNode.removeChild(o),setTimeout(function(){var e=$.cls("j- | |
| newposts");e[0]&&(e[0].textContent="j",$.removeClass(e[0],"j- | |
| newposts"),e[0].textContent="j",$.removeClass(e[0],"j- | |
| newposts"))},10))},t.icons={ban:"ban.png",spoiler:"s.png"},t.initIcons=function(){var e,n;i | |
| f(n="//s.4cdn.org/image/buttons/"+{yotsuba_new:"futaba/",futaba_new:"futaba/",yotsuba_b_new | |
| :"burichan/",burichan_new:"burichan/",tomorrow:"tomorrow/",photon:"photon/"}[Main.styleshee | |
| t],window.devicePixelRatio>=2)for(e in | |
| t.icons)t.icons[e]=t.icons[e].replace(".","@2x.");for(e in | |
| t.icons)t.icons[e]=n+t.icons[e]},t.initNavLinks=function(){var e,n,o;n=$.id("navtopright"), | |
| o=$.id("navbotright"),(e=document.createElement("span")).id="j-link",e.innerHTML='[<a | |
| href="https://sys.4chan.org/j/" title="Janitor & Moderator Discussion">j</a>]',e.firstE | |
| lementChild.addEventListener("mouseup",t.clearJCount,!1),n.parentNode.insertBefore(e,n),(e= | |
| e.cloneNode(!0)).id="j-link-bot",e.firstElementChild.addEventListener("mouseup",t.clearJCou | |
| nt,!1),o.parentNode.insertBefore(e,o),t.refreshJCount()},t.openBoardList=function(){var e;$ | |
| .id("boardList")||((e=document.createElement("div")).id="boardList",e.className="UIPanel",e | |
| .setAttribute("data-cmd","boardlist-close"),e.innerHTML='<div class="extPanel reply"><div | |
| class="panelHeader">Boards<span class="panelCtrl"><img alt="Close" title="Close" | |
| class="pointer" data-cmd="boardlist-close" | |
| src="'+Main.icons.cross+'"></a></span></div><input placeholder="Example: jp tg mu or all" | |
| id="boardListBox" type="text" value="'+(localStorage.getItem("4chan- | |
| boardlist")||"")+'"><div class="center"><button id="boardListSave" data-cmd="boardlist-save | |
| ">Save</button></div></td></tr></tfoot></table></div>',document.body.appendChild(e),e.addEv | |
| entListener("click",this.onClick,!1))},t.saveBoardList=function(){var | |
| e;(e=$.id("boardListBox"))&&localStorage.setItem("4chan- | |
| boardlist",e.value)},t.closeBoardList=function(){var e;(e=$.id("boardList"))&&(e.removeEven | |
| tListener("click",this.onClick,!1),document.body.removeChild(e))},t.setFileSpoiler=function | |
| (e){var n,o,i,a;o=e.getAttribute("data-id"),i=e.getAttribute("data-flag"),o&&(a=$.id("f"+o) | |
| ,i||(i=$.cls("imgspoiler",a.parentNode)[0]?0:1),a&&!a.hasAttribute("data- | |
| processing")&&((n=new XMLHttpRequest).open("GET","https://sys."+$L.d(Main.board)+"/"+Main.b | |
| oard+"/admin.php?admin=spoiler&pid="+o+"&flag="+i,!0),n.withCredentials=!0,n.onload=t.onFil | |
| eSpoilerLoad,n.onerror=t.onFileSpoilerError,n._pid=+o,n._flag=+i,Feedback.notify("Processin | |
| g...",null),a.setAttribute("data- | |
| processing","1"),n.send(null)))},t.onFileSpoilerLoad=function(){var e,t;Feedback.hideMessag | |
| e(),"1"===this.responseText?(e=$.id("f"+this._pid))&&(e.removeAttribute("data-processing"), | |
| (e=$.cls("fileThumb",e)[0])&&(this._flag?($.addClass(e,"imgspoiler"),(t=e.previousElementSi | |
| bling).setAttribute("title",t.firstElementChild.textContent),Config.revealSpoilers||((e=$.t | |
| ag("img",e)[0]).style.width=e.style.height="100px",e.src="//s.4cdn.org/image/spoiler- | |
| "+Main.board+".png")):(Config.revealSpoilers||Parser.revealImageSpoiler(e),$.removeClass(e, | |
| "imgspoiler")))):"-1"===this.responseText?Feedback.error("You are not logged | |
| in"):Feedback.error("Couldn't set spoiler flag for post | |
| No."+this._pid)},t.onFileSpoilerError=function(){var | |
| e;(e=$.id("f"+this._pid))&&(e.removeAttribute("data-processing"),Feedback.error("Couldn't | |
| update the spoiler flag for post No."+this.pid))},t.initCatalog=function(){window.Main={boa | |
| rd:location.pathname.split(/\//)[1]},window.Main.addTooltip=function(e,t,n){var | |
| o,i;return(o=document.createElement("div")).className="click- | |
| me",n&&(o.id=n),o.innerHTML=t||"Change your settings",e.parentNode.appendChild(o),i=(e.offs | |
| etWidth-o.offsetWidth+e.offsetLeft- | |
| o.offsetLeft)/2,o.style.marginLeft=i+"px",o},(t.stylesheet=t.getCookie(window.style_group) | |
| )?t.stylesheet=t.stylesheet.toLowerCase().replace(/ /g,"_"):t.stylesheet="nws_style"==style | |
| _group?"yotsuba_new":"yotsuba_b_new",Main.stylesheet=t.stylesheet,t.initIconsCatalog(),t.ad | |
| dCss(),document.addEventListener("click",t.onClick,!1),t.runCatalog()},t.runCatalog=functio | |
| n(){var n;t.initNavLinks(),FC.hasMobileLayout||e.init(),n=$.id("threads"),$.on(n,"mouseover | |
| ",t.onThreadMouseOver)},t.init=function(){Config.boardList=!0,SettingsMenu.options.Janitor= | |
| {boardList:['Janitor Boards [<a href="javascript:;" data-cmd="boardlist- | |
| open">Select</a>]',"Select boards to enable janitor buttons on",!0],useIconButtons:["Use | |
| icon buttons","Display old-style buttons instead of using drop- | |
| down"],changeUpdateDelay:["Reduce auto-update delay","Reduce the thread updater | |
| delay",!0],fixedAdminToolbox:["Pin Janitor Tools to the page","Janitor Tools will scroll | |
| with you"],inlinePopups:["Inline ban request panel","Open ban request panel in browser | |
| window, instead of a popup"],disableMngExt:["Disable janitor extension","Completely disable | |
| the janitor extension (overrides any checked boxes)",!0]},Config.disableMngExt||(t.addCss() | |
| ,Config.useIconButtons&&t.initIcons(),QR.noCooldown=QR.noCaptcha=!0,document.addEventListen | |
| er("click",t.onClick,!1),document.addEventListener("DOMContentLoaded",t.run,!1))},t.run=fun | |
| ction(){var n,o,i,a;document.removeEventListener("DOMContentLoaded",t.run,!1),t.initNavLink | |
| s(),Main.hasMobileLayout||e.init(),Config.revealSpoilers&&$.addClass(document.body,"reveal- | |
| img-spoilers"),Config.threadUpdater&&Main.tid&&Config.changeUpdateDelay&&(ThreadUpdater.del | |
| ayIdHidden=3,ThreadUpdater.delayRange=[5,10,15,20,30,60],ThreadUpdater.apiUrlFilter=t.apiUr | |
| lFilter),n=localStorage.getItem("4chan- | |
| boardlist")||"","j"==Main.board||"all"!=n&&-1==n.split(/[, ]+/).indexOf(Main.board)||(Confi | |
| g.useIconButtons&&!Main.hasMobileLayout&&(Main.tid?(o=document.getElementById("t"+Main.tid) | |
| .getElementsByClassName("postInfo"),t.postCount=o.length,t.postCount>t.chunkSize?(t.nextChu | |
| nk=o[0],window.addEventListener("scroll",t.onScroll,!1),t.onScroll()):t.onParsingDone()):t. | |
| onParsingDone(),document.addEventListener("4chanParsingDone",t.onParsingDone,!1)),document. | |
| addEventListener("4chanPostMenuReady",t.onPostMenuReady,!1)),(i=$.id("boardSelectMobile"))& | |
| &((a=document.createElement("option")).value="j",a.textContent="/j/ - Janitors & | |
| Moderators",i.insertBefore(a,i.firstElementChild))},t.getCookie=function(e){var | |
| t,n,o,i;for(i=e+"=",o=document.cookie.split(";"),t=0;n=o[t];++t){for(;" | |
| "==n.charAt(0);)n=n.substring(1,n.length);if(0===n.indexOf(i))return | |
| decodeURIComponent(n.substring(i.length,n.length))}return null},t.addCss=function(){var | |
| e,t;t='#adminToolbox { max-width: 256px; display: block; position: absolute; padding: | |
| 3px;}#adminToolbox h4 { font-size: 12px; margin: 2px 0 0; padding: 0; font-weight: | |
| normal;}#adminToolbox li { list-style: none;}#adminToolbox ul { padding: 0; margin: 2px | |
| 0 0 10px;}#atHeader { height: 17px; font-weight: bold; padding-bottom: 2px;}#atRefresh { | |
| margin: -1px 0 0 3px;}.post-ip { margin-left: 5px;}#delete-prompt > div { text-align: | |
| center;}#watchList li:first-child { margin-top: 3px; padding-top: 2px; border-top: 1px | |
| solid rgba(0, 0, 0, 0.20);}.photon #atHeader { border-bottom: 1px solid #ccc;}.yotsuba_new | |
| #atHeader { border-bottom: 1px solid #d9bfb7;}.yotsuba_b_new #atHeader { border-bottom: | |
| 1px solid #b7c5d9;}.tomorrow #atHeader { border-bottom: 1px solid #111;}#at-illegal { | |
| color: red;}#at-msg-cnt { display: none;}.j-newposts { font-weight: bold | |
| !important;}#j-link,#j-link-bot { margin-right: 3px; display: inline-block; margin-left: | |
| 3px;}#boardList input { width: 385px; margin: auto; display: block;}#boardListSave { | |
| margin-top: 5px;}#banReqClose { float: right;}#banReq iframe { overflow: hidden;}#banReq | |
| { display: block; position: fixed; padding: 2px; font-size: 10pt; height: | |
| 250px;}#banReqHeader { text-align: center; margin-bottom: 1px; padding: 0; height: | |
| 18px; line-height: 18px;}#captchaFormPart { display: none;}.mobileExtControls { float: | |
| right; font-size: 11px; margin-bottom: 3px;}.ws .mobileExtControls { color: | |
| #34345C;}.nws .mobileExtControls { color: #0000EE;}.reply .mobileExtControls { margin- | |
| right: 5px;}.mobileExtControls span { margin-left: 10px;}.mobileExtControls span:after { | |
| content: "]";}.mobileExtControls span:before { content: "[";}.nws .mobileExtControls | |
| span:after { color: #800000;}.nws .mobileExtControls span:before { color: #800000;}.ws | |
| .mobileExtControls span:after { color: #000;}.ws .mobileExtControls span:before { color: | |
| #000;}.m-dark .mobileExtControls,.m-dark .mobileExtControls span:after,.m-dark | |
| .mobileExtControls span:before { color: #707070 !important;}.dd-admin { text-indent: | |
| 5px;}.dd-admin:before { color: #FF0000; content: "\u2022"; left: -3px; position: | |
| absolute;}.extPanel { border: 1px solid rgba(0, 0, 0, 0.2);}.extPanel img.pointer { width: | |
| 18px; height: 18px }.drag { -moz-user-select: none !important; cursor: move | |
| !important;}.reveal-img-spoilers .imgspoiler::before { content: " "; width:0.75em; | |
| height:0.75em; border-radius: 0.5em; position: absolute; display: block; background: | |
| red; margin-top: 1px; margin-left: 1px; pointer-events: none;}.reveal-img- | |
| spoilers.is_catalog .imgspoiler::before { margin-top: 4px; margin-left: 12px;}.reveal-img- | |
| spoilers .imgspoiler:hover::before { background: #fff; }',(e=document.createElement("style" | |
| )).setAttribute("type","text/css"),e.textContent=t,document.head.appendChild(e)},/https?:\/ | |
| \/boards\.(?:4chan|4channel)\.org\/[a-z0- | |
| 9]+\/catalog($|#.*$)/.test(location.href)?t.initCatalog():t.init()}(); | |
| js/minify.rb | |
| ❯❱ problem-based-packs.insecure-transport.ruby-stdlib.net-http-request.net-http-request | |
| Checks for requests sent to http:// URLs. This is dangerous as the server is attempting to connect | |
| to a website that does not encrypt traffic with TLS. Instead, only send requests to https:// URLs. | |
| Details: https://sg.run/vz6Y | |
| 21┆ resp = Net::HTTP.post_form(URI(api_url), { | |
| 22┆ output_format: 'json', | |
| 23┆ output_info: [ 'compiled_code', 'warnings', 'errors', 'statistics' ], | |
| 24┆ compilation_level: 'SIMPLE_OPTIMIZATIONS', | |
| 25┆ language: 'ECMASCRIPT5', | |
| 26┆ js_code: File.open(filename, 'r:UTF-8') { |f| f.read } | |
| 27┆ }) | |
| js/mod-unminified.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 108┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 139┆ el.innerHTML = '(ID: <span class="hand" title="Highlight posts by this ID">' + hash + | |
| '</span>)'; | |
| ⋮┆---------------------------------------- | |
| 453┆ this.banReqCnt.innerHTML = | |
| 454┆ '<div id="banReqHeader" class="drag postblock">Ban No.' + id | |
| 455┆ + '<img alt="X" src="' + Main.icons.cross + '" id="banReqClose" ' | |
| 456┆ + 'class="extButton" title="Close Window"></div>' | |
| 457┆ + '<iframe src="https://sys.' + $L.d(Main.board) + '/' | |
| 458┆ + Main.board + '/admin?mode=admin&admin=ban&id=' + id | |
| 459┆ + '&noheader=true" width="400" height="470" frameborder="0"></iframe>'; | |
| ⋮┆---------------------------------------- | |
| 602┆ this.threadOptsCnt.innerHTML = | |
| 603┆ '<div id="threadOptsHeader" class="drag postblock">Thread Options No.' + id | |
| 604┆ + '<img alt="X" src="' + Main.icons.cross + '" id="threadOptsClose" ' | |
| 605┆ + 'class="extButton" title="Close Window"></div>' | |
| 606┆ + '<iframe src="https://sys.' + $L.d(Main.board) + '/' | |
| 607┆ + Main.board + '/admin?mode=admin&admin=opt&id=' + id | |
| 608┆ + '&noheader=true" width="400" height="175" frameborder="0"></iframe>'; | |
| ⋮┆---------------------------------------- | |
| 880┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 1273┆ cnt.innerHTML = html; | |
| ⋮┆---------------------------------------- | |
| 1467┆ el.innerHTML = J.postFormHTML | |
| 1468┆ + '<input type="hidden" name="mode" value="regist">' | |
| 1469┆ + '<input type="hidden" name="resto" value="' + Main.tid + '">'; | |
| ⋮┆---------------------------------------- | |
| 1605┆ el.innerHTML = '\ | |
| 1606┆ <div class="extPanel reply"><div class="panelHeader">Preview HTML Post\ | |
| 1607┆ <span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data-cmd="close- | |
| html-preview" src="' | |
| 1608┆ + Main.icons.cross + '"></span></div>' + html + '</div>'; | |
| ⋮┆---------------------------------------- | |
| 1642┆ el.innerHTML = '<span class="threadIcon deleteIcon" data-cmd="open-delete-prompt" data- | |
| id="' | |
| 1643┆ + id + '"></span><span class="threadIcon multiIcon" data-cmd="multi" data-id="' | |
| 1644┆ + id + '"></span><span class="threadIcon banIcon" data-cmd="ban" data-id="' | |
| 1645┆ + id + '"></span>'; | |
| ⋮┆---------------------------------------- | |
| 1685┆ el.innerHTML = message || 'Change your settings'; | |
| ⋮┆---------------------------------------- | |
| 1810┆ el.innerHTML = '[<a href="javascript:;" data-id="' + Main.tid + '" data-cmd="thread- | |
| options">Thread Options</a>]'; | |
| js/mod.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 1┆ !function(){var e={isCatalog:!1,colours:{},posterids:{},nextChunkIndex:0,nextChunk:null,chu | |
| nkSize:100,sameIDActive:!1,parserEventBound:!1,autoReloadCatInterval:null,autoReloadCatDela | |
| y:3e4,samePostersMap:{},xhrs:{},reportsSubDomain:"reports",teamSubDomain:"team",flags:[]};e | |
| .bin2hex=function(e){var t,n,a,o;for(a="",n=e.length,t=0;t<n;++t)a+=((o=e.charCodeAt(t))>>4 | |
| ).toString(16),a+=(15&o).toString(16);return a},e.getFileMD5FromPid=function(t){var | |
| n,a;return!!(n=$.id("f"+t))&&(!!(n=$.qs("img[data- | |
| md5]",n))&&(a=window.atob(n.getAttribute("data- | |
| md5")),e.bin2hex(a)))},e.onGetMD5Click=function(t){var n,a=t.getAttribute("data- | |
| id");!1===(n=e.getFileMD5FromPid(a))?alert("Post or file not | |
| found"):prompt("",n)},e.apiUrlFilter=function(e){return | |
| e+"?"+Math.round(Date.now()/1e3/3)},e.openDeletePrompt=function(t){var n,a;n='<div | |
| class="extPanel reply"><div class="panelHeader">Delete Post No.'+(t=t.getAttribute("data- | |
| id"))+'<span class="panelCtrl"><img alt="Close" title="Close" class="pointer" data- | |
| cmd="close-delete-prompt" src="'+Main.icons.cross+'"></a></span></div><span id="delete- | |
| prompt-inner"><input type="button" value="Delete Post" tabindex="-1" data-cmd="delete-post" | |
| data-id="'+t+'"> <input type="button" value="Delete Image Only" data-cmd="delete-image" | |
| data-id="'+t+'">',$.id((e.isCatalog?"thread-":"t")+t)&&!window.thread_archived&&(n+=' | |
| <input type="button" value="Archive Thread" data-cmd="force-archive" data- | |
| id="'+t+'">'),window.thread_archived||e.isCatalog||(n+='<br>[<input type="checkbox" | |
| id="delete-all-by-ip"><label for="delete-all-by-ip">Delete all by IP?</label>]'),n+="</span | |
| ></div>",(a=document.createElement("div")).className="UIPanel",a.id="delete-prompt",a.inner | |
| HTML=n,document.addEventListener("keydown",e.onKeyDown,!1),a.addEventListener("click",e.clo | |
| seDeletePrompt,!1),document.body.appendChild(a),$.id("delete-prompt- | |
| inner").firstElementChild.focus()},e.addPosterIds=function(e,t,n){var a,o,i,r,s,d;if(a=n?$. | |
| id("pim"+e):$.id("pi"+e),!window.user_ids||!(i=$.cls("posteruid",a)[0])){if(i=$.el("span"), | |
| o=$.cls("nameBlock",a)[0],(r=$.cls("name",o)[0]).classList.contains("capcode"))return;o.ins | |
| ertBefore(i,r.nextSibling),n||o.insertBefore(document.createTextNode(" | |
| "),r.nextSibling)}i.innerHTML='(ID: <span class="hand" title="Highlight posts by this | |
| ID">'+t+"</span>)",i.className="posteruid id_"+t,s=i.firstElementChild,IDColor.apply(s),i.a | |
| ddEventListener("click",window.idClick,!1),window.currentHighlighted&&- | |
| 1!=i.className.indexOf("id_"+window.currentHighlighted)&&((d=i.parentNode.parentNode.parent | |
| Node).className="highlight "+d.className)},e.onSamePostersLoaded=function(){var t,n,a,o,i;i | |
| f((200==this.status||304==this.status)&&(t=JSON.parse(this.responseText))){i=Main.hasMobile | |
| Layout,IDColor.enabled||(o=window.user_ids,window.user_ids=!0,IDColor.init(),window.user_id | |
| s=o),e.sameIDActive||(e.sameIDActive=!0);for(a in t)e.samePostersMap[a]||(n=t[a],e.samePost | |
| ersMap[a]=!0,e.addPosterIds(a,n,i))}},e.loadSamePosters=function(t){var n,a;e.parserEventBo | |
| und||document.addEventListener("4chanParsingDone",e.onParsingDone,!1),n="https://sys."+$L.d | |
| (Main.board)+"/"+Main.board+"/admin?admin=adminext&thread="+Main.tid,t&&(n+="&from="+t),(a= | |
| new XMLHttpRequest).open("GET",n),a.withCredentials=!0,a.onload=e.onSamePostersLoaded,a.sen | |
| d(null)},e.closeDeletePrompt=function(t){var n;t&&"delete- | |
| prompt"!=t.target.id||(n=$.id("delete-prompt"))&&(document.removeEventListener("keydown",e. | |
| onKeyDown,!1),n.removeEventListener("click",e.closeDeletePrompt,!1),document.body.removeChi | |
| ld(n))},e.checkDeletedPosts=function(){var | |
| e,t;Main.tid&&(e="//a.4cdn.org/"+Main.board+"/res/"+Main.tid+".json",(t=new XMLHttpRequest) | |
| .open("GET",e),t.onload=function(){200!=this.status&&304!=this.status||ThreadUpdater.markDe | |
| letedReplies(Parser.parseThreadJSON(this.responseText))},t.send(null))},e.get_random_light_ | |
| color=function(){for(var | |
| e="ABCDE".split(""),t="#",n=0;n<3;n++)t+=e[Math.floor(Math.random()*e.length)];return | |
| t},e.deletePost=function(t,n){var a,o,i,r,s,d,l,p,c,m;a=t.getAttribute("data- | |
| id"),c=!e.isCatalog&&$.id("t"+a),i=new FormData,s="https://sys."+$L.d(Main.board)+"/"+Main. | |
| board,window.thread_archived?d="arcdel":(d="usrdel",l=!e.isCatalog&&$.id("delete-all-by-ip" | |
| ).checked),l&&(d="admin.php",i.append("admin","delall"),i.append("id",a)),s+=l?"/admin":"/p | |
| ost",n&&("Delete Image No.",i.append("onlyimgdel","on")),i.append(a,"delete"),i.append("mod | |
| e",d),i.append("pwd","janitorise"),(p=$.id("delete-prompt- | |
| inner")).textContent="Deleting...",(o=new | |
| XMLHttpRequest).open("POST",s),o.withCredentials=!0,o.onload=function(){var o;if(t.src=Main | |
| .icons.cross,200==this.status)if(!l&&-1!=this.responseText.indexOf("Updating")||l&&- | |
| 1!=this.responseText.indexOf("deleted")){if(e.isCatalog)(r=$.id("thread- | |
| "+a))&&$.addClass(r,"disabled");else if(n)(r=$.id("f"+a)).innerHTML='<span | |
| class="fileThumb"><img alt="File deleted." src="//s.4cdn.org/image/filedeleted'+(c?"":"- | |
| res")+'.gif"></span>',l&&((o=document.createElement("span")).innerHTML='<br><br><strong | |
| style="font-color: red;">(YOU HAVE DELETED ALL IMAGES BY THIS | |
| IP)</strong>',(r=$.id("m"+a)).appendChild(o));else{if(a==Main.tid)return void(location.href | |
| ="//boards."+$L.d(Main.board)+"/"+Main.board+"/");l?((o=document.createElement("span")).inn | |
| erHTML='<br><br><strong style="font-color: red;">(YOU HAVE DELETED ALL POSTS BY THIS IP)</s | |
| trong>',(r=$.id("m"+a)).appendChild(o),e.checkDeletedPosts()):c?((r=c.parentNode).removeChi | |
| ld(c.nextSibling),r.removeChild(c)):(r=$.id("pc"+a)).parentNode.removeChild(r)}e.closeDelet | |
| ePrompt()}else(m=this.responseText.match(/"errmsg"[^>]*>(.*?)<\/span/))?p.textContent=m[1]: | |
| p.textContent="Error: Something went wrong.";else p.textContent="Error: Wrong status while | |
| deleting No."+a+" (Status: "+this.status+")."},o.onerror=function(){p.textContent="Error: | |
| Error while deleting No."+a+" (Status: | |
| "+this.status+")."},o.send(i)},e.forceArchive=function(t){var | |
| n,a,o,i,r,s;n=t.getAttribute("data-id"),o=new FormData,i="https://sys."+$L.d(Main.board)+"/ | |
| "+Main.board+"/post",o.append("id",n),o.append("mode","forcearchive"),(r=$.id("delete- | |
| prompt-inner")).textContent="Archiving...",(a=new | |
| XMLHttpRequest).open("POST",i),a.withCredentials=!0,a.onload=function(){var a;t.src&&(t.src | |
| =Main.icons.cross),200==this.status?- | |
| 1!=this.responseText.indexOf("Updating")?(e.isCatalog&&(a=$.id("thread- | |
| "+n))&&$.addClass(a,"disabled"),e.closeDeletePrompt()):(s=this.responseText.match(/"errmsg" | |
| [^>]*>(.*?)<\/span/))?r.textContent=s[1]:r.textContent="Error: Something went | |
| wrong.":r.textContent="Error: Wrong status while archiving No."+n+" (Status: | |
| "+this.status+")."},a.onerror=function(){r.textContent="Error: Error while archiving | |
| No."+n+" (Status: "+this.status+")."},a.send(o)},e.openBanWindow=function(e){var | |
| t;t=e.getAttribute("data-id"),window.open("https://sys."+$L.d(Main.board)+"/"+Main.board+"/ | |
| admin?mode=admin&admin=ban&id="+t,"_blank","scrollBars=yes,resizable=no,toolbar=no,menubar= | |
| no,location=no,directories=no,width=400,height=470")},e.openBanFrame=function(t){var | |
| n;this.banReqCnt&&this.closeBanFrame(),n=t.getAttribute("data-id"),this.banReqCnt=document. | |
| createElement("div"),this.banReqCnt.id="banReq",this.banReqCnt.className="extPanel | |
| reply",this.banReqCnt.setAttribute("data-trackpos","banReq-position"),Config["banReq- | |
| position"]?this.banReqCnt.style.cssText=Config["banReq-position"]:(this.banReqCnt.style.rig | |
| ht="0px",this.banReqCnt.style.top="50px"),this.banReqCnt.innerHTML='<div id="banReqHeader" | |
| class="drag postblock">Ban No.'+n+'<img alt="X" src="'+Main.icons.cross+'" id="banReqClose" | |
| class="extButton" title="Close Window"></div><iframe src="https://sys.'+$L.d(Main.board)+"/ | |
| "+Main.board+"/admin?mode=admin&admin=ban&id="+n+'&noheader=true" width="400" height="470" | |
| frameborder="0"></iframe>',document.body.appendChild(this.banReqCnt),window.addEventListene | |
| r("message",e.onMessage,!1),document.addEventListener("keydown",e.onKeyDown,!1),$.id("banRe | |
| qClose").addEventListener("click",e.closeBanFrame,!1),Draggable.set($.id("banReqHeader"))}, | |
| e.closeBanFrame=function(){window.removeEventListener("message",e.onMessage,!1),document.re | |
| moveEventListener("keydown",e.onKeyDown,!1),Draggable.unset($.id("banReqHeader")),$.id("ban | |
| ReqClose").removeEventListener("click",e.closeBanFrame,!1),document.body.removeChild(e.banR | |
| eqCnt),e.banReqCnt=null},e.processMessage=function(e){return e?{cmd:(e=e.split("- | |
| "))[0],type:e[1],id:e.slice(2).join("- | |
| ")}:{}},e.onKeyDown=function(t){27!=t.keyCode||t.ctrlKey||t.altKey||t.shiftKey||t.metaKey|| | |
| (e.banReqCnt&&e.closeBanFrame(),e.threadOptsCnt&&e.closeThreadOptionsFrame(),$.id("delete-p | |
| rompt")&&e.closeDeletePrompt())},e.onCatalogKeyDown=function(t){82==t.keyCode&&t.shiftKey&& | |
| e.initCatAutoReload()},e.onMessage=function(t){var n;t.origin==="https://sys."+$L.d(Main.bo | |
| ard)&&"ban"===(n=e.processMessage(t.data)).type&&("done"!==n.cmd&&"cancel"!==n.cmd||e.close | |
| BanFrame())},e.initCatAutoReload=function(t){var n;if(n=sessionStorage.getItem("4chan-c-ar" | |
| ))t?(window.scrollTo(0,+n),e.toggleCatAutoReload(!0)):e.toggleCatAutoReload(!1);else{if(t)r | |
| eturn;e.toggleCatAutoReload(!0)}},e.toggleCatAutoReload=function(t){t?(sessionStorage.setIt | |
| em("4chan-c-ar",document.documentElement.scrollTop),e.autoReloadCatInterval=setInterval(e.a | |
| utoRefreshWindow,e.autoReloadCatDelay),$.addClass($.id("refresh-btn"),"active- | |
| btn")):(sessionStorage.removeItem("4chan-c- | |
| ar"),clearInterval(e.autoReloadCatInterval),$.removeClass($.id("refresh-btn"),"active- | |
| btn"))},e.autoRefreshWindow=function(){var e=$.id("ctrl");document.documentElement.scrollTo | |
| p<=e.offsetTop+e.offsetHeight&&(sessionStorage.setItem("4chan-c-ar",document.documentElemen | |
| t.scrollTop),location.href=location.href)},e.openThreadOptions=function(e){var | |
| t=e.getAttribute("data-id");window.open("https://sys."+$L.d(Main.board)+"/"+Main.board+"/ad | |
| min?mode=admin&admin=opt&id="+t,"_blank","scrollBars=yes,resizable=no,toolbar=no,menubar=no | |
| ,location=no,directories=no,width=400,height=290")},e.openThreadOptionsFrame=function(t){va | |
| r n;this.threadOptsCnt&&this.closeThreadOptionsFrame(),n=t.getAttribute("data-id"),this.thr | |
| eadOptsCnt=document.createElement("div"),this.threadOptsCnt.id="threadOpts",this.threadOpts | |
| Cnt.className="extPanel reply",this.threadOptsCnt.setAttribute("data-trackpos","threadOpts- | |
| position"),Config["threadOpts- | |
| position"]?this.threadOptsCnt.style.cssText=Config["threadOpts-position"]:(this.threadOptsC | |
| nt.style.right="0px",this.threadOptsCnt.style.top="50px"),this.threadOptsCnt.innerHTML='<di | |
| v id="threadOptsHeader" class="drag postblock">Thread Options No.'+n+'<img alt="X" | |
| src="'+Main.icons.cross+'" id="threadOptsClose" class="extButton" title="Close | |
| Window"></div><iframe src="https://sys.'+$L.d(Main.board)+"/"+Main.board+"/admin?mode=admin | |
| &admin=opt&id="+n+'&noheader=true" width="400" height="175" frameborder="0"></iframe>',docu | |
| ment.body.appendChild(this.threadOptsCnt),window.addEventListener("message",e.onThreadOptsD | |
| one,!1),document.addEventListener("keydown",e.onKeyDown,!1),$.id("threadOptsClose").addEven | |
| tListener("click",e.closeThreadOptionsFrame,!1),Draggable.set($.id("threadOptsHeader"))},e. | |
| closeThreadOptionsFrame=function(){window.removeEventListener("message",e.onThreadOptsDone, | |
| !1),document.removeEventListener("keydown",e.onKeyDown,!1),Draggable.unset($.id("threadOpts | |
| Header")),$.id("threadOptsClose").removeEventListener("click",e.closeThreadOptionsFrame,!1) | |
| ,document.body.removeChild(e.threadOptsCnt),e.threadOptsCnt=null},e.onThreadOptsDone=functi | |
| on(t){e.threadOptsCnt&&t.origin==="https://sys."+$L.d(Main.board)&&"done- | |
| threadopt"===t.data&&e.closeThreadOptionsFrame()},e.setFileSpoiler=function(t){var | |
| n,a,o,i;a=t.getAttribute("data-id"),o=t.getAttribute("data-flag"),a&&(i=$.id("f"+a),o||(o=$ | |
| .cls("imgspoiler",i.parentNode)[0]?0:1),i&&!i.hasAttribute("data-processing")&&((n=new XMLH | |
| ttpRequest).open("GET","https://sys."+$L.d(Main.board)+"/"+Main.board+"/admin.php?admin=spo | |
| iler&pid="+a+"&flag="+o,!0),n.withCredentials=!0,n.onload=e.onFileSpoilerLoad,n.onerror=e.o | |
| nFileSpoilerError,n._pid=+a,n._flag=+o,Feedback.notify("Processing...",null),i.setAttribute | |
| ("data-processing","1"),n.send(null)))},e.onFileSpoilerLoad=function(){var e,t;Feedback.hid | |
| eMessage(),"1"===this.responseText?(e=$.id("f"+this._pid))&&(e.removeAttribute("data-proces | |
| sing"),(e=$.cls("fileThumb",e)[0])&&(this._flag?($.addClass(e,"imgspoiler"),(t=e.previousEl | |
| ementSibling).setAttribute("title",t.firstElementChild.textContent),Config.revealSpoilers|| | |
| ((e=$.tag("img",e)[0]).style.width=e.style.height="100px",e.src="//s.4cdn.org/image/spoiler | |
| -"+Main.board+".png")):(Config.revealSpoilers||Parser.revealImageSpoiler(e),$.removeClass(e | |
| ,"imgspoiler")))):"-1"===this.responseText?Feedback.error("You are not logged | |
| in"):Feedback.error("Couldn't set spoiler flag for post | |
| No."+this._pid)},e.onFileSpoilerError=function(){var | |
| e;(e=$.id("f"+this._pid))&&(e.removeAttribute("data-processing"),Feedback.error("Couldn't | |
| update the spoiler flag for post No."+this.pid))};var t={};t.exec=function(t){var n,a;UA.is | |
| Opera&&"string"==typeof(a=document.getSelection())||(a=window.getSelection().toString()),a? | |
| window.open("https://"+e.teamSubDomain+'.4chan.org/search#{"comment":"'+a.replace(/[\r\n]+/ | |
| g," ")+'"}'):(n=t.getAttribute("data-id"),window.open("https://team.4chan.org/search?action | |
| =from_pid&board="+Main.board+"&pid="+n))},t.prompt=function(t,n){var a,o,i;a=$.id("pi"+n),o | |
| =$.cls("postMenuBtn",a)[0],(i=document.createElement("a")).href="https://"+e.teamSubDomain+ | |
| '.4chan.org/search#{"ip":"'+t+'"}',i.setAttribute("target","_blank"),i.className="post- | |
| ip",i.textContent=t,a.insertBefore(i,o)};var n={cacheTTL:6e4,autoRefreshDelay:12e4,autoRefr | |
| eshTimeout:null};n.initVisibilityAPI=function(){this.hidden="hidden",this.visibilitychange= | |
| "visibilitychange","undefined"==typeof document.hidden&&("mozHidden"in document?(this.hidde | |
| n="mozHidden",this.visibilitychange="mozvisibilitychange"):"webkitHidden"in document?(this. | |
| hidden="webkitHidden",this.visibilitychange="webkitvisibilitychange"):"msHidden"in document | |
| &&(this.hidden="msHidden",this.visibilitychange="msvisibilitychange")),document.addEventLis | |
| tener(this.visibilitychange,this.onVisibilityChange,!1)},e.initIconsCatalog=function(){var | |
| e,t,n;if(Main.icons={up:"arrow_up.png",down:"arrow_down.png",right:"arrow_right.png",downlo | |
| ad:"arrow_down2.png",refresh:"refresh.png",cross:"cross.png",gis:"gis.png",iqdb:"iqdb.png", | |
| minus:"post_expand_minus.png",plus:"post_expand_plus.png",rotate:"post_expand_rotate.gif",q | |
| uote:"quote.png",report:"report.png",notwatched:"watch_thread_off.png",watched:"watch_threa | |
| d_on.png",help:"question.png"},t={yotsuba_new:"futaba/",futaba_new:"futaba/",yotsuba_b_new: | |
| "burichan/",burichan_new:"burichan/",tomorrow:"tomorrow/",photon:"photon/"},n="//s.4cdn.org | |
| /image/",window.devicePixelRatio>=2)for(e in Main.icons)Main.icons[e]=Main.icons[e].replace | |
| (".","@2x.");n+="buttons/"+t[Main.stylesheet];for(e in | |
| Main.icons)Main.icons[e]=n+Main.icons[e]},n.init=function(){var | |
| t,a;n.initVisibilityAPI(),(t=document.createElement("div")).className="extPanel | |
| reply",t.id="adminToolbox",t.setAttribute("data-trackpos","AT-position"),Config["AT- | |
| position"]?t.style.cssText=Config["AT-position"]:(t.style.right="10px",t.style.top="380px") | |
| ,t.style.position=Config.fixedAdminToolbox?"fixed":"",a='<div class="drag" | |
| id="atHeader">Moderator Tools<img alt="Refresh" title="Refresh" | |
| src="'+Main.icons.refresh+'" id="atRefresh" data-cmd="at-refresh" class="pointer | |
| right"></div><h4><a href="https://'+e.reportsSubDomain+'.4chan.org/" | |
| target="_blank">Reports</a>: <span title="Total" id="at-total">?</span> (<span | |
| title="Illegal" id="at-illegal">?</span>)</h4><h4><a | |
| href="https://'+e.reportsSubDomain+'.4chan.org/?action=ban_requests" target="_blank">Ban | |
| Requests</a>: <span id="at-banreqs">?</span> (<span title="Illegal" id="at-illegal- | |
| br">?</span>)</h4><h4><a href="https://'+e.teamSubDomain+'.4chan.org/appeals" | |
| target="_blank">Appeals</a>: <span id="at-appeals">?</span> (<span title="4chan Pass Users" | |
| id="at-prio-appeals">?</span>)</h4><h4 id="at-msg-cnt"><a data-cmd="at-msg" | |
| href="https://'+e.reportsSubDomain+'.4chan.org/?action=staffmessages" | |
| target="_blank">Messages</a>: <span id="at-msg">?</span></h4>',Main.tid&&(a+='<hr><h4><a | |
| href="javascript:void(0);" data-cmd="poster-id">Same Poster ID</a></h4>'),t.innerHTML=a,doc | |
| ument.body.appendChild(t),n.refreshReportCount(),Draggable.set($.id("atHeader"))},n.onVisib | |
| ilityChange=function(){var e;e=n,document[n.hidden]?(clearInterval(e.autoRefreshTimeout),e. | |
| autoRefreshTimeout=null):(e.refreshReportCount(),e.autoRefreshTimeout=setInterval(e.refresh | |
| ReportCount,e.autoRefreshDelay))},n.refreshReportCount=function(t){var | |
| a,o,i;if(!0!==t&&(o=localStorage.getItem("4chan-cache- | |
| rc"))&&(o=JSON.parse(o)).ts>Date.now()-n.cacheTTL)return $.id("at- | |
| total").textContent=o.data[0],$.id("at-illegal").textContent=o.data[1],$.id("at- | |
| banreqs").textContent=o.data[2],$.id("at-appeals").textContent=o.data[3],$.id("at-illegal- | |
| br").textContent=o.data[4]||0,$.id("at-prio-appeals").textContent=o.data[5]||0,$.id("at- | |
| msg-cnt").style.display=o.data[6]?"block":"",void($.id("at- | |
| msg").textContent=o.data[6]||0);(a=new XMLHttpRequest).open("GET","https://"+e.reportsSubDo | |
| main+".4chan.org/H429f6uIsUqU.php",!0),a.withCredentials=!0,a.onload=function(){var | |
| e,t,n;if(200==this.status){try{t=JSON.parse(this.responseText)}catch(a){return void | |
| console.log(a)}if("success"!==t.status)return void | |
| console.log(t.message);n=t.data,i=n.msg||0,$.id("at-msg- | |
| cnt").style.display=i?"block":"",$.id("at-msg").textContent=i,$.id("at- | |
| total").textContent=n.total,$.id("at-illegal").textContent=n.illegal,$.id("at- | |
| banreqs").textContent=n.banreqs,$.id("at-illegal- | |
| br").textContent=n.illegal_banreqs,$.id("at-appeals").textContent=n.appeals,$.id("at-prio-a | |
| ppeals").textContent=n.prio_appeals,e={ts:Date.now(),data:[n.total,n.illegal,n.banreqs,n.ap | |
| peals,n.illegal_banreqs,n.prio_appeals,n.msg]},e=JSON.stringify(e),localStorage.setItem("4c | |
| han-cache-rc",e),document.dispatchEvent(new CustomEvent("4chanATUpdated"))}else | |
| this.onerror()},a.onerror=function(){console.log("Error while refreshing the report count | |
| (Status: "+this.status+").")},a.onloadend=function(){$.id("atRefresh").src=Main.icons.refre | |
| sh},$.id("atRefresh").src=Main.icons.rotate,a.send(null)},n.resetMsgCount=function(){var | |
| e;$.id("at-msg").textContent=0,(e=localStorage.getItem("4chan-cache- | |
| rc"))&&((e=JSON.parse(e)).data[6]=0,e=JSON.stringify(e),localStorage.setItem("4chan-cache- | |
| rc",e))},e.onClick=function(a){var o,i;if((o=a.target)!=document&&(i=o.getAttribute("data- | |
| cmd")))switch(i){case"at-refresh":n.refreshReportCount(!0);break;case"delete- | |
| post":case"delete-image":e.deletePost(o,"delete-image"===i);break;case"force- | |
| archive":e.forceArchive(o);break;case"open-delete- | |
| prompt":e.openDeletePrompt(o);break;case"close-delete- | |
| prompt":e.closeDeletePrompt();break;case"at-msg":n.resetMsgCount();break;case"toggle-file- | |
| spoiler":e.setFileSpoiler(o);break;case"prompt-spoiler":confirm("Toggle | |
| spoiler?")&&e.setFileSpoiler(o);break;case"thread-options":Config.inlinePopups?e.openThread | |
| OptionsFrame(o):e.openThreadOptions(o);break;case"multi":a.preventDefault(),t.exec(o);break | |
| ;case"get-md5":e.onGetMD5Click(o);break;case"html- | |
| toggle":e.onHTMLToggle(o);break;case"preview- | |
| html":a.preventDefault(),e.onPreviewHTMLClick(o);break;case"close-html- | |
| preview":e.closeHTMLPreview();break;case"poster-id":e.loadSamePosters();break;case"ban":Con | |
| fig.inlinePopups?e.openBanFrame(o):e.openBanWindow(o)}},e.onScroll=function(){for(var t;e.n | |
| extChunk.offsetTop<document.documentElement.clientHeight+window.scrollY;){if((t=e.nextChunk | |
| Index+e.chunkSize)>=e.postCount)return e.parseRange(e.nextChunkIndex,e.postCount),window.re | |
| moveEventListener("scroll",e.onScroll,!1),!1;e.parseRange(e.nextChunkIndex,t)}return!0},e.p | |
| arseRange=function(t,n){var a,o,i;for(i=document.getElementById("t"+Main.tid).getElementsBy | |
| ClassName("postInfo"),a=t;a<n&&(o=i[a]);++a)e.parsePost(o);e.nextChunkIndex=a,e.nextChunk=i | |
| [a]},e.onParsingDone=function(t){var n,a,o,i,r;if(t?(a=t.detail.threadId,o=t.detail.offset, | |
| i=t.detail.limit,r=document.getElementById("t"+a).getElementsByClassName("postInfo"),e.same | |
| IDActive&&e.loadSamePosters(r[o].id.slice(2))):(o=0,i=(r=document.getElementsByClassName("p | |
| ostInfo")).length),Config.useIconButtons)for(n=o;n<i;++n)e.parsePost(r[n])},e.onPostMenuRea | |
| dy=function(e){var t,n,a,o,i;a=e.detail.postId,o=e.detail.node,window.thread_archived&&$.id | |
| ("f"+a)&&((t=document.createElement("li")).className="dd- | |
| admin",(n=document.createElement("a")).href="#",n.setAttribute("data-cmd","get- | |
| md5"),n.setAttribute("data-id",a),n.textContent="File MD5",t.appendChild(n),o.appendChild(t | |
| )),window.spoilers&&(n=$.id("fT"+a))&&(i=$.cls("imgspoiler",n.parentNode)[0]?0:1,(t=documen | |
| t.createElement("li")).className="dd- | |
| admin",(n=document.createElement("a")).setAttribute("data-cmd","toggle-file- | |
| spoiler"),n.setAttribute("data-id",a),n.setAttribute("data- | |
| flag",i),n.textContent=(i?"Set":"Unset")+" Spoiler",t.appendChild(n),o.appendChild(t)),Conf | |
| ig.useIconButtons&&!Main.hasMobileLayout||((t=document.createElement("li")).className="dd- | |
| admin",(n=document.createElement("a")).setAttribute("data-cmd","open-delete- | |
| prompt"),n.setAttribute("data-id",a),n.textContent="Delete",t.appendChild(n),o.appendChild( | |
| t),window.thread_archived||((t=document.createElement("li")).className="dd- | |
| admin",(n=document.createElement("a")).setAttribute("data-cmd","ban"),n.setAttribute("data- | |
| id",a),n.textContent="Ban",t.appendChild(n),o.appendChild(t),(t=document.createElement("li" | |
| )).className="dd-admin",(n=document.createElement("a")).setAttribute("data- | |
| cmd","multi"),n.setAttribute("data-id",a),n.textContent="Search",t.appendChild(n),o.appendC | |
| hild(t),e.detail.isOP&&((t=document.createElement("li")).className="dd- | |
| admin",(n=document.createElement("a")).setAttribute("data-cmd","thread- | |
| options"),n.setAttribute("data-id",a),n.textContent="Thread | |
| options",t.appendChild(n),o.appendChild(t))))},e.parsePost=function(t){var n,a,o,i;a='<img | |
| class="extButton" alt="X" data-cmd="open-delete-prompt" data-id="'+(n=t.id.slice(2))+'" | |
| src="'+Main.icons.cross+'" title="Delete">',window.spoilers&&(el=$.id("fT"+n))&&(a+='<img | |
| class="extButton" alt="S" data-cmd="prompt-spoiler" data-id="'+n+'" | |
| src="'+e.icons.spoiler+'" title="Toggle Spoiler">'),window.thread_archived||(a+='<img | |
| class="extButton" alt="M" data-cmd="multi" data-id="'+n+'" src="'+e.icons.multi+'" | |
| title="Display posts by this IP"><img class="extButton" alt="B" data-cmd="ban" data- | |
| id="'+n+'" src="'+e.icons.ban+'" title="Ban">',$.id("t"+n)&&(a+='<img class="extButton" | |
| alt=">" data-cmd="thread-options" data-id="'+n+'" src="'+e.icons.arrow_right+'" | |
| title="Thread Options">')),(o=document.createElement("div")).className="extControls",o.inne | |
| rHTML=a,i=t.getElementsByClassName("postMenuBtn")[0],t.insertBefore(o,i)},e.displayJCount=f | |
| unction(e,t,n,a){var | |
| o;$.addClass(e,"j-newposts"),$.addClass(t,"j-newposts"),e.setAttribute("data- | |
| no",n),t.setAttribute("data-no",n),e.textContent=t.textContent="j +"+a,o=a+" new | |
| post"+(a>1?"s":""),Main.addTooltip(e,o,"j-tooltip"),Main.addTooltip(t,o,"j-tooltip- | |
| bot")},e.refreshJCount=function(){var t,n,a,o;n=$.id("j-link"),a=$.id("j-link- | |
| bot"),n&&a&&(n=n.firstElementChild,a=a.firstElementChild,(t=localStorage.getItem("4chan-j- | |
| count"))&&(t=JSON.parse(t)),!t||Date.now()-t.time>=1e4?((o=new XMLHttpRequest).open("GET"," | |
| https://sys.4chan.org/j/1mcQTXbjW5WO.php?&"+Date.now()),o.withCredentials=!0,o.onloadend=fu | |
| nction(){var o,i,r;200==this.status||304==this.status?(o=JSON.parse(this.responseText),t&&" | |
| j"!=Main.board?o.no>t.no&&(r=o.no- | |
| t.no,e.displayJCount(n,a,o.no,r),i={time:Date.now(),no:t.no,delta:r}):i={time:Date.now(),no | |
| :o.no},i&&localStorage.setItem("4chan-j-count",JSON.stringify(i))):console.log("Error: | |
| Could not load /j/ post count (Status: "+this.status+").")},o.send(null)):t.delta&&e.displa | |
| yJCount(n,a,t.no,t.delta))},e.clearJCount=function(){var | |
| e,t,n,a;n=$.id("j-tooltip"),a=$.id("j-tooltip-bot"),n&&(t=this.getAttribute("data- | |
| no"),e={time:Date.now(),no:t},localStorage.setItem("4chan-j-count",JSON.stringify(e)),n.par | |
| entNode.removeChild(n),a.parentNode.removeChild(a),setTimeout(function(){var e=$.cls("j- | |
| newposts");e[0]&&(e[0].textContent="j",$.removeClass(e[0],"j- | |
| newposts"),e[0].textContent="j",$.removeClass(e[0],"j- | |
| newposts"))},10))},e.hasFlag=function(e){return- | |
| 1!=this.flags.indexOf(e)},e.icons={multi:"multi.png",ban:"ban.png",arrow_right:"arrow_right | |
| .png",spoiler:"s.png"},e.initIcons=function(){var t,n;if(n="//s.4cdn.org/image/buttons/"+{y | |
| otsuba_new:"futaba/",futaba_new:"futaba/",yotsuba_b_new:"burichan/",burichan_new:"burichan/ | |
| ",tomorrow:"tomorrow/",photon:"photon/"}[Main.stylesheet],window.devicePixelRatio>=2)for(t | |
| in e.icons)e.icons[t]=e.icons[t].replace(".","@2x.");for(t in | |
| e.icons)e.icons[t]=n+e.icons[t]},e.initNavLinks=function(){var t,n,a,o,i,r;i=$.id("navtopri | |
| ght"),r=$.id("navbotright"),(t=document.createElement("span")).id="j-link",t.innerHTML='[<a | |
| href="https://sys.4chan.org/j/" title="Janitor & Moderator Discussion">j</a>]',t.firstE | |
| lementChild.addEventListener("mouseup",e.clearJCount,!1),i.parentNode.insertBefore(t,i),(t= | |
| t.cloneNode(!0)).id="j-link-bot",t.firstElementChild.addEventListener("mouseup",e.clearJCou | |
| nt,!1),r.parentNode.insertBefore(t,r),e.refreshJCount(),n=i.lastElementChild.previousSiblin | |
| g,(a=document.createDocumentFragment()).appendChild(document.createTextNode("] [")),(t=docu | |
| ment.createElement("a")).textContent="Team",t.href="https://"+e.teamSubDomain+".4chan.org/" | |
| ,t.setAttribute("target","_blank"),a.appendChild(t),a.appendChild(document.createTextNode(" | |
| ] [")),o=a.cloneNode(!0),i.replaceChild(a,n),n=r.lastElementChild.previousSibling,r.replace | |
| Child(o,n),Main.tid&&Main.hasMobileLayout&&((t=document.createElement("span")).className="m | |
| obileib button redButton",t.innerHTML='<label data-cmd="poster-id">Same Poster | |
| ID</label>',(i=$.cls("navLinks")[0])&&i.appendChild(t))},e.initPostForm=function(){var t,n, | |
| a,o,i;!(t=$.id("postForm"))&&Main.tid&&(o=$.cls("closed")[0])&&((n=document.createElement(" | |
| form")).name="post",n.method="POST",n.enctype="multipart/form-data",n.action="https://sys." | |
| +$L.d(Main.board)+"/"+Main.board+"/post",n.innerHTML=e.postFormHTML+'<input type="hidden" | |
| name="mode" value="regist"><input type="hidden" name="resto" value="'+Main.tid+'">',o.paren | |
| tNode.insertBefore(n,o),t=n.firstElementChild,QR.enabled=!0),t&&("hidden"==(n=document.form | |
| s.post.name).type&&e.hasFlag("forcedanonname")&&((a=document.createElement("tr")).setAttrib | |
| ute("data-type","Name"),a.innerHTML='<td>Name</td><td><input name="name" type="text"></td>' | |
| ,(i=Main.getCookie("4chan_name"))&&(a.lastChild.firstChild.value=i),(o=$.id("postForm").fir | |
| stElementChild).insertBefore(a,o.firstElementChild),n.parentNode.removeChild(n)),e.hasFlag( | |
| "html")&&((n=document.createElement("tr")).innerHTML='<tr><td style="height: | |
| 20px;">Extra</td><td>[<label><input type="checkbox" data-cmd="html-toggle" name="html" | |
| value="1">HTML</label>] <span class="html-otp">[<label data-tip="2FA One-Time | |
| Password">OTP</label> <input type="text" autocomplete="off" name="otp" maxlength="6">] <a | |
| href="#" class="preview-html-btn" data-cmd="preview-html">Preview</a></span></td></tr>',(t= | |
| t.firstElementChild).insertBefore(n,t.lastElementChild)))},e.onHTMLToggle=function(e){var | |
| t=$.cls("html-otp",e.parentNode.parentNode)[0];t&&(t.style.display=e.checked?"inline":"")}, | |
| e.onPreviewHTMLClick=function(t){var n,a,o;e.xhrs.html||""!==(a=document.forms.qrPost?docum | |
| ent.forms.qrPost:document.forms.post).com.value&&((n=new | |
| FormData).append("com",a.com.value),(o=new XMLHttpRequest).open("post",a.action+"?mode=prev | |
| iew_html",!0),o.withCredentials=!0,o.onload=e.onHTMLPReviewLoaded,o.onerror=e.onHTMLPReview | |
| Error,e.xhrs.html=o,$.addClass(t,"disabled"),o.send(n),Feedback.notify("Processing...",null | |
| ))},e.resetHTMLPreviewBtn=function(){var e=$.cls("preview-html-btn");$.removeClass(e[0],"di | |
| sabled"),e[1]&&$.removeClass(e[1],"disabled")},e.onHTMLPReviewLoaded=function(){var t;e.xhr | |
| s.html=null,Feedback.hideMessage(),e.resetHTMLPreviewBtn();try{"error"==(t=JSON.parse(this. | |
| responseText)).status&&Feedback.error(t.message)}catch(n){Feedback.error("Something went wr | |
| ong.")}e.buildHTMLPreview(t.data)},e.onHTMLPReviewError=function(){e.xhrs.html=null,Feedbac | |
| k.hideMessage(),e.resetHTMLPreviewBtn(),console.log(this)},e.closeHTMLPreview=function(){va | |
| r t;(t=$.id("html-preview-cnt"))&&t.parentNode.removeChild(t),e.resetHTMLPreviewBtn()},e.bu | |
| ildHTMLPreview=function(t){var | |
| n;e.closeHTMLPreview(),(n=document.createElement("div")).id="html-preview- | |
| cnt",n.setAttribute("data-cmd","close-html-preview"),n.innerHTML='<div class="extPanel | |
| reply"><div class="panelHeader">Preview HTML Post<span class="panelCtrl"><img alt="Close" | |
| title="Close" class="pointer" data-cmd="close-html-preview" src="'+Main.icons.cross+'"></sp | |
| an></div>'+t+"</div>",document.body.appendChild(n)},e.onThreadMouseOver=function(t){var n=t | |
| .target;$.hasClass(n,"thumb")&&(e.hasCatalogControls&&e.hideCatalogControls(),$.hasClass(n. | |
| parentNode.parentNode,"disabled")||e.showCatalogControls(n))},e.showCatalogControls=functio | |
| n(t){var n,a,o;a=t.getAttribute("data-id"),(n=document.createElement("div")).id="cat- | |
| ctrl",n.className=e.stylesheet,n.innerHTML='<span class="threadIcon deleteIcon" data- | |
| cmd="open-delete-prompt" data-id="'+a+'"></span><span class="threadIcon multiIcon" data- | |
| cmd="multi" data-id="'+a+'"></span><span class="threadIcon banIcon" data-cmd="ban" data-id= | |
| "'+a+'"></span>',(o=$.cls("threadIcons",t.parentNode.parentNode)[0])?o.insertBefore(n,o.fir | |
| stElementChild):((o=document.createElement("div")).className="threadIcons",o.appendChild(n) | |
| ,t.parentNode.parentNode.insertBefore(o,t.parentNode.nextElementSibling)),e.hasCatalogContr | |
| ols=!0},e.hideCatalogControls=function(){var t=$.id("cat-ctrl");t&&t.parentNode.removeChild | |
| (t),e.hasCatalogControls=!1},e.initCatalog=function(){window.Main={board:location.pathname. | |
| split(/\//)[1]},Main.addTooltip=function(e,t,n){var | |
| a,o;return(a=document.createElement("div")).className="click- | |
| me",n&&(a.id=n),a.innerHTML=t||"Change your settings",e.parentNode.appendChild(a),o=(e.offs | |
| etWidth-a.offsetWidth+e.offsetLeft- | |
| a.offsetLeft)/2,a.style.marginLeft=o+"px",a},(e.stylesheet=e.getCookie(window.style_group) | |
| )?e.stylesheet=e.stylesheet.toLowerCase().replace(/ /g,"_"):e.stylesheet="nws_style"==style | |
| _group?"yotsuba_new":"yotsuba_b_new",Main.stylesheet=e.stylesheet,e.initIconsCatalog(),e.ad | |
| dCss(),document.addEventListener("click",e.onClick,!1),e.runCatalog()},e.runCatalog=functio | |
| n(){var t;e.initNavLinks(),FC.hasMobileLayout||n.init(),t=$.id("threads"),e.initCatAutoRelo | |
| ad(!0),document.addEventListener("keydown",e.onCatalogKeyDown,!1),$.on(t,"mouseover",e.onTh | |
| readMouseOver),window.text_only&&document.addEventListener("4chanPostMenuReady",e.onPostMen | |
| uReady,!1)},e.init=function(){var t;SettingsMenu.options.Moderator={useIconButtons:["Use | |
| icon buttons","Display old-style buttons instead of using drop- | |
| down"],changeUpdateDelay:["Reduce auto-update delay","Reduce the thread updater | |
| delay",!0],fixedAdminToolbox:["Pin Moderator Tools to the page","Moderator Tools will | |
| scroll with you"],inlinePopups:["Inline admin panels","Open admin panels in browser window, | |
| instead of a popup"],disableMngExt:["Disable moderator extension","Completely disable the | |
| moderator extension (overrides any checked boxes)",!0]},Config.disableMngExt||((t=Main.getC | |
| ookie("4chan_aflags"))&&(e.flags=t.split(",")),e.addCss(),Config.useIconButtons&&e.initIcon | |
| s(),QR.noCooldown=QR.noCaptcha=!0,document.addEventListener("click",e.onClick,!1),document. | |
| addEventListener("DOMContentLoaded",e.run,!1))},e.run=function(){var t,a,o;document.removeE | |
| ventListener("DOMContentLoaded",e.run,!1),e.initNavLinks(),e.initPostForm(),Main.hasMobileL | |
| ayout||n.init(),Config.revealSpoilers&&$.addClass(document.body,"reveal-img-spoilers"),Conf | |
| ig.threadUpdater&&Main.tid&&Config.changeUpdateDelay&&(ThreadUpdater.delayIdHidden=3,Thread | |
| Updater.delayRange=[5,10,15,20,30,60],ThreadUpdater.apiUrlFilter=e.apiUrlFilter),Config.use | |
| IconButtons&&!Main.hasMobileLayout&&(Main.tid?(t=document.getElementById("t"+Main.tid).getE | |
| lementsByClassName("postInfo"),e.postCount=t.length,e.postCount>e.chunkSize?(e.nextChunk=t[ | |
| 0],window.addEventListener("scroll",e.onScroll,!1),e.onScroll()):e.onParsingDone(),o=$.cls( | |
| "navLinksBot")[0],(a=document.createElement("span")).id="threadOptsButtom",a.innerHTML='[<a | |
| href="javascript:;" data-id="'+Main.tid+'" data-cmd="thread-options">Thread Options</a>]',o | |
| .appendChild(a)):e.onParsingDone(),document.addEventListener("4chanParsingDone",e.onParsing | |
| Done,!1),e.parserEventBound=!0),document.addEventListener("4chanPostMenuReady",e.onPostMenu | |
| Ready,!1),(o=$.id("boardSelectMobile"))&&((a=document.createElement("option")).value="j",a. | |
| textContent="/j/ - Janitors & | |
| Moderators",o.insertBefore(a,o.firstElementChild))},e.getCookie=function(e){var | |
| t,n,a,o;for(o=e+"=",a=document.cookie.split(";"),t=0;n=a[t];++t){for(;" | |
| "==n.charAt(0);)n=n.substring(1,n.length) | |
| js/tcaptcha.js | |
| ❯❯❱ javascript.browser.security.insecure-document-method.insecure-document-method | |
| User controlled data in methods like `innerHTML`, `outerHTML` or `document.write` is an anti-pattern | |
| that can lead to XSS vulnerabilities | |
| Details: https://sg.run/LwA9 | |
| 552┆ TCaptcha.msgNode.innerHTML = `<div>${txt}</div>`; | |
| json-test.php | |
| ❯❯❱ php.lang.security.md5-loose-equality.md5-loose-equality | |
| Make sure comparisons involving md5 values are strict (use `===` not `==`) to avoid type juggling | |
| issues | |
| Details: https://sg.run/Do4G | |
| 380┆ if( $var['filedeleted'] == 1 || !$var['ext'] ) { | |
| ⋮┆---------------------------------------- | |
| 500┆ if ($var['capcode'] == 'none') { | |
| ⋮┆---------------------------------------- | |
| 521┆ if( ( $FORCED_ANON || $META_BOARD ) && ( $var['capcode'] != 'admin' && $var['capcode'] != | |
| 'admin_hl' ) ) { | |
| ⋮┆---------------------------------------- | |
| 521┆ if( ( $FORCED_ANON || $META_BOARD ) && ( $var['capcode'] != 'admin' && $var['capcode'] != | |
| 'admin_hl' ) ) { | |
| ⋮┆---------------------------------------- | |
| 526┆ if( $var['capcode'] == 'none' ) unset( $var['capcode'] ); | |
| ⋮┆---------------------------------------- | |
| 530┆ if( $var['com'] == '' ) unset( $var['com'] ); | |
| ⋮┆---------------------------------------- | |
| 532┆ if( $var['sub'] == '' ) unset( $var['sub'] ); | |
| json.php | |
| ❯❯❱ php.lang.security.md5-loose-equality.md5-loose-equality | |
| Make sure comparisons involving md5 values are strict (use `===` not `==`) to avoid type juggling | |
| issues | |
| Details: https://sg.run/Do4G | |
| 380┆ if( $var['filedeleted'] == 1 || !$var['ext'] ) { | |
| ⋮┆---------------------------------------- | |
| 494┆ if ($var['capcode'] == 'none') { | |
| ⋮┆---------------------------------------- | |
| 515┆ if( ( $FORCED_ANON || $META_BOARD ) && ( $var['capcode'] != 'admin' && $var['capcode'] != | |
| 'admin_hl' ) ) { | |
| ⋮┆---------------------------------------- | |
| 515┆ if( ( $FORCED_ANON || $META_BOARD ) && ( $var['capcode'] != 'admin' && $var['capcode'] != | |
| 'admin_hl' ) ) { | |
| ⋮┆---------------------------------------- | |
| 520┆ if( $var['capcode'] == 'none' ) unset( $var['capcode'] ); | |
| ⋮┆---------------------------------------- | |
| 524┆ if( $var['com'] == '' ) unset( $var['com'] ); | |
| ⋮┆---------------------------------------- | |
| 526┆ if( $var['sub'] == '' ) unset( $var['sub'] ); | |
| lib/GoogleAuthenticator.php | |
| ❯❯❱ php.lang.security.md5-loose-equality.md5-loose-equality | |
| Make sure comparisons involving md5 values are strict (use `===` not `==`) to avoid type juggling | |
| issues | |
| Details: https://sg.run/Do4G | |
| 146┆ $binaryString .= ( ($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48 ) ? | |
| $y:""; | |
| lib/admin-test.php | |
| ❯❯❱ php.lang.security.exec-use.exec-use | |
| Executing non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/5Q1j | |
| 219┆ exec( $cmd ); | |
| ⋮┆---------------------------------------- | |
| 228┆ exec( $cmd ); | |
| lib/admin.php | |
| ❯❯❱ php.lang.security.exec-use.exec-use | |
| Executing non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/5Q1j | |
| 210┆ exec( $cmd ); | |
| ⋮┆---------------------------------------- | |
| 219┆ exec( $cmd ); | |
| lib/auth-test.php | |
| ❯❯❱ php.lang.security.mcrypt-use.mcrypt-use | |
| Mcrypt functionality has been deprecated and/or removed in recent PHP versions. Consider using | |
| Sodium or OpenSSL. | |
| Details: https://sg.run/BkZR | |
| 56┆ $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); | |
| ⋮┆---------------------------------------- | |
| 57┆ $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); | |
| ⋮┆---------------------------------------- | |
| 59┆ $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv); | |
| ⋮┆---------------------------------------- | |
| 75┆ $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); | |
| ⋮┆---------------------------------------- | |
| 80┆ $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv_dec); | |
| lib/auth.php | |
| ❯❯❱ php.lang.security.mcrypt-use.mcrypt-use | |
| Mcrypt functionality has been deprecated and/or removed in recent PHP versions. Consider using | |
| Sodium or OpenSSL. | |
| Details: https://sg.run/BkZR | |
| 56┆ $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); | |
| ⋮┆---------------------------------------- | |
| 57┆ $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); | |
| ⋮┆---------------------------------------- | |
| 59┆ $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv); | |
| ⋮┆---------------------------------------- | |
| 75┆ $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CBC); | |
| ⋮┆---------------------------------------- | |
| 80┆ $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $data, MCRYPT_MODE_CBC, $iv_dec); | |
| lib/htmlpurifier/HTMLPurifier.standalone.php | |
| ❯❱ php.lang.security.unserialize-use.unserialize-use | |
| Calling `unserialize()` with user input in the pattern can lead to arbitrary code execution. | |
| Consider using JSON or structured data approaches (e.g. Google Protocol Buffers). | |
| Details: https://sg.run/b24E | |
| 2699┆ $r = unserialize($contents); | |
| ⋮┆---------------------------------------- | |
| 4380┆ $this->table = unserialize(file_get_contents($file)); | |
| ⋮┆---------------------------------------- | |
| 15136┆ return unserialize(file_get_contents($file)); | |
| ❯❱ php.lang.security.unlink-use.unlink-use | |
| Using user input when deleting files with `unlink()` is potentially dangerous. A malicious actor | |
| could use this to modify or access files they have no right to. | |
| Details: https://sg.run/rYeR | |
| 15149┆ return unlink($file); | |
| ⋮┆---------------------------------------- | |
| 15170┆ unlink($dir . '/' . $filename); | |
| ⋮┆---------------------------------------- | |
| 15194┆ unlink($dir . '/' . $filename); | |
| ⋮┆---------------------------------------- | |
| 21393┆ unlink($file); | |
| ⋮┆---------------------------------------- | |
| 21398┆ unlink($file); | |
| ❯❯❱ php.lang.security.eval-use.eval-use | |
| Evaluating non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/J9AP | |
| 21864┆ $result = eval("\$var = $expr;"); | |
| lib/htmlpurifier/standalone/HTMLPurifier/ConfigSchema/InterchangeBuilder.php | |
| ❯❯❱ php.lang.security.eval-use.eval-use | |
| Evaluating non-constant commands. This can lead to command injection. | |
| Details: https://sg.run/J9AP | |
| 182┆ return eval('return array(' . $contents . ');'); | |
| lib/postfilter-test.php | |
| ❯❯❱ generic.secrets.security.detected-generic-secret.detected-generic-secret | |
| Generic Secret detected | |
| Details: https://sg.run/l2o5 | |
| 1324┆ $hmac_secret = 'd8d9616bce7b0a8fc83b422a7001b0492e17b4c16debeb43b77cf0060d9bdae3'; | |
| lib/postfilter.php | |
| ❯❯❱ generic.secrets.security.detected-generic-secret.detected-generic-secret | |
| Generic Secret detected | |
| Details: https://sg.run/l2o5 | |
| 1274┆ $hmac_secret = 'd8d9616bce7b0a8fc83b422a7001b0492e17b4c16debeb43b77cf0060d9bdae3'; | |
| lib/userpwd-test.php | |
| ❯❯❱ generic.secrets.security.detected-generic-secret.detected-generic-secret | |
| Generic Secret detected | |
| Details: https://sg.run/l2o5 | |
| 5┆ const HMAC_SECRET = '1e1e4476a89b28307dd39a56df4223bad7fea2045283a65ac3092a7adbf7f546'; | |
| lib/userpwd.php | |
| ❯❯❱ generic.secrets.security.detected-generic-secret.detected-generic-secret | |
| Generic Secret detected | |
| Details: https://sg.run/l2o5 | |
| 5┆ const HMAC_SECRET = '1e1e4476a89b28307dd39a56df4223bad7fea2045283a65ac3092a7adbf7f546'; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment