rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity
22,003 Commits
1 Branch
0 Tags
2.5 GiB
Commit Graph

2665 Commits (c10c00473a9bde245a8937a52f4107ba7713c168)

Author SHA1 Message Date
Snakes fe5ffd1bcf
security: sanitize !YOU! in <a href="">. 
Unlike the recent auto-embed exploits which have been patched, this
requires active user action. However our userbase, like all userbases,
contains quite a few retards and phoneposters who don't check links
before clicking.

Example exploit:

    <a href="https://example.com/log?username=!YOU!">Bardfinn Dox</a>
 2022-12-05 19:05:02 -05:00
Snakes 616634158c
Narrow approved_embed_hosts for security. 
Probably will break some peoples' profilecss and irritate the
newsposters, but in light of recent live proven exploits to disclose
user IP & username pairs to remote servers, the broad list of embed
hosts was unsustainable and impossible to prove safe.

We extend is_safe_url to allow whitelisting subdomains, specifically
to solve the s.lain.la open redirect exploit. Also, open media proxies
like external-content.duckduckgo.com were concerning enough, despite
likely being safe, to warrant removal. Anything infrequently used and
difficult to review, or has a reasonable alternative, was also removed.

In general: we want people to be rehosting, and if we want to allow
more external content, we need to run a media proxy. The central issue
is that any user-configurable 302 is a potential disclosure risk, and
Lord knows how many ways there were to get <arbitrarynewssite>.com to
do so. Maybe zero, but the problem is we just don't know.
 2022-12-05 18:57:35 -05:00
float-trip bca9aff068 Disallow !YOU! in URLs. (#49) 
!YOU! + an escape for `approved_embed_hosts` could let you grab the IP and username of everyone who views your comment

https://rdrama.net/post/129053/you-callout-thread/3191218?context=8#context

lain.la has a URL shortener that also works to get around embed hosts, fwiw

Co-authored-by: float trip <float-trip@rdrama.net>
Reviewed-on: #49
Co-authored-by: float-trip <float-trip@noreply.fsdfsd.net>
Co-committed-by: float-trip <float-trip@noreply.fsdfsd.net>
 2022-12-05 21:20:59 +00:00
Aevann1 159cb52e46 add looksmax.org to BOOSTED_SITES 2022-12-05 15:59:01 +02:00
Aevann1 9dacb7c307 add teamblind.com to boosted sites 2022-12-05 08:13:11 +02:00
Aevann 18df70caab allow JL3 to edit rules (#39) 
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: #39
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-05 05:22:08 +00:00
Aevann1 5473cb3084 add snus mentions 2022-12-05 04:01:55 +02:00
Aevann1 f2c4dc429a fix for MIMW_ID 2022-12-05 04:01:01 +02:00
Aevann1 66aeb82823 add pings for MIMW 2022-12-05 03:57:24 +02:00
Aevann1 468fd5f5f4 add (((heymoon))) notifs 2022-12-05 03:40:51 +02:00
Snakes be2b210df4
Remove superfluous #disablepoll command. 
Already resolved by 29070c78a9.
 2022-12-04 17:15:52 -05:00
justcool393 ed0981cbdb add functionality to disable poll formatting (#35) 
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #35
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
 2022-12-04 21:46:27 +00:00
Aevann1 892e35b1c3 splash mountain for PCM 2022-12-04 23:28:39 +02:00
Aevann1 e66234eb6a fix offsitementions 2022-12-04 21:48:28 +02:00
Aevann1 da643ea88b sneed 2022-12-04 21:30:33 +02:00
Aevann e105035272 remove country club system and replace it with a 3 tier thing: (#41) 
- /h/masterbaiters: 1 TS - for gayops

- /h/countryclub: 1000 TS - for anything requiring secrecy and doesnt need critical mass - have to make it a rule that u cant post gayops in /h/countryclub

- /h/chudrama: 5000 TS - for chad+stud posts

EDIT: i removed the /h/masterbaiters gate, but u can bring it back if u want
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: #41
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-04 18:39:06 +00:00
Aevann1 29070c78a9 fix this and related stuff https://stupidpol.site/h/programming/post/128394/advent-of-code-day-3-i/3182179?context=8#context 2022-12-04 17:53:41 +02:00
Aevann1 30405e1841 slur fix 2022-12-04 16:44:59 +02:00
Aevann1 1f675c61e5 minor regex fix for emojis 2022-12-04 00:26:05 +02:00
Aevann1 a92737b85c re-add kylie slur filter 2022-12-04 00:01:24 +02:00
Aevann1 8d218c28e2 fix this https://stupidpol.site/h/programming/post/128511/nostalgia-post-heres-a-shitty-tictactoe/3179456?context=8#context 2022-12-03 22:09:12 +02:00
Aevann1 0046e63bc7 boost /h/programming temporarily - revert at will 2022-12-03 21:56:27 +02:00
Aevann1 a13311d72e sneed 2022-12-03 21:10:59 +02:00
Aevann1 a193952c5e fix this https://stupidpol.site/h/slackernews/post/128394/advent-of-code-day-3-i/3177263?context=8#context 2022-12-03 10:02:26 +02:00
Aevann1 3907a2f25f make the gevent sequential 2022-12-03 01:25:48 +02:00
Snakes 9b09181e28
Dispatch push notifications using greenlets. 2022-12-02 18:15:58 -05:00
Snakes d79465517d
Rename siege log filename. 2022-12-02 17:50:48 -05:00
Aevann1 9947e635ab make supportjews.webp an image instead 2022-12-03 00:32:51 +02:00
Aevann1 6248042e46 add supportjews emoji and use it in chud message 2022-12-03 00:22:18 +02:00
Aevann 5c2dab73c7 stop using pusher (#37) 
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: #37
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
 2022-12-02 22:21:18 +00:00
Aevann1 3542703ced Revert "make it so only the post author can declare winner and not all admins" 
This reverts commit 9e1425d93e.
 2022-12-03 00:08:46 +02:00
Aevann1 9e1425d93e make it so only the post author can declare winner and not all admins 2022-12-03 00:06:57 +02:00
Aevann1 25be392e3b add soyjak.party to BOOSTED SITES 2022-12-03 00:02:04 +02:00
Aevann1 064b5878f9 add "media" tld 2022-12-02 12:38:07 +02:00
Aevann1 acd4a61232 add dramarama to boosted users 2022-12-01 18:22:00 +02:00
Aevann1 238c92b703 make PAGE_SIZES ordered 2022-12-01 14:28:00 +02:00
Aevann1 845e13b4ae minor bug fix 2022-12-01 14:27:15 +02:00
Snakes 1bc086ad1b
PCM: adjust perms, add christmas banner. 2022-11-30 23:38:25 -05:00
Snakes 4585323275
Fix monthly jannie patron badge granting. 2022-11-30 23:38:25 -05:00
Snakes 885601e0ab
Fix offsitementions on localhost testing. 2022-11-30 19:24:45 -05:00
Aevann1 e1ed46fa36 rework reddit notifs - testing on pcm lol 2022-12-01 00:29:13 +02:00
Snakes d03f3092fa
Adjust badge black/whitelists more. 2022-11-30 16:55:48 -05:00
Aevann1 87ae34966b badge perm shit 2022-11-30 23:15:10 +02:00
Snakes 312abcbed7
offsitementions: use proper cache key in setter. 2022-11-30 15:44:01 -05:00
justcool393 34f10321fa antispam: adjust siege threshold 2022-11-30 13:25:32 -06:00
justcool393 d55455d51c settings: make filename an env var 2022-11-30 13:13:52 -06:00
justcool393 46f2b805ef config: fix _SETTINGS dict and stray signups 2022-11-30 13:03:46 -06:00
justcool393 497c9bcff1 logging: don't use \n in f-string 2022-11-30 12:49:22 -06:00
justcool393 d783bc8901 logging: make logging an env var 2022-11-30 12:38:55 -06:00
justcool393 d395bcab69 logging: create somewhat sane logging 2022-11-30 12:09:31 -06:00
justcool393 0106a4e340 antispam: under siege mode 2022-11-30 11:37:35 -06:00
Aevann1 9798d2714d add blizzard forums and bungie forums to BOOSTED_SITES 2022-11-30 13:51:01 +02:00
Aevann1 abe07e7754 this is retarded 2022-11-30 13:35:57 +02:00
justcool393 11059d1665 move calc users to context processor (#31) 
jinja more like i can't think of anything witty

Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #31
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
 2022-11-29 23:50:32 +00:00
Aevann1 955ec104f2 use the new /icon.webp link everywhere 2022-11-30 01:25:11 +02:00
Aevann1 b6efc27551 use "i" instead of "assets/images" 2022-11-30 00:52:19 +02:00
geese_suck d79ad8c1f0
event asset caching 2022-11-29 14:01:25 -08:00
justcool393 5056f09380 chat: fix 500 on some... weird... state... i think? 
cache: get out of jinja templates
chat: threshold is now a const
 2022-11-29 15:49:23 -06:00
justcool393 67bfe5a5bd remove unnecessary `str()` 2022-11-29 14:29:27 -06:00
geese_suck a3fa96242c holiday event manager (actually works now edition) (#22) 
Co-authored-by: Snakes <duolsm@outlook.com>
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #22
Co-authored-by: geese_suck <deandre.williams@geese-suck.us>
Co-committed-by: geese_suck <deandre.williams@geese-suck.us>
 2022-11-29 20:20:26 +00:00
SneedBot a7614a5dd2 sneed 2022-11-29 14:11:34 +00:00
Aevann1 53d5f40037 sneed 2022-11-29 04:59:41 +02:00
Aevann1 60d6246a38 add "homo" to slur filter 2022-11-29 03:46:35 +02:00
Snakes e370a52ecc
PCM: raise upload limit for patrons (by request). 2022-11-28 20:13:22 -05:00
Aevann1 3acc525e0c truncate odds of lottery winning 2022-11-29 00:21:48 +02:00
SneedBot c494f006f2 sneed 2022-11-28 06:05:21 +00:00
geese_suck 030710e5db
add fallback award so I dont get fucked by aevann asking me to change something for a site that has 3 active users 2022-11-27 21:24:05 -08:00
Aevann1 94f788ffe9 use exiv2 to remove metadata instead of imagemagick, much much much faster 2022-11-28 05:49:17 +02:00
Aevann1 0fd8157fa6 move CSP to nginx-level 2022-11-28 04:19:59 +02:00
Aevann1 4656fa0b8d pin posts by pizza/impassionata/TGTW automatically for 1 hour 2022-11-28 04:07:06 +02:00
Aevann 9b50ab7219 minor fix to AGENDAPOSTER_MSG_HTML 2022-11-28 00:44:50 +02:00
Snakes 427f54175c
WPD: constantify badge whitelist, extend set. 2022-11-27 16:49:20 -05:00
justcool393 767cc467bb marseys: cache marseys and emojis and fun stuff (#15) 
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #15
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
 2022-11-27 16:59:36 +00:00
justcool393 77bdb6e87f themes: add glitter bg category per joan request 2022-11-27 10:15:15 -06:00
Aevann1 575a5080bd unpaywall profile views 2022-11-27 02:20:54 +02:00
justcool393 3fb647dd13 const: use dict.update instead of... what I did initially 2022-11-26 14:31:20 -06:00
justcool393 ae50cc2772 const: rename constants from LIMIT to MINIMUM 
the new name is much much clearer
 2022-11-26 14:20:44 -06:00
Marco af74c7c1fc Update chud award to include forced trans/pride flag hats (#10) 
Disclaimer: I made these changes in Notepad and didn't bother to test this change locally.
Co-authored-by: Marco <bussylmao@gmail.com>
Reviewed-on: #10
Co-authored-by: Marco <marco@noreply.fsdfsd.net>
Co-committed-by: Marco <marco@noreply.fsdfsd.net>
 2022-11-26 20:14:31 +00:00
Aevann1 bb153e541d Revert "you posts: constantify truescore requirement" 
This reverts commit 1b721126a2.
 2022-11-26 22:09:07 +02:00
justcool393 1b721126a2 you posts: constantify truescore requirement 2022-11-26 13:39:31 -06:00
Aevann1 86b352d301 "my brother in christ" becomes "my brother in Allah" 2022-11-26 07:06:52 +02:00
Aevann1 a641acaf8f use sets instead of lists in some statements 2022-11-26 06:52:47 +02:00
justcool393 46204ea223 ranking: be site specific when boosting users or excluding users from boosts 
otherwise we may unintentionally rank for the wrong users (since we're using literal IDs)
 2022-11-25 20:04:09 -06:00
Aevann1 6a94ac3aa9 since lawlz got demopped, make his automatic mod actions be executed by autojanny instead 2022-11-26 03:56:04 +02:00
Aevann1 e96274308a sneed 2022-11-26 03:31:17 +02:00
Aevann1 0f984b121a add "negroid" to slur filter 2022-11-26 03:19:22 +02:00
justcool393 35b1532bb4 admin: remove meme admin vestige 2022-11-25 19:15:39 -06:00
Aevann1 0bd96112d1 add joan to BOOSTED_USERS 2022-11-26 01:49:21 +02:00
Aevann1 88ed437c9b add quad to BOOSTED_USERS 2022-11-26 01:43:23 +02:00
Aevann1 68060ee56e add dailystormer.in to BOOSTED_SITES 2022-11-26 01:39:37 +02:00
Aevann1 bf4031c832 remove annoying excalmation sign in notifs 2022-11-26 01:18:24 +02:00
justcool393 7e403469cd polls: constantify max poll options 2022-11-25 16:12:25 -06:00
justcool393 f86d351ac4 fix saved subscribers stuff 2022-11-25 16:06:18 -06:00
Aevann1 c5446b3a39 do this https://rdrama.life/post/125878/colorado-shooter-proves-his-idpol-credentials/3129042?context=8#context 2022-11-25 23:01:35 +02:00
Aevann1 3dee4afa6f make "snekchad" ping sneks 2022-11-25 21:36:37 +02:00
Aevann1 f672037021 remove lmbo profanity filter 2022-11-25 21:36:09 +02:00
Snakes 0254ff6567
Restrict New User hat to rDrama. 2022-11-23 20:28:39 -05:00
AverageBen10Enjoyer c37c8be209 Removing references to old repo 2022-11-23 21:19:39 +00:00
justcool393 042edf15bd make antispam a bit less :marseyshook: 2022-11-23 14:45:09 -06:00
Snakes 654da03435
De-Githubify repo. 
- Remove Github-specific tooling.
 - Add fsdfsd.net to approved embed hosts.
 - Switch link in navigation menu.
 2022-11-23 12:24:13 -05:00