jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
99221e4028016900fc8ddc04b2da07a9a5c229e8
danbooru/app
History
evazion 99221e4028 Downloads::File: fix SSRF attack when fetching remote size (#2498). 
Fixes the banned IP check not being applied when fetching the remote
file size. This allowed one to trick Danbooru into sending HEAD requests
to private IPs:

  http://danbooru.donmai.us/uploads/new?url=http://127.0.0.1/test.jpg
2018-09-18 12:16:27 -05:00
..
controllers
artist urls: add /artist_urls index page.
2018-09-15 19:58:05 -05:00
helpers
nav menu: fix 'Forum' link not getting '.current' class.
2018-09-04 18:15:21 -05:00
javascript
autocomplete.js: add data attrs on autocomplete results (#3902).
2018-09-17 18:18:33 -05:00
logical
Downloads::File: fix SSRF attack when fetching remote size (#2498).
2018-09-18 12:16:27 -05:00
mailers
fixes #2478: Add links for easy opt-out of emails
2015-09-03 17:03:03 -07:00
models
add diff link on wiki page versions (#1622)
2018-09-17 17:36:46 -07:00
presenters
css: remove unused or redundant rules.
2018-09-14 13:31:59 -05:00
views
/artist_urls: fix timestamp formatting.
2018-09-17 21:01:42 -05:00