jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4,889 Commits 1 Branch 0 Tags
ced7a34afad07f1d446bed24e37844a8ce964708
Commit Graph

216 Commits

Author SHA1 Message Date
r888888888
fc4b2e54a4 fix common searches 2016-09-29 17:45:16 -07:00
Type-kun
c9c9380093 Add CSS class for banned users(fixes #2691) 2016-09-28 19:15:45 +05:00
r888888888
b13c76b9d9 only trigger common searches js on manual searches 2016-09-07 18:35:28 -07:00
Type-kun
93fca3ce2b Amend wiki listing and general timezone formats (fixes #2649) 2016-09-01 22:37:09 +05:00
Type-kun
23f4232bd2 Style obsolete artist changes (fixes #1171) 2016-08-28 23:12:35 +05:00
Type-kun
92b5e5e00d Display supervoter pref in API and CSS (#2641) 2016-08-27 16:11:48 +05:00
r888888888
c3b78b1752 add user searches 2016-08-23 18:20:21 -07:00
r888888888
41ee2de3d6 enable ragel parser for artist commentaries 2016-06-20 14:13:20 -07:00
r888888888
8cf893757e disable ragel parser 2016-06-20 11:35:06 -07:00
r888888888
f3c4418351 re-enable ragel parser 2016-06-09 16:34:49 -07:00
r888888888
6a548cf2fa disable ragel parser 2016-06-06 12:59:30 -07:00
r888888888
2228f8163b bug fix with format_text 2016-06-06 10:42:09 -07:00
r888888888
581ac61b06 exclude anonymous from ragel dtext 2016-06-06 09:25:37 -07:00
r888888888
d2291fa754 increase usage of ragel dtext parser 2016-05-31 12:16:34 -07:00
r888888888
841c7539cc new version, disable dtext ragel for flag/appeal helper 2016-04-25 17:15:08 -07:00
r888888888
641250d2a9 only enable ragel dtext for user 1 2016-04-25 16:27:01 -07:00
r888888888
0ab1c9f9f5 require dtext correctly 2016-03-17 15:29:44 -07:00
r888888888
c037d7a7cc switch to ragel dtext parser 2016-03-17 15:08:10 -07:00
r888888888
c760366e93 format tag subcriptions in delayed job listing 2016-02-11 11:48:56 -08:00
r888888888
1047d1fd2b add more meta descriptions to more pages 2016-02-09 14:25:23 -08:00
r888888888
504674b288 add rel=nofollow in more places 2016-02-03 23:47:17 -08:00
r888888888
16e437b048 ignore forbidden tags on missed search counter 2016-02-03 16:56:37 -08:00
r888888888
025d66a639 optimize missing search js script 2016-02-02 17:26:28 -08:00
r888888888
fe4cb7f3ba track searches that return no results 2016-02-02 16:25:14 -08:00
r888888888
5a853bcedb tweaks to new can_upload_free flag #2469 2015-10-15 16:23:30 -07:00
r888888888
6480864718 fixes #2469 2015-10-15 15:24:24 -07:00
r888888888
4c5e7a2708 fixes #2478: Add links for easy opt-out of emails 2015-09-03 17:03:03 -07:00
r888888888
e675016ec5 fixes #1904: Display aliases/implications in artist excerpt, fixes bug with approving alias/implications involving artists 2015-08-06 16:40:30 -07:00
r888888888
f87c71cf23 remove post view counts, add search counts 2015-07-27 17:27:40 -07:00
r888888888
9e6d08600c store post view counts in reportbooru/fetch view counts from reportbooru #2128 2015-07-21 13:09:32 -07:00
r888888888
67e46f6e5c fixes #2418 (includes hiding deleted dmails and allowing filtering on user name) 2015-07-07 17:32:38 -07:00
Toks
56d7b79792 #2417 add css class for approvers 2015-07-01 10:27:45 -04:00
r888888888
1d9596d7f2 fixes #2417 2015-06-29 18:17:59 -07:00
Toks
5a8674d342 fix #2239 2015-05-02 11:12:30 -04:00
r888888888
6ff02c653d dmail bulk update request errors to admin 2015-04-21 18:39:42 -07:00
r888888888
2016feeb28 show counts and post links for bulk update requests 2015-04-21 17:50:36 -07:00
Toks
ad8e16aabf fix #2012 2015-04-15 11:29:15 -04:00
r888888888
b2b14cba98 add stripe integration for safebooru 2015-01-22 16:20:25 -08:00
r888888888
cbf48ad948 add stripe integration for safebooru 2014-11-06 17:03:17 -08:00
r888888888
92237d4bf5 add delayed job pretty printing for increment and decrement post counts 2014-10-28 13:40:12 -07:00
r888888888
e4562d209b add delayed job pretty printing for ugoira convert 2014-10-28 13:20:02 -07:00
Albert Yi
b9208b9834 Merge pull request #2275 from evazion/xss/artist-history 
Fix XSS in /artist_versions.
 2014-10-17 14:33:59 -07:00
evazion
de289ee5d3 Fix XSS in /artist_versions. 
1) Put `<script>alert("xss 1")</script>` in the Other Names field in an
   artist entry.
2) Put `<script>alert("xss 2")</script>` in the URLs field.
3) Trick someone into the viewing the history page for that artist.
 2014-10-17 15:22:51 -05:00
evazion
a38e12f091 Fix XSS in source link on post show page. 
This vulnerability allows someone to create a source link that appears
to lead to Pixiv like normal, but that actually executes Javascript code
when clicked.

1) Set the source of a post to javascript:"http://img1.pixiv.net/img/xss/";alert("xss");
2) Wait for someone to click the source link in the Information sidebar.
3) Profit.

The cause is that the regexes for detecting Pixiv URLs aren't anchored
to the front of the string using \A. This allows non-http:// links to be
created.
 2014-10-17 15:15:48 -05:00
Toks
424eb40c9d fixes #2240 2014-08-12 12:41:10 -04:00
Toks
76f31bd6b5 Bulk reqs: add line breaks 
Scripts longer than 1 line are completely unreadable without line breaks
 2014-07-31 21:19:43 -04:00
r888888888
a6d69e63be fixes #2197 2014-07-17 16:24:03 -07:00
r888888888
7b97ca192c fixes #2190 2014-06-12 21:16:21 -07:00
Toks
ff789f5b6d #1961: Restyle other names 
Should be easier to tell them apart now
 2014-06-04 19:15:59 -04:00
Toks
4716bd7c97 #1961: Add pixiv links to other names 2014-06-04 19:12:17 -04:00