From 7f920b552f1ba0502789f24cca3c834860c1ac96 Mon Sep 17 00:00:00 2001
From: ccd0 <admin@containerchan.org>
Date: Mon, 12 May 2014 21:46:18 -0700
Subject: [PATCH 1/2] fix privilege escalation vulnerability

Conflicts:
	src/General/Settings.coffee
	src/Quotelinks/QuoteBacklink.coffee
---
 src/General/Settings.coffee         |  6 ++----
 src/Images/Sauce.coffee             | 30 ++++++++++++++---------------
 src/Miscellaneous/FileInfo.coffee   | 10 ++++------
 src/Miscellaneous/Time.coffee       | 10 ++++------
 src/Quotelinks/QuoteBacklink.coffee |  6 ++----
 5 files changed, 26 insertions(+), 36 deletions(-)

diff --git a/src/General/Settings.coffee b/src/General/Settings.coffee
index eb7f9346d..408a185ec 100755
--- a/src/General/Settings.coffee
+++ b/src/General/Settings.coffee
@@ -348,8 +348,7 @@ Settings =
     Header.generateBoardList @value
 
   time: ->
-    funk = Time.createFunc @value
-    @nextElementSibling.textContent = funk Time, new Date()
+    @nextElementSibling.textContent = Time.format @value, new Date()
 
   backlink: ->
     @nextElementSibling.textContent = @value.replace /%id/, '123456789'
@@ -366,8 +365,7 @@ Settings =
         isImage: true
         isVideo: false
         isSpoiler: true
-    funk = FileInfo.createFunc @value
-    @nextElementSibling.innerHTML = funk FileInfo, data
+    @nextElementSibling.innerHTML = FileInfo.format @value, data
 
   favicon: ->
     Favicon.init()
diff --git a/src/Images/Sauce.coffee b/src/Images/Sauce.coffee
index 291aa72a7..256b75f84 100755
--- a/src/Images/Sauce.coffee
+++ b/src/Images/Sauce.coffee
@@ -5,7 +5,7 @@ Sauce =
     links = []
     for link in Conf['sauces'].split '\n'
       try
-        links.push @createSauceLink link.trim() if link[0] isnt '#'
+        links.push link.trim() if link[0] isnt '#'
       catch err
         # Don't add random text plz.
     return unless links.length
@@ -14,29 +14,27 @@ Sauce =
     Post.callbacks.push
       name: 'Sauce'
       cb:   @node
-  createSauceLink: (link) ->
+  createSauceLink: (link, post, a) ->
     link = link.replace /%(T?URL|MD5|board|name)/g, (parameter) ->
-      return (if type = {
-        '%TURL':  'post.file.thumbURL'
-        '%URL':   'post.file.URL'
-        '%MD5':   'post.file.MD5'
-        '%board': 'post.board'
-        '%name':  'post.file.name'
+      if type = {
+        '%TURL':  post.file.thumbURL
+        '%URL':   post.file.URL
+        '%MD5':   post.file.MD5
+        '%board': post.board
+        '%name':  post.file.name
       }[parameter]
-        "' + encodeURIComponent(#{type}) + '"
+        encodeURIComponent(type)
       else
-        parameter)
+        parameter
     text = if m = link.match(/;text:(.+)$/) then m[1] else link.match(/(\w+)\.\w+\//)[1]
     link = link.replace /;text:.+$/, ''
-    Function 'post', 'a', """
-      a.href = '#{link}';
-      a.textContent = '#{text}';
-      return a;
-    """
+    a.href = link
+    a.textContent = text
+    a
   node: ->
     return if @isClone or !@file
     nodes = []
     for link in Sauce.links
       # \u00A0 is nbsp
-      nodes.push $.tn('\u00A0'), link @, Sauce.link.cloneNode true
+      nodes.push $.tn('\u00A0'), (Sauce.createSauceLink link, @, Sauce.link.cloneNode true)
     $.add @file.text, nodes
diff --git a/src/Miscellaneous/FileInfo.coffee b/src/Miscellaneous/FileInfo.coffee
index c94bb41bd..7a15a76ce 100755
--- a/src/Miscellaneous/FileInfo.coffee
+++ b/src/Miscellaneous/FileInfo.coffee
@@ -2,20 +2,18 @@ FileInfo =
   init: ->
     return if !Conf['File Info Formatting']
 
-    @funk = @createFunc Conf['fileInfo']
     Post.callbacks.push
       name: 'File Info Formatting'
       cb:   @node
   node: ->
     return if !@file or @isClone
-    @file.text.innerHTML = "<span class=file-info>#{FileInfo.funk FileInfo, @}</span>"
-  createFunc: (format) ->
-    code = format.replace /%(.)/g, (s, c) ->
+    @file.text.innerHTML = "<span class=file-info>#{FileInfo.format Conf['fileInfo'], @}</span>"
+  format: (formatString, post) ->
+    formatString.replace /%([A-Za-z])/g, (s, c) ->
       if c of FileInfo.formatters
-        "' + FileInfo.formatters.#{c}.call(post) + '"
+        FileInfo.formatters[c].call(post)
       else
         s
-    Function 'FileInfo', 'post', "return '#{code}'"
   convertUnit: (size, unit) ->
     if unit is 'B'
       return "#{size.toFixed()} Bytes"
diff --git a/src/Miscellaneous/Time.coffee b/src/Miscellaneous/Time.coffee
index 0d290cc63..3d2d3f2f6 100755
--- a/src/Miscellaneous/Time.coffee
+++ b/src/Miscellaneous/Time.coffee
@@ -2,20 +2,18 @@ Time =
   init: ->
     return if !Conf['Time Formatting']
 
-    @funk = @createFunc Conf['time']
     Post.callbacks.push
       name: 'Time Formatting'
       cb:   @node
   node: ->
     return if @isClone
-    @nodes.date.textContent = Time.funk Time, @info.date
-  createFunc: (format) ->
-    code = format.replace /%([A-Za-z])/g, (s, c) ->
+    @nodes.date.textContent = Time.format Conf['time'], @info.date
+  format: (formatString, date) ->
+    formatString.replace /%([A-Za-z])/g, (s, c) ->
       if c of Time.formatters
-        "' + Time.formatters.#{c}.call(date) + '"
+        Time.formatters[c].call(date)
       else
         s
-    Function 'Time', 'date', "return '#{code}'"
   day: [
     'Sunday'
     'Monday'
diff --git a/src/Quotelinks/QuoteBacklink.coffee b/src/Quotelinks/QuoteBacklink.coffee
index def790c58..dfb1e3156 100755
--- a/src/Quotelinks/QuoteBacklink.coffee
+++ b/src/Quotelinks/QuoteBacklink.coffee
@@ -12,8 +12,6 @@ QuoteBacklink =
   init: ->
     return if !Conf['Quote Backlinks']
 
-    format = Conf['backlink'].replace /%id/g, "' + id + '"
-    @funk  = Function 'id', "return '#{format}'"
     @frag  = $.nodes [$.tn(' '), $.el 'a', className: 'backlink']
     @map   = {}
 
@@ -43,7 +41,7 @@ QuoteBacklink =
     if @isClone
       @nodes.backlinkContainer = $ '.backlink-container', @nodes.info
       for backlink in @nodes.backlinks
-        QuoteMarkers.parseQuotelink @, backlink, true, QuoteBacklink.funk Get.postDataFromLink(backlink).postID
+        QuoteMarkers.parseQuotelink @, backlink, true, Conf['backlink'].replace(/%id/g, Get.postDataFromLink(backlink).postID)
       return
     @nodes.backlinkContainer = container = $.el 'span',
       className: 'backlink-container'
@@ -57,7 +55,7 @@ QuoteBacklink =
     frag = QuoteBacklink.frag.cloneNode true
     a = frag.lastElementChild
     a.href = Build.path quoter.board.ID, quoter.thread.ID, quoter.ID
-    a.textContent = text = QuoteBacklink.funk quoter.ID
+    a.textContent = text = Conf['backlink'].replace /%id/g, quoter.ID
     if quoter.isDead
       $.addClass a, 'deadlink'
     if quoter.isHidden

From ed3ab83c07c5d4bd47a3041311c54d7eb05f950e Mon Sep 17 00:00:00 2001
From: ccd0 <admin@containerchan.org>
Date: Thu, 9 Oct 2014 12:26:45 -0700
Subject: [PATCH 2/2] also fix a small bug

---
 src/General/Settings.coffee | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/General/Settings.coffee b/src/General/Settings.coffee
index 408a185ec..308174ed7 100755
--- a/src/General/Settings.coffee
+++ b/src/General/Settings.coffee
@@ -351,7 +351,7 @@ Settings =
     @nextElementSibling.textContent = Time.format @value, new Date()
 
   backlink: ->
-    @nextElementSibling.textContent = @value.replace /%id/, '123456789'
+    @nextElementSibling.textContent = @value.replace /%id/g, '123456789'
 
   fileInfo: ->
     data =