4d9e6b29b3
Previously, it was possible to generate a payment blob for a comment the user does not have permission to view (in a private subreddit or deleted) and then use the creditgild form to see the author and content of the comment. This adds a check to creditgild to ensure correct permissions at display time. This fixes an information disclosure vulnerability reported by Jordan Milne (/u/largenocream).
Greetings!
This is the primary codebase that powers reddit.com.
For notices about major changes and general discussion of reddit development, subscribe to the /r/redditdev and /r/changelog subreddits.
You can also chat with us via IRC in #reddit-dev on FreeNode.
Quickstart
To set up your own instance of reddit to develop with, we have a handy install script for Ubuntu that will automatically install and configure most of the stack.
Alternatively, refer to our Install Guide for instructions on setting up reddit from scratch. Many frequently asked questions regarding local reddit installs are covered in our FAQ.
APIs
To learn more about reddit's API, check out our automated API documentation and the API wiki page. Please use a unique User-Agent string and take care to abide by our API rules.
Happy hacking!