Commit graph

964 commits

Author SHA1 Message Date
5601511ad5 xss vulnerability in outfits#show
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!

http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
671641cc16 a more forgiving "type" search filter 2012-10-08 21:20:18 -05:00
775ef7fa51 finally fix encased in ice - woo! 2012-10-05 20:56:52 -05:00
9fcc1b244a bug fix: pet importer no longer chokes when two pets wear the same item 2012-10-01 13:22:17 -05:00
2016216d42 stricter timeout on neopets gateway requests 2012-09-29 14:02:11 -05:00
ddec043209 support pea chia cape in infinite closet 2012-09-29 12:40:55 -05:00
eb0ad25c93 add color Dimensional 2012-09-24 18:31:27 -05:00
270f8caa3d remove sharing beta message - finally 2012-08-23 20:56:00 -05:00
7dfc6d81a2 add timeout to pet load 2012-08-11 18:47:25 -04:00
412c401c5f better cache items#show 2012-08-10 00:02:11 -04:00
99669b8e4e cache homepage latest contribution 2012-08-09 22:59:35 -04:00
f6d34841ec cache newest items on homepage and items#index 2012-08-09 22:35:30 -04:00
1e3938eea9 improve closet performance by caching item link 2012-08-09 19:34:56 -04:00
4a69772cd2 remove N+1 queries on current user outfits page 2012-08-09 18:32:33 -04:00
5e89287537 durr, don't cache new items on the homepage 2012-08-08 23:05:32 -04:00
50de2ed36f add color Stealthy 2012-08-07 19:43:09 -04:00
5cec28e29b fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c modeling hub 2012-08-06 21:15:31 -04:00
2435c7f7e9 oh shoot, properly unlink outfit tempfiles now... 2012-08-01 21:30:22 -04:00
a6e4398e54 take homepage latest contribution and new items out of cache block - should probably cache them later, but, for now, meh 2012-08-01 15:11:08 -04:00
ca2dc56d43 Your Items is no longer "new", so remove all tags to that effect 2012-08-01 14:29:25 -04:00
9fb9542e0d oops, fix syntax error on ruby 1.8.7 2012-08-01 13:47:15 -04:00
c2a0c5de74 new frontpage layout, yay 2012-08-01 13:34:54 -04:00
4693d1480f Merge branch 'outfit_thumbnails' 2012-07-31 14:10:57 -04:00
ae914a74d2 fix outfit thumbnail opacity on hover/active 2012-07-31 14:07:07 -04:00
0d02e05624 Merge branch 'outfit_thumbnails' 2012-07-31 12:05:54 -04:00
82c4a8d4b4 on creating outfit image, skip broken images instead of throwing exception 2012-07-31 12:05:49 -04:00
8a67f10952 Merge branch 'outfit_thumbnails' 2012-07-31 11:42:38 -04:00
2b88ce9b4b use openneo-uploads bucket 2012-07-31 11:42:27 -04:00
d2d6bb7fd5 use proper absolute url for image urls 2012-07-31 11:34:28 -04:00
38a9e620c4 Merge branch 'outfit_thumbnails' 2012-07-31 11:21:28 -04:00
4dd2bc9549 fix some outfits list bugs
I think I got the 0-width bug where the outfit never expands beyond
0px width, and there were also some issues with the fact that
image subscriptions pointed to the current outfit object, even
after that object had changed identity, so now we re-fetch from
the cache by ID.
2012-07-31 11:14:32 -04:00
ec40e6ae67 new outfit image filename: preview instead of thumb, one more partition level 2012-07-31 10:41:13 -04:00
c630cde66c outfit thumbnails beta message 2012-07-31 10:21:20 -04:00
05acae3cb8 retroactively enqueue outfit images 2012-07-31 10:20:37 -04:00
54ca5881fe add thumbnails to outfits#show via open graph 2012-07-29 16:45:12 -04:00
f8aacfba98 put a cog behind outfits whose thumbnails are enqueued 2012-07-29 16:07:18 -04:00
f5cf9aa13b redesign outfits#index with thumbnails 2012-07-29 15:43:28 -04:00
bc4f172ae0 shift outfit thumbnails up slightly in the outfits tab to account for header 2012-07-28 19:19:13 -04:00
94ef0b6537 move padding on sidebar-content to sidebar-view for consistent behavior on fullscreen mode 2012-07-27 23:36:18 -04:00
5f48dd0f0e image subscriptions was not always properly unsubscribing; fixed 2012-07-27 23:34:19 -04:00
42827362b6 optimize outfit image generation - 4x speed boost on my box
Use the ImageMagick flatten command to generate the output all at
once instead of compositing each layer individually, and download
the layers in parallel. On my box, saving roopal27 five times took
a total of 30 seconds before, whereas now it takes 7 seconds. I
expect it to be even better on the production box, where latency
is even lower.
2012-07-27 23:07:20 -04:00
28e44d0abd set sidebar height properly on non-fullscreen mode 2012-07-27 03:31:30 -04:00
41f23fffac add bottom padding to sidebar content for a cleaner scroll 2012-07-27 03:27:58 -04:00
76b9219bec remove x-overflow on outfits-not-logged-in message on smaller viewports 2012-07-27 03:24:42 -04:00
249c493d25 beautiful outfits tab using thumbnails 2012-07-27 03:21:22 -04:00
374c7e6147 Sharing now fully supports saved outfits, not just shared ones 2012-07-26 23:47:22 -04:00
b02c95c2d9 pretty tab navigation for wardrobe sidebar 2012-07-25 19:02:23 -04:00
0633f6012a fix cron job scheduler 2012-07-24 12:05:34 -04:00
9ea7d5841e slight update to sharing format selector style 2012-07-18 14:41:04 -04:00