f56b544963
brought-to-you-by on items#show lists contributors
2012-10-24 22:09:05 -05:00
e9e7d305f0
retire neoitems links, replace with jn items links
2012-10-21 15:57:17 -05:00
5601511ad5
xss vulnerability in outfits#show
...
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!
http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
671641cc16
a more forgiving "type" search filter
2012-10-08 21:20:18 -05:00
775ef7fa51
finally fix encased in ice - woo!
2012-10-05 20:56:52 -05:00
9fcc1b244a
bug fix: pet importer no longer chokes when two pets wear the same item
2012-10-01 13:22:17 -05:00
ddec043209
support pea chia cape in infinite closet
2012-09-29 12:40:55 -05:00
270f8caa3d
remove sharing beta message - finally
2012-08-23 20:56:00 -05:00
7dfc6d81a2
add timeout to pet load
2012-08-11 18:47:25 -04:00
412c401c5f
better cache items#show
2012-08-10 00:02:11 -04:00
99669b8e4e
cache homepage latest contribution
2012-08-09 22:59:35 -04:00
f6d34841ec
cache newest items on homepage and items#index
2012-08-09 22:35:30 -04:00
1e3938eea9
improve closet performance by caching item link
2012-08-09 19:34:56 -04:00
4a69772cd2
remove N+1 queries on current user outfits page
2012-08-09 18:32:33 -04:00
5e89287537
durr, don't cache new items on the homepage
2012-08-08 23:05:32 -04:00
5cec28e29b
fix logout bug: stop caching authenticity_token fields
...
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.
So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c
modeling hub
2012-08-06 21:15:31 -04:00
2435c7f7e9
oh shoot, properly unlink outfit tempfiles now...
2012-08-01 21:30:22 -04:00
a6e4398e54
take homepage latest contribution and new items out of cache block - should probably cache them later, but, for now, meh
2012-08-01 15:11:08 -04:00
ca2dc56d43
Your Items is no longer "new", so remove all tags to that effect
2012-08-01 14:29:25 -04:00
9fb9542e0d
oops, fix syntax error on ruby 1.8.7
2012-08-01 13:47:15 -04:00
c2a0c5de74
new frontpage layout, yay
2012-08-01 13:34:54 -04:00
ae914a74d2
fix outfit thumbnail opacity on hover/active
2012-07-31 14:07:07 -04:00
82c4a8d4b4
on creating outfit image, skip broken images instead of throwing exception
2012-07-31 12:05:49 -04:00
2b88ce9b4b
use openneo-uploads bucket
2012-07-31 11:42:27 -04:00
ec40e6ae67
new outfit image filename: preview instead of thumb, one more partition level
2012-07-31 10:41:13 -04:00
c630cde66c
outfit thumbnails beta message
2012-07-31 10:21:20 -04:00
05acae3cb8
retroactively enqueue outfit images
2012-07-31 10:20:37 -04:00
54ca5881fe
add thumbnails to outfits#show via open graph
2012-07-29 16:45:12 -04:00
f8aacfba98
put a cog behind outfits whose thumbnails are enqueued
2012-07-29 16:07:18 -04:00
f5cf9aa13b
redesign outfits#index with thumbnails
2012-07-29 15:43:28 -04:00
bc4f172ae0
shift outfit thumbnails up slightly in the outfits tab to account for header
2012-07-28 19:19:13 -04:00
94ef0b6537
move padding on sidebar-content to sidebar-view for consistent behavior on fullscreen mode
2012-07-27 23:36:18 -04:00
42827362b6
optimize outfit image generation - 4x speed boost on my box
...
Use the ImageMagick flatten command to generate the output all at
once instead of compositing each layer individually, and download
the layers in parallel. On my box, saving roopal27 five times took
a total of 30 seconds before, whereas now it takes 7 seconds. I
expect it to be even better on the production box, where latency
is even lower.
2012-07-27 23:07:20 -04:00
28e44d0abd
set sidebar height properly on non-fullscreen mode
2012-07-27 03:31:30 -04:00
41f23fffac
add bottom padding to sidebar content for a cleaner scroll
2012-07-27 03:27:58 -04:00
76b9219bec
remove x-overflow on outfits-not-logged-in message on smaller viewports
2012-07-27 03:24:42 -04:00
249c493d25
beautiful outfits tab using thumbnails
2012-07-27 03:21:22 -04:00
374c7e6147
Sharing now fully supports saved outfits, not just shared ones
2012-07-26 23:47:22 -04:00
b02c95c2d9
pretty tab navigation for wardrobe sidebar
2012-07-25 19:02:23 -04:00
9ea7d5841e
slight update to sharing format selector style
2012-07-18 14:41:04 -04:00
b2eac2d1fd
sharing url formats
2012-07-17 16:14:05 -04:00
f5ab71dce5
sharing thumbnail
2012-07-17 14:42:31 -04:00
7b5856ebf9
basic sharing
...
Sharing pane works, everything is great for guests. Logged in
users are on the way, since right now Share Outfit re-saves
anonymously rather than showing sharing data for the existing
outfit.
2012-07-17 12:15:04 -04:00
cf2546d832
basic image thumbnails
2012-07-16 16:47:28 -04:00
7c015e2d88
carrierwave for asset swfs
2012-07-16 16:45:26 -04:00
5a5b5fffc7
outfit default url
2012-07-16 16:45:26 -04:00
220aca9311
outfit thumbnails initial commit
2012-07-16 16:45:26 -04:00
22cfff66e9
outfits now know their own visible assets
2012-07-16 16:40:07 -04:00
644fac99da
improve gender/mood sorting using new labels
2012-06-20 16:10:53 -04:00
6cdf1567f8
fix error loading lookups when given pet name has trailing spaces
2012-06-05 13:28:59 -04:00
b25b6e55b3
ignore errors loading gender/mood data
...
For example, the site was throwing a 500 error when loading pets
belonging to frozen users. Instead, we'll now rescue that
Neopets::User::AccountDisabledError and ignore it, since it's not
*vital* that we load gender/mood data from this pet; we can still
proceed to load its customization data without it.
2012-06-05 13:02:49 -04:00
a436362f26
Merge branch 'gender_mood'
2012-06-05 12:52:27 -04:00
71da64b47f
create /start/:species_name/:color_name route
2012-06-05 12:44:11 -04:00
b2a7e0a1d5
oops. accidentally used trading post url for auctions. fixed
2012-06-05 12:42:52 -04:00
4451800e42
added shop wiz, etc., links to NP item show page
2012-05-23 20:09:35 -04:00
c2c6a800f2
track pet state gender/mood
2012-05-23 20:00:38 -04:00
4e7e98beca
use Neopets::User for username-based closet imports
2012-05-21 12:48:19 -04:00
63f503e7a4
keep copyright year up to date
2012-05-15 13:52:15 -05:00
e3b0a5e2d7
fix bug on closet_hangers#destroy in html format
2012-04-08 17:04:44 -05:00
f3d64840d6
filter lists on petpage export
2012-04-08 15:59:51 -05:00
5218b43df4
fix petpage export item name filtering
...
The "Abominable Snowball Winter Onesie" can get blocked for including the string " On".
So, we meant to filter that to " O<b></b>n" so that the filter wouldn't return that false
positive on an XSS attempt, but were accidentally filtering it to " o<b></b&;gtn".
Fixed :)
2012-04-08 14:53:26 -05:00
c46d7ae2c0
fix petpage export styles
...
thumbnails were right-aligned when they really shouldn't have been
2012-04-08 14:50:50 -05:00
b04c5db98a
add ajax auth for closet_hangers#index
2012-03-23 16:59:23 -05:00
99a7558dd9
update items#show style
2012-03-23 16:48:00 -05:00
7d0edbf23c
closet_hangers#destroy now tied to hanger ID, not item
2012-03-23 16:25:10 -05:00
44156c5b21
can now have the same item in more than one list
2012-03-23 16:25:10 -05:00
7795119a8c
fix gender/emotion states with corridor of chance effects sorting to the front
...
So it turns out this was just one of those things I forgot to fix
the big database restructure came along: we were comparing
swf_asset.remote_id against parents_swf_assets.swf_asset_id, which
are two different identifiers entirely. Now using swf_asset.id,
so fixed :)
2012-03-15 17:01:21 -05:00
baae0c9954
fix bug where some pet states would also show many items on top of them
...
At first I thought this was an error in the data migration process when moving SWF assets
to having their own unique IDs, but then realized that the query for a pet state's SWFs
didn't include the (parent_type = 'Item') condition. Oops. Turns out, I only connected the
items to parent_swf_asset_relationships polymorphically. Pet states were still doing it the
hackish way. Set the pet states to use the lovely polymorphic relationship and we're good
to go.
2012-02-21 13:25:11 -06:00
4d314417e2
fix parent-swf-asset-relationship destruction bug
...
After changing the database structure, we lost the feature where, once we discover
new assets for an item for a given body ID, we disconnect previously connected
assets. This commit reinstates that feature.
2012-01-26 13:51:30 -06:00
19e854b6f8
oops, remove maintenance message
2012-01-26 13:30:12 -06:00
abcf70a0c4
fix issue with csrf_param in wardrobe ajax
...
Due to a silly slip-up involving Javascript object literal syntax, we were
sending {csrf_param: "token"} instead of {authenticity_token: "token"} with
wardrobe AJAX requests. This would cause users to be auto-logged-out for
failing to provide a proper token. Oops.
2012-01-14 12:35:05 -06:00
686d6560c4
specify size on image download
2012-01-13 19:37:56 -06:00
4566bca906
another attempt to fix pet state rel autosave
2012-01-13 16:11:44 -06:00
bcb5644b12
stop autosaving biology swf rels
2012-01-13 16:02:14 -06:00
ec3088fdec
ensure that pet state is saved before trying to save its assets
2012-01-13 15:56:31 -06:00
171d691a98
fix nc mall spider for remote ID
2012-01-13 15:27:30 -06:00
ec9e997ac5
fix user:owns id ambiguity
2012-01-13 15:20:47 -06:00
d335c2e677
properly handle search error in rails 3.0.5
2012-01-13 15:10:25 -06:00
9c0c7b78cf
another oops, better fix
2012-01-12 22:02:12 -06:00
c2c0fe92e8
oops, be consistent in using remote ID when loading pets
2012-01-12 21:47:17 -06:00
696b2aedaf
give SWFs real, unique ID numbers
...
Lots of scary bugs were being caused by the fact that the possibly-duplicate Neopets ID
was being treated as an SWF's real primary key, meaning that a save meant for object swf
number 123 could be saved to biology swf number 123. Which is awful.
This update gives SWFs their own unique internal ID numbers. All external lookups still use
the remote ID and the type, meaning that the client side remains totally unchanged (phew).
However, all database relationships with SWFs use the new ID numbers, making everything
cleaner. Yay.
There are probably a few places where it would be appropriate to optimize certain lookups
that still depend on remote ID and type. Whatever. Today's goal was to remove crazy
glitches that have been floating around like mad. And I think that goal has been met.
2012-01-12 17:17:59 -06:00
cc23f7435b
automatically rezone bio
2011-10-31 16:22:24 -05:00
f7723ac1c8
automatically rezone items
2011-10-23 14:09:53 -05:00
70cf262387
remove campaign banner from most pages
2011-10-10 22:06:46 -05:00
df62e3540f
copyright 2011
2011-10-10 21:56:12 -05:00
285c7858c0
app can now load environment even if schema not yet loaded
2011-09-06 11:15:09 -05:00
b50b9d237d
allow broken image resubmits after 1hr
2011-08-07 20:43:42 -04:00
09fcc7fa4b
remove timer donation request on outfits#edit
2011-08-07 19:57:11 -04:00
c930397123
edit campaign copy now that image mode is public
2011-08-07 19:52:35 -04:00
0e56de4148
image mode is now public
2011-08-07 19:52:11 -04:00
04ec18b196
update image mode faq for public release
2011-08-07 19:27:01 -04:00
7358aae680
report broken images
2011-08-07 18:23:44 -04:00
564ba9bdd9
js part of reporting broken images
2011-08-07 17:24:54 -04:00
4e74589118
privacy bug: would show hangers even in private lists as Trading if unlisted hangers were marked Trading
2011-08-06 23:15:32 -04:00
4c510f91db
search by username
2011-08-05 11:28:11 -04:00
f9de777c79
update campaign: upgrade complete
2011-08-05 00:12:17 -04:00
0906e49a72
update campaign progress to say we have exceeded our goal
2011-08-04 15:34:28 -04:00
ea4564569b
show own/want on new items
2011-08-04 10:33:35 -04:00
5d3343bd6c
show twice as many new items
2011-08-04 10:30:00 -04:00
163d74fe07
donate update, campaign complete
2011-08-04 10:25:57 -04:00
a4feee89b5
allow the new items migration to run. sigh
2011-08-04 10:04:15 -04:00
d99a1ad792
newest items
2011-08-04 10:01:44 -04:00
b939c7fce6
Merge branch 'closet'
2011-08-03 11:35:07 -04:00
2398f34071
import items from pets
2011-08-03 11:35:06 -04:00
c2648c5343
Merge branch 'closet'
2011-08-03 10:33:21 -04:00
bad1eb13a5
compare Your Items to someone elses list
2011-08-03 10:33:13 -04:00
63bc0067c0
user#assign_closeted_to_items! now assigns when there are duplicates
2011-08-03 10:18:03 -04:00
2dd6586ea6
Merge branch 'closet'
2011-08-02 22:42:59 -04:00
513711bf60
import sdb as well as closet
2011-08-02 22:42:56 -04:00
92b4d456af
Merge branch 'closet'
2011-08-02 20:01:55 -04:00
374e85f9d0
drop in redirect image url for urls blocked on petpages
2011-08-02 20:01:48 -04:00
231521f14e
Merge branch 'closet'
2011-08-02 00:12:48 -04:00
8bf9872fbe
stop caching items#show for now due to Your Items module
2011-08-02 00:12:44 -04:00
fed5ccb7fb
Merge branch 'closet'
2011-08-01 00:00:40 -04:00
be5bdb1eec
handle search errors better in wardrobe
2011-08-01 00:00:39 -04:00
2f0b0743e8
throw a search error on user:owns when user owns no items
2011-07-31 23:50:33 -04:00
ea7171b322
fix ambiguous item_link partial throwing errors in outfits#show
2011-07-31 23:45:57 -04:00
551307c3b5
Merge branch 'closet'
2011-07-31 23:35:59 -04:00
9422d5d8fe
remove redundancy on no hangers in a group
2011-07-31 23:35:57 -04:00
f6ed50a62f
Merge branch 'closet'
2011-07-31 23:05:26 -04:00
5f4cd9ddbf
new! tags to point to Your Items
2011-07-31 22:55:29 -04:00
dacfc99ce7
allow your_items_path to be cached on home
2011-07-31 22:17:59 -04:00
ceeb59973d
move image mode faq to outfits#edit instead of userbar
2011-07-31 22:13:23 -04:00
071ba56ae9
public url on Your Items
2011-07-31 19:24:06 -04:00
e3cfe9e16c
redecorate neomail Your Items link
2011-07-31 19:14:55 -04:00
90c9c8fe17
hide help for people who have used Your Items before
2011-07-31 19:04:21 -04:00
037cb1e95a
your items link on home
2011-07-31 18:45:53 -04:00
359356bcf3
better handle edge cases in petpages
2011-07-31 03:03:26 -04:00
1ac399cc7a
link to petpage exporter from Your Items
2011-07-31 02:58:45 -04:00
30096f6b0a
items petpage export
2011-07-31 02:52:19 -04:00
4f0e7899b7
Your Items intro text polishing
2011-07-31 00:59:29 -04:00
2dd280c450
grammar fix on closet list deletion confirmation
2011-07-31 00:22:36 -04:00
137aeac8d4
show traders on items#show
2011-07-31 00:19:28 -04:00
28c9d1b3d8
hide list description on drag-n-drop
2011-07-30 23:07:58 -04:00
b9700e3d7c
show owns/wanted items on somene elses items list
2011-07-30 23:03:43 -04:00
11b7ae74db
list visibility forms on Your Items
2011-07-30 22:47:06 -04:00
0c92bf5987
set list visibility in closet_lists#edit
2011-07-30 22:34:27 -04:00
ad45d755da
visibility form submit is a context button
2011-07-30 22:17:42 -04:00
23250be384
hide visibility form when drag-n-dropping
2011-07-30 22:13:48 -04:00
34a4ef201a
privacy dropdowns moved to be more out of the way
2011-07-30 22:08:38 -04:00
0e522fa371
better handle list emptiness for drag-n-drop
2011-07-30 19:47:04 -04:00
bbb4e02b75
bug fix for floats on closet_lists#edit
2011-07-30 19:45:49 -04:00
75961abc17
privacy for unlisted hangers
2011-07-30 19:45:28 -04:00
9a7b13dc5d
drag and drop on Your Items <3
2011-07-30 13:40:41 -04:00
48ee765505
Your Items autocompleter is totally chill with moving items around to different lists
2011-07-29 23:26:48 -04:00
c76c261444
validate that closet hanger list belongs to the same user
2011-07-29 13:47:01 -04:00
811d6df697
only show Add New List if user has permission
2011-07-29 13:29:32 -04:00
d893b0ab41
Your Items autocomplete supports lists
2011-07-29 11:25:17 -04:00
358840076c
closet lists, round one
2011-07-29 10:52:04 -04:00