Commit graph

478 commits

Author SHA1 Message Date
ac0490dc1d i18n for items#show (including javascripts/items/show.js) 2013-01-24 18:23:19 -06:00
b69793c008 i18n for contributions#index 2013-01-24 18:23:18 -06:00
5e89e2b947 i18n for items#index (and layouts#items) 2013-01-24 18:23:18 -06:00
34d919179a i18n for broken_image_reports#new 2013-01-24 18:23:18 -06:00
1356fdaa0c i18n for users#top_contributors 2013-01-24 18:23:18 -06:00
fea0b42a17 i18n for outfits#show 2013-01-24 18:23:18 -06:00
132a49d30b i18n for outfits#new (and layouts#application), including caching 2013-01-24 18:23:18 -06:00
75be12fe2e update fonts to use google web font api properly 2013-01-23 00:31:15 -06:00
bfd825d98e attempt to fix new species_support_ids format. sigh. 2013-01-23 00:25:09 -06:00
9701221035 wardrobe now considers item.species_support_ids when deciding compatibility
For example, the Meerca Maid Tray is a foreground item, so the SWF is marked
as compatible with all body types, but the item itself is clearly marked as
Meercas-only. items#show reflected this properly, but the swf_assets#index
call that the wardrobe uses ignored item.species_support_ids.

So, /bodies/:body_id/swf_assets.json?item_ids[]=... was deprecated in favor
of /pet_types/:pet_type_id/items/swf_assets.json?item_ids=[]..., which is
much like the former route but, before loading assets, also loads the pet
type and items, then filters the items by compatibility, then only loads
assets for the compatible items.
2013-01-02 23:15:32 -05:00
339a730779 timeout on background jobs 2012-11-04 12:01:03 -06:00
07f49307f1 a few tweaks to items#show contributors appearance 2012-10-24 22:16:01 -05:00
f56b544963 brought-to-you-by on items#show lists contributors 2012-10-24 22:09:05 -05:00
e9e7d305f0 retire neoitems links, replace with jn items links 2012-10-21 15:57:17 -05:00
5601511ad5 xss vulnerability in outfits#show
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!

http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
671641cc16 a more forgiving "type" search filter 2012-10-08 21:20:18 -05:00
775ef7fa51 finally fix encased in ice - woo! 2012-10-05 20:56:52 -05:00
9fcc1b244a bug fix: pet importer no longer chokes when two pets wear the same item 2012-10-01 13:22:17 -05:00
ddec043209 support pea chia cape in infinite closet 2012-09-29 12:40:55 -05:00
270f8caa3d remove sharing beta message - finally 2012-08-23 20:56:00 -05:00
7dfc6d81a2 add timeout to pet load 2012-08-11 18:47:25 -04:00
412c401c5f better cache items#show 2012-08-10 00:02:11 -04:00
99669b8e4e cache homepage latest contribution 2012-08-09 22:59:35 -04:00
f6d34841ec cache newest items on homepage and items#index 2012-08-09 22:35:30 -04:00
1e3938eea9 improve closet performance by caching item link 2012-08-09 19:34:56 -04:00
4a69772cd2 remove N+1 queries on current user outfits page 2012-08-09 18:32:33 -04:00
5e89287537 durr, don't cache new items on the homepage 2012-08-08 23:05:32 -04:00
5cec28e29b fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c modeling hub 2012-08-06 21:15:31 -04:00
2435c7f7e9 oh shoot, properly unlink outfit tempfiles now... 2012-08-01 21:30:22 -04:00
a6e4398e54 take homepage latest contribution and new items out of cache block - should probably cache them later, but, for now, meh 2012-08-01 15:11:08 -04:00
ca2dc56d43 Your Items is no longer "new", so remove all tags to that effect 2012-08-01 14:29:25 -04:00
9fb9542e0d oops, fix syntax error on ruby 1.8.7 2012-08-01 13:47:15 -04:00
c2a0c5de74 new frontpage layout, yay 2012-08-01 13:34:54 -04:00
ae914a74d2 fix outfit thumbnail opacity on hover/active 2012-07-31 14:07:07 -04:00
82c4a8d4b4 on creating outfit image, skip broken images instead of throwing exception 2012-07-31 12:05:49 -04:00
2b88ce9b4b use openneo-uploads bucket 2012-07-31 11:42:27 -04:00
ec40e6ae67 new outfit image filename: preview instead of thumb, one more partition level 2012-07-31 10:41:13 -04:00
c630cde66c outfit thumbnails beta message 2012-07-31 10:21:20 -04:00
05acae3cb8 retroactively enqueue outfit images 2012-07-31 10:20:37 -04:00
54ca5881fe add thumbnails to outfits#show via open graph 2012-07-29 16:45:12 -04:00
f8aacfba98 put a cog behind outfits whose thumbnails are enqueued 2012-07-29 16:07:18 -04:00
f5cf9aa13b redesign outfits#index with thumbnails 2012-07-29 15:43:28 -04:00
bc4f172ae0 shift outfit thumbnails up slightly in the outfits tab to account for header 2012-07-28 19:19:13 -04:00
94ef0b6537 move padding on sidebar-content to sidebar-view for consistent behavior on fullscreen mode 2012-07-27 23:36:18 -04:00
42827362b6 optimize outfit image generation - 4x speed boost on my box
Use the ImageMagick flatten command to generate the output all at
once instead of compositing each layer individually, and download
the layers in parallel. On my box, saving roopal27 five times took
a total of 30 seconds before, whereas now it takes 7 seconds. I
expect it to be even better on the production box, where latency
is even lower.
2012-07-27 23:07:20 -04:00
28e44d0abd set sidebar height properly on non-fullscreen mode 2012-07-27 03:31:30 -04:00
41f23fffac add bottom padding to sidebar content for a cleaner scroll 2012-07-27 03:27:58 -04:00
76b9219bec remove x-overflow on outfits-not-logged-in message on smaller viewports 2012-07-27 03:24:42 -04:00
249c493d25 beautiful outfits tab using thumbnails 2012-07-27 03:21:22 -04:00
374c7e6147 Sharing now fully supports saved outfits, not just shared ones 2012-07-26 23:47:22 -04:00
b02c95c2d9 pretty tab navigation for wardrobe sidebar 2012-07-25 19:02:23 -04:00
9ea7d5841e slight update to sharing format selector style 2012-07-18 14:41:04 -04:00
b2eac2d1fd sharing url formats 2012-07-17 16:14:05 -04:00
f5ab71dce5 sharing thumbnail 2012-07-17 14:42:31 -04:00
7b5856ebf9 basic sharing
Sharing pane works, everything is great for guests. Logged in
users are on the way, since right now Share Outfit re-saves
anonymously rather than showing sharing data for the existing
outfit.
2012-07-17 12:15:04 -04:00
cf2546d832 basic image thumbnails 2012-07-16 16:47:28 -04:00
7c015e2d88 carrierwave for asset swfs 2012-07-16 16:45:26 -04:00
5a5b5fffc7 outfit default url 2012-07-16 16:45:26 -04:00
220aca9311 outfit thumbnails initial commit 2012-07-16 16:45:26 -04:00
22cfff66e9 outfits now know their own visible assets 2012-07-16 16:40:07 -04:00
644fac99da improve gender/mood sorting using new labels 2012-06-20 16:10:53 -04:00
6cdf1567f8 fix error loading lookups when given pet name has trailing spaces 2012-06-05 13:28:59 -04:00
b25b6e55b3 ignore errors loading gender/mood data
For example, the site was throwing a 500 error when loading pets
belonging to frozen users. Instead, we'll now rescue that
Neopets::User::AccountDisabledError and ignore it, since it's not
*vital* that we load gender/mood data from this pet; we can still
proceed to load its customization data without it.
2012-06-05 13:02:49 -04:00
a436362f26 Merge branch 'gender_mood' 2012-06-05 12:52:27 -04:00
71da64b47f create /start/:species_name/:color_name route 2012-06-05 12:44:11 -04:00
b2a7e0a1d5 oops. accidentally used trading post url for auctions. fixed 2012-06-05 12:42:52 -04:00
4451800e42 added shop wiz, etc., links to NP item show page 2012-05-23 20:09:35 -04:00
c2c6a800f2 track pet state gender/mood 2012-05-23 20:00:38 -04:00
4e7e98beca use Neopets::User for username-based closet imports 2012-05-21 12:48:19 -04:00
63f503e7a4 keep copyright year up to date 2012-05-15 13:52:15 -05:00
e3b0a5e2d7 fix bug on closet_hangers#destroy in html format 2012-04-08 17:04:44 -05:00
f3d64840d6 filter lists on petpage export 2012-04-08 15:59:51 -05:00
5218b43df4 fix petpage export item name filtering
The "Abominable Snowball Winter Onesie" can get blocked for including the string " On".
So, we meant to filter that to " O<b></b>n" so that the filter wouldn't return that false
positive on an XSS attempt, but were accidentally filtering it to " o&lt;b&gt;&lt;/b&;gtn".
Fixed :)
2012-04-08 14:53:26 -05:00
c46d7ae2c0 fix petpage export styles
thumbnails were right-aligned when they really shouldn't have been
2012-04-08 14:50:50 -05:00
b04c5db98a add ajax auth for closet_hangers#index 2012-03-23 16:59:23 -05:00
99a7558dd9 update items#show style 2012-03-23 16:48:00 -05:00
7d0edbf23c closet_hangers#destroy now tied to hanger ID, not item 2012-03-23 16:25:10 -05:00
44156c5b21 can now have the same item in more than one list 2012-03-23 16:25:10 -05:00
7795119a8c fix gender/emotion states with corridor of chance effects sorting to the front
So it turns out this was just one of those things I forgot to fix
the big database restructure came along: we were comparing
swf_asset.remote_id against parents_swf_assets.swf_asset_id, which
are two different identifiers entirely. Now using swf_asset.id,
so fixed :)
2012-03-15 17:01:21 -05:00
baae0c9954 fix bug where some pet states would also show many items on top of them
At first I thought this was an error in the data migration process when moving SWF assets
to having their own unique IDs, but then realized that the query for a pet state's SWFs
didn't include the (parent_type = 'Item') condition. Oops. Turns out, I only connected the
items to parent_swf_asset_relationships polymorphically. Pet states were still doing it the
hackish way. Set the pet states to use the lovely polymorphic relationship and we're good
to go.
2012-02-21 13:25:11 -06:00
4d314417e2 fix parent-swf-asset-relationship destruction bug
After changing the database structure, we lost the feature where, once we discover
new assets for an item for a given body ID, we disconnect previously connected
assets. This commit reinstates that feature.
2012-01-26 13:51:30 -06:00
19e854b6f8 oops, remove maintenance message 2012-01-26 13:30:12 -06:00
abcf70a0c4 fix issue with csrf_param in wardrobe ajax
Due to a silly slip-up involving Javascript object literal syntax, we were
sending {csrf_param: "token"} instead of {authenticity_token: "token"} with
wardrobe AJAX requests. This would cause users to be auto-logged-out for
failing to provide a proper token. Oops.
2012-01-14 12:35:05 -06:00
686d6560c4 specify size on image download 2012-01-13 19:37:56 -06:00
4566bca906 another attempt to fix pet state rel autosave 2012-01-13 16:11:44 -06:00
bcb5644b12 stop autosaving biology swf rels 2012-01-13 16:02:14 -06:00
ec3088fdec ensure that pet state is saved before trying to save its assets 2012-01-13 15:56:31 -06:00
171d691a98 fix nc mall spider for remote ID 2012-01-13 15:27:30 -06:00
ec9e997ac5 fix user:owns id ambiguity 2012-01-13 15:20:47 -06:00
d335c2e677 properly handle search error in rails 3.0.5 2012-01-13 15:10:25 -06:00
9c0c7b78cf another oops, better fix 2012-01-12 22:02:12 -06:00
c2c0fe92e8 oops, be consistent in using remote ID when loading pets 2012-01-12 21:47:17 -06:00
696b2aedaf give SWFs real, unique ID numbers
Lots of scary bugs were being caused by the fact that the possibly-duplicate Neopets ID
was being treated as an SWF's real primary key, meaning that a save meant for object swf
number 123 could be saved to biology swf number 123. Which is awful.

This update gives SWFs their own unique internal ID numbers. All external lookups still use
the remote ID and the type, meaning that the client side remains totally unchanged (phew).
However, all database relationships with SWFs use the new ID numbers, making everything
cleaner. Yay.

There are probably a few places where it would be appropriate to optimize certain lookups
that still depend on remote ID and type. Whatever. Today's goal was to remove crazy
glitches that have been floating around like mad. And I think that goal has been met.
2012-01-12 17:17:59 -06:00
cc23f7435b automatically rezone bio 2011-10-31 16:22:24 -05:00
f7723ac1c8 automatically rezone items 2011-10-23 14:09:53 -05:00
70cf262387 remove campaign banner from most pages 2011-10-10 22:06:46 -05:00
df62e3540f copyright 2011 2011-10-10 21:56:12 -05:00
285c7858c0 app can now load environment even if schema not yet loaded 2011-09-06 11:15:09 -05:00
b50b9d237d allow broken image resubmits after 1hr 2011-08-07 20:43:42 -04:00