Used for Comment.add_props to see if user can reply to a comment.
That can be looked up if/when it's needed. Also used for
Builder.must_skip to check if the user can view but only if the
Subreddit is private, so also can be looked up when it's needed.
Don't retrieve data or thing_data in sgm miss function because that
is used only to lookup and cache (thing1_id, thing2_id, name): rel_id.
Also switch to using _byID_rel so we can actually honor the thing_data
and eager_load kwargs.
By knowing the ID36 of a link, it is possible to see its media embed
because the embed request is served off-domain and as a result can't
verify the user's cookie. To fix this, we add an authentication code to
the iframe URL for media embeds and require its presence for all embeds
in private subreddits.
This makes required the credentials which were added in an earlier
patch.
This fixes an information disclosure vulnerability reported by Jordan
Milne (/u/largenocream).
By knowing the ID36 of a link, it is possible to see its media embed
because the embed request is served off-domain and as a result can't
verify the user's cookie. To fix this, we add an authentication code to
the iframe URL for media embeds and require its presence for all embeds
in private subreddits.
This starts appending credentials to private subreddit embeds such that
when the latter half of the fix is deployed all apps are already
generating appropriate embed URLs.
This is part of a fix for an information disclosure vulnerability
reported by Jordan Milne (/u/largenocream).
Given the ID36, it was possible to get the title-slug and subreddit of a
submission in a private subreddit. This adds a missing permissions
check to fix that.
This fixes an information disclosure vulnerability reported by Jordan
Milne (/u/largenocream).
This makes it easier to avoid issues with running pre()
functions multiple times (multiply subclassing was causing
problems) and makes it so all resources are blocked from oauth
access unless explicitly enabled (instead of randomly allowing
access as a "logged out user" to endpoints that aren't part of
an OAuth2ResourceController)
Conflicts:
r2/r2/controllers/apiv1.py
r2/r2/controllers/oauth2.py
When in an OAuth context, decorated functions
will only be run if the context includes the designated
scope.
When not in an OAuth context, the function is run normally.
Allows token bearer to manipulate user flair, and
the flair of his submitted links
Give /api/setflairenabled "flair" scope
Give /api/flairselector "flair" scope
