MarseyWorld

History

Snakes 12d7cfaa6c Verify admin level before editing others' posts. Yes, it has been possible for any user to edit any post on the site, their own or otherwise. Only have to generate the POST /edit_post/ manually: an example exploit was created and tested successfully prior to patching. However, abuse of this vulnerability would have generated edit_post modlog entries, the lack of which on prod suggest it was not abused that we know of -- Lord knows how.		2022-08-11 20:12:35 -04:00
..
__init__.py	notifications rework	2022-07-08 20:06:54 +02:00
admin.py	Merge branch 'frost' of https://github.com/Aevann1/rDrama into frost	2022-08-11 06:05:26 +02:00
awards.py	mod action notifs rework	2022-08-05 23:50:30 +02:00
chat.py	replace "request.host" with "SITE"	2022-07-13 20:14:37 +02:00
comments.py	simplify comment spam detection	2022-08-11 12:28:45 +02:00
discord.py	change WPD server	2022-08-06 21:17:08 +02:00
errors.py	sneed	2022-08-04 22:33:22 +02:00
feeds.py	uncomment rss feed	2022-07-08 18:21:20 +02:00
front.py	sneed	2022-08-11 07:13:52 +02:00
giphy.py	move all env-getting to .const	2022-07-08 18:21:13 +02:00
login.py	murder deuxrama.net	2022-08-11 18:46:11 +02:00
lottery.py	catch invalid ticket quantity 500 error	2022-06-13 20:34:57 +02:00
notifications.py	fix previous commit	2022-08-06 00:02:41 +02:00
oauth.py	reserve app management to JL3	2022-08-05 20:45:43 +02:00
polls.py	make some function names shorter	2022-08-11 06:05:23 +02:00
posts.py	Verify admin level before editing others' posts.	2022-08-11 20:12:35 -04:00
reporting.py	make some function names shorter	2022-08-11 06:05:23 +02:00
search.py	Hide shadowed user content in more contexts.	2022-08-08 18:21:59 -04:00
settings.py	delete reddit.css	2022-08-06 00:53:38 +02:00
static.py	murder deuxrama.net	2022-08-11 18:46:11 +02:00
subs.py	notify chadmins of new holes	2022-08-11 15:25:56 +02:00
users.py	fix id links for loggedout users	2022-08-11 15:00:04 +02:00
votes.py	make some function names shorter	2022-08-11 06:05:23 +02:00