* Fix a bug where explicit GIF videos weren't blurring when the user
wanted them to be blurred.
* Make some improvements to the forums:
* Polls will now remember the Expires setting while you are previewing
and revising your original post.
* Add 14 day and 30 day Expire options for polls.
* Add disclaimer warnings above the Photo Attachment field when the
current forum or thread isn't marked for Explicit content.
* Move the forum box colors into dedicated styles that are easier to
override for the new theme colors.
* Updated the themes so forums and comment thread background cards now
match your chosen style.
* Add yellow and orange theme variants.
* Admin Feedback page: fix the visit button to go to a reported comment.
* CSS: with the fixed top nav bar, anchor links (like to the FAQ or
specific comments on a thread) were scrolling so the anchor was below
the nav bar. Add a scroll-padding-top to work around this.
* On Forums and photo comment threads: display the poster's username
below their display name, if their username differs. If they do not
have a distinct display name, a small @ appears in front of their
display name instead.
* On Quote & Reply, wrap the @mention with a Markdown hyperlink to the
specific comment ID.
* Breadcrumbs: override Bulma's nowrap style, as long forum thread
titles could cause horizontal scrolling on mobile.
* Dashboard: fix double <a> tag wrapping for profile pictures.
* Member Search: fix invalid HTML code where div tags closed the
wrapping p tag.
For video elements (animated GIFs), since the 'click' for lightbox modal
doesn't work, mouseover and play/pause count as views. This can unfairly
lead videos to climb as the most viewed images while pictures need a
click or a 'like' to count.
So, count images as viewed on their mouseover event as well.
* Add a user privacy setting so they can gate who is allowed to share private
photos with them (for people who dislike unsolicited shares):
* Anybody (default)
* Friends only
* Friends + people whom they have sent a DM to (on the main website)
* Nobody
* Add gating around whether to display the prompt to unlock your private photos
while you are viewing somebody's gallery:
* The current user needs at least one private photo to share.
* The target user's new privacy preference is taken into consideration.
* The "should show private photo share prompt" logic is also used on the actual
share page, e.g. for people who manually paste in a username to share with.
You can not grant access to private photos which don't exist.
* Improve the UI on the private photo shares page.
* Profile cards to add elements from the Member Directory page, such as a
Friends and Liked indicator.
* A count of the user's Private photos is shown, which links directly to
their private gallery.
* Add "Decline" buttons to the Shared With Me page: so the target of a private
photo share is able to remove/cancel shares with them.
* Add an AboutUserID field to feedbacks, so when the report is about a
picture that is later deleted, the feedback can still link to the
original owner's account instead of showing an error.
* Add filters to the User Notes page so the admin can see:
* All feedback From or About the user or their content (default)
* Feedback created by the user
* Feedback about the user or their content
* Fuzzy search for any feedback containing the user's name.
* On chat room reports: make the @channel ID a clickable user profile
link for convenience.
* With the new JWT signatures on photo URLs, it was no longer possible for
creative users to embed their gallery photos on their profile page.
* Add a function to ReSignPhotoLinks that finds/replaces (on the server side)
all references to paths under "/static/photos/" and gives them a fresh
?jwt= query string signature.
* Note: only applies to the profile page essays, ReSignPhotoLinks is a
template func that must be opted-in on a per page basis.
Other miscellaneous fixes
* Add "Edit" buttons in the corners of profile cards, when the current user
looks at their profile page. They link to URIs like
"/settings#profile/about_me" which will now:
1. Select the "Profile settings" tab like #profile
2. Scroll and focus the profile essay field that the user clicked to edit.
Certification Required page:
* Show helpful advice if the reason for the page is only that the user had
deleted their default profile pic, but their account was certified.
Batch Photo Delete & Visibility:
* On user galleries, owners and admins can batch Delete or Set Visibility on
many photos at once. Checkboxes appear in the edit/delete row of each photo,
and bulk actions appear at the bottom of the page along with select/unselect
all boxes.
* Deprecated the old /photo/delete endpoint: it now redirects to the batch
delete page with the one photo ID.
Misc Changes:
* Notifications now sort unread to the top always.
* The photo signing JWT tokens carry more fields to validate against:
* The username the token is assigned to (or '@' for anyone)
* An 'anyone' boolean for widely public images, such as for the chat room
and public profile pages.
* A short filename hash of the image in question (whether a Photo or a
CommentPhoto) - so that the user can't borrow a JWT token from the chat
room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
dependency error.
* Originally: (*models.User).VisibleAvatarURL(other *models.User)
* Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)
* Add support for authenticated static photo URLs, leveraging the NGINX module
ngx_http_auth_request. The README is updated with an example NGINX config
how to set this up on the proxy side.
* In settings.json a new SignedPhoto section is added: not enabled by default.
* PhotoURL will append a ?jwt= token to the /static/photos/ path for the
current user, which expires after 30 seconds.
* When SignedPhoto is enabled, it will enforce that the JWT token is valid and
matches the username of the current logged-in user, or else will return with
a 403 Forbidden error.
* Add 'admin labels' to photos so an admin can classify a photo as:
* Not Explicit: e.g. it was flagged by the community but does not
actually need to be explicit. This option will hide the prompt to
report the explicit photo again.
* Force Explicit: if a user is fighting an explicit flag and keeps
removing it from their photo, the photo can be force marked
explicit.
* Admin labels appear on the Permalink page and in the edit photo
settings when viewed as a photo moderator admin.
When a user marks that another photo should have been marked as explicit:
* The owner of that photo gets a notification about it, which reminds them of
the explicit photo policy.
* The photo's "Flagged" boolean is set (along with the Explicit boolean)
* The 'Edit' page on a Flagged photo shows a red banner above the Explicit
option, explaining that it was flagged. The checkbox text is crossed-out,
with a "no" cursor and title text over - but can still be unchecked.
If the user removes the Explicit flag on a flagged photo and saves it:
* An admin report is generated to notify to take a look too.
* The Explicit flag is cleared as normal
* The Flagged boolean is also cleared on this photo: if they set it back to
Explicit again themselves, the red banner won't appear and it won't notify
again - unless a community member flagged it again!
Also makes some improvements to the admin page:
* On photo reports: show a blurred-out (clickable to reveal) photo on feedback
items about photos.
The photo stats were counting ALL public photos of certified members,
whether featured on the Site Gallery or not. Update the query to filter
for Site Gallery photos instead.
* Profile pictures on profile pages now link to the gallery when clicked.
* Admins can no longer automatically see the default profile pic on profile
pages unless they have photo moderator ability.
* Photo view counts are not added when an admin with photo moderator ability
should not have otherwise been able to see the photo.
* Demographics page:
* Show percents with up to 1 decimal place of precision.
* On tablets+ align the percent text to the right.
* On photo counts, only include certified active user photos.
* On gender/orientation demographics, pad the remaining "No answer" counts
with the set of users who have no profile_fields set in the database yet.
* Admin certification page:
* Add additional "common rejection reasons"
* Add a confirm prompt when viewing the Rejected list to avoid accidental
approval of previously rejected cert photos.
* Hitting the Like button on a photo will mark it as viewed.
* Move the 'Report' button on the message inbox page, to instead be in
the footer of each DM.
* Improve message reporting behavior to include the content of the
message in the admin report.
* The owner of a photo no longer counts any views on it.
* Add event handlers to mark animated GIFs viewed on the gallery page:
if the user mouse overs or pauses the video.
* Add chat moderation rules to the website, so admins can apply selective rules
to problematic users. Available rules are:
* redcam: user's camera is always NSFW.
* nobroadcast: user can not broadcast their camera.
* novideo: user can not broadcast OR watch any video.
* noimage: user can not share OR see any shared image on chat.
* The page to manage a user's active rules is available on their admin card of
their profile page. When the user has rules active, a yellow counter is shown
by the link to manage their rules.
* Only chat moderator admins have access to the page or can see the yellow
counter to know whether rules are active.
* "Shy Accounts" are now permitted on the chat room! With some moderation rules
automatically applied to them: novideo,noimage.
* Update the Shy Account FAQ and messaging on the chat landing page.
* Update the auto-kick from chat behavior regarding shy accounts:
* They are kicked from chat only when an update to their profile settings will
transition then FROM a non-shy into a shy account.
* For example: when saving their profile settings (going private) or when
editing or deleting a photo (if they will have no more public photos left)
If an admin needs to impersonate a regular user (to diagnose a support
issue or investigate a reported conversation thread), the web push
script is disabled so that the admin doesn't get subscribed to push
notifications for that user.