github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-04-27 03:00:12 -04:00
Code Issues Packages Projects Releases Wiki Activity
4,011 Commits 1 Branch 0 Tags
3c49e94f97bbbedcd70e66f6ad4ecf8fa26d1bd5
Commit Graph

4011 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Keith Mitchell
3c49e94f97 Add app 'type' field to app create form 
This will allow for differing handling of permissions based
on application type.

* Web app: Web-hosted application. Can keep a client_secret

* Installed app: e.g., android app. Client secret is not so secret
See also: https://developers.google.com/accounts/docs/OAuth2InstalledApp

* Script: For simple scripts and bots. Client secret is assumed secret.
 2014-02-10 15:42:05 -08:00
Neil Williams
58c66fbbcf V*OrAdminSecret: check modhash if secret token not used. 
It is necessary to do this check in V*OrAdminSecret as we cannot (and
should not) require a modhash when the secret token is being used
because this would break API compatibility and isn't necessary.

This fixes two XSRF vulnerabilities reported by Jordan Milne
(/u/largenocream).
 2014-02-10 10:58:20 -08:00
Neil Williams
94d69f59ab Remove obsolete /api/frame and /api/noframe endpoints. 
These endpoints don't appear to have been used since
reddit/reddit@a07c576d1a and I have
verified via haproxy logs that they are not ever being called.

This fixes two XSRF vulnerabilities reported by Jordan Milne
(/u/largenocream).
 2014-02-10 10:58:20 -08:00
Neil Williams
1cbc59a1c5 Add some missing VModhash checks. 
This fixes nine XSRF vulnerabilities reported by Jordan Milne
(/u/largenocream).
 2014-02-10 10:58:20 -08:00
Brian Simpson
e27f7d3285 paypal subscription: cleanly exit on duplicate transactions. 2014-02-05 12:27:27 -05:00
Brian Simpson
0feb71228a Delete update_promos_q. 
A cron job is sufficient because promote.make_daily_promotions()
is all that needs to be run.
 2014-02-05 12:27:27 -05:00
Brian Simpson
9dff58335d Delete unused Link _saved and _hidden methods. 2014-02-05 12:27:27 -05:00
Brian Simpson
4082b76a24 Delete SaveHide. 2014-02-05 12:27:27 -05:00
Chad Birch
c9ab064c2a Gold purchase amount dropdowns: reduce choices 2014-02-05 12:27:27 -05:00
Brian Simpson
0a183a1ec2 _min_daily_pageviews_by_sr: get_time_points takes datetime arguments. 2014-02-05 12:22:51 -05:00
Brian Simpson
92eea5fe18 ipn: protect against exceptions raised by send_system_message. 
/u/reddit's inbox can get full.
 2014-02-05 12:22:51 -05:00
Brian Simpson
de11fbad59 IpnController: cleanly exit if payment_blob is locked. 
/u/reddit's inbox was full causing IpnController.finish to fail
on send_system_message, but after dishing out the gold. Temporarily
ignore "locked" payment_blobs.
 2014-02-05 12:22:46 -05:00
Chad Birch
bf246afa8d Gold: support buying and redeeming gift codes 2014-02-05 12:20:35 -05:00
Brian Simpson
3072b6e8f3 CoinbaseController: add support for discounted prices. 2014-02-05 12:20:31 -05:00
Neil Williams
e0cc4b1834 Fix reference to RTL stylesheets. 2014-02-04 10:36:31 -08:00
Keith Mitchell
4292e17004 OAuth2: Give /api/morechildren "read" scope 2014-02-03 17:04:21 -08:00
Keith Mitchell
c446ef23f3 /dev/api: Add short docstrings to wiki API endpoints 2014-02-03 17:04:13 -08:00
Keith Mitchell
5f75aa4f31 /dev/api: Correct wiki URLs 2014-02-03 17:04:06 -08:00
Keith Mitchell
5b75c402e2 Add OAuth2 scopes to WikiController endpoints 2014-02-03 17:03:56 -08:00
Keith Mitchell
ad3ffa0cef Remove route for non-existing /api/wiki/create 2014-02-03 17:03:41 -08:00
Keith Mitchell
5e1df19a62 /dev/api: Add missing wiki endpoints 2014-02-03 17:03:34 -08:00
Keith Mitchell
18050f2cb2 Add modwiki and wikiedit OAuth2 scopes 
modwiki: Perform moderator-level wiki actions
wikiedit: Edit wiki pages where you have permission to edit
 2014-02-03 17:03:28 -08:00
Keith Mitchell
3f5fdf6c92 Add "read" scope to /random 2014-02-03 17:03:21 -08:00
Neil Williams
6a1f1d7d29 thing: Make it possible to use different cache pools per type. 2014-02-03 11:05:31 -08:00
Neil Williams
0dad5e1ccd thing: Remove dead code. 2014-02-03 11:05:31 -08:00
Neil Williams
bc7b9382bb thing: Clean up imports. 2014-02-03 11:05:31 -08:00
Neil Williams
943a1c16d6 Get rid of r2.config.cache. 
It's just a strange alias for g.cache.
 2014-02-03 11:05:31 -08:00
Ricky Ramirez
8636f1be3e comment_tree: Double MAX_ITERATIONS. 2014-01-30 14:41:35 -08:00
Andre D
ca272316e2 toolbar: Fix embed for offsite subdomains like blog. 2014-01-30 13:23:02 -08:00
powerlanguage
49d25b7767 /rules: Fix broken link for child pornography definition. 2014-01-28 18:14:55 -08:00
Andre D
453a876b30 /contact: Add a link to /r/ideasfortheadmins. 2014-01-28 16:27:22 -08:00
Chad Birch
6934846b52 User page: add moderated subreddits to sidebar 2014-01-28 16:23:42 -08:00
Chad Birch
ea9cbe8c2e User about.json: return 404 for spam users 2014-01-28 16:23:37 -08:00
Neil Williams
7693869580 example.ini: Reorganize and document configuration options. 2014-01-28 13:56:19 -08:00
Neil Williams
b38412fc17 CSS Editor: add a gilded comment to the preview samples. 
This should make it a little easier to style gilded comments.

As requested by /u/Tiante in http://redd.it/1vw52s.
 2014-01-28 10:11:45 -08:00
Neil Williams
8395f24fc8 Add client-side code for websockets and add message types. 
Message types allow dispatch of different payload types to different
receivers.
 2014-01-27 15:12:25 -08:00
Keith Mitchell
0ac25c3608 Fix unicode issue in /s/ redirect 2014-01-27 12:05:38 -08:00
Keith Mitchell
088ca2894a minor import cleanup in toolbar.py 2014-01-27 12:05:30 -08:00
Keith Mitchell
cb692abe46 Remove one layer of redirection from /:urloid 2014-01-27 12:05:25 -08:00
Keith Mitchell
e8eb760079 Redirect /s/ to /submit or /tb/ 
Much code removed, as we no longer need to
handle /s/ generating toolbar views
 2014-01-27 12:05:19 -08:00
Keith Mitchell
53822fea07 Fix 'Disallow:' clause 2014-01-27 12:04:11 -08:00
Keith Mitchell
7c3d21ad02 Remove old restriction on msnbot 2014-01-27 12:04:03 -08:00
Keith Mitchell
dc6e320efc Disallow crawlers except on www.(g.domain) 2014-01-27 12:03:56 -08:00
Keith Mitchell
38264c8b6b Move robots.txt out of static 
Stage 1 of allowing dynamic robots.txt based
on subdomain, so we can disallow on non-www.
 2014-01-27 12:03:50 -08:00
Neil Williams
686f69a4b6 Remove old authorized_cnames configuration. 
CNAME support was removed a while ago, this was just cruft.
 2014-01-24 11:43:51 -08:00
Neil Williams
369c69a4a8 Remove unnecessary configuration of PNG/JPEG optimizer locations. 2014-01-24 11:43:51 -08:00
Neil Williams
b493c7f984 Remove pointless stylesheet filename configuration. 2014-01-24 11:43:51 -08:00
Neil Williams
fc22d687b1 Remove some unused configuration options. 2014-01-24 11:43:51 -08:00
Neil Williams
a681324228 Remove obviated workaround for babel bug. 
This bug is no longer an issue since we upgraded to Babel 1.3.
 2014-01-24 11:43:51 -08:00
shlurbee
cb01aafcfd Explore page settings. 
Adds checkboxes to control what kind of content appears in the explore tab.
 2014-01-24 11:11:23 -08:00