![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
james_davis_nicoll) wrote2026-02-13 09:10 am
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: 27bf64affee672e39f361826ab22fa37d9d34a06 https://github.com/dreamwidth/dreamwidth/commit/27bf64affee672e39f361826ab22fa37d9d34a06 Author: Mark Smith mark@dreamwidth.org Date: 2026-02-12 (Thu, 12 Feb 2026)
Changed paths: M cgi-bin/Apache/LiveJournal.pm M cgi-bin/Plack/Middleware/DW/SecurityHeaders.pm
Log Message:
Add Referrer-Policy: same-origin header to prevent username leaks
Fixes #3472
When users click external links from their reading page, the browser sends a Referer header containing their subdomain (e.g., bob.dreamwidth.org), allowing external sites to identify individual Dreamwidth users who clicked the link.
Adding Referrer-Policy: same-origin suppresses the Referer header for all cross-origin requests while preserving it for same-origin navigation. Since usernames are embedded in subdomains, weaker policies like origin-when-cross-origin or strict-origin would still leak the username.
Applied globally (not just reading pages) because external links can appear on any page -- entries, comments, profiles, etc.
Audited all Referer header usage in the codebase: - LJ::check_referer() (used ~15 places for CSRF): safe, returns true when referer is absent - Login ret=1 redirect: already broken (reads header_out not header_in) - OpenID continue_to: returnto param is primary, referer is fallback - EditIcons factory check: same-origin, unaffected - Media hotlink protection: check_referer passes on empty referer - VGift/Admin VGift: unaffected (same-origin or handles empty referer) - Tracking management: minor cosmetic impact only (cancel button and viewing style args lost for cross-subdomain navigation)
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: 7cdad0c67e2136733120d6331c8e55ffdf1bdae6 https://github.com/dreamwidth/dreamwidth/commit/7cdad0c67e2136733120d6331c8e55ffdf1bdae6 Author: Mark Smith mark@dreamwidth.org Date: 2026-02-12 (Thu, 12 Feb 2026)
Changed paths: M cgi-bin/DW/Controller/Manage/Profile.pm M views/manage/profile.tt
Log Message:
Fix inability to remove retired "other sites" from profile (#3475)
The profile edit page never showed legacy userprop-based services (like
ICQ) because the template checked IF profile_accts which is always
truthy (empty hash ref). Changed to IF profile_accts.size to match
the logic in ProfilePage.pm. Also fixed the legacy branch's missing
counter parameter and increment, and guarded against inserting empty
rows when clearing a legacy entry.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: f66c51a5054ba9a085cd671abc8a3bc8d63223dc https://github.com/dreamwidth/dreamwidth/commit/f66c51a5054ba9a085cd671abc8a3bc8d63223dc Author: Mark Smith mark@dreamwidth.org Date: 2026-02-12 (Thu, 12 Feb 2026)
Changed paths: M cgi-bin/DW/Controller/Poll.pm
Log Message:
Fix multi-answer polls only recording last selected option
The poll form POST handler used Hash::MultiValue's hash access to read checkbox values, which only returns the last value per key. Flatten the Hash::MultiValue into a regular hash with comma-joined values, matching how the RPC/AJAX handler already does it. This only affected the non-JS form submission path.
Closes #3473
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: 094b2bd3a714dc1dc7b53af1b674d5854f801804 https://github.com/dreamwidth/dreamwidth/commit/094b2bd3a714dc1dc7b53af1b674d5854f801804 Author: Mark Smith mark@dreamwidth.org Date: 2026-02-12 (Thu, 12 Feb 2026)
Changed paths: M cgi-bin/DW/Logic/ProfilePage.pm M cgi-bin/DW/Logic/UserLinkBar.pm M cgi-bin/LJ/Event/UserMessageRecvd.pm M cgi-bin/LJ/User/Message.pm
Log Message:
Make private message links respect remote's beta inbox selection
Centralize the inbox beta check in message_url and update all locations that build compose URLs: profile page, user link bar, hoverbox RPC, and email/inbox notification reply links.
Closes #3491
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: 8dbf8e57d9d5450a9f7ea6866e3d65892b6ab25a https://github.com/dreamwidth/dreamwidth/commit/8dbf8e57d9d5450a9f7ea6866e3d65892b6ab25a Author: Mark Smith mark@dreamwidth.org Date: 2026-02-12 (Thu, 12 Feb 2026)
Changed paths: M cgi-bin/LJ/Widget/ShopCart.pm
Log Message:
Fix undef error viewing cart in admin pay view
The admin_col and is_random closures in ShopCart.pm used $_ to access the cart item, but Template Toolkit passes arguments via @, not $. This caused admin_col to crash with "Can't call method 'id' on an undefined value" and is_random to silently always return 'N'.
Closes #3509
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: b8e245b8b1d1f0aba6ec605a73a0e1dfc2227833 https://github.com/dreamwidth/dreamwidth/commit/b8e245b8b1d1f0aba6ec605a73a0e1dfc2227833 Author: Mark Smith mark@dreamwidth.org Date: 2026-02-12 (Thu, 12 Feb 2026)
Changed paths: M bin/upgrading/en.dat M views/create/account.tt.text
Log Message:
Add South Carolina to under-18 signup restriction
SC passed a law requiring parental monitoring for under-18 users. Update signup strings to include SC alongside TN.
Closes #3513
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
To unsubscribe from these emails, change your notification settings at https://github.com/dreamwidth/dreamwidth/settings/notifications
Branch: refs/heads/main Home: https://github.com/dreamwidth/dreamwidth Commit: a182d9895fbc8e9709c71c4e4361f1ba83afec23 https://github.com/dreamwidth/dreamwidth/commit/a182d9895fbc8e9709c71c4e4361f1ba83afec23 Author: Mark Smith mark@dreamwidth.org Date: 2026-02-12 (Thu, 12 Feb 2026)
Changed paths: M .github/workflows/ci.yml M app.psgi M cgi-bin/Apache/LiveJournal.pm A cgi-bin/DW/API/RateLimit.pm M cgi-bin/DW/Controller/API/REST.pm M cgi-bin/DW/Controller/API/REST/Journals.pm A cgi-bin/DW/RateLimit.pm M cgi-bin/LJ/Console/Command/Suspend.pm M cgi-bin/LJ/Test.pm A cgi-bin/Plack/Middleware/DW/RateLimit.pm M doc/dependencies-cpanm M doc/raw/memcache-keys.txt M etc/config.pl.example A t/rate-limit.t
Log Message:
Rate Limiting (#3490)
Add basic rate limiting module
Add configuration overrides
This enables rate limits to be overridden.
Add API rate limit basics
Update Apache rate limiting to use new DW::RateLimit API
Move rate limiting after start_request() so get_remote() works, switch to rate-string API and check() method. Also restore approvenew setting lost during rebase.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
Port rate limiting from Apache::LiveJournal to a Plack middleware so it works under Starman. Same rates: 100/60s authenticated, 30/60s anonymous. Wired in after DW::Sysban in app.psgi.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
The devcontainer image bakes dependencies at build time, so new deps added in a PR aren't available until the image rebuilds. Running cpm install from the checked-out dependencies-cpanm ensures CI always has the right modules for the code under test.
Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com
![[syndicated profile]](https://www.dreamwidth.org/img/silk/identity/feed.png){kind=small}
excuseoftheday_feed) wrote2026-02-13 12:00 amvotd_feed) wrote2026-02-13 12:00 pmmerriamwebster_feed) wrote2026-02-13 12:00 amMerriam-Webster's Word of the Day for February 13, 2026 is:
rapscallion • \rap-SKAL-yun\ • noun
The word rapscallion refers to someone who causes trouble, often in a mischievous way. It appears in the same sorts of contexts as rascal and scamp.
// The movie follows the story of a rambunctious young rapscallion who can’t seem to stay out of trouble.
Examples:
“Charlie Brown evolved into a world-class underdog. ‘Originally, Charlie Brown was a bit of a rapscallion, a bit of a wiseass,’ [Chris] Mautner said. ‘There is a certain point, after a year or two, when he starts to become the butt of jokes, when he starts being a lonely kid. Once [Charles] Schulz hit upon that, Charlie Brown got it pretty bad for a long time.’” — Jim Beckerman, The Record (Bergen County, New Jersey), 9 Oct. 2025
Did you know?
The word rascal has been part of English since the 15th century, but it apparently failed to fully capture the disagreeable nature of the wily knaves of yore: by the 16th century, English speakers had expanded rascal to rascallion. But it seems that even that term didn’t sound quite mischievous enough. Eventually, rascallion was further altered, resulting in the snappier, plosive-enhanced rapscallion. And although rapscallion has zero connection with scallion, it does add a figuratively spicy kick to one’s speech, not unlike chawbacon and other cheeky insults that may be of interest and use.
standardebooks_new_feed) wrote2026-02-12 07:16 pmstandardebooks_new_feed) wrote2026-02-12 06:48 pmjames_davis_nicoll) wrote2026-02-12 08:37 am
merriamwebster_feed) wrote2026-02-12 12:00 amMerriam-Webster's Word of the Day for February 12, 2026 is:
endemic • \en-DEM-ik\ • adjective
When used for a plant or animal species, endemic describes something that grows or exists in a certain place or area, and often specifically something restricted to a particular locality or region. Endemic is also used to describe diseases that persist over time in a particular region or population. It can also mean “common in a particular area or field.”
// Our children were excited to finally see wild giant pandas—endemic to just three provinces in south-central China—during our family vacation.
// He eventually learned that low wages were endemic to his line of work, but he continued nevertheless to pursue his passion.
Examples:
“Though less charismatic than the improbably pastel pink birds, unique endemic plants have achieved impressive feats of resourcefulness and endurance. Indeed, scientists have called the region an ‘unparalleled natural laboratory’ to understand how plants adapt to ‘extreme environmental conditions.’” — Thea Riofrancos, Extraction: The Frontiers of Green Capitalism, 2025
Did you know?
Ever wonder how endemic ended up in the English language? It arrived via French and New Latin, with its ultimate origin likely in the Greek adjective éndēmos, which describes (among other things) a disease confined to one area. Éndēmos was formed from en- ( “in”) and a form of the noun dêmos, meaning “district, country, people.” That word was also key to the formation of the earlier word on which éndēmos was modeled: epidēmia, meaning “disease affecting a large number of individuals.” English adopted epidemic (also via French) in the early 17th century, but endemic didn’t become, uh, endemic until a century and a half later. (The familiar relation pandemic slipped into the language in the mid 17th.) In current use, endemic characterizes diseases that are generally found in a particular area—malaria, for example, is said to be endemic to tropical and subtropical regions—while epidemic indicates a sudden, severe outbreak within a region or group. Endemic is also used by biologists to characterize plant and animal species that are found only in a given area.
votd_feed) wrote2026-02-12 12:00 pmstandardebooks_new_feed) wrote2026-02-11 09:15 pmstandardebooks_new_feed) wrote2026-02-11 07:36 pm![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
