mirror of
https://github.com/neocities/neocities.git
synced 2025-04-28 19:22:32 +02:00
activity feed: restrict csrf_token usage unless logged in to prevent cookie setting, remove the unused rack-cache
This commit is contained in:
Kyle Drake
parent
9479ca05d0
commit
e21e20b32e
9 changed files with 34 additions and 45 deletions
1
Gemfile
1
Gemfile
|
|
@ -18,7 +18,6 @@ gem 'sass', require: nil
|
||||||
gem 'dav4rack', git: 'https://github.com/neocities/dav4rack.git', ref: '1bf1975c613d4f14d00f1e70ce7e0bb9e2e6cd9b'
|
gem 'dav4rack', git: 'https://github.com/neocities/dav4rack.git', ref: '1bf1975c613d4f14d00f1e70ce7e0bb9e2e6cd9b'
|
||||||
gem 'filesize'
|
gem 'filesize'
|
||||||
gem 'thread'
|
gem 'thread'
|
||||||
gem 'rack-cache'
|
|
||||||
gem 'rest-client', require: 'rest_client'
|
gem 'rest-client', require: 'rest_client'
|
||||||
gem 'addressable', '>= 2.8.0', require: 'addressable/uri'
|
gem 'addressable', '>= 2.8.0', require: 'addressable/uri'
|
||||||
gem 'paypal-recurring', require: 'paypal/recurring'
|
gem 'paypal-recurring', require: 'paypal/recurring'
|
||||||
|
|
|
||||||
|
|
@ -266,8 +266,6 @@ GEM
|
||||||
nio4r (~> 2.0)
|
nio4r (~> 2.0)
|
||||||
racc (1.8.1)
|
racc (1.8.1)
|
||||||
rack (3.1.12)
|
rack (3.1.12)
|
||||||
rack-cache (1.17.0)
|
|
||||||
rack (>= 0.4)
|
|
||||||
rack-protection (4.1.1)
|
rack-protection (4.1.1)
|
||||||
base64 (>= 0.1.0)
|
base64 (>= 0.1.0)
|
||||||
logger (>= 1.6.0)
|
logger (>= 1.6.0)
|
||||||
|
|
@ -452,7 +450,6 @@ DEPENDENCIES
|
||||||
phonelib
|
phonelib
|
||||||
pry
|
pry
|
||||||
puma (< 7)
|
puma (< 7)
|
||||||
rack-cache
|
|
||||||
rack-test
|
rack-test
|
||||||
rack_session_access
|
rack_session_access
|
||||||
rake (>= 12.3.3)
|
rake (>= 12.3.3)
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,4 @@
|
||||||
get '/activity' do
|
get '/activity' do
|
||||||
#expires 7200, :public, :must_revalidate if self.class.production? # 2 hours
|
|
||||||
|
|
||||||
@page = params[:page] || 1
|
@page = params[:page] || 1
|
||||||
|
|
||||||
if params[:tag]
|
if params[:tag]
|
||||||
|
|
|
||||||
|
|
@ -75,7 +75,6 @@ end
|
||||||
|
|
||||||
get '/admin/stats' do
|
get '/admin/stats' do
|
||||||
require_admin
|
require_admin
|
||||||
# expires 14400, :public, :must_revalidate if self.class.production? # 4 hours
|
|
||||||
|
|
||||||
@stats = {
|
@stats = {
|
||||||
total_hosted_site_hits: DB['SELECT SUM(hits) FROM sites'].first[:sum],
|
total_hosted_site_hits: DB['SELECT SUM(hits) FROM sites'].first[:sum],
|
||||||
|
|
|
||||||
|
|
@ -6,11 +6,6 @@ require 'airbrake/sidekiq'
|
||||||
use Airbrake::Rack::Middleware
|
use Airbrake::Rack::Middleware
|
||||||
|
|
||||||
map('/') do
|
map('/') do
|
||||||
use(Rack::Cache,
|
|
||||||
verbose: false,
|
|
||||||
metastore: 'file:/tmp/neocitiesrackcache/meta',
|
|
||||||
entitystore: 'file:/tmp/neocitiesrackcache/body'
|
|
||||||
)
|
|
||||||
run Sinatra::Application
|
run Sinatra::Application
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -170,8 +170,6 @@
|
||||||
<%== erb :_pagination, layout: false %>
|
<%== erb :_pagination, layout: false %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<% if current_site %>
|
||||||
<%== erb :'_news_templates', layout: false %>
|
<%== erb :'_news_templates', layout: false %>
|
||||||
|
<% end %>
|
||||||
<script>
|
|
||||||
|
|
||||||
</script>
|
|
||||||
|
|
@ -20,6 +20,7 @@
|
||||||
<% end %>
|
<% end %>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<% if current_site %>
|
||||||
<div class="modal hide" id="deleteEvent<%= event.id %>" tabindex="-1" role="dialog" aria-labelledby="deleteEventLabel<%= event.id %>" aria-hidden="true">
|
<div class="modal hide" id="deleteEvent<%= event.id %>" tabindex="-1" role="dialog" aria-labelledby="deleteEventLabel<%= event.id %>" aria-hidden="true">
|
||||||
<div class="modal-header">
|
<div class="modal-header">
|
||||||
<button class="close" type="button" data-dismiss="modal" aria-hidden="true"><i class="fa fa-times"></i></button>
|
<button class="close" type="button" data-dismiss="modal" aria-hidden="true"><i class="fa fa-times"></i></button>
|
||||||
|
|
@ -35,3 +36,4 @@
|
||||||
<button type="submit" class="btn-Action" onclick="Event.delete(<%= event.id %>, '<%= csrf_token %>'); return false">Delete</button>
|
<button type="submit" class="btn-Action" onclick="Event.delete(<%= event.id %>, '<%= csrf_token %>'); return false">Delete</button>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<% end %>
|
||||||
|
|
@ -176,7 +176,7 @@
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
<% if signed_in? && current_site.is_admin %>
|
||||||
<script>
|
<script>
|
||||||
function banSite(usernames, classifier, el) {
|
function banSite(usernames, classifier, el) {
|
||||||
$.post('/admin/banhammer', {
|
$.post('/admin/banhammer', {
|
||||||
|
|
@ -189,3 +189,4 @@
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
</script>
|
</script>
|
||||||
|
<% end %>
|
||||||
Loading…
Add table
Reference in a new issue