Fixes

lib/channel.js

@@ -871,6 +871,8 @@ Channel.prototype.handleBanAllIP = function (actor, name, reason, range) {
  * Bans an individual IP
  */
 Channel.prototype.banIP = function (actor, ip, name, reason, range) {
+    var self = this;
+
     if (range) {
         ip = ip.replace(/(\d+)\.(\d+)\.(\d+)\.(\d+)/, "$1.$2.$3");
     }

lib/customembed.js

@@ -2,6 +2,10 @@ const allowed = ["iframe", "object", "param", "embed"];
 const tag_re = /<\s*\/?\s*([a-z]+)(\s*([a-z]+)\s*=\s*('[^']*'|"[^"]*"|[^"'>]*))*\s*>/ig;
 
 function filter(str) {
+    if (typeof str !== "string") {
+        return "";
+    }
+
     str = str.replace(tag_re, function (match, tag) {
         if(!~allowed.indexOf(tag.toLowerCase())) {
             return match.replace("<", "&lt;").replace(">", "&gt;");
@@ -11,7 +15,8 @@ function filter(str) {
     str = str.replace(/(\bon\w*\s*=\s*('[^']*'|"[^"]"|[^\s><]*))/ig, function () {
         return "";
     });
-    return str;
+
+    return str.substring(0, 20000);
 }
 
 exports.filter = filter;

www/assets/js/ui.js

@@ -690,3 +690,5 @@ $("#userlisttoggle").click(toggleUserlist);
 $(".add-temp").change(function () {
     $(".add-temp").prop("checked", $(this).prop("checked"));
 });
+
+applyOpts();

www/assets/js/util.js

@@ -719,8 +719,6 @@ function applyOpts() {
     }
 }
 
-applyOpts();
-
 function showPollMenu() {
     $("#pollwrap .poll-menu").remove();
     var menu = $("<div/>").addClass("well poll-menu")

www/js/theme.js

@@ -11,14 +11,18 @@
     }
   }
 
+  console.log("cookie theme=", theme);
+
   if (theme !== "default") {
     var cur = document.getElementById("usertheme");
     cur.parentNode.removeChild(cur);
+    console.log('removed');
     var css = document.createElement("link");
     css.setAttribute("rel", "stylesheet");
     css.setAttribute("type", "text/css");
     css.setAttribute("href", theme);
     css.setAttribute("id", "usertheme");
     document.head.appendChild(css);
+    console.log(css);
   }
 })();