* Remove `banned_ip_for_download?` config option. This isn't something that usually needs
to be configured.
* Replace the `ipaddress` gem with `ipaddress_2`. The `ipaddress` gem has several methods
we need (`link_local?`, etc) that are only available in master because the gem hasn't had
an official release in several years. `ipaddress_2` is a fork that is more actively
maintained.
Try to prevent malicious sites like danbooru.me or idanbooru.com from
proxying our site and inserting ads. If we detect that we're not running
on the real site, then we redirect to the real site.
that's the latest commit made to deviantart files before switching from
the developer API to the Javascript backend from the new "Eclipse"
frontend.
This is necessary because it's basically impossible to download posts
now with the JS backend without being logged in, i.e. having the cookies
from a logged in user, which can't be used for very long even if
exporting them from a browser. You would have to save the cookies
deviantart sends you back via the "Set-Cookie" header in a database
somewhere in addition to the other added complexity.
also
* (temporarily) replace HttpartyCache with HTTParty as it's long been
removed
* fix one case of "last argument as keyword parameter"
* change repository url (5d1a1cc87e)
* remove self-explanatory comment
* Add Discord, Twitter, and Github links to site footer.
* Remove "Desktop mode" and "Keyboard shortcuts" links from footer.
Users can use the desktop site option in their browser to switch
between desktop and mobile mode.
* Remove git hash from footer. Users can hover over the Github logo to
see the hash instead.
* Refactor fast_count to return nil instead of 1,000,000 if the exact count times out.
* Remove the estimate_post_counts and blank_tag_search_fast_count global config options.
* Replace the hardcoded post count estimates inside fast_count with a
method that parses Postgres's estimated row count from EXPLAIN.
* /counts/posts.json:
** Remove the `raise_on_timeout` parameter.
** Add an `estimate_count=<true|false>` parameter.
** Return null instead of 1,000,000 if the exact count times out.
Fix not being able to negate the following metatags:
* id (didn't support ranges)
* md5
* width
* height
* mpixels
* ratio
* score
* favcount
* filesize
* date
* age
* tagcount
* pixiv
Bug: If a Member had the hide_deleted_posts option turned on and did a
two tag search, no pages would show up.
Cause: The hide_deleted_posts option implicitly adds the -status:deleted
tag, but this tag wasn't considered a free metatag, so this caused
Post.fast_count to fail and return zero because the search was treated
as a three tag search.
ref: https://danbooru.donmai.us/forum_topics/16829
Support using quoted values with all metatags. For example: user:"blah blah",
pool:"blah blah", commentary:"blah blah", etc. Things like rating:"safe",
id:"42" also work. Both single and double quotes are supported.
Also make the status: and rating: metatags fully free. Before only
status:deleted and rating:s were free.
* Make IP bans soft deletable.
* Add a hit counter to track how many times an IP ban has blocked someone.
* Add a last hit timestamp to track when the IP ban last blocked someone.
* Add a new type of IP ban, the signup ban. Signup bans restrict new
signups from editing anything until they've verified their email
address.
Require users who signup using proxies to verify their email addresses
before they can perform any edits. For verification purposes, the email
must be a nondisposable address from a whitelist of trusted email
providers.
Setting deliver_later_queue_name inside config/application.rb broke
tests because assert_enqueued_email_with assumes that the deliver_later
queue is called `mailers`.
In related tags, remove the (X) button next to artist urls for marking
them as inactive. This was broken because it didn't record the change
to the is_active flag in the artist history.
By default, mails sent by deliver_later are added to the `mailers` job
queue. These mails weren't being sent because workers were only
configured to process the `default` queue.
- Use the current comparison type for post versions instead
- Also add the note versions as a report
- No other versions are meaningful as reports since it is expected
for them to be modified by other users, or they don't have version
numbers as is the case with artist commentaries
The old password reset flow:
* User requests a password reset.
* Danbooru generates a password reset nonce.
* Danbooru emails user a password reset confirmation link.
* User follows link to password reset confirmation page.
* The link contains a nonce authenticating the user.
* User confirms password reset.
* Danbooru resets user's password to a random string.
* Danbooru emails user their new password in plaintext.
The new password reset flow:
* User requests a password reset.
* Danbooru emails user a password reset link.
* User follows link to password edit page.
* The link contains a signed_user_id param authenticating the user.
* User changes their own password.
* Fix users being redirected back to the change password page after
successfully changing their password.
* Move passwords controller out of /maintenance/ namespace.
* Add tests.
Change it so that when a post contains bad tags, the tags themselves are
highlighted rather than the entire post.
This also adds a data-tag-name attribute to tags in tag lists.
Remove the nag message when an approver hasn't approved anything
recently. Also remove the modqueue random posts page. As of 3d410398a,
inactive approvers are now warned via dmails.
