jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5,301 Commits 1 Branch 0 Tags
f374eec4a1573e0cebb4a3cd693ed95ce970e596
Commit Graph

804 Commits

Author SHA1 Message Date
r888888888
f374eec4a1 fixes #2869: Add way to differentiate Pool Descriptions from Pool History 2017-02-14 16:03:19 -08:00
r888888888
aa41c41572 fixes #2876: Changing approver/contributor privileges should log mod action 2017-02-14 12:46:54 -08:00
Albert Yi
1c837aba6e Merge pull request #2879 from evazion/fix-dead-code 
Eliminate dead code
 2017-02-07 13:56:05 -08:00
evazion
b5bf9b8678 post.rb: remove assorted unused methods. 2017-02-06 19:07:03 -06:00
evazion
23038de470 posts_controller.rb: remove unused /posts/home action. 
Unused since a4911e3.
 2017-02-06 19:07:03 -06:00
evazion
7e1f63de6a landings_controller.rb: remove unused /landing route. 
Broken since PopularPostExplorer was removed in 7269ec0.
 2017-02-06 19:07:03 -06:00
evazion
d74503ae05 tests: add misc controller tests. 2017-02-06 18:48:35 -06:00
r888888888
1207faa600 fix tests 2017-01-24 16:05:06 -08:00
evazion
caaff24112 /comments?group_by=comment: add is_sticky/is_deleted/do_not_bump_post/order params. 2017-01-23 22:13:00 -06:00
evazion
7486bb0add Fix #2851: Account deletion should remove name change requests. 
Hides name change requests for deleted users (username matches /user_[0-9]+~*/).
 2017-01-19 22:32:13 +00:00
r888888888
bfa56a860c fixes #2415: "Random post" causes RecordNotFound exceptions 2017-01-18 14:12:12 -08:00
Albert Yi
bdac591266 fixes #2838 2017-01-16 12:57:43 -08:00
Albert Yi
a49394e6cd Merge pull request #2842 from evazion/fix-user-name-changes 
Minor user name changes improvements.
 2017-01-16 11:50:51 -08:00
Type-kun
6a6d16852a Final fix for #2658 - close exploit with "new". 2017-01-16 19:34:31 +05:00
evazion
d31a0c23f3 Name changes: add API endpoints for /user_name_change_requests. 2017-01-15 05:03:09 +00:00
evazion
9e9fdcb55d Name changes: make /user_name_change_requests member+; add reason/status/date. 2017-01-15 05:03:09 +00:00
evazion
66e30b323c Name changes: remove delete request button. 2017-01-15 05:03:08 +00:00
Albert Yi
0ab45ebc42 add postarchive model, fixes #2831: Replace Subscriptions Link With Search:All Link 2017-01-11 11:39:14 -08:00
Albert Yi
8db970f9f3 skip api check for forum and comment endpoints 2017-01-10 15:06:34 -08:00
Albert Yi
1724f89742 Merge pull request #2826 from r888888888/related-tags-html 
Related tags html page (fixes #2750)
 2017-01-09 18:11:22 -08:00
Albert Yi
5445b341bc fixes #2822: Post vote API: returns 200 for both success and failure; fixes bug with x-api-limit header 2017-01-09 17:31:14 -08:00
Albert Yi
f2a5d45db0 implement token bucket rate limiting 2017-01-09 17:31:14 -08:00
Type-kun
7c98c60129 Simple HTML page and form for related tags 2017-01-09 19:18:18 +05:00
Type-kun
9da5e67a65 Another partial fix for issue #2824, which also affected ip bans and feedback 
Also fixed minor errors with IP bans
 2017-01-09 13:57:16 +05:00
evazion
ef3f390bba Fix #2813: /posts/random.json does not redirect nicely. 2017-01-01 04:04:46 -06:00
Albert Yi
2fef0cdef9 Merge pull request #2804 from evazion/feat-comment-as-mod 
Add option to comment as moderator (fix #2799)
 2016-12-27 11:49:36 -08:00
Albert Yi
5c0836a9c8 Merge pull request #2803 from evazion/fix-comment-cleanups 
Various minor comment code cleanups
 2016-12-27 11:42:08 -08:00
evazion
cc215f6a41 Add more artist commentary API endpoints. 
* GET /posts/1/artist_commentary.json
* GET /artist_commentaries/1.json
 2016-12-27 06:01:22 +00:00
evazion
1257639109 Add 'post as moderator' option for comments. 
* Add 'post as moderator' option to comment form. This creates a so-called sticky comment.
* Downvotes have no effect on stickied comments; they're always visible, regardless of comment thresholds.
* Only mods may sticky comments.
* Mods may sticky comments by other users.
 2016-12-26 23:52:45 -06:00
evazion
69c50290a8 Include updater_name in /comments/1.json. 2016-12-26 23:52:27 -06:00
evazion
c165b38a91 Prevent anon users from attempting to undelete/unvote comments. 
The :undelete and :unvote actions weren't covered.
 2016-12-26 23:52:27 -06:00
evazion
00ddd2f5d4 Fix #2795: "check_availability" bug with saved searches. 2016-12-22 21:44:35 -06:00
Albert Yi
5a1ac41450 eliminate transaction log items table 2016-12-21 15:00:59 -08:00
Albert Yi
62956be384 hide saved search functionality if not enabled 2016-12-21 14:53:39 -08:00
Albert Yi
ee4ebce4d7 support pool version archive 2016-12-21 11:43:46 -08:00
evazion
a92120e873 Fix #2785: Allow changing API key; require password to view or change key. 2016-12-18 06:30:48 -06:00
Albert Yi
2af622e7a7 add ban to post mode menu 2016-12-09 11:56:25 -08:00
Albert Yi
4eb0a64135 fix exploit for viewing private dmails 2016-12-06 14:34:46 -08:00
Albert Yi
88baf36a8c fix #2783: Unhide /artist_versions for members 2016-12-05 15:55:02 -08:00
Albert Yi
1314239326 remove coinbase references 2016-12-02 13:52:39 -08:00
Albert Yi
7aab50f726 remove old iqdb code 2016-12-02 13:21:56 -08:00
Albert Yi
8e5331d234 fix for iqdb queries 2016-12-02 13:11:10 -08:00
Albert Yi
73ff94e920 integrate iqdbs 2016-11-30 16:38:00 -08:00
Albert Yi
e7907e0e14 rename some config keys to clarify what they are 2016-11-28 17:31:01 -08:00
Albert Yi
5c761d4a60 Merge pull request #2775 from evazion/fix-user-feedbacks 
Prevent mods from editing/deleting feedbacks given to themselves.
 2016-11-28 12:02:47 -08:00
evazion
fa74c71b6d Prevent mods from editing/deleting feedbacks given to themselves. 2016-11-28 03:57:24 -06:00
evazion
5909e8501c Pull upload notice, bookmarklet notice from help:upload_notice wiki page. 2016-11-21 01:17:15 -06:00
evazion
b0a0a32173 API: support PUT /maintenance/user/dmail_filter.json. 2016-11-12 01:10:14 -06:00
evazion
a16b91e2bf Fix exploit allowing dmail filters to be set on other users. 
Exploit:

    curl \
      -u $USERNAME:$API_KEY \
      -X PUT "http://danbooru.donmai.us/maintenance/user/dmail_filter.json?dmail_id=1" \
      -d "dmail_filter[words]=owned&dmail_filter[user_id]=2"

...where dmail_id is any dmail you own (doesn't matter which) and user_id is the victim.
 2016-11-12 01:10:14 -06:00
Albert Yi
eb6746a8a8 additional checks on forum topic visibility 2016-11-07 10:48:04 -08:00