Commit graph

114 commits

Author SHA1 Message Date
5601511ad5 xss vulnerability in outfits#show
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!

http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
270f8caa3d remove sharing beta message - finally 2012-08-23 20:56:00 -05:00
99669b8e4e cache homepage latest contribution 2012-08-09 22:59:35 -04:00
f6d34841ec cache newest items on homepage and items#index 2012-08-09 22:35:30 -04:00
5e89287537 durr, don't cache new items on the homepage 2012-08-08 23:05:32 -04:00
5cec28e29b fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c modeling hub 2012-08-06 21:15:31 -04:00
a6e4398e54 take homepage latest contribution and new items out of cache block - should probably cache them later, but, for now, meh 2012-08-01 15:11:08 -04:00
c2a0c5de74 new frontpage layout, yay 2012-08-01 13:34:54 -04:00
c630cde66c outfit thumbnails beta message 2012-07-31 10:21:20 -04:00
54ca5881fe add thumbnails to outfits#show via open graph 2012-07-29 16:45:12 -04:00
f8aacfba98 put a cog behind outfits whose thumbnails are enqueued 2012-07-29 16:07:18 -04:00
f5cf9aa13b redesign outfits#index with thumbnails 2012-07-29 15:43:28 -04:00
249c493d25 beautiful outfits tab using thumbnails 2012-07-27 03:21:22 -04:00
b02c95c2d9 pretty tab navigation for wardrobe sidebar 2012-07-25 19:02:23 -04:00
b2eac2d1fd sharing url formats 2012-07-17 16:14:05 -04:00
f5ab71dce5 sharing thumbnail 2012-07-17 14:42:31 -04:00
7b5856ebf9 basic sharing
Sharing pane works, everything is great for guests. Logged in
users are on the way, since right now Share Outfit re-saves
anonymously rather than showing sharing data for the existing
outfit.
2012-07-17 12:15:04 -04:00
686d6560c4 specify size on image download 2012-01-13 19:37:56 -06:00
09fcc7fa4b remove timer donation request on outfits#edit 2011-08-07 19:57:11 -04:00
7358aae680 report broken images 2011-08-07 18:23:44 -04:00
564ba9bdd9 js part of reporting broken images 2011-08-07 17:24:54 -04:00
4c510f91db search by username 2011-08-05 11:28:11 -04:00
5f4cd9ddbf new! tags to point to Your Items 2011-07-31 22:55:29 -04:00
ceeb59973d move image mode faq to outfits#edit instead of userbar 2011-07-31 22:13:23 -04:00
037cb1e95a your items link on home 2011-07-31 18:45:53 -04:00
12f5b28c94 wardrobe now works with owned/wanted 2011-07-22 17:06:21 -04:00
e0c00cc8ed Your Items link on wardrobe 2011-07-17 17:52:40 -04:00
d0dd797cdf delete outfits from outfit page 2011-07-14 13:14:06 -04:00
7640369332 drop donate bar into items, outfits#show 2011-07-09 11:45:30 -04:00
33519bd579 donation request on main wardrobe after 10 minutes 2011-07-05 11:19:49 -04:00
211d08204d add Donate Now! button to campaign progress on home 2011-07-04 23:23:28 -04:00
f9e3266a3b change wording a bit 2011-07-04 17:52:34 -04:00
ba7f6b8768 keep two caches of wardrobe, for those who have image mode and those who don't 2011-07-02 18:02:37 -04:00
323cf772bc actually dynamic progress bar, on home page too 2011-07-01 15:38:13 -04:00
5ecd5f3ce4 donate page noninteractive 2011-06-28 13:24:40 -04:00
443b144f29 image mode 2011-06-27 15:33:34 -04:00
6c9ddac8dd totally pro wardrobe image adapter, via konami 2011-05-22 16:30:02 -04:00
6940e098d3 say Edit a Copy on outfits#show if it a guest outfit and user is a guest 2011-05-14 09:36:18 -04:00
d7d2d5f0e5 include share button for logged in users, too 2011-03-28 17:29:03 -04:00
1207e84804 nice page to view current user's outfits 2011-03-23 18:23:01 -04:00
fa14232473 allow guests to share outfits 2011-02-10 17:50:47 -05:00
ea5908c278 outfit permalink in toolbar 2011-02-09 20:29:43 -05:00
d1daa6b772 pretty inline outfit form live 2011-02-09 19:29:31 -05:00
fd5663c9e8 playing with new outfit save interface 2011-02-09 18:58:02 -05:00
50f0adaa4d auto shrink wardrobe from fullscreen when screen too small 2011-02-06 18:55:04 -05:00
f5e3a39068 cache wardrobe 2010-12-11 10:11:56 -05:00
ca155314fa home page caching, reset top contributors only when necessary 2010-12-11 09:37:39 -05:00
b7fb5a952b Revert "implement head.js"
This reverts commit 12ffa33f4f.
2010-12-06 18:50:13 -05:00
6cc892ff83 remove unnecessary wardrobe.js dependency on home page 2010-12-06 18:13:38 -05:00
12ffa33f4f implement head.js 2010-12-05 21:18:52 -05:00
0399e0a38f remove tell the world link 2010-11-30 16:52:38 -05:00
b308c0f0ba outfit renaming, plus some bug fixes here and there 2010-11-24 20:51:01 -05:00
9b0cf8b597 show outfit page 2010-11-13 17:26:27 -05:00
51f3650ce2 save current outfit, save copy 2010-11-13 08:50:37 -05:00
e6b1465355 wardrobe has an 'active outfit' - phew! cloning is hard 2010-11-12 20:58:28 -05:00
eceecdc38a hide both versions of save outfit button until we know which to show 2010-11-12 16:36:29 -05:00
6b92c2aa33 loading current user outfit list, deleting outfits, toggling star 2010-11-11 13:43:22 -05:00
1dd2ccb00b lovely interface for saving outfits. still no reading them yet 2010-11-10 16:59:54 -05:00
1fd98fb191 basic interaction with fake outfits 2010-11-08 20:40:03 -05:00
b44cb4b09e fix homepage JS
main name field lost its ID in the redesign
gave it one and changed the one in the JS to match
2010-11-07 17:19:47 -05:00
c8acdc4e8d working home page 2010-11-05 18:45:05 -04:00
e0ee659f86 remove some outfits mockup syntax to better fit current css 2010-10-11 18:39:44 -04:00
e40d4601d8 a functioning wardrobe 2010-10-10 22:18:42 -04:00