Commit Graph

5345 Commits (adecacf9c72445092a672e475cbb9164d78fac7f)

Author SHA1 Message Date
Aevann1 15c7add942 fix bug 2022-11-26 22:54:17 +02:00
justcool393 19b73f8e7e api: fix some missing imports 2022-11-26 14:46:49 -06:00
justcool393 e1f785c370 Merge branch 'docs' into 'master' 2022-11-26 14:40:32 -06:00
justcool393 ae50cc2772 const: rename constants from LIMIT to MINIMUM
the new name is much much clearer
2022-11-26 14:20:44 -06:00
Aevann1 bb153e541d Revert "you posts: constantify truescore requirement"
This reverts commit 1b721126a2.
2022-11-26 22:09:07 +02:00
justcool393 1b721126a2 you posts: constantify truescore requirement 2022-11-26 13:39:31 -06:00
Aevann1 d624dbe2de fix this https://rdrama.net/post/125682 2022-11-26 08:11:00 +02:00
Aevann1 8a80616f84 insanely ghetto solution to long back-and-forth chains in notifs 2022-11-26 07:52:37 +02:00
Aevann1 4eb66e5802 fix login redir bug 2022-11-26 07:38:59 +02:00
Aevann1 a641acaf8f use sets instead of lists in some statements 2022-11-26 06:52:47 +02:00
Nekobit f59f641331
Merge branch 'docs' of fsdfsd.net:nekobit/rDrama into docs 2022-11-25 23:31:49 -05:00
Nekobit dea8c3f7e3
docs: Remove unneccesary imports; @auth_desired 2022-11-25 23:30:49 -05:00
Aevann1 b3c47f5598 tell ppl how much Truescore they need to see /h/chudrama 2022-11-26 06:22:09 +02:00
Aevann1 bcbf524fbe make sure stickied child comments are always at the top place they can be 2022-11-26 06:01:20 +02:00
justcool393 cfffbc61a0 the request is prolly boned anyway, let's help friends help me :) 2022-11-25 20:57:24 -06:00
justcool393 992e4a0d1c don't want to crash on our precious logging code 2022-11-25 20:22:55 -06:00
justcool393 ba6e4721d3 calc users: log so we can find the root of this problem 2022-11-25 20:21:38 -06:00
justcool393 46204ea223 ranking: be site specific when boosting users or excluding users from boosts
otherwise we may unintentionally rank for the wrong users (since we're using literal IDs)
2022-11-25 20:04:09 -06:00
Aevann1 5523747c3a fix 500 error 2022-11-26 04:02:41 +02:00
Aevann1 bf72234873 remove SITE url from badge urls to make them relative in the event of a future domain change 2022-11-26 03:45:20 +02:00
Aevann1 e96274308a sneed 2022-11-26 03:31:17 +02:00
justcool393 35b1532bb4 admin: remove meme admin vestige 2022-11-25 19:15:39 -06:00
Aevann1 5e2f449df7 fix prev commit lol 2022-11-26 01:52:39 +02:00
Aevann1 c470cb7516 make shit award not give DC 2022-11-26 01:50:25 +02:00
Aevann1 642d19b861 move ratelimit_user after auth 2022-11-26 01:37:04 +02:00
Aevann1 bf4031c832 remove annoying excalmation sign in notifs 2022-11-26 01:18:24 +02:00
Nekobit 2e1d2cb774 Merge branch 'master' into docs 2022-11-25 22:27:15 +00:00
justcool393 7e403469cd polls: constantify max poll options 2022-11-25 16:12:25 -06:00
justcool393 f86d351ac4 fix saved subscribers stuff 2022-11-25 16:06:18 -06:00
Aevann1 e4b521a63f limit polls to 10 options to prevent spam 2022-11-25 23:33:38 +02:00
Aevann1 2938f930fd make me not see modmail, if its important the other jannies will tell me 2022-11-25 22:56:11 +02:00
Nekobit af4411b0d7
Documentation page 2022-11-25 15:36:29 -05:00
justcool393 0356c589a4 api: don't hit calc_users if this is the API
sometimes we render HTML where we probably... shouldn't. in most cases
this is fine, but if API clients hit it it can errenously set
2022-11-25 14:31:07 -06:00
justcool393 23505c68b3 errors: use abort for sign up errors 2022-11-25 12:27:18 -06:00
justcool393 816389cf28 security: fix DoS on title getter
the `timeout` parameter only applies to seconds per *byte* received (and time to first
byte), not the entire request

this means an attacker could theoretically send a very... slow...
stream... of... bytes... and... crash... the... worker... when... the...
timeout... is... reached...
2022-11-25 07:10:05 -06:00
Snakes af7df7f62d
Ensure all entry points get sessions.
Somewhat speculative, but the change in f62a9769fd, while fixing
certain errors where logged-out users sometimes didn't have sessions
come calc_users, also opened the possibility of certain request
sequences that wouldn't give a user a session.

In the interest of conservatism, we create a session if not exists
in both the new location in calc_users and the previous spot in
before_request.
2022-11-22 18:37:55 -05:00
Aevann1 755cfbf335 temp fix to shitting up console 2022-11-23 00:23:04 +02:00
Aevann1 9e89166e2f restore reload icon for legacy app users 2022-11-22 23:34:33 +02:00
Aevann1 e198102383 repurpose "upvoted" to "voted" 2022-11-22 23:28:30 +02:00
Aevann1 4640abed4b remove hole nerf 2022-11-22 22:25:48 +02:00
justcool393 6acd896967 sbs: since propagation isn't optional anyway, let's propagate on a ban to get their alts 2022-11-22 09:51:44 -06:00
Aevann1 0b1f166211 remove "alts" checkbox for shadowbanning since shadowbans propagate anway via check_for_alts() 2022-11-22 17:44:16 +02:00
justcool393 b0ff8916a5
win loss stats to casino games (#475)
* casino: add stats to casino

* casino: stats should target the right thing
casino: properly style

* pluralize properly

* refactor casino leaderboards :marseytroublemarker:

* fsfsdsd

* fsdsdsdsd

* i'm r-slurred

* -
2022-11-22 07:11:01 -08:00
justcool393 007e41e7d0 security: validate YouTube link IDs 2022-11-22 06:13:44 -06:00
Snakes 9eab252e5b
Fix reply/mention notifications from muted users.
Consider the case of the current /notifications filter condition:
    WHERE ... NOT ((comments.sentto = 2) AND (users.is_muted))

SELECT 1 WHERE NOT ((null = 2) AND (true)); ⇒ 0 rows
SELECT 1 WHERE NOT ((1 = 2) AND (true)); ⇒ 1 row
SELECT 1 WHERE NOT ((2 = 2) AND (true)); ⇒ 0 rows

We want the first expression, where comments.sentto = null, to evaluate
to false, not to null, so it negates to true. Behavior as written is:

SELECT 1 WHERE NOT ((null = 2) AND (true)); →
SELECT 1 WHERE NOT (null AND true); →
SELECT 1 WHERE NOT null; →
SELECT 1 WHERE null;

Which guarantees a null return set. If we check first for non-nullity:

SELECT 1 WHERE NOT ((null IS NOT null) AND (null = 2) AND (true)); ⇒ 1
SELECT 1 WHERE NOT ((1 IS NOT null) AND (1 = 2) AND (true)); ⇒ 1
SELECT 1 WHERE NOT ((2 IS NOT null) AND (2 = 2) AND (true)); ⇒ 0
2022-11-21 23:08:31 -05:00
justcool393 272e2ee936
sneed (rename procoins to marseybux) (#472)
* sneed (rename procoins to marseybux)

* literally unusable

Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-21 18:08:29 -05:00
Aevann1 f272989735 Revert "stop adding target="_blank" in the backend and move it to the frontend (to accomodate PWA users) - THANK YOU GEESE I LOVE YOU SO MUCH (#473)"
This reverts commit 88f3cd519d.
2022-11-21 19:37:38 +02:00
Aevann1 0d6b26d404 sneed 2022-11-21 19:09:04 +02:00
Aevann1 2f31fdfdd7 Revert "remove User.newtab and see if anyone complains"
This reverts commit 787c89961f.
2022-11-21 18:55:13 +02:00
justcool393 79b2b5cff8 cookies: set SameSite Lax to get rid of annoying console warning 2022-11-21 09:36:34 -06:00