From b1933dc363b48bd57890612e5dfb696ad05a8af0 Mon Sep 17 00:00:00 2001 From: r888888888 Date: Tue, 16 Jul 2013 17:04:42 -0700 Subject: [PATCH 1/6] fixes #1860 --- app/assets/javascripts/notes.js | 2 ++ app/controllers/application_controller.rb | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/app/assets/javascripts/notes.js b/app/assets/javascripts/notes.js index bf6d1f578..df2f3ef94 100644 --- a/app/assets/javascripts/notes.js +++ b/app/assets/javascripts/notes.js @@ -467,6 +467,7 @@ Danbooru.Note = { return; } + $("#image").css("cursor", "crosshair"); Danbooru.Note.TranslationMode.active = true; $(document.body).addClass("mode-translation"); $("#original-file-link").click(); @@ -479,6 +480,7 @@ Danbooru.Note = { stop: function() { Danbooru.Note.TranslationMode.active = false; + $("#image").css("cursor", "auto"); $("#image").unbind("mousedown", Danbooru.Note.TranslationMode.Drag.start); $(window).unbind("mouseup", Danbooru.Note.TranslationMode.Drag.stop); $(document.body).removeClass("mode-translation"); diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5b2f3c741..370bc669e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,6 +8,7 @@ class ApplicationController < ActionController::Base before_filter :normalize_search before_filter :set_started_at_session before_filter :api_check + before_filter :secure_cookies_check layout "default" rescue_from User::PrivilegeError, :with => :access_denied @@ -102,4 +103,14 @@ protected params[:search] ||= {} end end + + def secure_cookies_check + if true || request.ssl? + Danbooru::Application.config.session_store :cookie_store, :key => '_danbooru_session', :secure => true + else + Danbooru::Application.config.session_store :cookie_store, :key => '_danbooru_session', :secure => false + end + ap cookies + true + end end From d1be659243d10c978840579cad8a87d0e279d1b2 Mon Sep 17 00:00:00 2001 From: r888888888 Date: Tue, 16 Jul 2013 17:06:09 -0700 Subject: [PATCH 2/6] revert secure cookies filter --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 370bc669e..afc0ffcce 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,7 +8,7 @@ class ApplicationController < ActionController::Base before_filter :normalize_search before_filter :set_started_at_session before_filter :api_check - before_filter :secure_cookies_check + # before_filter :secure_cookies_check layout "default" rescue_from User::PrivilegeError, :with => :access_denied From 01057a9cd54793cae62b9be2f435a5bca5d25594 Mon Sep 17 00:00:00 2001 From: r888888888 Date: Tue, 16 Jul 2013 17:09:04 -0700 Subject: [PATCH 3/6] fix migrations --- db/migrate/20130712162600_add_custom_style_to_users.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/db/migrate/20130712162600_add_custom_style_to_users.rb b/db/migrate/20130712162600_add_custom_style_to_users.rb index 4b4ebba22..1b1531480 100644 --- a/db/migrate/20130712162600_add_custom_style_to_users.rb +++ b/db/migrate/20130712162600_add_custom_style_to_users.rb @@ -1,5 +1,6 @@ class AddCustomStyleToUsers < ActiveRecord::Migration def change + execute "set statement_timeout = 0" add_column :users, :custom_style, :text end end From 49d2df80f6b25fc4d9612f0277ec81f6201eebc6 Mon Sep 17 00:00:00 2001 From: r888888888 Date: Wed, 17 Jul 2013 13:59:44 -0700 Subject: [PATCH 4/6] add basic support for safe mode --- app/controllers/application_controller.rb | 11 +++++++---- app/logical/current_user.rb | 12 ++++++++++++ app/logical/post_query_builder.rb | 5 +++++ db/structure.sql | 7 +++++-- test/unit/current_user_test.rb | 14 ++++++++++++++ 5 files changed, 43 insertions(+), 6 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index afc0ffcce..1a1fc5e26 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -8,7 +8,8 @@ class ApplicationController < ActionController::Base before_filter :normalize_search before_filter :set_started_at_session before_filter :api_check - # before_filter :secure_cookies_check + before_filter :set_safe_mode + before_filter :secure_cookies_check layout "default" rescue_from User::PrivilegeError, :with => :access_denied @@ -104,13 +105,15 @@ protected end end + def set_safe_mode + CurrentUser.set_safe_mode(request) + end + def secure_cookies_check - if true || request.ssl? + if request.ssl? Danbooru::Application.config.session_store :cookie_store, :key => '_danbooru_session', :secure => true else Danbooru::Application.config.session_store :cookie_store, :key => '_danbooru_session', :secure => false end - ap cookies - true end end diff --git a/app/logical/current_user.rb b/app/logical/current_user.rb index 09f56a924..8fff13fdd 100644 --- a/app/logical/current_user.rb +++ b/app/logical/current_user.rb @@ -42,6 +42,18 @@ class CurrentUser user.name end + def self.safe_mode? + Thread.current[:safe_mode] + end + + def self.set_safe_mode(req) + if req.host =~ /safe/ + Thread.current[:safe_mode] = true + else + Thread.current[:safe_mode] = false + end + end + def self.method_missing(method, *params, &block) if user.respond_to?(method) user.__send__(method, *params, &block) diff --git a/app/logical/post_query_builder.rb b/app/logical/post_query_builder.rb index 55c832ac9..46b8613e1 100644 --- a/app/logical/post_query_builder.rb +++ b/app/logical/post_query_builder.rb @@ -112,6 +112,11 @@ class PostQueryBuilder raise ::Post::SearchError.new("You cannot search for more than #{Danbooru.config.tag_query_limit} tags at a time") end + if CurrentUser.safe_mode? + relation = relation.where(:rating => "s") + relation = relation.where("created_at <= ?", 3.months.ago) + end + relation = add_range_relation(q[:post_id], "posts.id", relation) relation = add_range_relation(q[:mpixels], "posts.image_width * posts.image_height / 1000000.0", relation) relation = add_range_relation(q[:width], "posts.image_width", relation) diff --git a/db/structure.sql b/db/structure.sql index c6d301fe2..810d06d49 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -2697,7 +2697,8 @@ CREATE TABLE users ( per_page integer DEFAULT 20 NOT NULL, hide_deleted_posts boolean DEFAULT false NOT NULL, style_usernames boolean DEFAULT false NOT NULL, - enable_auto_complete boolean DEFAULT true NOT NULL + enable_auto_complete boolean DEFAULT true NOT NULL, + custom_style text ); @@ -6424,4 +6425,6 @@ INSERT INTO schema_migrations (version) VALUES ('20130606224559'); INSERT INTO schema_migrations (version) VALUES ('20130618230158'); -INSERT INTO schema_migrations (version) VALUES ('20130620215658'); \ No newline at end of file +INSERT INTO schema_migrations (version) VALUES ('20130620215658'); + +INSERT INTO schema_migrations (version) VALUES ('20130712162600'); \ No newline at end of file diff --git a/test/unit/current_user_test.rb b/test/unit/current_user_test.rb index 26235e1b5..6d49a9ac1 100644 --- a/test/unit/current_user_test.rb +++ b/test/unit/current_user_test.rb @@ -6,6 +6,20 @@ class CurrentUserTest < ActiveSupport::TestCase CurrentUser.ip_addr = nil end + context ".safe_mode?" do + should "return true if the host contains the string host" do + req = mock(:host => "safebooru") + CurrentUser.set_safe_mode(req) + assert_equal(true, CurrentUser.safe_mode?) + end + + should "return false if the host does not contain the string host" do + req = mock(:host => "danbooru") + CurrentUser.set_safe_mode(req) + assert_equal(false, CurrentUser.safe_mode?) + end + end + context "The current user" do should "be set only within the scope of the block" do user = FactoryGirl.create(:user) From d54d62e2526e0a025964251dc60c05d3e40fd52e Mon Sep 17 00:00:00 2001 From: r888888888 Date: Wed, 17 Jul 2013 14:13:27 -0700 Subject: [PATCH 5/6] disable secure cookies check --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1a1fc5e26..ff0320c8e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -9,7 +9,7 @@ class ApplicationController < ActionController::Base before_filter :set_started_at_session before_filter :api_check before_filter :set_safe_mode - before_filter :secure_cookies_check + # before_filter :secure_cookies_check layout "default" rescue_from User::PrivilegeError, :with => :access_denied From a889f86e13a1f1751f8c3f2fca66b4aba0b2b90a Mon Sep 17 00:00:00 2001 From: r888888888 Date: Wed, 17 Jul 2013 14:39:48 -0700 Subject: [PATCH 6/6] update version --- config/danbooru_default_config.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/danbooru_default_config.rb b/config/danbooru_default_config.rb index 8254d9c9e..05c49feb5 100644 --- a/config/danbooru_default_config.rb +++ b/config/danbooru_default_config.rb @@ -4,7 +4,7 @@ module Danbooru class Configuration # The version of this Danbooru. def version - "2.24.0" + "2.25.0" end # The name of this Danbooru.