jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5,188 Commits 1 Branch 0 Tags
c3fa653fc54b4a7156350ec317e5ec40ecde416e
Commit Graph

795 Commits

Author SHA1 Message Date
evazion
7486bb0add Fix #2851: Account deletion should remove name change requests. 
Hides name change requests for deleted users (username matches /user_[0-9]+~*/).
 2017-01-19 22:32:13 +00:00
r888888888
bfa56a860c fixes #2415: "Random post" causes RecordNotFound exceptions 2017-01-18 14:12:12 -08:00
Albert Yi
bdac591266 fixes #2838 2017-01-16 12:57:43 -08:00
Albert Yi
a49394e6cd Merge pull request #2842 from evazion/fix-user-name-changes 
Minor user name changes improvements.
 2017-01-16 11:50:51 -08:00
Type-kun
6a6d16852a Final fix for #2658 - close exploit with "new". 2017-01-16 19:34:31 +05:00
evazion
d31a0c23f3 Name changes: add API endpoints for /user_name_change_requests. 2017-01-15 05:03:09 +00:00
evazion
9e9fdcb55d Name changes: make /user_name_change_requests member+; add reason/status/date. 2017-01-15 05:03:09 +00:00
evazion
66e30b323c Name changes: remove delete request button. 2017-01-15 05:03:08 +00:00
Albert Yi
0ab45ebc42 add postarchive model, fixes #2831: Replace Subscriptions Link With Search:All Link 2017-01-11 11:39:14 -08:00
Albert Yi
8db970f9f3 skip api check for forum and comment endpoints 2017-01-10 15:06:34 -08:00
Albert Yi
1724f89742 Merge pull request #2826 from r888888888/related-tags-html 
Related tags html page (fixes #2750)
 2017-01-09 18:11:22 -08:00
Albert Yi
5445b341bc fixes #2822: Post vote API: returns 200 for both success and failure; fixes bug with x-api-limit header 2017-01-09 17:31:14 -08:00
Albert Yi
f2a5d45db0 implement token bucket rate limiting 2017-01-09 17:31:14 -08:00
Type-kun
7c98c60129 Simple HTML page and form for related tags 2017-01-09 19:18:18 +05:00
Type-kun
9da5e67a65 Another partial fix for issue #2824, which also affected ip bans and feedback 
Also fixed minor errors with IP bans
 2017-01-09 13:57:16 +05:00
evazion
ef3f390bba Fix #2813: /posts/random.json does not redirect nicely. 2017-01-01 04:04:46 -06:00
Albert Yi
2fef0cdef9 Merge pull request #2804 from evazion/feat-comment-as-mod 
Add option to comment as moderator (fix #2799)
 2016-12-27 11:49:36 -08:00
Albert Yi
5c0836a9c8 Merge pull request #2803 from evazion/fix-comment-cleanups 
Various minor comment code cleanups
 2016-12-27 11:42:08 -08:00
evazion
cc215f6a41 Add more artist commentary API endpoints. 
* GET /posts/1/artist_commentary.json
* GET /artist_commentaries/1.json
 2016-12-27 06:01:22 +00:00
evazion
1257639109 Add 'post as moderator' option for comments. 
* Add 'post as moderator' option to comment form. This creates a so-called sticky comment.
* Downvotes have no effect on stickied comments; they're always visible, regardless of comment thresholds.
* Only mods may sticky comments.
* Mods may sticky comments by other users.
 2016-12-26 23:52:45 -06:00
evazion
69c50290a8 Include updater_name in /comments/1.json. 2016-12-26 23:52:27 -06:00
evazion
c165b38a91 Prevent anon users from attempting to undelete/unvote comments. 
The :undelete and :unvote actions weren't covered.
 2016-12-26 23:52:27 -06:00
evazion
00ddd2f5d4 Fix #2795: "check_availability" bug with saved searches. 2016-12-22 21:44:35 -06:00
Albert Yi
5a1ac41450 eliminate transaction log items table 2016-12-21 15:00:59 -08:00
Albert Yi
62956be384 hide saved search functionality if not enabled 2016-12-21 14:53:39 -08:00
Albert Yi
ee4ebce4d7 support pool version archive 2016-12-21 11:43:46 -08:00
evazion
a92120e873 Fix #2785: Allow changing API key; require password to view or change key. 2016-12-18 06:30:48 -06:00
Albert Yi
2af622e7a7 add ban to post mode menu 2016-12-09 11:56:25 -08:00
Albert Yi
4eb0a64135 fix exploit for viewing private dmails 2016-12-06 14:34:46 -08:00
Albert Yi
88baf36a8c fix #2783: Unhide /artist_versions for members 2016-12-05 15:55:02 -08:00
Albert Yi
1314239326 remove coinbase references 2016-12-02 13:52:39 -08:00
Albert Yi
7aab50f726 remove old iqdb code 2016-12-02 13:21:56 -08:00
Albert Yi
8e5331d234 fix for iqdb queries 2016-12-02 13:11:10 -08:00
Albert Yi
73ff94e920 integrate iqdbs 2016-11-30 16:38:00 -08:00
Albert Yi
e7907e0e14 rename some config keys to clarify what they are 2016-11-28 17:31:01 -08:00
Albert Yi
5c761d4a60 Merge pull request #2775 from evazion/fix-user-feedbacks 
Prevent mods from editing/deleting feedbacks given to themselves.
 2016-11-28 12:02:47 -08:00
evazion
fa74c71b6d Prevent mods from editing/deleting feedbacks given to themselves. 2016-11-28 03:57:24 -06:00
evazion
5909e8501c Pull upload notice, bookmarklet notice from help:upload_notice wiki page. 2016-11-21 01:17:15 -06:00
evazion
b0a0a32173 API: support PUT /maintenance/user/dmail_filter.json. 2016-11-12 01:10:14 -06:00
evazion
a16b91e2bf Fix exploit allowing dmail filters to be set on other users. 
Exploit:

    curl \
      -u $USERNAME:$API_KEY \
      -X PUT "http://danbooru.donmai.us/maintenance/user/dmail_filter.json?dmail_id=1" \
      -d "dmail_filter[words]=owned&dmail_filter[user_id]=2"

...where dmail_id is any dmail you own (doesn't matter which) and user_id is the victim.
 2016-11-12 01:10:14 -06:00
Albert Yi
eb6746a8a8 additional checks on forum topic visibility 2016-11-07 10:48:04 -08:00
Albert Yi
a22a7c3302 bulk revert 2016-11-07 10:48:04 -08:00
Albert Yi
4e48e80e1f stub in preview for bulk revert 2016-11-02 13:53:01 -07:00
evazion
00da01ea3e Remove unused NotesController#pass_html_id. 
Dead code as far as I can tell. According to `git log -p -G "X-Html-Id"`
was added in 2011 and never used. HTML id is passed to javascript in the
JSON response to `POST /notes.json` instead.
 2016-10-31 01:37:49 +00:00
evazion
9c188ff0cb Fix notes appearing unsaved after saving them. 
Bug: creating a note then saving it doesn't remove the red border
indicating it's unsaved.

Broken by 8df1496 / PR #2729.

Ref: http://danbooru.donmai.us/forum_topics/13348.
 2016-10-31 01:25:09 +00:00
evazion
6dd8ec909d Set approver of aliases/implications in BURs. 
Previously only the BUR's approver was set when a BUR was approved. Set
the approver for each alias/implication in the BUR as well.

Additionally:

* Refactor `approve!` to take a user instead of just a user id.
* Be mass-assignment permissions aware when setting approver_id.
 2016-10-26 21:52:19 -05:00
Albert Yi
79842f7a3b restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658 2016-10-25 15:05:55 -07:00
Albert Yi
589df5f301 implements #2658: private forum topics 2016-10-24 16:56:18 -07:00
evazion
8df1496d28 Fix vuln allowing users to move notes between posts. 
Prevents this from working:

    PUT /notes/1.json?note[post_id]=23
    PUT /notes/1.json?note[post_id]=42
 2016-10-19 22:54:47 -05:00
Albert Yi
e78b7d2a8c fixes #2716: Wiki pages should be undeletable 2016-10-18 15:45:50 -07:00