jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4,889 Commits 1 Branch 0 Tags
ced7a34afad07f1d446bed24e37844a8ce964708
Commit Graph

4196 Commits

Author SHA1 Message Date
Albert Yi
86af580445 increase random post mod queue length to 12 2016-10-17 15:53:51 -07:00
evazion
7c8557dbac Make more pages publicly accessible to logged out users. 
* /artist_commentaries
* /note_versions
* /post_appeals
* /post_flags
* /posts/1/events
* /super_voters
 2016-10-17 05:57:05 -05:00
evazion
7c6ba6a7c0 Add /delayed_jobs.json. 
Leave out `handler` because it's sensitive.
 2016-10-17 05:57:05 -05:00
evazion
af7abc2b38 Add missing JSON/XML responses. 
* GET    /bans.json
* GET    /bans/1.json
* GET    /ip_bans.json
* POST   /ip_bans.json
* DELETE /ip_bans.json
* GET    /mod_actions.json
* GET    /posts/1/events.json
* POST   /saved_searches.json
* DELETE /saved_searches/1.json
* GET    /super_voters.json
 2016-10-17 05:57:05 -05:00
evazion
bd6ebceda3 Refactor post_approvers_only to approver_only. 
Don't duplicate code with post_approvers_only; use the approver_only?
method dynamically defined in `User::Roles.each do ... end`.
 2016-10-14 05:04:40 +00:00
evazion
d84184b5f1 Prevent anon/banned/member users from voting (fix #2719). 
There was a regression in 6d6d00b; `before_filter :voter_only` was a
no-op in the post vote controller because it merely returned false,
which does not halt the request. The fix is to arrange for a voter_only
method to be defined that properly redirects to the access denied page.
 2016-10-14 04:47:51 +00:00
evazion
5e75dcecea Add test cases for anon/banned/member voting. 2016-10-14 04:47:51 +00:00
Albert Yi
eaa0426c36 Merge pull request #2714 from evazion/fix-2704 
Fix mass assignment vuln to tag alias/implication status (partial fix for #2704).
 2016-10-11 17:48:26 -07:00
evazion
7e3284c87f Fix mass assignment vuln to tag alias/implication status (2704). 2016-10-11 08:20:28 +00:00
evazion
789dede893 Tag aliases/implications: validate status and forum_topic_id. 
* Validates that status is active/pending/deleted/etc. Not strictly
  necessary, the controller prevents users from setting the status, but
  it doesn't hurt.
* Validates that forum_topic_id is a valid topic if it's present.
* Validates that approver_id and creator_id are valid users (not
  strictly necessary either, users can't set these values).
 2016-10-11 08:20:28 +00:00
evazion
c46b31aa9c Prevent reverting to foreign versions (fixes #2711). 2016-10-11 06:57:46 +00:00
evazion
3838167dc0 Post#unvote!: Return correct score (fixes #2709). 
vote.destroy sets the score in the database but not on the in-memory
post. So just reload the post from the db to get the updated score,
don't duplicate the logic of setting it again.
 2016-10-08 09:07:41 +00:00
evazion
cb1e1d3a94 Prevent commenting on nonexistent posts (#2704). 2016-10-06 09:39:57 +00:00
evazion
8c8f4a6a8f Fix mass assignment vuln in comment update action (#2704). 
Prevents mass assignment of `post_id`, `do_not_bump_post`, and
`is_deleted`.
 2016-10-06 09:39:57 +00:00
evazion
ab5fd48280 Prevent mass assignment to Post#last_noted_at (#2704). 2016-10-06 09:39:57 +00:00
Albert Yi
6b6f78da57 Merge pull request #2703 from evazion/fix/bogus-twitter-artists 
Artist finder: Don't return bogus results for non-matching twitter artists
 2016-10-05 12:58:12 -07:00
Albert Yi
4bdca44f2e Merge pull request #2702 from evazion/fix/set-admin-permissions 
Give full permissions to the starting admin.
 2016-10-05 12:46:26 -07:00
evazion
98f16b7105 Artist finder: Don't return bogus results for non-matching twitter artists. 2016-10-05 08:13:27 +00:00
evazion
e86a7ae957 Give approve/upload/supervoter permissions to first admin. 2016-10-05 02:15:04 +00:00
evazion
c3b55e80c5 Make default user level and settings configurable. 
Remove start_as_gold? and start_as_contributor? from default config
because they don't actually do anything. `git log -G start_as` indicates
they never have done anything.

Add a more general customize_new_user method for setting the starting
user level, permissions and defaults for any other settings.
 2016-10-05 01:39:08 +00:00
r888888888
ebff27c7c0 fixes #2700: Unvote Missing Template Exception 2016-10-04 14:42:48 -07:00
Albert Yi
1d0af0358f Merge pull request #2699 from evazion/fix/https-pixiv-ids 
Refactor Post#parse_pixiv_id to use illust_id_from_url (fix #2695)
 2016-10-03 11:01:22 -07:00
r888888888
0b396124d6 handle comic.pixiv.net being down gracefully 2016-10-02 19:59:54 -07:00
evazion
d38e83cd00 Refactor Post#parse_pixiv_id to use illust_id_from_url (fix #2695). 
* Make illust_id_from_url a public class method instead of a protected
  instance method so that Post#parse_pixiv_id can use it.
* Also make illust_id_from_url swallow the exception that
  illust_id_from_url! throws so that parse_pixiv_id can use it.
 2016-10-03 02:29:45 +00:00
r888888888
fc4b2e54a4 fix common searches 2016-09-29 17:45:16 -07:00
r888888888
643d06dcff remove reference to janitor_only 2016-09-29 11:54:49 -07:00
r888888888
7bc8104304 remove ref to is_janitor 2016-09-29 11:54:17 -07:00
r888888888
5b48d272f2 add basic user revert functionality 2016-09-28 11:38:34 -07:00
r888888888
859efe026c Merge branch 'pixiv-whitecube' 2016-09-28 11:36:32 -07:00
r888888888
fc7afd44ea refactor source pixiv test 
refactor pixiv download tests
refactor upload test
refactor nico seiga test
refactor twitter tests
 2016-09-28 11:25:29 -07:00
r888888888
4fa2741ed2 include whitecube source/rewrite strategies 2016-09-28 11:24:54 -07:00
Type-kun
c9c9380093 Add CSS class for banned users(fixes #2691) 2016-09-28 19:15:45 +05:00
Albert Yi
d86e7b1065 Merge pull request #2679 from r888888888/quoted_source 
Allow quoted source: metatag, allow source: metatag when editing posts
 2016-09-27 15:33:45 -07:00
r888888888
34d1f95cbf potential fix for #2687: Post changes report doesn't handle nil results 2016-09-26 12:13:41 -07:00
r888888888
20779d52d0 final fix for #2688: Artists are uneditable 2016-09-26 12:02:35 -07:00
r888888888
026a64cca6 fix artist form error 2016-09-25 14:59:46 -07:00
r888888888
46b8ce06bc increase super voter limit 2016-09-25 14:56:19 -07:00
r888888888
164a49c84b fix sorting of post vote similarity algo 2016-09-24 03:59:10 -07:00
Albert Yi
c776fb478a Revert "Index and form for bit preferences" 2016-09-23 16:21:09 -07:00
r888888888
800f7d9e5f fix invalid reference to request.request_uri 2016-09-23 15:30:17 -07:00
r888888888
f62b49bbeb fixes #2484: Only show application trace for errors 2016-09-23 12:11:48 -07:00
Type-kun
6900b78365 Include bitprefs in search form (#2644) 2016-09-23 11:52:43 -07:00
Type-kun
e7586f4e4a Add is_banned to user search params 2016-09-23 11:52:43 -07:00
Type-kun
2e4385b6cd Change user prefs search logic to use index (#2644) 
Sadly, array index failed to cover "unset bits" case,
so excluded bits are merged into bigint, and &'d with column,
which turned out more readable and simpler than bit string.
 2016-09-23 11:52:43 -07:00
r888888888
09ec2dfc08 remove anti voters, extend post vote lifetime to 90 days, add minimum score threshold for super voters 2016-09-23 11:03:09 -07:00
r888888888
c8c99e9b9c fixes #2663: Deleted artist entries allow modifications and wiki creations 2016-09-20 16:04:25 -07:00
ghostrigger
063e4ecb18 minor edit on syntax 
fix syntax missing "%>"
 2016-09-20 11:00:13 +08:00
r888888888
486f59e945 add antivoter resource 2016-09-19 17:07:22 -07:00
r888888888
b2e6a8f031 add antivoters (no behavior yet) 2016-09-19 16:47:55 -07:00
r888888888
bf2246f895 move vote similarity code into danbooru, add listing for super voters 2016-09-19 16:43:29 -07:00