https://danbooru.donmai.us/forum_topics/9127?page=265#forum_post_153180:
> I'm not sure how to reproduce this, but sometimes on the upload page
> when I click the button to pop out the tag box, the screen scrolls up to
> the picture but the box doesn't pop out, and I have to scroll back down
> and click it again
https://danbooru.donmai.us/forum_topics/9127?page=266#forum_post_153183:
> Yes, this was brought up by Unbreakable on Discord a while back. It's
> due to the fact that the event handler that pops out the dialog box has
> not yet been bound by the time you click it. Since that clickable
> control has an empty anchor link of "#" which goes nowhere, it therefore
> redirects the user to the top of the page.
Refactor the /related_tags.js call so that when the "Related tags"
button is clicked, it only replaces the columns that actually changed,
not the entire related tags section.
This avoids rebuilding the Recent / Frequent / Translated Tags / Artist
columns every time the "Related tags" button is clicked.
Refactor tag_list_html, split_tag_list_html, and inline_tag_list_html to
take the `show_extra_links` and `current_query` options explicitly,
rather than implicitly relying on CurrentUser or taking `params[:tags]`
from the template.
* On posts, automatically trigger "Fetch source data" when clicking the
Edit tab, instead of triggering the artist finder button. This way we
find both the artist and the translated tags in one ajax call.
* Remove the "Artist" finder button next to the source field. This isn't
necessary given that "Fetch source data" finds the artist itself.
* Remove the /artists/finder.json API endpoint. This is no longer used
after removing the "Artist" finder button.
* On the /uploads/new page, instead of just showing a "This post has
probably already been uploaded" message, show the actual thumbnails of
posts having the same source as what the user is trying to upload.
* Move the iqdb results section up top, beside the related posts section.
Also makes it so that using the bookmarklet always triggers async upload
preprocessing. Before it was only triggered when the source passed a
dupe check, but that check was inaccurate (#3873).
to match the rest of the code base
For flash files I've used the file extension because the mime type is browser
specific and I've found at least 2 different variations for .swf:
1. `application/vnd.adobe.flash-movie`: wikipedia
2. `application/vnd.adobe.flash.movie`: mailcap, firefox
some other browser may not even know the .swf extension in the first place
Fail loudly if we forget to whitelist a param instead of silently
ignoring it.
misc models: convert to strong params.
artist commentaries: convert to strong params.
* Disallow changing or setting post_id to a nonexistent post.
artists: convert to strong params.
* Disallow setting `is_banned` in create/update actions. Changing it
this way instead of with the ban/unban actions would leave the artist in
a partially banned state.
bans: convert to strong params.
* Disallow changing the user_id after the ban has been created.
comments: convert to strong params.
favorite groups: convert to strong params.
news updates: convert to strong params.
post appeals: convert to strong params.
post flags: convert to strong params.
* Disallow users from setting the `is_deleted` / `is_resolved` flags.
ip bans: convert to strong params.
user feedbacks: convert to strong params.
* Disallow users from setting `disable_dmail_notification` when creating feedbacks.
* Disallow changing the user_id after the feedback has been created.
notes: convert to strong params.
wiki pages: convert to strong params.
* Also fix non-Builders being able to delete wiki pages.
saved searches: convert to strong params.
pools: convert to strong params.
* Disallow setting `post_count` or `is_deleted` in create/update actions.
janitor trials: convert to strong params.
post disapprovals: convert to strong params.
* Factor out quick-mod bar to shared partial.
* Fix quick-mod bar to use `Post#is_approvable?` to determine visibility
of Approve button.
dmail filters: convert to strong params.
password resets: convert to strong params.
user name change requests: convert to strong params.
posts: convert to strong params.
users: convert to strong params.
* Disallow setting password_hash, last_logged_in_at, last_forum_read_at,
has_mail, and dmail_filter_attributes[user_id].
* Remove initialize_default_image_size (dead code).
uploads: convert to strong params.
* Remove `initialize_status` because status already defaults to pending
in the database.
tag aliases/implications: convert to strong params.
tags: convert to strong params.
forum posts: convert to strong params.
* Disallow changing the topic_id after creating the post.
* Disallow setting is_deleted (destroy/undelete actions should be used instead).
* Remove is_sticky / is_locked (nonexistent attributes).
forum topics: convert to strong params.
* merges https://github.com/evazion/danbooru/tree/wip-rails-5.1
* lock pg gem to 0.21 (1.0.0 is incompatible with rails 5.1.4)
* switch to factorybot and change all references
Co-authored-by: r888888888 <r888888888@gmail.com>
Co-authored-by: evazion <noizave@gmail.com>
add diffs
