jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
4,912 Commits 1 Branch 0 Tags
f94dfbf17ecbb0293a2f2c77b1ff88cf3f1c63a7
Commit Graph

4912 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
evazion
f94dfbf17e Fix bookmarklet for whitecube URLs. 
Make the bookmarklet work for URLs like this:

* http://www.pixiv.net/whitecube/user/607414/illust/59510800
* http://www.pixiv.net/whitecube/user/772090/illust/59595705
 2016-10-22 16:11:44 -05:00
Albert Yi
080eecb6b9 Merge pull request #2729 from evazion/fix-notes-mass-assignment 
Fix vuln allowing users to move notes between posts.
 2016-10-20 16:22:43 -07:00
Albert Yi
8d2b1cf2b5 Merge pull request #2727 from evazion/fix-post-ratings 
Validate post ratings and fix ratings locks
 2016-10-20 10:32:40 -07:00
evazion
8df1496d28 Fix vuln allowing users to move notes between posts. 
Prevents this from working:

    PUT /notes/1.json?note[post_id]=23
    PUT /notes/1.json?note[post_id]=42
 2016-10-19 22:54:47 -05:00
evazion
d2f3027294 Add test for moving notes between posts. 2016-10-19 22:54:39 -05:00
evazion
0006b76c4d Always obey rating locks; make rerating locked posts an error. 
Currently rating locks are only obeyed when using the rating: metatag.
They aren't obeyed when:

* Changing the rating via the API.
* Changing the rating via 'Rate Safe' in the mode menu (uses the API).
* Reverting to previous versions.

Also, the current behavior is to ignore the rating: metatag if the post
is locked. This patch instead makes the update fail completely (note that
this could affect trying to mass revert posts that may be rating locked).

Note: the check for `!is_rating_locked_changed?` is so that

  PUT /posts/1.json?post[rating]=s&post[is_rating_locked]=true

works (ie., locking and changing the rating at the same time is okay).
 2016-10-19 20:06:43 -05:00
evazion
88248e7ec7 Add tests for reverting rating-locked posts. 2016-10-19 20:06:43 -05:00
evazion
c01e03b193 Validate post ratings. 
Prevent ratings from being set to invalid values via the API:

    PUT /posts/1.json?post[rating]=Z
 2016-10-19 20:06:43 -05:00
evazion
d2a0b089f4 Add test for setting invalid ratings. 2016-10-19 20:06:43 -05:00
Albert Yi
4c1949f1c8 add PATCH 2016-10-19 14:41:59 -07:00
Albert Yi
25028f0c7f increase api limit for platinum 2016-10-19 13:00:36 -07:00
Albert Yi
af55e6cf8a fix api limit display 2016-10-19 10:39:01 -07:00
Albert Yi
fb1cf5edbc Merge pull request #2726 from evazion/feat-log-tag-aliases+implications 
Log tag aliases+implications
 2016-10-19 10:07:08 -07:00
Albert Yi
4b8d014b2f fixes #2718: Twitter artist finding should not be case sensitive 2016-10-18 16:51:59 -07:00
Albert Yi
7cad4a3f68 normalized artist urls are always downcased 2016-10-18 16:32:35 -07:00
Albert Yi
e78b7d2a8c fixes #2716: Wiki pages should be undeletable 2016-10-18 15:45:50 -07:00
Albert Yi
2a5343b8cf add more intelligent js for artist forms 2016-10-18 14:56:40 -07:00
Albert Yi
2424f24fcd return 429 for too many requests instead of 421 2016-10-18 13:33:04 -07:00
Albert Yi
b17cd5bffc fix for sessionless api limits 2016-10-18 13:04:50 -07:00
evazion
29f3aef6b6 Log all tag alias/implication changes. 
Creates a mod action any time an alias or implication is changed. This
includes creations, edits to pending aliases/implications, deletions,
and approvals. Also it logs each status change from pending -> queued
-> processing -> approved.

Call are changed from `update_column` to `update` so that the
create_mod_action callback will run at every point in the lifecycle.
 2016-10-18 05:23:27 -05:00
evazion
5743166e25 Add a test case for implication requests. 2016-10-18 05:22:44 -05:00
r888888888
afa0dcae20 potential fix for alias/implication status bug 2016-10-18 00:25:55 -07:00
Albert Yi
87447a51c3 work on #2693 Separate API Limits by Writes/Reads 2016-10-17 16:37:11 -07:00
Albert Yi
ced7a34afa additional fixes for install script 2016-10-17 16:15:12 -07:00
Albert Yi
86af580445 increase random post mod queue length to 12 2016-10-17 15:53:51 -07:00
Albert Yi
c36d58f5f5 Merge pull request #2722 from evazion/fix-2721 
Fix missing JSON/XML templates, make more pages public (#2721)
 2016-10-17 14:47:01 -07:00
evazion
7c8557dbac Make more pages publicly accessible to logged out users. 
* /artist_commentaries
* /note_versions
* /post_appeals
* /post_flags
* /posts/1/events
* /super_voters
 2016-10-17 05:57:05 -05:00
evazion
7c6ba6a7c0 Add /delayed_jobs.json. 
Leave out `handler` because it's sensitive.
 2016-10-17 05:57:05 -05:00
evazion
af7abc2b38 Add missing JSON/XML responses. 
* GET    /bans.json
* GET    /bans/1.json
* GET    /ip_bans.json
* POST   /ip_bans.json
* DELETE /ip_bans.json
* GET    /mod_actions.json
* GET    /posts/1/events.json
* POST   /saved_searches.json
* DELETE /saved_searches/1.json
* GET    /super_voters.json
 2016-10-17 05:57:05 -05:00
Albert Yi
1d8341e1ac Merge pull request #2720 from evazion/fix-member-voting 
Prevent anon/banned/member users from voting (fix #2719)
 2016-10-13 22:13:08 -07:00
evazion
bd6ebceda3 Refactor post_approvers_only to approver_only. 
Don't duplicate code with post_approvers_only; use the approver_only?
method dynamically defined in `User::Roles.each do ... end`.
 2016-10-14 05:04:40 +00:00
evazion
d84184b5f1 Prevent anon/banned/member users from voting (fix #2719). 
There was a regression in 6d6d00b; `before_filter :voter_only` was a
no-op in the post vote controller because it merely returned false,
which does not halt the request. The fix is to arrange for a voter_only
method to be defined that properly redirects to the access denied page.
 2016-10-14 04:47:51 +00:00
evazion
5e75dcecea Add test cases for anon/banned/member voting. 2016-10-14 04:47:51 +00:00
Albert Yi
903eff5c24 update rails gem 2016-10-12 17:06:50 -07:00
Albert Yi
8d8511dc08 update rbenv ruby version 2016-10-12 16:46:29 -07:00
Albert Yi
11f911fd32 remove gctools dependency 2016-10-12 16:45:14 -07:00
Albert Yi
eaa0426c36 Merge pull request #2714 from evazion/fix-2704 
Fix mass assignment vuln to tag alias/implication status (partial fix for #2704).
 2016-10-11 17:48:26 -07:00
Albert Yi
3479ad89c6 readd postgresql-contrib package; add conditional check for postgresql version before compiling test_parser extension #2707 2016-10-11 17:46:37 -07:00
Albert Yi
2aae95623d Merge pull request #2713 from evazion/fix-2711 
Prevent reverting to foreign versions (fixes #2711).
 2016-10-11 17:28:44 -07:00
Albert Yi
6900efebd3 rename rbenv-version 2016-10-11 17:27:42 -07:00
evazion
7e3284c87f Fix mass assignment vuln to tag alias/implication status (2704). 2016-10-11 08:20:28 +00:00
evazion
789dede893 Tag aliases/implications: validate status and forum_topic_id. 
* Validates that status is active/pending/deleted/etc. Not strictly
  necessary, the controller prevents users from setting the status, but
  it doesn't hurt.
* Validates that forum_topic_id is a valid topic if it's present.
* Validates that approver_id and creator_id are valid users (not
  strictly necessary either, users can't set these values).
 2016-10-11 08:20:28 +00:00
evazion
101771adb8 Aliases/implications: Add tests for status and foreign keys. 2016-10-11 08:19:52 +00:00
evazion
c46b31aa9c Prevent reverting to foreign versions (fixes #2711). 2016-10-11 06:57:46 +00:00
evazion
80895ef46e Add tests for reverting to foreign versions. 2016-10-11 06:57:05 +00:00
Albert Yi
23ad02fa9c fix super voter test 2016-10-10 18:14:49 -07:00
Albert Yi
d5f02abf8c fix saved search test 2016-10-10 17:29:49 -07:00
Albert Yi
bf4397cbe4 update install script for ruby 2.3.1 2016-10-10 16:46:59 -07:00
Albert Yi
46beb247ea update ruby version to 2.3.1 2016-10-10 16:45:37 -07:00
Albert Yi
e496ac1ed6 adjustments to install script 2016-10-10 16:29:19 -07:00