This takes our current config payload from 4700 bytes to 1700. The goal
is to reduce zookeeper network load during config changes as well as app
restarts during deploys.
* Large chunks of code related to (X)HTML validation have been moved to
`r2.lib.souptest`
* Moved from a SAX-based validator to iterating over every node in
the document fragment. This was done for performance reasons, and
because lxml doesn't expose comments via its SAX interface unless
you use Python 3
* We now raise a descriptive exception if we didn't recognize an entity,
and return a 400 in the validator rather than raising the exception
up the chain
* Fixed a few filter bypasses: using CDATA sections, conditional
comments, and processing instructions.
* Added unit tests to ensure future souptest changes don't introduce
security issues
This goes hand-in-hand with https://github.com/reddit/snudown/pull/61
to reduce the number of spurious `SyntaxError`s that end up in the
applogs.
Through the power of code reading and the Python REPL, we now have a little bit
more documentation on `link_comments_and_sort()` and its helper functions.
This updates some multi endpoints to allow for passing in or using
"display_name" instead of a multi path when creating a new multi. In such
a case, the display_name will be converted into a "slug" for the multi (a
string valid for use as a multi name), and that slug will be used.
This affects:
* POST /api/multi/
* POST /api/multi/rename
* POST /api/multi/copy
(PUT /api/multi/{path} is not affected, as it requires the caller to have
a slug in mind already for an existing or new multi)
This allows setting (via live config) minimum age and karma requirements
to be able to create a subreddit. The age requirement and at least one
of the karma requirements must be met. A hook was added as well for
potential private-code use.
This allows the minimum amount of karma needed to be exempt from the
captcha to be modified via live config. In addition, it adds the
ability to set a comment karma minimum, where previously it was required
to get link karma in order to be exempt from the captcha.
A hook has also been added to the function for private-code purposes.
The gold-button submits the form at the same time that setGildingProperties is
called, so this disables the submit function and manually calls submit for
buttons that have a form parent (creddits and PayPal). This should prevent the
locked payment blob errors.
This adds in two redirects - `event_click` and `event_redirect` - `event_click`
to allow appending in a user ID to an event before redirect, if we require one,
and `event_redirect` to service a local evented redirect, similar to ad clicks.
`event_click` is necessary for tracking clicks from users on embeds, which are
served via redditmedia, and therefore are always anonymous. When a user clicks
through, we want to know who they were and redirect them on their way. Because
of the way we're using nginx to store events as an access log right now, this
means we'll need to use two redirects: one to append the session ID and
another to store the event with the proper session ID.
If the tracker URL isn't configured, we shouldn't include the header in
the response. This uses the same criteria (truthiness of g.tracker_url)
as the templates to determine whether or not to include the URL.
New subreddit fields for mobile, hidden behind feature flag.
Basic functionality with limited validation.
* community rules - list, no markdown
* related subreddits - list, no markdown
* key color - hex color
These fields are optional for `/api/site_admin`.
Upload and delete endpoints for new mobile subreddit icon and banner.
* icon - square, exactly 240x240px
* banner - 16:9 aspect ratio, min 640x360px, max 1280x720px
Users that have gold (or gold charter status) will be able to create and access
gold_only subreddits. Mods will be able to access gold_only status regardless of
their gold status. Approved submitters will not be able to access these subreddits.
To have a gold only subreddit, it must be created as gold only by a gold user or
have admin mode to convert it to gold only (requested via modmail to /r/reddit.com.
There is a default style (gold-only) applied to each gold_only subreddit.
Mods can choose to hide the sidebar adbox for gold-only subreddits. A "reddit gold"
('/subreddits/gold') tab is in '/subreddits' so that gold users can see all of the
gold only subreddits.
Being added as an approved submitter in gold_only and employee_only subreddits
don't allow you to see the subreddit. This will remove the link and ability to
edit the approved submitters so as to not confuse the mods.
