TriHard
/
rDrama
forked from rDrama/rDrama
1
0
Fork 0
Code Pull Requests Activity
21,856 Commits
2 Branches
0 Tags
2 GiB
Commit Graph

17643 Commits (a4cfc02dc1917d01f9a5abc15ce18d0e9b9c95c3)

Author SHA1 Message Date
justcool393 6dbad04f08 band-aid fix for frozen session issue on signup (#50) 
through some reason or another, people are somehow getting cookies that aren't prepended with a dot.

this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.

~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~

~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~

~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~

**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
 2022-12-06 22:07:12 +00:00
justcool393 c12bf5105f WPD: remove poll limit (#51) 
by request of the wpd mops

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#51
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
 2022-12-06 18:24:41 +00:00
Snakes 9160a853ec
Remove !YOU!. 
Security mess and stale joke.
 2022-12-05 20:06:04 -05:00
Snakes fe5ffd1bcf
security: sanitize !YOU! in <a href="">. 
Unlike the recent auto-embed exploits which have been patched, this
requires active user action. However our userbase, like all userbases,
contains quite a few retards and phoneposters who don't check links
before clicking.

Example exploit:

    <a href="https://example.com/log?username=!YOU!">Bardfinn Dox</a>
 2022-12-05 19:05:02 -05:00
Snakes 616634158c
Narrow approved_embed_hosts for security. 
Probably will break some peoples' profilecss and irritate the
newsposters, but in light of recent live proven exploits to disclose
user IP & username pairs to remote servers, the broad list of embed
hosts was unsustainable and impossible to prove safe.

We extend is_safe_url to allow whitelisting subdomains, specifically
to solve the s.lain.la open redirect exploit. Also, open media proxies
like external-content.duckduckgo.com were concerning enough, despite
likely being safe, to warrant removal. Anything infrequently used and
difficult to review, or has a reasonable alternative, was also removed.

In general: we want people to be rehosting, and if we want to allow
more external content, we need to run a media proxy. The central issue
is that any user-configurable 302 is a potential disclosure risk, and
Lord knows how many ways there were to get <arbitrarynewssite>.com to
do so. Maybe zero, but the problem is we just don't know.
 2022-12-05 18:57:35 -05:00
float-trip bca9aff068 Disallow !YOU! in URLs. (#49) 
!YOU! + an escape for `approved_embed_hosts` could let you grab the IP and username of everyone who views your comment

https://rdrama.net/post/129053/you-callout-thread/3191218?context=8#context

lain.la has a URL shortener that also works to get around embed hosts, fwiw

Co-authored-by: float trip <float-trip@rdrama.net>
Reviewed-on: rDrama/rDrama#49
Co-authored-by: float-trip <float-trip@noreply.fsdfsd.net>
Co-committed-by: float-trip <float-trip@noreply.fsdfsd.net>
 2022-12-05 21:20:59 +00:00
Aevann1 b5b3b9dcc3 fix pin awards 2022-12-05 18:01:13 +02:00
Aevann1 ede58dd886 fix margins 2022-12-05 17:23:41 +02:00
Aevann1 8101e7d91b fix 500 errors 2022-12-05 17:16:11 +02:00
Aevann1 15088e5eef add button to remove current profile background 2022-12-05 17:14:53 +02:00
Aevann1 84ec5f5b46 truncate unnecessary logic 2022-12-05 17:10:15 +02:00
Aevann1 847385ad87 fix https://stupidpol.site/h/changelog/post/128866/changelog-added-profile-walls-profile-views/3188365?context=8#context 2022-12-05 16:51:50 +02:00
SneedBot 4ddbd0117f sneed 2022-12-05 14:38:36 +00:00
Aevann1 2b7f7cef1b fix marking read from push notifs 2022-12-05 16:38:24 +02:00
Aevann1 99c12a74ad only show "upload profile background" if user on desktop or uses transparent theme to prevent confusion 2022-12-05 16:30:55 +02:00
Aevann1 ab7144d94a Revert "only show "upload profile background" if user on desktop or uses transparent theme" 
This reverts commit 7b0de3e79d.
 2022-12-05 16:25:39 +02:00
SneedBot 8d9c7fe635 sneed 2022-12-05 14:22:33 +00:00
Aevann1 7b0de3e79d only show "upload profile background" if user on desktop or uses transparent theme 2022-12-05 16:22:19 +02:00
Aevann1 7f1de57ffe minor log fix 2022-12-05 16:06:11 +02:00
Aevann1 159cb52e46 add looksmax.org to BOOSTED_SITES 2022-12-05 15:59:01 +02:00
Aevann1 4583c3d4eb cosmetic changes 2022-12-05 08:46:04 +02:00
Aevann1 67136ec707 minor style change 2022-12-05 08:23:42 +02:00
Aevann1 c0169d0dab fix voting on profile wall 2022-12-05 08:18:37 +02:00
Aevann1 1fead79a86 fix 2022-12-05 08:15:13 +02:00
Aevann1 9dacb7c307 add teamblind.com to boosted sites 2022-12-05 08:13:11 +02:00
Aevann1 f5ef9f431a fix wall margins 2022-12-05 08:12:46 +02:00
Aevann1 77058d31dc move pcm sidebar image to top 2022-12-05 07:35:05 +02:00
Aevann1 39ad0bd5f8 fix margins 2022-12-05 07:33:32 +02:00
Aevann1 4e4a0e734a margin change 2022-12-05 07:29:44 +02:00
Aevann1 bbc33b9331 edit PCM rules 2022-12-05 07:28:15 +02:00
Aevann 18df70caab allow JL3 to edit rules (#39) 
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: rDrama/rDrama#39
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-05 05:22:08 +00:00
Aevann1 77c37b0fd2 same as last commit 2022-12-05 07:01:20 +02:00
Aevann1 e7fbf5f5b9 site background shit 2022-12-05 07:00:44 +02:00
Aevann1 ea934e17b9 fix 500 error 2022-12-05 06:57:27 +02:00
Aevann1 57ffc26fc6 grammar + consistency 2022-12-05 06:56:05 +02:00
Aevann1 868fb1024f update carp's badge 2022-12-05 06:37:03 +02:00
Aevann f8aa67fb9a add button on profile to upload profile background (#48) 
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: rDrama/rDrama#48
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-05 04:16:45 +00:00
SneedBot ef4243f5c0 sneed 2022-12-05 04:12:09 +00:00
Aevann1 87573936e7 disable site background in profiles 2022-12-05 06:05:20 +02:00
Aevann1 aeeeabbfd7 fix margins 2022-12-05 05:43:24 +02:00
Aevann1 3971607aee fix agendapostered wall comments 2022-12-05 05:08:06 +02:00
Aevann1 13a208ee88 remove stray tabs and spaces 2022-12-05 05:03:10 +02:00
Aevann1 af3b028ca5 add links to individuals comments in walls + fix awards for wall comments 2022-12-05 05:01:50 +02:00
Aevann1 6cfe0fceb4 hide another broken button 2022-12-05 04:33:42 +02:00
Aevann1 29d1d08eb8 hide 2 broken buttons 2022-12-05 04:27:30 +02:00
Aevann1 e9f4f88f24 fix notifs for profile wall replies 2022-12-05 04:19:51 +02:00
Aevann1 d6a219c151 fix this https://rdrama.net/h/changelog/post/128866/changelog-added-profile-walls-profile-views/3186595?context=8#context 2022-12-05 04:11:13 +02:00
Aevann1 1e34625c1f fix editing wall comments 2022-12-05 04:08:24 +02:00
Aevann1 111832a7d2 fix 500 error 2022-12-05 04:04:14 +02:00
Aevann1 5473cb3084 add snus mentions 2022-12-05 04:01:55 +02:00
Aevann1 f2c4dc429a fix for MIMW_ID 2022-12-05 04:01:01 +02:00
Aevann1 bfb8eba832 dont do relationship query when not necessary 2022-12-05 03:59:31 +02:00
Aevann1 66aeb82823 add pings for MIMW 2022-12-05 03:57:24 +02:00
Aevann1 dbc64dc487 fix profile wall for logged-outcels 2022-12-05 03:53:09 +02:00
Aevann1 468fd5f5f4 add (((heymoon))) notifs 2022-12-05 03:40:51 +02:00
Aevann1 492c377e8e show "profile wall" above wall notifs 2022-12-05 03:37:44 +02:00
Aevann1 8d64804724 fix wrong username direct 2022-12-05 03:33:43 +02:00
Aevann1 5070cb4fc0 fix spam check 2022-12-05 03:31:21 +02:00
Snakes 2057c48ebd
Fix userpage walls for logged-out viewers. 2022-12-04 20:23:48 -05:00
Aevann1 14d343dcb3 dont change titles for chudded ppl posting on /h/chudrama 2022-12-05 03:21:47 +02:00
Snakes d976dcef7e
Update wall_comment for sanitize_poll_options. 2022-12-04 20:05:45 -05:00
Aevann1 cb4d941fd0
add profile wall 2022-12-04 20:05:45 -05:00
Aevann1 814552cdfe small fix for ppl with progstack=1 2022-12-05 02:45:02 +02:00
Aevann 5850bb26fa add custom backgrounds paypig feature to compensate for profile views (#44) 
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: rDrama/rDrama#44
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-05 00:02:29 +00:00
Aevann1 bae24fe92e add reload button to ioscels 2022-12-05 01:22:22 +02:00
Snakes be2b210df4
Remove superfluous #disablepoll command. 
Already resolved by 29070c78a9.
 2022-12-04 17:15:52 -05:00
justcool393 ed0981cbdb add functionality to disable poll formatting (#35) 
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#35
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
 2022-12-04 21:46:27 +00:00
Aevann1 892e35b1c3 splash mountain for PCM 2022-12-04 23:28:39 +02:00
Snakes 61dc9c47fd
Restore showing linkpost URLs in submission body. 2022-12-04 15:50:09 -05:00
justcool393 6e1509f2df admins: let mops who can mop posts see posts regardless of browser (#45) 
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#45
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
 2022-12-04 20:26:39 +00:00
Aevann1 c56ceaf668 allow me and sneks to see apple posts 2022-12-04 22:11:16 +02:00
Aevann1 e66234eb6a fix offsitementions 2022-12-04 21:48:28 +02:00
Aevann1 da643ea88b sneed 2022-12-04 21:30:33 +02:00
Aevann1 e0fd83c010 fix app.html if condition 2022-12-04 21:22:53 +02:00
Aevann 3eecec0a51 downloadable videos on apple devices (#42) 
![image](/attachments/bd1b3e1e-c0a9-4eee-9b1c-a03e1e8a8cbd)

Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Co-authored-by: Snakes <snakes@noreply.fsdfsd.net>
Reviewed-on: rDrama/rDrama#42
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-04 19:02:22 +00:00
Aevann e105035272 remove country club system and replace it with a 3 tier thing: (#41) 
- /h/masterbaiters: 1 TS - for gayops

- /h/countryclub: 1000 TS - for anything requiring secrecy and doesnt need critical mass - have to make it a rule that u cant post gayops in /h/countryclub

- /h/chudrama: 5000 TS - for chad+stud posts

EDIT: i removed the /h/masterbaiters gate, but u can bring it back if u want
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: rDrama/rDrama#41
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-04 18:39:06 +00:00
Aevann1 29070c78a9 fix this and related stuff https://stupidpol.site/h/programming/post/128394/advent-of-code-day-3-i/3182179?context=8#context 2022-12-04 17:53:41 +02:00
Aevann1 c0676e198c convert "var" to "let" and "const" 2022-12-04 17:40:32 +02:00
Aevann1 30405e1841 slur fix 2022-12-04 16:44:59 +02:00
Aevann1 15b5dfcb3a fix last commit 2022-12-04 03:39:39 +02:00
Aevann1 1bb80046f4 fix last commit 2022-12-04 03:39:09 +02:00
Aevann1 ed834225ae temp sidebar image 2022-12-04 03:38:04 +02:00
SneedBot 5d1599bc77 sneed 2022-12-04 01:36:15 +00:00
Aevann1 a565c36bff rename marseybye to marseywave3 2022-12-04 01:27:37 +02:00
Aevann1 36c69cca0a kofi - only change patron tier when its a supscription 2022-12-04 00:51:52 +02:00
Aevann1 1f675c61e5 minor regex fix for emojis 2022-12-04 00:26:05 +02:00
Aevann1 49263fdd86 Revert "stop using background css property and use its parts instead" 
This reverts commit e4e67a4424.
 2022-12-04 00:17:35 +02:00
SneedBot 5665bd9a96 sneed 2022-12-03 22:16:04 +00:00
Aevann1 e4e67a4424 stop using background css property and use its parts instead 2022-12-04 00:11:02 +02:00
Aevann1 a92737b85c re-add kylie slur filter 2022-12-04 00:01:24 +02:00
Aevann1 2deba4d623 "megathread" new sort 2022-12-04 00:01:08 +02:00
Aevann1 8d218c28e2 fix this https://stupidpol.site/h/programming/post/128511/nostalgia-post-heres-a-shitty-tictactoe/3179456?context=8#context 2022-12-03 22:09:12 +02:00
Aevann1 045cb629ae fix this https://stupidpol.site/h/programming/post/128513/its-another-shoah-soycry 2022-12-03 22:00:10 +02:00
Aevann1 0046e63bc7 boost /h/programming temporarily - revert at will 2022-12-03 21:56:27 +02:00
SneedBot 0659198745 sneed 2022-12-03 19:32:40 +00:00
Aevann1 a13311d72e sneed 2022-12-03 21:10:59 +02:00
Aevann1 5d3413377d sneed 2022-12-03 20:57:44 +02:00
Aevann1 a193952c5e fix this https://stupidpol.site/h/slackernews/post/128394/advent-of-code-day-3-i/3177263?context=8#context 2022-12-03 10:02:26 +02:00
Aevann1 407dcb1282 same as last commit 2022-12-03 07:39:58 +02:00
Aevann1 f28ae7cca1 refresh comment textarea on edit - fixes edge case 2022-12-03 07:27:47 +02:00