Per https://rdrama.net/post/70341/-/1976650 added more gTLDs that
are actually desired by site users.
Also, hard wrapped the `TLDS` and `allowed_tags` tuple-lists at a
100char hard ruler for my sanity.
The confetti button in the awardModal had a conflicting ID to the
newly-reimplemented confetti award. This resulted in an amusing bug
where the awardModal was filled with confetti. Conflict has been
resolved by renaming the confetti overlay.
This is what I deserve for writing code at 3AM.
To replace the implementation of the confetti award, we now use an
animated WebP tiled as a background image on a fixed overlay. This
should alleviate the previous performance concerns (no runtime
calculation of confetti mechanics & rendering) and maintainable
concerns.
Fixes https://rdrama.net/post/18459/-/1969386
The appropriate internal links--viz. profile, settings, changelogs,
bug reporting, discord, archives, and contact--in the header menu
respect the User.newtab setting to open internal links in new tabs.
Removes temporary changes for the Birthgay 2022 event, ending
approximately at 2022-05-23 0600Z. Changes:
- Double XP disabled.
- Lootboxes disabled.
- Three event awards given real descriptions and colors.
- Partyhats: restored to cakeday-only condition and tooltip.
- Header UI: balloons removed, text visibility outline removed,
journoid banner reverted, marseyjam as header icon.
- Birthgay banners: removed from template, moved to new storage dir.
Confetti, though remaining as a permanent award, has been temporarily
removed pending a less performance-intensive implementation and one
that doesn't require maintaining a third-party package in the codebase.
Recently, caa81452f4 relaxed the condition for Snappy pinning a post
from `body.startswith(':#marseypin:')` to the same sans trailing colon.
I believe this was intended to allow :marseypin2: to also lead to post
pinning. However, the amusing, though incorrect, side effect is that
:marseypinkcat: and :marseypinochet: can now also lead to Snappy pins.
This has been remedied by explicitly defining the two conditions we
want rather than hoping all :marseypin [sic] are about pinning.
cb1bb4e43b40: Server cleaned out schema.sql for some reason and
it was autocommitted by the sneed cron. This is why the tests fail.
2737a6ca479b: Originally pulled from themotte/rDrama @ 309bf44f12ba.
In light of the fact this is breaking comment previews right now and
the actual XSS threat is unclear, given we sanitize serverside,
this is reverted until I find time to look at it.
Comments of the style e.g. "@TLSM / @TLSM2" would mistakenly be
`sanitize`d to have identical links only on "@TLSM", the latter
instance having a dangling 2 on the end. It seems this is purely an
issue with text formatting; alerts.py @ NOTIF_USERS had no such
issues. The root cause appears to be partly an optimization and
partly the use of str.replace without a count limit.
The award modal note field had a maxLength of 200 characters.
This was retained when repurposing the field for the new flair to be
applied by a flairlock award. However, flairs have a maxLength of 100
characters. award_modal.js now makes this clearer in the UI by
changing the maxLength of note when a flairlock award is picked.
The shop discount from Big Spender badges was incorrectly implemented:
intended behavior was for 2pp per badge. However, the values in
const.py were set as if a user could only have one Spender badge at
once, while user.py @ discount was implemented as if they were
additive. Since users factually do have multiple big spender badges,
the values in const were adjusted to reflect this fact.
Also, lootbox Roller badges now each offer a 1pp discount.
users.py @ discount was improved to check against the `discounts`
keys for appropriate badges, rather than a hardcoded list.
Very strange bug, and I hope this fixes it. User popovers, e.g. on
comments pages when names are clicked, spontaneously stopped working
on my local instance. This parallels occasional reports from others
that their popovers stop working for seemingly no reason.
The primary symptom appeared to be in comments+submission_listing.js
@ popclick(...), which became unable to find any `.popover` elements
in the document, resulting in a console error. Running `bs_trigger(
document)` manually in console after page load always fixed this.
As such, I am assuming this is (hopefully) a timing bug from the
bs_trigger call in header.js running before document ready. The call
now runs on a standard document ready callback boilerplate.
May God have mercy on our souls if this doesn't fix it.
I discovered that running `bs_trigger(document)`
Double XP now has a constant for unixtime to start. Logic around
DXP is designed to only apply to votes made after DOUBLE_XP_ENABLED.
This prevents an exploit in the old implementation where spam voting/
unvoting a post made prior to the DXP start could farm 300 DC/hr/alt.
Also it's more maintainable and comports with the coin_delta changes
to prevent self-vote coin changes.
Re-enable lootboxes in const.py, and update their contents in
awards.py. Additionally, improve appearance in shop.
Upon purchasing a lootbox, users now receive a message informing
them of the contents thereof.
Lootbox backend now properly uses CARP_ID (and checks for the
existence thereof correctly).
Also, minor changes to how const.py whitelists awards.
Modlog only had ModAction.age_string visible. However, we sometimes
need to know the exact time an action was taken.
Adds `created_string` to ModAction, and exposes that to log.html.
The COUNT(*) performance optimization in b71ae6cc74 was a bit
overzealous and wound up breaking four fields in /stats intended to
count distinct users who performed certain activities. These fields
were returned to their original implementation.
* ditched the log search in favor of the polynomial search otherwise poor carp can't search for xis boyfriend marseysamhyde querying "hyde" and instead of properly tag it ["sam", "hyde"] I had to ditch the search alg made in the image of G-d
* le new line
* anton-d on all dramaverse
* Switch to marsey.cat for Snappy /u/.
camas is down, replacing it with search.marsey.cat.
Note that when looking for existing Snappy comments to test against,
it appears that something else with Snappy generation is broken.
Ex: /post/66263/-/1876803 puts an entire post URL in the author field.
This commit makes no attempt to fix this. TODO for later.
* Fix Snappy body /u/ extracting author from post URL.
Following up on 1137996f0fe7:
Issue was that author was being extracted from post.url, not href.
Given that the relevant code section is specifically for /u/s in the
body text of the submission, this was a problem.
Made the logic of the recent admig upload thread fixes (arguably)
more Pythonic, or at least less verbose.
Also, the banners path was replaced with a duplicate of the sidebars
path during the copypasta. This has been remedied.
Chose to split text into lines because Python regex supports neither
variable-width nor infinite-width negative lookbehinds. This precludes
a simple pure regex solution. Since all replacements are done at the
word level, this has no obvious ill effects.
Adds a line in admin_home which displays the currently active git
revision. Current methodology is via manually parsing files in .git.
Consider revising if the application ever has access to `git` shell,
which would obviate some minor security concerns around directory
traversal attacks.