5601511ad5
xss vulnerability in outfits#show
...
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!
http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
270f8caa3d
remove sharing beta message - finally
2012-08-23 20:56:00 -05:00
412c401c5f
better cache items#show
2012-08-10 00:02:11 -04:00
99669b8e4e
cache homepage latest contribution
2012-08-09 22:59:35 -04:00
f6d34841ec
cache newest items on homepage and items#index
2012-08-09 22:35:30 -04:00
1e3938eea9
improve closet performance by caching item link
2012-08-09 19:34:56 -04:00
5e89287537
durr, don't cache new items on the homepage
2012-08-08 23:05:32 -04:00
5cec28e29b
fix logout bug: stop caching authenticity_token fields
...
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.
So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c
modeling hub
2012-08-06 21:15:31 -04:00
a6e4398e54
take homepage latest contribution and new items out of cache block - should probably cache them later, but, for now, meh
2012-08-01 15:11:08 -04:00
c2a0c5de74
new frontpage layout, yay
2012-08-01 13:34:54 -04:00
c630cde66c
outfit thumbnails beta message
2012-07-31 10:21:20 -04:00
54ca5881fe
add thumbnails to outfits#show via open graph
2012-07-29 16:45:12 -04:00
f8aacfba98
put a cog behind outfits whose thumbnails are enqueued
2012-07-29 16:07:18 -04:00
f5cf9aa13b
redesign outfits#index with thumbnails
2012-07-29 15:43:28 -04:00
249c493d25
beautiful outfits tab using thumbnails
2012-07-27 03:21:22 -04:00
b02c95c2d9
pretty tab navigation for wardrobe sidebar
2012-07-25 19:02:23 -04:00
b2eac2d1fd
sharing url formats
2012-07-17 16:14:05 -04:00
f5ab71dce5
sharing thumbnail
2012-07-17 14:42:31 -04:00
7b5856ebf9
basic sharing
...
Sharing pane works, everything is great for guests. Logged in
users are on the way, since right now Share Outfit re-saves
anonymously rather than showing sharing data for the existing
outfit.
2012-07-17 12:15:04 -04:00
7c015e2d88
carrierwave for asset swfs
2012-07-16 16:45:26 -04:00
c7c8f3a78e
oops. accidentally used trading post url for auctions. fixed
2012-05-23 20:12:17 -04:00
4451800e42
added shop wiz, etc., links to NP item show page
2012-05-23 20:09:35 -04:00
63f503e7a4
keep copyright year up to date
2012-05-15 13:52:15 -05:00
f3d64840d6
filter lists on petpage export
2012-04-08 15:59:51 -05:00
c46d7ae2c0
fix petpage export styles
...
thumbnails were right-aligned when they really shouldn't have been
2012-04-08 14:50:50 -05:00
b04c5db98a
add ajax auth for closet_hangers#index
2012-03-23 16:59:23 -05:00
99a7558dd9
update items#show style
2012-03-23 16:48:00 -05:00
7d0edbf23c
closet_hangers#destroy now tied to hanger ID, not item
2012-03-23 16:25:10 -05:00
44156c5b21
can now have the same item in more than one list
2012-03-23 16:25:10 -05:00
19e854b6f8
oops, remove maintenance message
2012-01-26 13:30:12 -06:00
686d6560c4
specify size on image download
2012-01-13 19:37:56 -06:00
696b2aedaf
give SWFs real, unique ID numbers
...
Lots of scary bugs were being caused by the fact that the possibly-duplicate Neopets ID
was being treated as an SWF's real primary key, meaning that a save meant for object swf
number 123 could be saved to biology swf number 123. Which is awful.
This update gives SWFs their own unique internal ID numbers. All external lookups still use
the remote ID and the type, meaning that the client side remains totally unchanged (phew).
However, all database relationships with SWFs use the new ID numbers, making everything
cleaner. Yay.
There are probably a few places where it would be appropriate to optimize certain lookups
that still depend on remote ID and type. Whatever. Today's goal was to remove crazy
glitches that have been floating around like mad. And I think that goal has been met.
2012-01-12 17:17:59 -06:00
70cf262387
remove campaign banner from most pages
2011-10-10 22:06:46 -05:00
df62e3540f
copyright 2011
2011-10-10 21:56:12 -05:00
09fcc7fa4b
remove timer donation request on outfits#edit
2011-08-07 19:57:11 -04:00
c930397123
edit campaign copy now that image mode is public
2011-08-07 19:52:35 -04:00
04ec18b196
update image mode faq for public release
2011-08-07 19:27:01 -04:00
7358aae680
report broken images
2011-08-07 18:23:44 -04:00
564ba9bdd9
js part of reporting broken images
2011-08-07 17:24:54 -04:00
4c510f91db
search by username
2011-08-05 11:28:11 -04:00
f9de777c79
update campaign: upgrade complete
2011-08-05 00:12:17 -04:00
0906e49a72
update campaign progress to say we have exceeded our goal
2011-08-04 15:34:28 -04:00
163d74fe07
donate update, campaign complete
2011-08-04 10:25:57 -04:00
d99a1ad792
newest items
2011-08-04 10:01:44 -04:00
2398f34071
import items from pets
2011-08-03 11:35:06 -04:00
bad1eb13a5
compare Your Items to someone elses list
2011-08-03 10:33:13 -04:00
513711bf60
import sdb as well as closet
2011-08-02 22:42:56 -04:00
374e85f9d0
drop in redirect image url for urls blocked on petpages
2011-08-02 20:01:48 -04:00
8bf9872fbe
stop caching items#show for now due to Your Items module
2011-08-02 00:12:44 -04:00
ea7171b322
fix ambiguous item_link partial throwing errors in outfits#show
2011-07-31 23:45:57 -04:00
9422d5d8fe
remove redundancy on no hangers in a group
2011-07-31 23:35:57 -04:00
5f4cd9ddbf
new! tags to point to Your Items
2011-07-31 22:55:29 -04:00
ceeb59973d
move image mode faq to outfits#edit instead of userbar
2011-07-31 22:13:23 -04:00
071ba56ae9
public url on Your Items
2011-07-31 19:24:06 -04:00
90c9c8fe17
hide help for people who have used Your Items before
2011-07-31 19:04:21 -04:00
037cb1e95a
your items link on home
2011-07-31 18:45:53 -04:00
359356bcf3
better handle edge cases in petpages
2011-07-31 03:03:26 -04:00
1ac399cc7a
link to petpage exporter from Your Items
2011-07-31 02:58:45 -04:00
30096f6b0a
items petpage export
2011-07-31 02:52:19 -04:00
4f0e7899b7
Your Items intro text polishing
2011-07-31 00:59:29 -04:00
137aeac8d4
show traders on items#show
2011-07-31 00:19:28 -04:00
28c9d1b3d8
hide list description on drag-n-drop
2011-07-30 23:07:58 -04:00
b9700e3d7c
show owns/wanted items on somene elses items list
2011-07-30 23:03:43 -04:00
11b7ae74db
list visibility forms on Your Items
2011-07-30 22:47:06 -04:00
0c92bf5987
set list visibility in closet_lists#edit
2011-07-30 22:34:27 -04:00
34a4ef201a
privacy dropdowns moved to be more out of the way
2011-07-30 22:08:38 -04:00
0e522fa371
better handle list emptiness for drag-n-drop
2011-07-30 19:47:04 -04:00
75961abc17
privacy for unlisted hangers
2011-07-30 19:45:28 -04:00
9a7b13dc5d
drag and drop on Your Items <3
2011-07-30 13:40:41 -04:00
48ee765505
Your Items autocompleter is totally chill with moving items around to different lists
2011-07-29 23:26:48 -04:00
811d6df697
only show Add New List if user has permission
2011-07-29 13:29:32 -04:00
d893b0ab41
Your Items autocomplete supports lists
2011-07-29 11:25:17 -04:00
358840076c
closet lists, round one
2011-07-29 10:52:04 -04:00
b86ce67c02
first pass at closet lists, including form
2011-07-26 20:27:23 -04:00
605fb88046
move userbar contributions link to points, since user now has more public profiles
2011-07-26 18:57:44 -04:00
e6c419c7e0
give user paths a canonical tag
2011-07-26 18:56:14 -04:00
c592459d02
improve Your Items copy given the different groups
2011-07-26 18:41:15 -04:00
c3279f0512
keep track of the closet page we are importing, even if it errored out
2011-07-25 14:22:26 -04:00
2983849b1f
closet page importer also warns to log in in another window
2011-07-25 14:15:23 -04:00
6203caf186
Your Items autocompleter can add to both owned and wanted
2011-07-25 14:06:07 -04:00
7476314953
show/hide hints on Your Items headers
2011-07-22 18:06:46 -04:00
d9f94ae3fa
Your Items page aware of wanting items
2011-07-22 17:55:05 -04:00
12f5b28c94
wardrobe now works with owned/wanted
2011-07-22 17:06:21 -04:00
6d155ecaf1
show owned/wanted icons and search filters
2011-07-22 16:52:40 -04:00
85af53417b
distinguish between owning and wanting an item
2011-07-22 15:35:38 -04:00
01ba06b1b4
closet neopets username
2011-07-22 14:02:04 -04:00
8f646b4a10
closet importer gets back to your items link
2011-07-20 15:22:00 -04:00
c5103b6557
neomail link on closets
2011-07-20 15:16:22 -04:00
02ef70f749
simplify closet hangers view, replace user_is?(@user) with !public_perspective?
2011-07-20 12:39:18 -04:00
e0c00cc8ed
Your Items link on wardrobe
2011-07-17 17:52:40 -04:00
f2d6a454c5
explain user:owns on item search
2011-07-17 17:28:45 -04:00
884ad2d5b8
user:owns in item search
2011-07-17 17:24:29 -04:00
eac0d327f9
add items to closet via magic autocomplete
2011-07-16 01:09:04 -04:00
77818471c5
closet hangers page has nice remove button
2011-07-15 23:14:26 -04:00
eeb3fc3af9
closet hangers page gets serious ajax action
2011-07-15 22:52:53 -04:00
99e59a2f9b
oops. quantity form only shows on current user closet
2011-07-15 19:29:43 -04:00
437b1c052d
quantity form on your items page
2011-07-15 17:21:18 -04:00
d782108e00
items link in userbar
2011-07-15 16:59:22 -04:00
1fa9a48ad2
pretty quantities on hangers index
2011-07-15 16:59:15 -04:00