rejetto forum

Recent Posts

1
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« Last post by rejetto on Yesterday at 10:01:03 AM »
that's great, congratulations with your achievement, Leo!
i cannot say anything about effectiveness of this fix, but i'm happy if you can find a solution.
Is the url the only way to use the vulnerability? Even if the POC of the CVE uses the url, be sure to consider the possibility of the attack coming from a header.
you prefer 2.3 over 2.4 ?
2
HFS ~ HTTP File Server / Re: Warning: HFS v2.x has a severe vulnerability
« Last post by LeoNeeson on October 02, 2024, 06:36:55 AM »
After spending several hours on last weekend, I'm happy to finally announce that I've come up with a simple (one line) solution to this macro vulnerability. :D

The following is a portion of 'main.pas' in 'hfs2.3m.src.zip'
Add the line marked in red, after line 5100 in 'main.pas'
(After line 5445 in v2.4 RC07, but is hasn't been tested)

Quote
  url:=conn.request.url; // The next line is a fix for CVE-2024-23692
  if anyMacroMarkerIn(url) then url:=encodeURL(xtpl(url,['%','#']));
  extractParams();
  url:=decodeURL(url);

This was my second 'impossible task' achieved or accomplished here (the first was helping to bring the 'logout' function to HFS), and now an attempt to fix this vulnerability. Those are the good things about programming: almost nothing is impossible with a lot of effort and dedication. :)
3
Everything else / Re: A simple chatrooms with video chat support.
« Last post by rejetto on September 09, 2024, 07:36:32 AM »
nice tool!
4
Everything else / A simple chatrooms with video chat support.
« Last post by mzw18667 on August 25, 2024, 02:24:47 PM »
Hi all, I made this one after I publish "webd". Hope you like it.
If you find it usefull, please share it somewhere else, it's important for me to run it sustainablity.

No Registration Needed, easy to create your own chatroom. https://cnt2.cf/groups/login.html
  • Just pick up some groupname&password and nickname to create a chatroom and login.
  • Share the same groupname&password (or link) to others to let them join in the same chatroom.
  • Same groupname with a different password will lead to a different chatroom.
  • Chat contents encrypted at frontend.
Video Call Supported.
  • If only two in chatroom, just click the phone button to video call another one.
  • If there's more than two, first click one's name to enter private chat mode, then click the phone button.
  • Also in private chat mode, text message only send to the one target, and the text color is different.


5
Everything else / Re: Message to Rejetto: forum's email is broken
« Last post by LeoNeeson on August 11, 2024, 12:25:15 AM »
It's still working here, and I agree that the main reason of all this problem (and also of having too many spam accounts), is the use of fake/disposable email address to register (like you said 'invalid addresses'). If we filter that registration comes ONLY from common respectable email providers, like: Gmail, Yahoo, Hotmail, Yandex, GMX, QQ, etc. then those spam accounts will be much less.

Reading a forum thread on SMF Community Forum, about "Restrict email providers on registration", I've found THIS mod, which works with current SMF version, and has a very useful option named "Only allow these providers" (along with preventing people using their email addresses as usernames).

PS: nothing is perfect, since one Gmail account could have MANY email alias (and register many accounts on the forum using those alias). So, it would be great if we could 'clean' the email username from any "+" (plus symbols) and "." (dots), when someone is using Gmail to register to avoid the 'alias' trick. Perhaps that mod that I mentioned, has this feature too (I don't know).
6
Everything else / Re: Message to Rejetto: forum's email is broken
« Last post by rejetto on August 10, 2024, 11:18:26 PM »
i think the email is not working again.
my provider interrupts the service because a lot of emails fails, because of spammers who register on the forum with invalid addresses.
i think "questions" don't work because i installed the "stop spammer" plugin.
7
Everything else / Re: Message to Rejetto: forum's email is broken
« Last post by LeoNeeson on August 06, 2024, 02:26:55 AM »
it should be fixed now.
Yes, I confirm that now it works... :)

works as expected, bots will be able to have fun again
To avoid bots, according to forum's documentation, "the most efficient anti-spam method provided by SMF" by default, without having to install any -Mod- (modification), is enabling "Verification Questions". I've read that adding three simple (but not so obvious) questions stops most bots. I highly recommend adding this to relieve Mars's task of cleaning the forum. 8)
8
Everything else / Re: Message to Rejetto: forum's email is broken
« Last post by Mars on August 05, 2024, 11:19:54 PM »

works as expected, bots will be able to have fun again

 :o
9
Everything else / Re: Message to Rejetto: forum's email is broken
« Last post by rejetto on August 05, 2024, 07:27:22 PM »
it should be fixed now.
sorry guys
10
HFS ~ HTTP File Server / Re: how to inline images in folder view
« Last post by hanshenrik on August 01, 2024, 03:35:45 PM »
Could try the thumbnails plugin: https://github.com/rejetto/thumbnails
But I don't really trust the author, looks like a shady fellow.
So I wrote this custom-html-footer code:
Code: [Select]
(function () {
    // todo: is there an event fired by HFS when all elements are loaded? that would be better than this retry approach.
    let retryUntilSuccessFunction;
    retryUntilSuccessFunction = function () {
        let images = document.querySelectorAll('span[role="img"].fa-image');
        if (images.length === 0) {
            setTimeout(retryUntilSuccessFunction, 100);
            return;
        }
        document.querySelectorAll('span[role="img"].fa-image').forEach(function (el) {
            let span = el;
            while (el.tagName.toLocaleLowerCase() !== 'a') {
                el = el.parentNode;
            }
            let url = el.href;
            let imageElement = document.createElement('img');
            imageElement.src = url;
            imageElement.style['max-width'] = '500px';
            span.appendChild(imageElement);
        });
    };
    retryUntilSuccessFunction();
})();

- half-joking, I need to be able to specify max-width, made a feature request here https://github.com/rejetto/thumbnails/issues/3