* make HTML body length a constant and use it
* abort before uploads and other tasks if comment level is too deep
* what a nightmare of two functions, please do better next time
* only attempt to parse HTML content types for titles
also don't try to get submission titles for .gifv, .tif, .tiff
* ratelimit to 3 per minute instead of 6 minutes
no one will ever need more than 3 requests to this endpoint per minute - justcool393
6 per minute is already kinda a lot for this endpoint, i think aggressively ratelimiting this one is fine, especially since it's a minute ratelimit
* Add new /casino route and template
* Consolidate lottery into casino and add initial template for slots
* Change /lottery route to /casino and replace icon with usd symbol and change sitewide const to reflect change
* Hook up new slots method to casino
* Enable Marseybux spending in casino slots
* Add UI for playing blackjack in casino
* First connection of blackjack UI to backend
* Add protective clause thanks to help from carpathianflorist.
* Create new Casino_Game relation and persist inside of blackjack
* Connect new slots behavior to Casino_Game table
* Create UI action management logic
* Add blackjack game status checker which adds persistence for blackjack
* Gonna handle this better, hold on
* Reorganize blackjack helper methods
* Reorganize casino.js to account for new changes
* Connect up to frontend
* Little changes ya know
* Display a message when winning in Blackjack
* Fix some issues with double down and insure
* Revert "remove owoify-py from requirements"
This reverts commit 4454648ea2.
* A little casino styling change
* Reorganize into a casino block
* Smallenize the card'
* Remove references to old game data on comments
* Add sql migration file
* Remove logic to drop old columns
* Fix two forgotten conflicts
sub.marsey_url was returning false because the submit.html template,
which then includes header.html, was passed an SQLAlchemy Row instance,
not a files.classes.sub.Sub instance. This worked alright because both
the header and the submit page only accessed the name field; however,
accessing the marsey_url property (rather than the marseyurl column
field) failed because of it.
Requested by multiple jannies. Rough timeline, as I understand it:
- Circa 7mo ago, this logic was originally added for threads with
'megathread' in the title.
- Some time later, a checkbox on submission which sets the flag
Submission.new does the same thing.
- In af680d8a94, change the check from 'megathread' to 'thread'.
There must've been some reason for the change of substring checked.
However, it routinely causes issues for the admins and confuses
users. Solution has been to retroactively update posts that currently
rely on the 'megathread' in title behavior to use the `new` flag and
to remove the logic going forward.
Yes, it has been possible for any user to edit any post on the site,
their own or otherwise. Only have to generate the POST /edit_post/
manually: an example exploit was created and tested successfully
prior to patching. However, abuse of this vulnerability would have
generated edit_post modlog entries, the lack of which on prod suggest
it was not abused that we know of -- Lord knows how.
- Search: posts by shadowed user.
- Search: shadowed users in search for users.
- Direct links to shadowed user posts display as removed.
- Other users' profile comments listings hide comments on shadowed
posts. Users can still see their own comments on shadowed posts.
Similar to ghosted comment logic.
Implemented for LGB but can likely be used for WPD and other future
sites. Similar to a reddit post flair. Provides:
- Admin panel for Category management.
- Category selection on post submission.
- 'Recategorize' post action.