Commit Graph

17618 Commits (b8eb4384d60f93f0a1c9524b96c6e1cdecb100f6)

Author SHA1 Message Date
Aevann1 b8eb4384d6 fix midnight theme 2022-12-07 20:56:09 +02:00
Aevann1 bd3f0fcc84 fix 500 error 2022-12-07 19:57:56 +02:00
SneedBot 1b1d997415 sneed 2022-12-07 17:54:10 +00:00
Aevann1 93063516ce tie transparent theme to backgrounds 2022-12-07 19:53:29 +02:00
Aevann1 75bd617c47 all wpd jannies to grant/remove y'all seeing eye badge 2022-12-07 19:15:53 +02:00
Aevann1 124a86643d fix markdown preview for polls 2022-12-07 19:12:56 +02:00
mummified-corroding-granny 7a5750a408 Uniformization of verbiage. Purge every dot (#54)
As one would expect, pointless to have a dot at the end of the subject of a very important message (dot)
Were it not for the extraneous dot, the legitimacy of the message would still be in question due to its lack of verbiage uniformization. The verbiage is "verify" everywhere else except for some parts of the code itself. This is egregious. With this single-commit pull request, we erradicate the last of "Validate".

Co-authored-by: mmadeira <marcos_madeira@outlook.com>
Reviewed-on: rDrama/rDrama#54
Co-authored-by: mummified-corroding-granny <mummified-corroding-granny@noreply.fsdfsd.net>
Co-committed-by: mummified-corroding-granny <mummified-corroding-granny@noreply.fsdfsd.net>
2022-12-07 16:54:18 +00:00
Aevann 81267ef1c6 do this https://stupidpol.site/h/countryclub/post/79285/tired-of-some-cute-twink-jannies/3194721?context=8#context (#53)
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: rDrama/rDrama#53
2022-12-07 16:51:51 +00:00
Aevann1 e8f9d39bcf discussion -> wall 2022-12-07 11:04:22 +02:00
Aevann1 fee6e7150b same as last commit 2022-12-07 11:03:02 +02:00
Aevann1 e4b102873d in jinja, convert some + instances to ~ 2022-12-07 10:59:40 +02:00
Aevann1 d01b5dfd9f add "view entire discussion" to profile walls 2022-12-07 10:55:47 +02:00
Aevann1 4634b45212 fix profile wall push notif titles 2022-12-07 10:48:06 +02:00
Aevann1 1a4600bd95 imagemagick is really cringe 2022-12-07 10:42:23 +02:00
Aevann1 5d2dbee95e increase MAX_IMAGE_CONVERSION_TIMEOUT from 15 to 30 2022-12-07 10:30:11 +02:00
Aevann1 ab51e97e09 better error message 2022-12-07 10:28:01 +02:00
Aevann1 d781c853f8 force transparent theme on userprofiles with a profile background 2022-12-07 10:23:03 +02:00
Aevann1 a3f1b85e16 fix this https://stupidpol.site/h/programming/post/129189/advent-of-code-day-6/3195992?context=8#context 2022-12-07 09:58:46 +02:00
SneedBot 8e964d5b68 sneed 2022-12-07 07:54:23 +00:00
Aevann1 7d6b5862e4 uncomment commented line lol 2022-12-07 09:53:46 +02:00
Aevann1 3f6d2be5f6 fix chat in midnight theme 2022-12-07 09:52:54 +02:00
Aevann1 14aaed820c boost scrd.app 2022-12-07 09:36:56 +02:00
Aevann1 55125cf217 remove padding 2022-12-07 08:21:13 +02:00
Aevann1 5e87e53335 make poll limit 20 on rdrama and 30 on wpd 2022-12-07 07:30:03 +02:00
SneedBot 17696b5ca2 sneed 2022-12-06 22:09:50 +00:00
justcool393 6dbad04f08 band-aid fix for frozen session issue on signup (#50)
through some reason or another, people are somehow getting cookies that aren't prepended with a dot.

this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.

~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~

~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~

~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~

**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 22:07:12 +00:00
justcool393 c12bf5105f WPD: remove poll limit (#51)
by request of the wpd mops

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#51
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 18:24:41 +00:00
Snakes 9160a853ec
Remove !YOU!.
Security mess and stale joke.
2022-12-05 20:06:04 -05:00
Snakes fe5ffd1bcf
security: sanitize !YOU! in <a href="">.
Unlike the recent auto-embed exploits which have been patched, this
requires active user action. However our userbase, like all userbases,
contains quite a few retards and phoneposters who don't check links
before clicking.

Example exploit:

    <a href="https://example.com/log?username=!YOU!">Bardfinn Dox</a>
2022-12-05 19:05:02 -05:00
Snakes 616634158c
Narrow approved_embed_hosts for security.
Probably will break some peoples' profilecss and irritate the
newsposters, but in light of recent live proven exploits to disclose
user IP & username pairs to remote servers, the broad list of embed
hosts was unsustainable and impossible to prove safe.

We extend is_safe_url to allow whitelisting subdomains, specifically
to solve the s.lain.la open redirect exploit. Also, open media proxies
like external-content.duckduckgo.com were concerning enough, despite
likely being safe, to warrant removal. Anything infrequently used and
difficult to review, or has a reasonable alternative, was also removed.

In general: we want people to be rehosting, and if we want to allow
more external content, we need to run a media proxy. The central issue
is that any user-configurable 302 is a potential disclosure risk, and
Lord knows how many ways there were to get <arbitrarynewssite>.com to
do so. Maybe zero, but the problem is we just don't know.
2022-12-05 18:57:35 -05:00
float-trip bca9aff068 Disallow !YOU! in URLs. (#49)
!YOU! + an escape for `approved_embed_hosts` could let you grab the IP and username of everyone who views your comment

https://rdrama.net/post/129053/you-callout-thread/3191218?context=8#context

lain.la has a URL shortener that also works to get around embed hosts, fwiw

Co-authored-by: float trip <float-trip@rdrama.net>
Reviewed-on: rDrama/rDrama#49
Co-authored-by: float-trip <float-trip@noreply.fsdfsd.net>
Co-committed-by: float-trip <float-trip@noreply.fsdfsd.net>
2022-12-05 21:20:59 +00:00
Aevann1 b5b3b9dcc3 fix pin awards 2022-12-05 18:01:13 +02:00
Aevann1 ede58dd886 fix margins 2022-12-05 17:23:41 +02:00
Aevann1 8101e7d91b fix 500 errors 2022-12-05 17:16:11 +02:00
Aevann1 15088e5eef add button to remove current profile background 2022-12-05 17:14:53 +02:00
Aevann1 84ec5f5b46 truncate unnecessary logic 2022-12-05 17:10:15 +02:00
Aevann1 847385ad87 fix https://stupidpol.site/h/changelog/post/128866/changelog-added-profile-walls-profile-views/3188365?context=8#context 2022-12-05 16:51:50 +02:00
SneedBot 4ddbd0117f sneed 2022-12-05 14:38:36 +00:00
Aevann1 2b7f7cef1b fix marking read from push notifs 2022-12-05 16:38:24 +02:00
Aevann1 99c12a74ad only show "upload profile background" if user on desktop or uses transparent theme to prevent confusion 2022-12-05 16:30:55 +02:00
Aevann1 ab7144d94a Revert "only show "upload profile background" if user on desktop or uses transparent theme"
This reverts commit 7b0de3e79d.
2022-12-05 16:25:39 +02:00
SneedBot 8d9c7fe635 sneed 2022-12-05 14:22:33 +00:00
Aevann1 7b0de3e79d only show "upload profile background" if user on desktop or uses transparent theme 2022-12-05 16:22:19 +02:00
Aevann1 7f1de57ffe minor log fix 2022-12-05 16:06:11 +02:00
Aevann1 159cb52e46 add looksmax.org to BOOSTED_SITES 2022-12-05 15:59:01 +02:00
Aevann1 4583c3d4eb cosmetic changes 2022-12-05 08:46:04 +02:00
Aevann1 67136ec707 minor style change 2022-12-05 08:23:42 +02:00
Aevann1 c0169d0dab fix voting on profile wall 2022-12-05 08:18:37 +02:00
Aevann1 1fead79a86 fix 2022-12-05 08:15:13 +02:00
Aevann1 9dacb7c307 add teamblind.com to boosted sites 2022-12-05 08:13:11 +02:00