1
0
Fork 0
forked from OpenNeo/impress
Commit graph

213 commits

Author SHA1 Message Date
e9e7d305f0 retire neoitems links, replace with jn items links 2012-10-21 15:57:17 -05:00
5601511ad5 xss vulnerability in outfits#show
This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!

http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00
270f8caa3d remove sharing beta message - finally 2012-08-23 20:56:00 -05:00
412c401c5f better cache items#show 2012-08-10 00:02:11 -04:00
99669b8e4e cache homepage latest contribution 2012-08-09 22:59:35 -04:00
f6d34841ec cache newest items on homepage and items#index 2012-08-09 22:35:30 -04:00
1e3938eea9 improve closet performance by caching item link 2012-08-09 19:34:56 -04:00
5e89287537 durr, don't cache new items on the homepage 2012-08-08 23:05:32 -04:00
5cec28e29b fix logout bug: stop caching authenticity_token fields
Many forms on the site contain a hidden authenticity_token field,
unique to each visitory. If a user submits a request with an
invalid authenticity_token, Rails assumes that it's a CSRF attempt
and logs out the user. So, if we happen to cache those forms with
authenticity_token fields, all users who use that form will have
the same authenticity_token (valid for only the first user who
saw the form, invalid for everyone else), and all requests made
through that form will log out the user. Bad news.

So, we stopped caching those forms. Yay!
2012-08-07 17:32:51 -04:00
72237f225c modeling hub 2012-08-06 21:15:31 -04:00
a6e4398e54 take homepage latest contribution and new items out of cache block - should probably cache them later, but, for now, meh 2012-08-01 15:11:08 -04:00
c2a0c5de74 new frontpage layout, yay 2012-08-01 13:34:54 -04:00
c630cde66c outfit thumbnails beta message 2012-07-31 10:21:20 -04:00
54ca5881fe add thumbnails to outfits#show via open graph 2012-07-29 16:45:12 -04:00
f8aacfba98 put a cog behind outfits whose thumbnails are enqueued 2012-07-29 16:07:18 -04:00
f5cf9aa13b redesign outfits#index with thumbnails 2012-07-29 15:43:28 -04:00
249c493d25 beautiful outfits tab using thumbnails 2012-07-27 03:21:22 -04:00
b02c95c2d9 pretty tab navigation for wardrobe sidebar 2012-07-25 19:02:23 -04:00
b2eac2d1fd sharing url formats 2012-07-17 16:14:05 -04:00
f5ab71dce5 sharing thumbnail 2012-07-17 14:42:31 -04:00
7b5856ebf9 basic sharing
Sharing pane works, everything is great for guests. Logged in
users are on the way, since right now Share Outfit re-saves
anonymously rather than showing sharing data for the existing
outfit.
2012-07-17 12:15:04 -04:00
7c015e2d88 carrierwave for asset swfs 2012-07-16 16:45:26 -04:00
c7c8f3a78e oops. accidentally used trading post url for auctions. fixed 2012-05-23 20:12:17 -04:00
4451800e42 added shop wiz, etc., links to NP item show page 2012-05-23 20:09:35 -04:00
63f503e7a4 keep copyright year up to date 2012-05-15 13:52:15 -05:00
f3d64840d6 filter lists on petpage export 2012-04-08 15:59:51 -05:00
c46d7ae2c0 fix petpage export styles
thumbnails were right-aligned when they really shouldn't have been
2012-04-08 14:50:50 -05:00
b04c5db98a add ajax auth for closet_hangers#index 2012-03-23 16:59:23 -05:00
99a7558dd9 update items#show style 2012-03-23 16:48:00 -05:00
7d0edbf23c closet_hangers#destroy now tied to hanger ID, not item 2012-03-23 16:25:10 -05:00
44156c5b21 can now have the same item in more than one list 2012-03-23 16:25:10 -05:00
19e854b6f8 oops, remove maintenance message 2012-01-26 13:30:12 -06:00
686d6560c4 specify size on image download 2012-01-13 19:37:56 -06:00
696b2aedaf give SWFs real, unique ID numbers
Lots of scary bugs were being caused by the fact that the possibly-duplicate Neopets ID
was being treated as an SWF's real primary key, meaning that a save meant for object swf
number 123 could be saved to biology swf number 123. Which is awful.

This update gives SWFs their own unique internal ID numbers. All external lookups still use
the remote ID and the type, meaning that the client side remains totally unchanged (phew).
However, all database relationships with SWFs use the new ID numbers, making everything
cleaner. Yay.

There are probably a few places where it would be appropriate to optimize certain lookups
that still depend on remote ID and type. Whatever. Today's goal was to remove crazy
glitches that have been floating around like mad. And I think that goal has been met.
2012-01-12 17:17:59 -06:00
70cf262387 remove campaign banner from most pages 2011-10-10 22:06:46 -05:00
df62e3540f copyright 2011 2011-10-10 21:56:12 -05:00
09fcc7fa4b remove timer donation request on outfits#edit 2011-08-07 19:57:11 -04:00
c930397123 edit campaign copy now that image mode is public 2011-08-07 19:52:35 -04:00
04ec18b196 update image mode faq for public release 2011-08-07 19:27:01 -04:00
7358aae680 report broken images 2011-08-07 18:23:44 -04:00
564ba9bdd9 js part of reporting broken images 2011-08-07 17:24:54 -04:00
4c510f91db search by username 2011-08-05 11:28:11 -04:00
f9de777c79 update campaign: upgrade complete 2011-08-05 00:12:17 -04:00
0906e49a72 update campaign progress to say we have exceeded our goal 2011-08-04 15:34:28 -04:00
163d74fe07 donate update, campaign complete 2011-08-04 10:25:57 -04:00
d99a1ad792 newest items 2011-08-04 10:01:44 -04:00
2398f34071 import items from pets 2011-08-03 11:35:06 -04:00
bad1eb13a5 compare Your Items to someone elses list 2011-08-03 10:33:13 -04:00
513711bf60 import sdb as well as closet 2011-08-02 22:42:56 -04:00
374e85f9d0 drop in redirect image url for urls blocked on petpages 2011-08-02 20:01:48 -04:00