Commit graph

675 commits

Author SHA1 Message Date
df5c7fe3d4 security upgrade to rails 3.0.19 2013-01-08 20:39:44 -06:00
1571a10500 shoot, included in the wrong spot. this is rspec issue hard to test :( 2013-01-02 23:58:25 -05:00
b6f1b73738 fix(?) rake issues in production when rspec is missing 2013-01-02 23:56:44 -05:00
202f1dc527 update Rakefile and tasks to match new version of rake 2013-01-02 23:40:37 -05:00
9701221035 wardrobe now considers item.species_support_ids when deciding compatibility
For example, the Meerca Maid Tray is a foreground item, so the SWF is marked
as compatible with all body types, but the item itself is clearly marked as
Meercas-only. items#show reflected this properly, but the swf_assets#index
call that the wardrobe uses ignored item.species_support_ids.

So, /bodies/:body_id/swf_assets.json?item_ids[]=... was deprecated in favor
of /pet_types/:pet_type_id/items/swf_assets.json?item_ids=[]..., which is
much like the former route but, before loading assets, also loads the pet
type and items, then filters the items by compatibility, then only loads
assets for the compatible items.
2013-01-02 23:15:32 -05:00
86b58a0a35 upgrade to rails 3.0.18 - only patch upgrades, no API changes 2013-01-02 22:44:24 -05:00
45524c3d69 newrelic_rpm security upgrade 2012-12-06 14:13:04 -06:00
339a730779 timeout on background jobs 2012-11-04 12:01:03 -06:00
07f49307f1 a few tweaks to items#show contributors appearance 2012-10-24 22:16:01 -05:00
f56b544963 brought-to-you-by on items#show lists contributors 2012-10-24 22:09:05 -05:00
e9e7d305f0 retire neoitems links, replace with jn items links 2012-10-21 15:57:17 -05:00
5601511ad5 xss vulnerability in outfits#show
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!

http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
671641cc16 a more forgiving "type" search filter 2012-10-08 21:20:18 -05:00
775ef7fa51 finally fix encased in ice - woo! 2012-10-05 20:56:52 -05:00
9fcc1b244a bug fix: pet importer no longer chokes when two pets wear the same item 2012-10-01 13:22:17 -05:00
2016216d42 stricter timeout on neopets gateway requests 2012-09-29 14:02:11 -05:00
ddec043209 support pea chia cape in infinite closet 2012-09-29 12:40:55 -05:00
eb0ad25c93 add color Dimensional 2012-09-24 18:31:27 -05:00
270f8caa3d remove sharing beta message - finally 2012-08-23 20:56:00 -05:00
7dfc6d81a2 add timeout to pet load 2012-08-11 18:47:25 -04:00
412c401c5f better cache items#show 2012-08-10 00:02:11 -04:00
99669b8e4e cache homepage latest contribution 2012-08-09 22:59:35 -04:00
f6d34841ec cache newest items on homepage and items#index 2012-08-09 22:35:30 -04:00
1e3938eea9 improve closet performance by caching item link 2012-08-09 19:34:56 -04:00
4a69772cd2 remove N+1 queries on current user outfits page 2012-08-09 18:32:33 -04:00
5e89287537 durr, don't cache new items on the homepage 2012-08-08 23:05:32 -04:00
50de2ed36f add color Stealthy 2012-08-07 19:43:09 -04:00
5cec28e29b fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c modeling hub 2012-08-06 21:15:31 -04:00
2435c7f7e9 oh shoot, properly unlink outfit tempfiles now... 2012-08-01 21:30:22 -04:00
a6e4398e54 take homepage latest contribution and new items out of cache block - should probably cache them later, but, for now, meh 2012-08-01 15:11:08 -04:00
ca2dc56d43 Your Items is no longer "new", so remove all tags to that effect 2012-08-01 14:29:25 -04:00
9fb9542e0d oops, fix syntax error on ruby 1.8.7 2012-08-01 13:47:15 -04:00
c2a0c5de74 new frontpage layout, yay 2012-08-01 13:34:54 -04:00
4693d1480f Merge branch 'outfit_thumbnails' 2012-07-31 14:10:57 -04:00
ae914a74d2 fix outfit thumbnail opacity on hover/active 2012-07-31 14:07:07 -04:00
0d02e05624 Merge branch 'outfit_thumbnails' 2012-07-31 12:05:54 -04:00
82c4a8d4b4 on creating outfit image, skip broken images instead of throwing exception 2012-07-31 12:05:49 -04:00
8a67f10952 Merge branch 'outfit_thumbnails' 2012-07-31 11:42:38 -04:00
2b88ce9b4b use openneo-uploads bucket 2012-07-31 11:42:27 -04:00
d2d6bb7fd5 use proper absolute url for image urls 2012-07-31 11:34:28 -04:00
38a9e620c4 Merge branch 'outfit_thumbnails' 2012-07-31 11:21:28 -04:00
4dd2bc9549 fix some outfits list bugs
I think I got the 0-width bug where the outfit never expands beyond
0px width, and there were also some issues with the fact that
image subscriptions pointed to the current outfit object, even
after that object had changed identity, so now we re-fetch from
the cache by ID.
2012-07-31 11:14:32 -04:00
ec40e6ae67 new outfit image filename: preview instead of thumb, one more partition level 2012-07-31 10:41:13 -04:00
c630cde66c outfit thumbnails beta message 2012-07-31 10:21:20 -04:00
05acae3cb8 retroactively enqueue outfit images 2012-07-31 10:20:37 -04:00
54ca5881fe add thumbnails to outfits#show via open graph 2012-07-29 16:45:12 -04:00
f8aacfba98 put a cog behind outfits whose thumbnails are enqueued 2012-07-29 16:07:18 -04:00
f5cf9aa13b redesign outfits#index with thumbnails 2012-07-29 15:43:28 -04:00
bc4f172ae0 shift outfit thumbnails up slightly in the outfits tab to account for header 2012-07-28 19:19:13 -04:00