evazion
|
a92120e873
|
Fix #2785: Allow changing API key; require password to view or change key.
|
2016-12-18 06:30:48 -06:00 |
|
evazion
|
b0a0a32173
|
API: support PUT /maintenance/user/dmail_filter.json.
|
2016-11-12 01:10:14 -06:00 |
|
evazion
|
a16b91e2bf
|
Fix exploit allowing dmail filters to be set on other users.
Exploit:
curl \
-u $USERNAME:$API_KEY \
-X PUT "http://danbooru.donmai.us/maintenance/user/dmail_filter.json?dmail_id=1" \
-d "dmail_filter[words]=owned&dmail_filter[user_id]=2"
...where dmail_id is any dmail you own (doesn't matter which) and user_id is the victim.
|
2016-11-12 01:10:14 -06:00 |
|
r888888888
|
4c5e7a2708
|
fixes #2478: Add links for easy opt-out of emails
|
2015-09-03 17:03:03 -07:00 |
|
r888888888
|
341b29ce41
|
fix tests
|
2015-08-18 17:40:53 -07:00 |
|
r888888888
|
67e46f6e5c
|
fixes #2418 (includes hiding deleted dmails and allowing filtering on user name)
|
2015-07-07 17:32:38 -07:00 |
|
r888888888
|
1abdcb3cf3
|
fixes #2419
|
2015-06-30 13:21:39 -07:00 |
|
Toks
|
744daa6c0c
|
When email change fails, give appropriate error message
Previously it would always say "Password was incorrect" on failure,
whether that was the actual problem or not.
|
2014-01-24 13:52:43 -05:00 |
|
r888888888
|
eab2eb1d82
|
fixes #1651
|
2013-05-21 17:52:03 -07:00 |
|
r888888888
|
0a9e2a39b0
|
add account deletion
|
2013-05-16 15:15:00 -07:00 |
|
r888888888
|
a25242f68d
|
in progress
|
2013-04-30 23:25:26 -07:00 |
|
小太
|
cba839ba76
|
Kill trailing whitespace in ruby files
|
2013-03-19 23:10:10 +11:00 |
|
albert
|
72e9da01b5
|
fixing functional tests
|
2011-07-17 16:42:26 -04:00 |
|