jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
3,859 Commits 1 Branch 0 Tags
177ef0ebcc59bc93f0dfd5cd459df4f86e959074
Commit Graph

178 Commits

Author SHA1 Message Date
r888888888
cbf48ad948 add stripe integration for safebooru 2014-11-06 17:03:17 -08:00
r888888888
92237d4bf5 add delayed job pretty printing for increment and decrement post counts 2014-10-28 13:40:12 -07:00
r888888888
e4562d209b add delayed job pretty printing for ugoira convert 2014-10-28 13:20:02 -07:00
Albert Yi
b9208b9834 Merge pull request #2275 from evazion/xss/artist-history 
Fix XSS in /artist_versions.
 2014-10-17 14:33:59 -07:00
evazion
de289ee5d3 Fix XSS in /artist_versions. 
1) Put `<script>alert("xss 1")</script>` in the Other Names field in an
   artist entry.
2) Put `<script>alert("xss 2")</script>` in the URLs field.
3) Trick someone into the viewing the history page for that artist.
 2014-10-17 15:22:51 -05:00
evazion
a38e12f091 Fix XSS in source link on post show page. 
This vulnerability allows someone to create a source link that appears
to lead to Pixiv like normal, but that actually executes Javascript code
when clicked.

1) Set the source of a post to javascript:"http://img1.pixiv.net/img/xss/";alert("xss");
2) Wait for someone to click the source link in the Information sidebar.
3) Profit.

The cause is that the regexes for detecting Pixiv URLs aren't anchored
to the front of the string using \A. This allows non-http:// links to be
created.
 2014-10-17 15:15:48 -05:00
Toks
424eb40c9d fixes #2240 2014-08-12 12:41:10 -04:00
Toks
76f31bd6b5 Bulk reqs: add line breaks 
Scripts longer than 1 line are completely unreadable without line breaks
 2014-07-31 21:19:43 -04:00
r888888888
a6d69e63be fixes #2197 2014-07-17 16:24:03 -07:00
r888888888
7b97ca192c fixes #2190 2014-06-12 21:16:21 -07:00
Toks
ff789f5b6d #1961: Restyle other names 
Should be easier to tell them apart now
 2014-06-04 19:15:59 -04:00
Toks
4716bd7c97 #1961: Add pixiv links to other names 2014-06-04 19:12:17 -04:00
Toks
b18bb73f4b Implentation for #2141 2014-05-22 20:07:15 -04:00
r888888888
a6aecfb60c update iqdb display helper 2014-03-24 15:02:14 -07:00
r888888888
eaf487bdb1 fix spec 2014-03-24 14:58:09 -07:00
Toks
96d5a937d5 fixes #2106 2014-03-14 11:35:26 -04:00
Toks
424d84661a fixes #2105 
Also fix bug where sources were not escaped at all on post versions page
 2014-03-10 22:34:22 -04:00
r888888888
0ef37c0538 fixes #1242 2014-02-28 18:10:36 -08:00
r888888888
b523ed471c fixes #1249 2014-02-28 17:57:33 -08:00
r888888888
1f10f39d1e fixes #1227 2014-02-28 16:40:11 -08:00
Toks
e53f19d9dd Display tag sub update info on delayed jobs page 2014-02-26 00:19:19 -05:00
Toks
200ce6e150 Add redundant link to post search on wiki pages 
This should make it more clear that the ~6 posts displayed are just a
sample, not all of them.
 2014-01-17 18:58:47 -05:00
Toks
3748f50b6d fixes #2090 2014-01-12 20:03:35 -05:00
Toks
929408a421 fixes #2066 2014-01-08 14:40:07 -05:00
Toks
9585e32914 Improve sequential paginator 
fixes #2044, fixes #1298
 2013-12-04 14:41:50 -05:00
r888888888
fa13c94fc0 Revert "fixes #2044" 
This reverts commit c358de020b.
 2013-12-03 16:39:05 -08:00
r888888888
c358de020b fixes #2044 2013-12-03 16:02:27 -08:00
Toks
2924bf6086 Clean up pool version diffs 
Related to #1724
 2013-10-26 00:38:45 -04:00
Toks
12d63a7d88 fixes #1096 2013-09-17 11:31:11 -04:00
Toks
b2b685a251 Change has a parent link for consistency with has children link 2013-09-07 20:41:50 -04:00
Kevin Xiwei Zheng
dcefb842df More accurately determine linkable sources 
Use the "\A" metacharacter for the beginning of a string, instead of "^"
for the beginning of any line within that string, and check for "://" as
well.  Fixes #1947.
 2013-08-21 11:32:47 -04:00
Toks
fc3aac28b8 fixes #1840 2013-07-07 18:17:32 -04:00
r888888888
f16178623b add categories to forum topics 2013-06-06 16:18:04 -07:00
r888888888
5efdc55d79 fixes #1685 2013-05-29 16:31:46 -07:00
r888888888
050d231375 revert 3ee20d2 2013-05-13 10:48:12 -07:00
Toks
3ee20d2bb7 fixes #846 2013-05-11 16:01:19 -04:00
Toks
f972ee53c0 enhance show or new wpages; move wpage preview code to helper 2013-05-11 08:31:03 -04:00
Toks
3d98d4b4ec fixes #1491 2013-05-07 22:18:11 -04:00
Toks
4fe7437b9c simplify alias/implication list code for wiki pages 2013-05-04 19:09:42 -04:00
Toks
b5c4bb1006 fixes #1530 2013-05-04 10:47:07 -04:00
Toks
6ab405c142 fixes #1403 2013-05-03 19:54:01 -04:00
Toks
6c3aabf2b6 simplifies parent/child preview code; fixes #1489 2013-04-30 14:54:40 -04:00
Toks
e1c34df22e modify relationship preview js 2013-04-29 17:12:07 -04:00
Toks
4775535c11 fixes #1481; fixes #1483 
Additionally:
* Rename methods and variables related to the parent/child previews for
consistency.
* Split off siblings into a separate post set.
* Increase limit of children/siblings displayed to max of 200.
 2013-04-29 17:12:02 -04:00
r888888888
d5f575159f rename references of privileged to gold 2013-04-28 00:04:52 -07:00
Toks
c3f1c99848 fixes #1389 
reorganize parent/child messages into helpers
 2013-04-27 21:26:22 -04:00
Toks
92177ae240 fixes #1370 2013-04-18 21:17:54 -04:00
Toks
53ee04d6a2 fixes #619 2013-04-17 20:09:48 -04:00
Toks
32adfd5d0a prevent strange source link line breaks 2013-04-13 17:31:27 -04:00
Toks
ee5310782b fix for #1217 2013-04-11 17:45:37 -04:00