Commit Graph

1724 Commits

Author SHA1 Message Date
Peter Bhat Harkins
356cd601c5 bump rails for vulns
https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
2019-03-13 12:53:56 -05:00
Peter Bhat Harkins
4e653a9896 show all suggested tags/titles, lift work from view to db
Also extracted tag_link helper to dedupe that snippet of repeated code.
2019-03-13 08:46:51 -05:00
Peter Bhat Harkins
0cea4d497c greppable logging for sockpuppeting
When I cleaned up a sockpuppeter a couple days ago I had to do some ridiculous
shell scripting to combine multiple lines by their request id to see/search
IP, method + URL, and username together. Now basic checks are trivial:

>   Request 127.0.0.1 GET /stories/uohnuj/upvote user: 123 totallynotpushcx
2019-03-08 17:24:50 -08:00
Brian Kung
fdd85dbe3d Adds more macOS specific mysql2 instructions 2019-03-05 14:20:54 -08:00
Peter Bhat Harkins
2cde69aa7d no images in story text; leaks browsing data to submitter
mostly reverts b7e5447
2019-03-04 21:11:38 -08:00
Peter Bhat Harkins
e84fc8c679 recognize /foo and /foo/index.html as dupes 2019-02-26 09:30:14 -06:00
Peter Bhat Harkins
d2963d4b80 title mod pages 2019-02-19 18:34:58 -06:00
Edward Loveall
600fcb9108 Fix comment spec's order dependence 2019-02-17 10:55:29 -06:00
Peter Bhat Harkins
31a938e916 fix so adding tags creates modlog entries 2019-02-16 15:25:46 -06:00
Peter Bhat Harkins
d566b83e14 include deleted stories in flagged view 2019-02-08 09:59:09 -06:00
Peter Bhat Harkins
0dbbbaa213 Fix account deletion form
Fixes #636
2019-02-06 11:33:46 -06:00
Peter Bhat Harkins
9169b04fb6 fix similar story display on submit form 2019-01-25 18:38:58 +05:30
Abdullah Samman
1b6a0de73d Fix comment editing
Fixes #624 
Closes #625
2019-01-16 09:40:44 -06:00
Chris Lloyd
0a484e38d1 Give seed admin enough activity to take all normal user actions 2019-01-16 08:14:01 -06:00
Nikhil Jha
9ed740767d Fake Data: Hats, Comments 2019-01-16 08:11:08 -06:00
Peter Bhat Harkins
d9fc5356d6 don't search dupe urls 2019-01-16 07:35:52 -06:00
SvintBel
4841d38894 Fix form tag
Fixes #633
2019-01-16 07:35:28 -06:00
Colin Dean
11592ac0a6 Notes mysql2 gem installation workaround for macOS
There is apparently a bug in the `mysql_config` script included in `mysql-connector-c` that the mysql2 gem uses to build the native extensions. This theoretically would trip up anyone using macOS 10.12+ without having MySQL or MariaDB running locally.
2018-12-24 18:04:29 -06:00
Peter Bhat Harkins
3cc6ff7aee revert changes to comment box until I can sort out form errors 2018-12-24 09:38:39 -06:00
Hunter Madison
93440ce5bc Fix #622 by renaming the invitation_code hidden field 2018-12-23 11:06:44 -05:00
Peter Bhat Harkins
b10d659de4 fix hidden_fields for form_with 2018-12-22 11:38:51 -06:00
Peter Bhat Harkins
c6759f3780 meet the new cop, same as the old cop 2018-12-22 10:42:41 -06:00
Peter Bhat Harkins
0b578ac8ca rm old yarn binary 2018-12-11 06:51:10 -08:00
Abdullah Samman
17bdf34667 Make merged votes voteable
Fix #424
Fix #500
2018-12-09 09:58:38 -06:00
Peter Bhat Harkins
ab5973f203 note about running ruumba 2018-12-09 07:53:47 -08:00
Abdullah Samman
089f3475ba Migrate deprecated form_tag and form_for to form_with
See next commit for note on running view style checks.
2018-12-09 09:51:30 -06:00
Abdullah Samman
8f46f991f3 Fix quoted-printable subject question-mark not being encoded
Fix #396
2018-12-05 09:11:09 -06:00
Abdullah Samman
0e198cb9bf encode fetched content to utf8
Net::HTTP is basically returning raw bytes and letting the user figure out if
the Content-Type header is correct, or if the response is HTML and an included
charset meta tag can be trusted. Rather than trying to get smarter and figure
out the encoding of the page, we're force-encoding to utf8 (which the vast
majority of pages are already) in a way that hopefully won't raise any
exceptions. We don't need perfect data here; good data is plenty.


Fix #590
2018-12-05 08:41:44 -06:00
Guillaume Briday
70e8eef8d8 don't try to load rubocop in prod
Fix #599
2018-12-05 08:24:46 -06:00
Abdullah Samman
3426d6f607 Story#public_similar_story: return [] not nil
Fix #611
2018-12-05 08:22:19 -06:00
Peter Bhat Harkins
bac3fe9179 hint hint 2018-12-05 08:15:12 -06:00
Abdullah Samman
48ea7e43cc fix opacity on flag menu
Fix #601.
2018-12-05 08:13:41 -06:00
Peter Bhat Harkins
5b958d907a error if parent comment was removed during writing 2018-11-29 19:29:43 -06:00
Abdullah Samman
1c82243da5 hint iOS safari scroll behavior
Fix #591
2018-11-28 09:24:55 -06:00
Peter Bhat Harkins
ec2062f132 don't run if file's required 2018-11-28 09:20:45 -06:00
Lucas Charles
cafc067bea Allow check_url_dupe to be queried by non-logged-in-users 2018-11-28 08:35:23 -06:00
Peter Bhat Harkins
d9b17c2464 fix submission of dupe links + display of deleted stories from 8554cef 2018-11-28 08:26:42 -06:00
Peter Bhat Harkins
b2fa091e13 fix 92a768e 2018-11-26 18:44:44 -06:00
Abdullah Samman
92a768e604 make rails test run rails spec instead
Fix #585
2018-11-26 18:42:01 -06:00
Peter Bhat Harkins
922ef94cb7 warn against style churn because folks aren't seeing #460 2018-11-26 18:12:40 -06:00
Peter Bhat Harkins
1e5a7fc81f whitespace; shallow name 2018-11-24 16:43:43 -06:00
SengMing Tan
0b6476e4ce add rubocop cop to prevent the safe navigation operator
Close #596
2018-11-24 16:41:09 -06:00
Peter Bhat Harkins
04753278b3 rubocop 2018-11-24 16:02:45 -06:00
Peter Bhat Harkins
b23f106477 fix appearance of deleted comments on /comments and user thread pages
Also fixes 1 + n queries on those pages.
2018-11-24 09:20:01 -06:00
Peter Bhat Harkins
54abea7ed6 better wording
https://lobste.rs/s/sfzmwr/proposal_set_everyone_s_invite_count_zero#c_np1ubv
2018-11-22 23:50:59 -06:00
Peter Bhat Harkins
8554cef9ef Story#similar_stories should not include deleted stories 2018-11-22 08:48:04 -06:00
Peter Bhat Harkins
1c04acec58 fix #similar_stories to not include merged stories 2018-11-21 21:06:30 -06:00
Peter Bhat Harkins
0724c706fc name exceptions so we can ignore most of them
Now that we've had this in prod a while I've collected a few transient DNS
issues. Because webmentions are a nice-to-have, we can just drop the mention
if someone's DNS is flaking on us. We let BadIPsError hit logs because it
might be someone attempting to use this to enumerate our internal network
(tho it's most likely misconfiguration).
2018-11-20 08:18:10 -06:00
Peter Bhat Harkins
087df3bb6b bugfix empty string urls
Empty string URLs (any story with text and no link) passed this nil check but
threw an exception out of extras/sponge when it tried to get the host.
2018-11-20 08:07:12 -06:00
Peter Bhat Harkins
bdb3098320 strip Facebook tracking param
http://thisinterestsme.com/facebook-fbclid-parameter/
2018-11-19 22:12:27 -06:00