Commit Graph

2635 Commits (07eb8bdebc9f8e2feca91fba4e4e1538f21922d8)

Author SHA1 Message Date
Snakes 25b5675ac4
Amend PR 52, 53: standardize style, basedbot bug 2022-12-08 22:48:40 -05:00
justcool393 f848f68799 walls: remove duplication among routes/templates (#52)
removes a bunch of duplicated code in commenting and userpages

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#52
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-09 03:35:28 +00:00
Aevann1 b89f9103d3 the advent of fixing codeblocks 2022-12-08 15:02:51 +02:00
Aevann1 5d11c820f7 remove an estoric profanity filter 2022-12-08 07:22:46 +02:00
Snakes 05691b980d
PCM: Christmas lottery hyperinflation (by request). 2022-12-07 19:50:44 -05:00
Aevann1 9f8d2fc8a0 increase max size for site assets from 500kb to 1MB 2022-12-07 22:53:52 +02:00
Aevann1 f95f4f2c97 simplify badge granting/removal 2022-12-07 21:03:06 +02:00
Aevann1 93063516ce tie transparent theme to backgrounds 2022-12-07 19:53:29 +02:00
Aevann1 75bd617c47 all wpd jannies to grant/remove y'all seeing eye badge 2022-12-07 19:15:53 +02:00
mummified-corroding-granny 7a5750a408 Uniformization of verbiage. Purge every dot (#54)
As one would expect, pointless to have a dot at the end of the subject of a very important message (dot)
Were it not for the extraneous dot, the legitimacy of the message would still be in question due to its lack of verbiage uniformization. The verbiage is "verify" everywhere else except for some parts of the code itself. This is egregious. With this single-commit pull request, we erradicate the last of "Validate".

Co-authored-by: mmadeira <marcos_madeira@outlook.com>
Reviewed-on: rDrama/rDrama#54
Co-authored-by: mummified-corroding-granny <mummified-corroding-granny@noreply.fsdfsd.net>
Co-committed-by: mummified-corroding-granny <mummified-corroding-granny@noreply.fsdfsd.net>
2022-12-07 16:54:18 +00:00
Aevann 81267ef1c6 do this https://stupidpol.site/h/countryclub/post/79285/tired-of-some-cute-twink-jannies/3194721?context=8#context (#53)
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: rDrama/rDrama#53
2022-12-07 16:51:51 +00:00
Aevann1 1a4600bd95 imagemagick is really cringe 2022-12-07 10:42:23 +02:00
Aevann1 5d2dbee95e increase MAX_IMAGE_CONVERSION_TIMEOUT from 15 to 30 2022-12-07 10:30:11 +02:00
Aevann1 ab51e97e09 better error message 2022-12-07 10:28:01 +02:00
Aevann1 a3f1b85e16 fix this https://stupidpol.site/h/programming/post/129189/advent-of-code-day-6/3195992?context=8#context 2022-12-07 09:58:46 +02:00
Aevann1 14aaed820c boost scrd.app 2022-12-07 09:36:56 +02:00
Aevann1 5e87e53335 make poll limit 20 on rdrama and 30 on wpd 2022-12-07 07:30:03 +02:00
justcool393 6dbad04f08 band-aid fix for frozen session issue on signup (#50)
through some reason or another, people are somehow getting cookies that aren't prepended with a dot.

this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.

~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~

~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~

~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~

**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 22:07:12 +00:00
justcool393 c12bf5105f WPD: remove poll limit (#51)
by request of the wpd mops

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#51
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 18:24:41 +00:00
Snakes 9160a853ec
Remove !YOU!.
Security mess and stale joke.
2022-12-05 20:06:04 -05:00
Snakes fe5ffd1bcf
security: sanitize !YOU! in <a href="">.
Unlike the recent auto-embed exploits which have been patched, this
requires active user action. However our userbase, like all userbases,
contains quite a few retards and phoneposters who don't check links
before clicking.

Example exploit:

    <a href="https://example.com/log?username=!YOU!">Bardfinn Dox</a>
2022-12-05 19:05:02 -05:00
Snakes 616634158c
Narrow approved_embed_hosts for security.
Probably will break some peoples' profilecss and irritate the
newsposters, but in light of recent live proven exploits to disclose
user IP & username pairs to remote servers, the broad list of embed
hosts was unsustainable and impossible to prove safe.

We extend is_safe_url to allow whitelisting subdomains, specifically
to solve the s.lain.la open redirect exploit. Also, open media proxies
like external-content.duckduckgo.com were concerning enough, despite
likely being safe, to warrant removal. Anything infrequently used and
difficult to review, or has a reasonable alternative, was also removed.

In general: we want people to be rehosting, and if we want to allow
more external content, we need to run a media proxy. The central issue
is that any user-configurable 302 is a potential disclosure risk, and
Lord knows how many ways there were to get <arbitrarynewssite>.com to
do so. Maybe zero, but the problem is we just don't know.
2022-12-05 18:57:35 -05:00
float-trip bca9aff068 Disallow !YOU! in URLs. (#49)
!YOU! + an escape for `approved_embed_hosts` could let you grab the IP and username of everyone who views your comment

https://rdrama.net/post/129053/you-callout-thread/3191218?context=8#context

lain.la has a URL shortener that also works to get around embed hosts, fwiw

Co-authored-by: float trip <float-trip@rdrama.net>
Reviewed-on: rDrama/rDrama#49
Co-authored-by: float-trip <float-trip@noreply.fsdfsd.net>
Co-committed-by: float-trip <float-trip@noreply.fsdfsd.net>
2022-12-05 21:20:59 +00:00
Aevann1 159cb52e46 add looksmax.org to BOOSTED_SITES 2022-12-05 15:59:01 +02:00
Aevann1 9dacb7c307 add teamblind.com to boosted sites 2022-12-05 08:13:11 +02:00
Aevann 18df70caab allow JL3 to edit rules (#39)
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: rDrama/rDrama#39
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
2022-12-05 05:22:08 +00:00
Aevann1 5473cb3084 add snus mentions 2022-12-05 04:01:55 +02:00
Aevann1 f2c4dc429a fix for MIMW_ID 2022-12-05 04:01:01 +02:00
Aevann1 66aeb82823 add pings for MIMW 2022-12-05 03:57:24 +02:00
Aevann1 468fd5f5f4 add (((heymoon))) notifs 2022-12-05 03:40:51 +02:00
Snakes be2b210df4
Remove superfluous #disablepoll command.
Already resolved by 29070c78a9.
2022-12-04 17:15:52 -05:00
justcool393 ed0981cbdb add functionality to disable poll formatting (#35)
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#35
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-04 21:46:27 +00:00
Aevann1 892e35b1c3 splash mountain for PCM 2022-12-04 23:28:39 +02:00
Aevann1 e66234eb6a fix offsitementions 2022-12-04 21:48:28 +02:00
Aevann1 da643ea88b sneed 2022-12-04 21:30:33 +02:00
Aevann e105035272 remove country club system and replace it with a 3 tier thing: (#41)
- /h/masterbaiters: 1 TS - for gayops

- /h/countryclub: 1000 TS - for anything requiring secrecy and doesnt need critical mass - have to make it a rule that u cant post gayops in /h/countryclub

- /h/chudrama: 5000 TS - for chad+stud posts

EDIT: i removed the /h/masterbaiters gate, but u can bring it back if u want
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: rDrama/rDrama#41
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
2022-12-04 18:39:06 +00:00
Aevann1 29070c78a9 fix this and related stuff https://stupidpol.site/h/programming/post/128394/advent-of-code-day-3-i/3182179?context=8#context 2022-12-04 17:53:41 +02:00
Aevann1 30405e1841 slur fix 2022-12-04 16:44:59 +02:00
Aevann1 1f675c61e5 minor regex fix for emojis 2022-12-04 00:26:05 +02:00
Aevann1 a92737b85c re-add kylie slur filter 2022-12-04 00:01:24 +02:00
Aevann1 8d218c28e2 fix this https://stupidpol.site/h/programming/post/128511/nostalgia-post-heres-a-shitty-tictactoe/3179456?context=8#context 2022-12-03 22:09:12 +02:00
Aevann1 0046e63bc7 boost /h/programming temporarily - revert at will 2022-12-03 21:56:27 +02:00
Aevann1 a13311d72e sneed 2022-12-03 21:10:59 +02:00
Aevann1 a193952c5e fix this https://stupidpol.site/h/slackernews/post/128394/advent-of-code-day-3-i/3177263?context=8#context 2022-12-03 10:02:26 +02:00
Aevann1 3907a2f25f make the gevent sequential 2022-12-03 01:25:48 +02:00
Snakes 9b09181e28
Dispatch push notifications using greenlets. 2022-12-02 18:15:58 -05:00
Snakes d79465517d
Rename siege log filename. 2022-12-02 17:50:48 -05:00
Aevann1 9947e635ab make supportjews.webp an image instead 2022-12-03 00:32:51 +02:00
Aevann1 6248042e46 add supportjews emoji and use it in chud message 2022-12-03 00:22:18 +02:00
Aevann 5c2dab73c7 stop using pusher (#37)
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: rDrama/rDrama#37
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
2022-12-02 22:21:18 +00:00