jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
12,086 Commits 1 Branch 0 Tags
aefa7586fd792aa0ac971f762d3af19c81702b5d
Commit Graph

11 Commits

Author SHA1 Message Date
evazion
9c48953e6f Fix #5293: NoMethodError in sitemap when relation is empty. 2022-10-14 19:52:13 -05:00
evazion
638c928c8a Add 18 USC 2257 disclaimer. 
Add a 2257 disclaimer and link to it in the site footer.
 2022-05-09 02:26:19 -05:00
evazion
37ad6f5a71 Fix non-existent .js requests raising DoubleRenderError. 
Fix requests for non-existent .js pages, for example https://danbooru.donmai.us/oaisfj.js,
raising AbstractController::DoubleRenderError when trying to render the 404 response.
 2022-02-08 00:14:38 -06:00
evazion
7bed81812d Don't show error messages that could contain private information. 
Fix a potential exploit where private information could be leaked if
it was contained in the error message of an unexpected exception.

For example, NoMethodError contains a raw dump of the object in the
error message, which could leak private user data if you could force a
User object to raise a NoMethodError.

Fix the error page to only show known-safe error messages from expected
exceptions, not unknown error messages from unexpected exceptions.

API changes:

* JSON errors now have a `message` param. The message will be blank for unknown exceptions.
* XML errors have a new format. This is a breaking change. They now look like this:

    <result>
      <success type="boolean">false</success>
      <error>PaginationExtension::PaginationError</error>
      <message>You cannot go beyond page 5000.</message>
      <backtrace type="array">
        <backtrace>app/logical/pagination_extension.rb:54:in `paginate'</backtrace>
        <backtrace>app/models/application_record.rb:17:in `paginate'</backtrace>
        <backtrace>app/logical/post_query_builder.rb:529:in `paginated_posts'</backtrace>
        <backtrace>app/logical/post_sets/post.rb:95:in `posts'</backtrace>
        <backtrace>app/controllers/posts_controller.rb:22:in `index'</backtrace>
      </backtrace>
    </result>

  instead of like this:

    <result success="false">You cannot go beyond page 5000.</result>
 2022-02-06 18:09:54 -06:00
evazion
96f08b78c5 /contact: update contact page with more contact methods. 2020-12-25 00:47:08 -06:00
evazion
c17678d509 routes: add a new 404 page. 
* Fix a bug where non-GET 404 requests weren't handled.
* Fix a bug where non-HTML 404 requests weren't handled.
* Show a random image from a specified pool on the 404 page.
 2020-12-24 00:17:35 -06:00
evazion
42f0112c38 seo: increase sitemap coverage. 
Rework sitemaps to provide more coverage of the site. We want every
important page on the site - including every post, tag, and wiki page -
to be indexed by Google. We do this by generating sitemaps and sitemap
indexes that contain links to every important page on the site.
 2020-07-10 00:18:30 -05:00
evazion
b5fc8fff6e Add privacy policy (#4415). 2020-07-06 02:53:01 -05:00
evazion
aa1a21aece Add OpenSearch support (/opensearch.xml). 
Add https://danbooru.donmai.us/opensearch.xml. This file tells browsers
how to perform searches on Danbooru.

In Chrome, this lets you type "danb<tab>" in the address bar to perform
a search on Danbooru.

In Firefox, you have to click the "..." icon next to the address bar,
then choose "Add Search Engine". After that, you can search Danbooru
from the address bar.

Ref:

* http://dev.chromium.org/tab-to-search
* https://developer.mozilla.org/en-US/docs/Web/OpenSearch
* https://github.com/dewitt/opensearch/blob/master/opensearch-1-1-draft-6.md
* https://en.wikipedia.org/wiki/OpenSearch
 2020-07-04 17:52:49 -05:00
evazion
a4df18e650 Refactor Reportbooru API clients. 
* Combine MissedSearchService, PostViewCountService, and
  PopularSearchService into single ReportbooruService class.
* Use Danbooru::Http for these services instead of HTTParty.
 2020-06-14 00:32:42 -05:00
evazion
4e2fd82ef6 tests: add missing controller tests. 2020-03-30 12:36:06 -05:00