Font Awesome 3 -> 4 was a backwards-incompatible change, so this
update is pretty invasive. I tested everything we use it for and it
still works, though. Including supporting both Font Awesome versions
in battle.js.
This moves most of the logic of action.php into a separate file
lib/dispatcher.lib.php and separates the actions into ladder-related
actions and non-ladder-related actions. This is intended to make it
possible to have a second action.php that handlers only ladder-related
actions, which can run on the main server computer and allow
that computer to make HTTP requests to `localhost`, which should
help reduce ladder errors.
If connecting to the server's main port fails, the client will
automatically attempt to connect on the alternative port. If connecting
on the alternative port is successful, this is recorded in localStorage
so that next time, the alternative port is used first.
This is mainly intended to be used by the main server, which has a
primary port of 8000 and a relatively little known alternative port
of 80.
This commit makes various changes to prevent servers from injecting
arbitrary JavaScript into the client. This prevents a variety of
possible exploits. The main changes in the client are as follows:
- Raw HTML from the server is now sanitised using caja to prevent
excution of JavaScript. See
https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer
for details.
- The client now has a variety of CSS classes for possible chat
command messages that can be sent from the server, rather than the
server injecting arbitrary CSS `style` attributes into the client.
- check timestamp in index.php rather than sim.js to reduce the chance
of false positives caused by the user's internet connection being
slow or the user's clock being slightly wrong
- require timestamp logging to be a POST request
This commit adds support for 'config data' that begins with a ']'
character so that output from the upkeep page can be copied directly
without having to manually remove the ']' prefix.
