jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
a16b91e2bf60054175ae65390d563be838e4a35c
danbooru/app/controllers
History
evazion a16b91e2bf Fix exploit allowing dmail filters to be set on other users. 
Exploit:

    curl \
      -u $USERNAME:$API_KEY \
      -X PUT "http://danbooru.donmai.us/maintenance/user/dmail_filter.json?dmail_id=1" \
      -d "dmail_filter[words]=owned&dmail_filter[user_id]=2"

...where dmail_id is any dmail you own (doesn't matter which) and user_id is the victim.
2016-11-12 01:10:14 -06:00
..
admin
tweaks to new can_upload_free flag #2469
2015-10-15 16:23:30 -07:00
explore
track searches that return no results
2016-02-02 16:25:14 -08:00
maintenance/user
Fix exploit allowing dmail filters to be set on other users.
2016-11-12 01:10:14 -06:00
mobile
fixes #2432, fix tests
2015-07-14 15:13:04 -07:00
moderator
bulk revert
2016-11-07 10:48:04 -08:00
advertisement_hits_controller.rb
Kill trailing whitespace in ruby files
2013-03-19 23:10:10 +11:00
advertisements_controller.rb
performance tweaks for rails 4.1
2014-04-24 22:24:42 -07:00
api_keys_controller.rb
fix basic members not being able to make api keys
2014-08-15 18:13:39 -04:00
application_controller.rb
return 429 for too many requests instead of 421
2016-10-18 13:33:04 -07:00
artist_commentaries_controller.rb
Make more pages publicly accessible to logged out users.
2016-10-17 05:57:05 -05:00
artist_commentary_versions_controller.rb
Add artist commentary, fixes #2024
2013-11-19 10:37:02 -05:00
artist_versions_controller.rb
hide artist versions from general members
2015-11-10 16:50:56 -08:00
artists_controller.rb
Prevent reverting to foreign versions (fixes #2711).
2016-10-11 06:57:46 +00:00
bans_controller.rb
Add missing JSON/XML responses.
2016-10-17 05:57:05 -05:00
bulk_update_requests_controller.rb
Set approver of aliases/implications in BURs.
2016-10-26 21:52:19 -05:00
comment_votes_controller.rb
fixes #2700: Unvote Missing Template Exception
2016-10-04 14:42:48 -07:00
comments_controller.rb
Fix mass assignment vuln in comment update action (#2704).
2016-10-06 09:39:57 +00:00
counts_controller.rb
fixes #1924
2014-05-30 00:02:23 -04:00
delayed_jobs_controller.rb
Add /delayed_jobs.json.
2016-10-17 05:57:05 -05:00
dmails_controller.rb
Initial support for #2677
2016-09-17 16:42:00 +05:00
dtext_previews_controller.rb
enable ragel parser in more places
2016-06-22 16:31:25 -07:00
favorite_group_orders_controller.rb
Add order page for favgroups
2015-06-30 10:02:07 -04:00
favorite_groups_controller.rb
Add key shortcut to add to favgroup
2015-07-01 11:16:07 -04:00
favorites_controller.rb
enable user privacy mode for displaying favorites
2016-02-22 12:18:19 -08:00
forum_posts_controller.rb
additional checks on forum topic visibility
2016-11-07 10:48:04 -08:00
forum_topics_controller.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00
ip_bans_controller.rb
Add missing JSON/XML responses.
2016-10-17 05:57:05 -05:00
iqdb_queries_controller.rb
Fix iqdb
2014-11-07 02:39:15 -05:00
janitor_trials_controller.rb
add limit parameter to everything
2013-05-15 01:01:19 -04:00
landings_controller.rb
added new landing page
2011-10-28 19:21:44 -04:00
legacy_controller.rb
fixes #2432, fix tests
2015-07-14 15:13:04 -07:00
meta_searches_controller.rb
fixes #1227
2014-02-28 16:40:11 -08:00
mod_actions_controller.rb
Add missing JSON/XML responses.
2016-10-17 05:57:05 -05:00
news_updates_controller.rb
add limit parameter to everything
2013-05-15 01:01:19 -04:00
note_previews_controller.rb
fixes #1504
2013-05-08 08:57:50 -04:00
note_versions_controller.rb
Make more pages publicly accessible to logged out users.
2016-10-17 05:57:05 -05:00
notes_controller.rb
Remove unused NotesController#pass_html_id.
2016-10-31 01:37:49 +00:00
pool_elements_controller.rb
Better error when trying to add to nonexistent pool
2015-11-03 23:31:19 -05:00
pool_orders_controller.rb
Fixes #28: Pool reording does not work
2011-09-13 13:28:33 -04:00
pool_versions_controller.rb
add limit parameter to everything
2013-05-15 01:01:19 -04:00
pools_controller.rb
Prevent reverting to foreign versions (fixes #2711).
2016-10-11 06:57:46 +00:00
post_appeals_controller.rb
Make more pages publicly accessible to logged out users.
2016-10-17 05:57:05 -05:00
post_events_controller.rb
Make more pages publicly accessible to logged out users.
2016-10-17 05:57:05 -05:00
post_flags_controller.rb
Make more pages publicly accessible to logged out users.
2016-10-17 05:57:05 -05:00
post_versions_controller.rb
fixes #2165
2014-05-25 14:50:07 -04:00
post_votes_controller.rb
Prevent anon/banned/member users from voting (fix #2719).
2016-10-14 04:47:51 +00:00
posts_controller.rb
Prevent reverting to foreign versions (fixes #2711).
2016-10-11 06:57:46 +00:00
related_tags_controller.rb
fix related tag update
2016-01-04 11:04:28 -08:00
reports_controller.rb
remove reference to janitor_only
2016-09-29 11:54:49 -07:00
saved_search_category_changes_controller.rb
add saved search category change ui
2016-09-11 01:37:10 -07:00
saved_searches_controller.rb
Add missing JSON/XML responses.
2016-10-17 05:57:05 -05:00
sessions_controller.rb
fixes #2619: Delete password_hash cookie on sign out
2016-07-11 16:38:00 -07:00
sources_controller.rb
potential fix for #2404
2015-06-10 17:28:51 -07:00
static_controller.rb
add glob patten for missing routes
2016-08-30 14:42:01 -07:00
super_voters_controller.rb
Make more pages publicly accessible to logged out users.
2016-10-17 05:57:05 -05:00
tag_alias_corrections_controller.rb
fixes #2417
2015-06-29 18:17:59 -07:00
tag_alias_requests_controller.rb
add secondary validations to aliases+implications+requests
2016-02-11 11:48:56 -08:00
tag_aliases_controller.rb
Set approver of aliases/implications in BURs.
2016-10-26 21:52:19 -05:00
tag_corrections_controller.rb
after a tag correction, display tag whether it is empty or not
2013-06-23 18:55:45 -04:00
tag_implication_requests_controller.rb
add secondary validations to aliases+implications+requests
2016-02-11 11:48:56 -08:00
tag_implications_controller.rb
Set approver of aliases/implications in BURs.
2016-10-26 21:52:19 -05:00
tag_subscriptions_controller.rb
add member only constraint for migrating tag subscriptions
2016-06-24 14:11:44 -07:00
tags_controller.rb
Include aliased tags in autocomplete
2015-04-04 12:06:06 -04:00
uploads_controller.rb
Remove nils from recent tags
2015-11-20 19:55:21 -05:00
user_feedbacks_controller.rb
fixes #1634: Allow users to edit feedback they give out
2015-08-02 18:19:44 -07:00
user_name_change_requests_controller.rb
approve name change requests by default
2014-11-06 17:45:44 -08:00
user_reverts_controller.rb
remove reference to janitor_only
2016-09-29 11:54:49 -07:00
user_upgrades_controller.rb
add stripe integration for safebooru
2015-01-22 16:20:25 -08:00
users_controller.rb
keep better track of per-user ip addrs
2016-08-24 15:58:22 -07:00
wiki_page_versions_controller.rb
add limit parameter to everything
2013-05-15 01:01:19 -04:00
wiki_pages_controller.rb
fixes #2716: Wiki pages should be undeletable
2016-10-18 15:45:50 -07:00