jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4,886 Commits 1 Branch 0 Tags
7c8557dbacfd0c13f147b853d42c824ef14fb0af
Commit Graph

4886 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
evazion
7c8557dbac Make more pages publicly accessible to logged out users. 
* /artist_commentaries
* /note_versions
* /post_appeals
* /post_flags
* /posts/1/events
* /super_voters
 2016-10-17 05:57:05 -05:00
evazion
7c6ba6a7c0 Add /delayed_jobs.json. 
Leave out `handler` because it's sensitive.
 2016-10-17 05:57:05 -05:00
evazion
af7abc2b38 Add missing JSON/XML responses. 
* GET    /bans.json
* GET    /bans/1.json
* GET    /ip_bans.json
* POST   /ip_bans.json
* DELETE /ip_bans.json
* GET    /mod_actions.json
* GET    /posts/1/events.json
* POST   /saved_searches.json
* DELETE /saved_searches/1.json
* GET    /super_voters.json
 2016-10-17 05:57:05 -05:00
Albert Yi
1d8341e1ac Merge pull request #2720 from evazion/fix-member-voting 
Prevent anon/banned/member users from voting (fix #2719)
 2016-10-13 22:13:08 -07:00
evazion
bd6ebceda3 Refactor post_approvers_only to approver_only. 
Don't duplicate code with post_approvers_only; use the approver_only?
method dynamically defined in `User::Roles.each do ... end`.
 2016-10-14 05:04:40 +00:00
evazion
d84184b5f1 Prevent anon/banned/member users from voting (fix #2719). 
There was a regression in 6d6d00b; `before_filter :voter_only` was a
no-op in the post vote controller because it merely returned false,
which does not halt the request. The fix is to arrange for a voter_only
method to be defined that properly redirects to the access denied page.
 2016-10-14 04:47:51 +00:00
evazion
5e75dcecea Add test cases for anon/banned/member voting. 2016-10-14 04:47:51 +00:00
Albert Yi
903eff5c24 update rails gem 2016-10-12 17:06:50 -07:00
Albert Yi
8d8511dc08 update rbenv ruby version 2016-10-12 16:46:29 -07:00
Albert Yi
11f911fd32 remove gctools dependency 2016-10-12 16:45:14 -07:00
Albert Yi
eaa0426c36 Merge pull request #2714 from evazion/fix-2704 
Fix mass assignment vuln to tag alias/implication status (partial fix for #2704).
 2016-10-11 17:48:26 -07:00
Albert Yi
3479ad89c6 readd postgresql-contrib package; add conditional check for postgresql version before compiling test_parser extension #2707 2016-10-11 17:46:37 -07:00
Albert Yi
2aae95623d Merge pull request #2713 from evazion/fix-2711 
Prevent reverting to foreign versions (fixes #2711).
 2016-10-11 17:28:44 -07:00
Albert Yi
6900efebd3 rename rbenv-version 2016-10-11 17:27:42 -07:00
evazion
7e3284c87f Fix mass assignment vuln to tag alias/implication status (2704). 2016-10-11 08:20:28 +00:00
evazion
789dede893 Tag aliases/implications: validate status and forum_topic_id. 
* Validates that status is active/pending/deleted/etc. Not strictly
  necessary, the controller prevents users from setting the status, but
  it doesn't hurt.
* Validates that forum_topic_id is a valid topic if it's present.
* Validates that approver_id and creator_id are valid users (not
  strictly necessary either, users can't set these values).
 2016-10-11 08:20:28 +00:00
evazion
101771adb8 Aliases/implications: Add tests for status and foreign keys. 2016-10-11 08:19:52 +00:00
evazion
c46b31aa9c Prevent reverting to foreign versions (fixes #2711). 2016-10-11 06:57:46 +00:00
evazion
80895ef46e Add tests for reverting to foreign versions. 2016-10-11 06:57:05 +00:00
Albert Yi
23ad02fa9c fix super voter test 2016-10-10 18:14:49 -07:00
Albert Yi
d5f02abf8c fix saved search test 2016-10-10 17:29:49 -07:00
Albert Yi
bf4397cbe4 update install script for ruby 2.3.1 2016-10-10 16:46:59 -07:00
Albert Yi
46beb247ea update ruby version to 2.3.1 2016-10-10 16:45:37 -07:00
Albert Yi
e496ac1ed6 adjustments to install script 2016-10-10 16:29:19 -07:00
Albert Yi
bdbc20cab4 Merge pull request #2710 from evazion/fix/2709 
Post#unvote!: Return correct score (fixes #2709).
 2016-10-10 12:20:51 -07:00
evazion
3838167dc0 Post#unvote!: Return correct score (fixes #2709). 
vote.destroy sets the score in the database but not on the in-memory
post. So just reload the post from the db to get the updated score,
don't duplicate the logic of setting it again.
 2016-10-08 09:07:41 +00:00
Type-kun
cc7d76b168 Fix ownership of secret files in install script (mentioned in #2705, #2515) 2016-10-07 17:03:06 +05:00
Albert Yi
d776f00003 create default preview + sample directories in install script 2016-10-06 11:20:42 -07:00
Albert Yi
c8f4508924 Merge pull request #2706 from evazion/fix-2704 
Partial fixes for #2704
 2016-10-06 10:37:42 -07:00
evazion
cb1e1d3a94 Prevent commenting on nonexistent posts (#2704). 2016-10-06 09:39:57 +00:00
evazion
8c8f4a6a8f Fix mass assignment vuln in comment update action (#2704). 
Prevents mass assignment of `post_id`, `do_not_bump_post`, and
`is_deleted`.
 2016-10-06 09:39:57 +00:00
evazion
ab5fd48280 Prevent mass assignment to Post#last_noted_at (#2704). 2016-10-06 09:39:57 +00:00
Albert Yi
6b6f78da57 Merge pull request #2703 from evazion/fix/bogus-twitter-artists 
Artist finder: Don't return bogus results for non-matching twitter artists
 2016-10-05 12:58:12 -07:00
Albert Yi
4bdca44f2e Merge pull request #2702 from evazion/fix/set-admin-permissions 
Give full permissions to the starting admin.
 2016-10-05 12:46:26 -07:00
Albert Yi
5adfb8554f Merge pull request #2701 from evazion/feat/customize-new-user 
Make starting user level and default settings configurable.
 2016-10-05 12:46:12 -07:00
Albert Yi
96df7acffb Update danbooru_default_config.rb 
make sure config method never returns false
 2016-10-05 12:46:04 -07:00
evazion
98f16b7105 Artist finder: Don't return bogus results for non-matching twitter artists. 2016-10-05 08:13:27 +00:00
evazion
b6af41e0f8 Add test cases for twitter artist finder. 2016-10-05 08:13:27 +00:00
evazion
e86a7ae957 Give approve/upload/supervoter permissions to first admin. 2016-10-05 02:15:04 +00:00
evazion
c3b55e80c5 Make default user level and settings configurable. 
Remove start_as_gold? and start_as_contributor? from default config
because they don't actually do anything. `git log -G start_as` indicates
they never have done anything.

Add a more general customize_new_user method for setting the starting
user level, permissions and defaults for any other settings.
 2016-10-05 01:39:08 +00:00
r888888888
ebff27c7c0 fixes #2700: Unvote Missing Template Exception 2016-10-04 14:42:48 -07:00
Albert Yi
1d0af0358f Merge pull request #2699 from evazion/fix/https-pixiv-ids 
Refactor Post#parse_pixiv_id to use illust_id_from_url (fix #2695)
 2016-10-03 11:01:22 -07:00
r888888888
0b396124d6 handle comic.pixiv.net being down gracefully 2016-10-02 19:59:54 -07:00
evazion
d38e83cd00 Refactor Post#parse_pixiv_id to use illust_id_from_url (fix #2695). 
* Make illust_id_from_url a public class method instead of a protected
  instance method so that Post#parse_pixiv_id can use it.
* Also make illust_id_from_url swallow the exception that
  illust_id_from_url! throws so that parse_pixiv_id can use it.
 2016-10-03 02:29:45 +00:00
evazion
f4f85bd0d8 Add tests for setting pixiv_id on posts. 2016-10-03 02:29:41 +00:00
r888888888
fc4b2e54a4 fix common searches 2016-09-29 17:45:16 -07:00
r888888888
643d06dcff remove reference to janitor_only 2016-09-29 11:54:49 -07:00
r888888888
7bc8104304 remove ref to is_janitor 2016-09-29 11:54:17 -07:00
r888888888
5b48d272f2 add basic user revert functionality 2016-09-28 11:38:34 -07:00
r888888888
859efe026c Merge branch 'pixiv-whitecube' 2016-09-28 11:36:32 -07:00