jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
a16b91e2bf60054175ae65390d563be838e4a35c
danbooru/app/models
History
evazion a16b91e2bf Fix exploit allowing dmail filters to be set on other users. 
Exploit:

    curl \
      -u $USERNAME:$API_KEY \
      -X PUT "http://danbooru.donmai.us/maintenance/user/dmail_filter.json?dmail_id=1" \
      -d "dmail_filter[words]=owned&dmail_filter[user_id]=2"

...where dmail_id is any dmail you own (doesn't matter which) and user_id is the victim.
2016-11-12 01:10:14 -06:00
..
advertisement_hit.rb
fixes #2133
2014-04-16 17:43:34 -07:00
advertisement.rb
fixes #2133
2014-04-16 17:43:34 -07:00
amazon_backup.rb
* refactor aws config options
2015-12-28 12:26:20 -08:00
anti_voter.rb
add antivoters (no behavior yet)
2016-09-19 16:47:55 -07:00
api_key.rb
fixes #2166
2014-07-23 15:15:47 -07:00
artist_commentary_version.rb
Fix Rails 4.1 migration issues
2014-04-24 17:01:03 -07:00
artist_commentary.rb
Prevent reverting to foreign versions (fixes #2711).
2016-10-11 06:57:46 +00:00
artist_url.rb
fixes #2718: Twitter artist finding should not be case sensitive
2016-10-24 12:18:44 -07:00
artist_version.rb
Fix #2665: nil exception in /artist_versions
2016-09-10 00:40:17 +05:00
artist.rb
Set approver when creating banned_artist implication.
2016-10-26 21:52:19 -05:00
ban.rb
Add test cases for anon/banned/member voting.
2016-10-14 04:47:51 +00:00
bulk_update_request.rb
Set approver of aliases/implications in BURs.
2016-10-26 21:52:19 -05:00
comment_vote.rb
Prevent users from upvoting their own comments.
2016-11-06 01:32:54 -06:00
comment.rb
Prevent commenting on nonexistent posts (#2704).
2016-10-06 09:39:57 +00:00
dmail_filter.rb
Fix exploit allowing dmail filters to be set on other users.
2016-11-12 01:10:14 -06:00
dmail.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00
favorite_group.rb
fixes #2731: Expunged posts should clear favorite groups
2016-11-01 13:44:36 -07:00
favorite.rb
favoriting now triggers an upvote
2016-02-22 17:02:15 -08:00
forum_post.rb
additional checks on forum topic visibility
2016-11-07 10:48:04 -08:00
forum_subscription.rb
fix tests
2015-08-18 17:40:53 -07:00
forum_topic_visit.rb
Fix prune! affecting all users
2014-07-18 16:08:39 -04:00
forum_topic.rb
additional checks on forum topic visibility
2016-11-07 10:48:04 -08:00
ip_ban.rb
fixes #2133
2014-04-16 17:43:34 -07:00
janitor_trial.rb
fixes #2470
2015-10-19 14:33:06 -07:00
key_value.rb
fixes #2133
2014-04-16 17:43:34 -07:00
mod_action.rb
Require creator for mod actions
2014-06-17 15:51:18 -04:00
news_update.rb
fixes #2133
2014-04-16 17:43:34 -07:00
note_version.rb
Fix diff bug for note versions from Danbooru 1
2015-05-16 12:11:27 -04:00
note.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00
pixiv_ugoira_frame_data.rb
add ugoira support in view
2014-10-19 02:30:02 -07:00
pool_version.rb
fixes #2133
2014-04-16 17:43:34 -07:00
pool.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00
post_appeal.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00
post_approval.rb
stub in preview for bulk revert
2016-11-02 13:53:01 -07:00
post_disapproval.rb
fixes #2479: Disapproval comment is sent to disapprover instead of uploader
2015-08-07 10:48:13 -07:00
post_event.rb
add combined flag+appeal listing for posts #262
2015-07-28 15:45:01 -07:00
post_flag.rb
fix chaining of hidden_attributes/method_attributes
2016-10-27 14:53:25 -07:00
post_read_only.rb
use replica db for calculating post counts
2016-01-28 18:31:03 -08:00
post_update.rb
remove uniqueness constraint on postupdates
2016-08-22 16:09:20 -07:00
post_version.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00
post_vote.rb
remove anti voters, extend post vote lifetime to 90 days, add minimum score threshold for super voters
2016-09-23 11:03:09 -07:00
post.rb
Autotag character_(cosplay) -> character, cosplay.
2016-11-04 23:37:28 -05:00
report_mailer.rb
Kill trailing whitespace in ruby files
2013-03-19 23:10:10 +11:00
saved_search.rb
add saved search category change ui
2016-09-11 01:37:10 -07:00
super_voter.rb
increase super voter limit
2016-09-25 14:56:19 -07:00
tag_alias.rb
Set approver of aliases/implications in BURs.
2016-10-26 21:52:19 -05:00
tag_implication.rb
Set approver of aliases/implications in BURs.
2016-10-26 21:52:19 -05:00
tag_subscription.rb
add link for migrating tag subscription to saved search
2016-06-15 13:39:53 -07:00
tag.rb
remove ref to is_janitor
2016-09-29 11:54:17 -07:00
transaction_log_item.rb
Create new transaction log table to track user conversions
2014-02-10 13:35:39 -08:00
upload.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00
user_feedback.rb
fixes #2133
2014-04-16 17:43:34 -07:00
user_name_change_request.rb
fixes #2602: Username changes come through without marking a request as "Approved"
2016-05-27 12:40:12 -07:00
user_password_reset_nonce.rb
fix tests
2015-08-18 17:40:53 -07:00
user.rb
Fix private forum topic bumping for users below min level.
2016-10-30 18:00:26 -05:00
wiki_page_version.rb
fixes #2716: Wiki pages should be undeletable
2016-10-18 15:45:50 -07:00
wiki_page.rb
restrict min level constraints for forum topics to mod+admin and restrict options based on current user's level. check privileges for visiblity in forum posts and topics. deprecate serializable_hash (undocumented, internal) for as_json, refactor to use hidden_attributes and method_attributes #2658
2016-10-25 15:05:55 -07:00