* Fix inconsistencies in how wiki pages were linked.
* Link directly to the wiki instead of to a title search that is expected
to redirect to the wiki.
* Don't truncate long sources in the sidebar on the post show page. Word
wrap them instead.
* Word wrap long external links in general (mainly links in dtext).
* Turn sources into links on modqueue page.
Tells browsers not to send the Referer header when following external
links. Among other things, this bypasses Pixiv's anti-hotlinking
protection when opening direct image sources from Pixiv.
* On the posts show page, make the "»" link next to the source visible
to all users, not just builders.
* Make "»" link to the raw unnormalized source, instead of a `source:` search.
* Remove the special case for displaying old pixiv sources as `pixiv/moniker`.
This vulnerability allows someone to create a source link that appears
to lead to Pixiv like normal, but that actually executes Javascript code
when clicked.
1) Set the source of a post to javascript:"http://img1.pixiv.net/img/xss/";alert("xss");
2) Wait for someone to click the source link in the Information sidebar.
3) Profit.
The cause is that the regexes for detecting Pixiv URLs aren't anchored
to the front of the string using \A. This allows non-http:// links to be
created.
Use the "\A" metacharacter for the beginning of a string, instead of "^"
for the beginning of any line within that string, and check for "://" as
well. Fixes#1947.
Additionally:
* Rename methods and variables related to the parent/child previews for
consistency.
* Split off siblings into a separate post set.
* Increase limit of children/siblings displayed to max of 200.
