Commit Graph

33876 Commits

Author SHA1 Message Date
Krzysztof Kotlarek
95564a3df2 SECURITY: Moderators cannot see user emails.
Unless `moderators_view_emails` SiteSetting is enabled, moderators should not be able to discover users’ emails.
2024-12-19 13:13:18 -03:00
Jarek Radosz
023b61ad22 SECURITY: Stored xss in image caption 2024-12-19 13:13:14 -03:00
Jarek Radosz
b2dc32f41c
FIX: An off-by-one error in glimmer topic list (#30372)
`findIndex` returns -1 when no element is found, but the `start` boundary can't be less than 0.
2024-12-19 13:02:41 +01:00
Joffrey JAFFEUX
1f39ce87a5
DEV: removes caret from notifications-tracking on mobile (#30369)
We never want to show this caret on mobile.
2024-12-19 12:06:02 +01:00
Joffrey JAFFEUX
9ca8f706bf
DEV: fixes typo in notifications-tracking assertions (#30371) 2024-12-19 12:05:54 +01:00
Joffrey JAFFEUX
bce0018163
DEV: correctly applies identifier do DModal used in DMenu (#30370)
A previous refactor used an incorrect path. This commit also adds a simple test to ensure this identifier is present.
2024-12-19 12:05:39 +01:00
Martin Brennan
553784f919
DEV: Delete AdminPageHeader and AdminPageSubheader components (#30337)
No longer needed because of https://github.com/discourse/discourse/pull/30146
and there are plugin PRs to remove other traces of it
2024-12-19 12:47:14 +10:00
Kelv
74aeec8ea3
FIX: handle null this.model when checking if component is for current user in CanCheckEmailsHelper (#30359) 2024-12-19 09:54:43 +08:00
Krzysztof Kotlarek
fdb6634fa9
FEATURE: settings tab for permalinks (#30192)
Setting tab should be added to permalinks so admins do not need to have left `/permalinks`.

A new component called `AreaSetting` was added to avoid duplications and
simplify adding settings to other sections.
2024-12-19 10:40:34 +11:00
Sérgio Saquetim
a85cb9bee7
DEV: Deprecate api.includePostAttributes in favor of api.addTrackedPostProperties (#30345) 2024-12-18 16:36:31 -03:00
Jordan Vidrine
b1ff38b748
UX: fix password mask on password reset (#30347) 2024-12-18 13:21:33 -06:00
Jordan Vidrine
29a596c667
UX: Adjust disclaimer font size (#30346) 2024-12-18 13:09:31 -06:00
Mark VanLandingham
5721c29429
DEV: Plugin modifier to skip enqueue PostCreator jobs on PostMove (#30344)
This allows plugins to skip the "posted" notifications for watching users, when posts get moved. The specs are kind of wild looking, as this unit tests a private method. This is difficult to isolate otherwise, with lots of trickery needed to make sure that this actually works.

I opted to unit test just this method instead.
2024-12-18 12:37:52 -06:00
Jordan Vidrine
4d0cbc08dc
UX: Improve balance on login & signup pages (#30330) 2024-12-18 12:31:35 -06:00
Jarek Radosz
5747b910e6
FIX: Unpinning topics in glimmer topic list (#30342)
it's already handled by TopicStatus component (so one was undoing the other's toggle)
2024-12-18 15:55:02 +01:00
Kris
779fc74632
A11Y: show state change when post anchors are focused (#30334) 2024-12-18 09:41:33 -05:00
Jarek Radosz
b2b0c462ba
DEV: Update content-tag to 3.1.0 (#30339) 2024-12-18 12:59:27 +01:00
dependabot[bot]
073c2098a1
Build(deps): Bump ace-builds from 1.36.5 to 1.37.0 (#30332)
Bumps [ace-builds](https://github.com/ajaxorg/ace-builds) from 1.36.5 to 1.37.0.
- [Release notes](https://github.com/ajaxorg/ace-builds/releases)
- [Changelog](https://github.com/ajaxorg/ace-builds/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ajaxorg/ace-builds/compare/v1.36.5...v1.37.0)

---
updated-dependencies:
- dependency-name: ace-builds
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-18 12:32:35 +01:00
Alan Guo Xiang Tan
9812407f76
FIX: Redo Sidekiq monitoring to restart stuck sidekiq processes (#30198)
This commit reimplements how we monitor Sidekiq processes that are
forked from the Unicorn master process. Prior to this change, we rely on
`Jobs::Heartbeat` to enqueue a `Jobs::RunHeartbeat` job every 3 minutes.
The `Jobs::RunHeartbeat` job then sets a Redis key with a timestamp. In
the Unicorn master process, we then fetch the timestamp that has been set
by the job from Redis every 30 minutes. If the timestamp has not been
updated for more than 30 minutes, we restart the Sidekiq process. The
fundamental flaw with this approach is that it fails to consider
deployments with multiple hosts and multiple Sidekiq processes. A
sidekiq process on a host may be in a bad state but the heartbeat check
will not restart the process because the `Jobs::RunHeartbeat` job is
still being executed by the working Sidekiq processes on other hosts.

In order to properly ensure that stuck Sidekiq processs are restarted,
we now rely on the [Sidekiq::ProcessSet](https://github.com/sidekiq/sidekiq/wiki/API#processes)
API that is supported by Sidekiq. The API provides us with "near real-time (updated every 5 sec)
info about the current set of Sidekiq processes running". The API
provides useful information like the hostname, pid and also when Sidekiq
last did its own heartbeat check. With that information, we can easily
determine if a Sidekiq process needs to be restarted from the Unicorn
master process.
2024-12-18 12:48:50 +08:00
Kelv
f8837e1a8a
DEV: Refactor CanCheckEmails mixin to helper class (#30315)
* port CanCheckEmails mixin to helper class with explicit dependencies
* move isCurrentUser getter to components
* anonymous users should not be able to see sensitive information
2024-12-18 10:29:51 +08:00
Martin Brennan
a879bcdc35
DEV: Introduce <DPageHeader /> and <DPageSubheader /> components (#30146)
This converts the `<AdminPageHeader />` component and the
`<AdminPageSubheader />` components into new components
that can be used outside of admin, and updates the CSS classes.
Also introduces a `<DPageActionButton />` component and child
components for the header action buttons.

I have to keep the old admin-only components around for
now until plugins are updated, then we can remove it,
and remove the re-exports that are done within
admin-page-action-button.gjs
2024-12-18 08:13:39 +10:00
Jordan Vidrine
ef754cdd9a
UX: Invites styles refactor (#30329) 2024-12-17 15:11:21 -06:00
Jordan Vidrine
85b45a8379
ux: move to minimal layout (#30327) 2024-12-17 14:41:00 -06:00
Kris
284fe89165
UX: show correct message when creating topics is disabled by a tag (#30328) 2024-12-17 15:17:24 -05:00
Jordan Vidrine
8f26ae7b7d
UX: refactor password reset page (#30323) 2024-12-17 12:11:02 -06:00
Isaac Janzen
af8c98217a
DEV: Remove empty beforeEach hooks (#30326) 2024-12-17 11:57:49 -06:00
Jordan Vidrine
086b1e82e4
UX: move to icon for password masking (#30321) 2024-12-17 11:12:41 -06:00
Penar Musaraj
bcff64b9ab
DEV: Do not delay DButton actions on iOS (#30322)
Followup to #28019, on iOS this delay means that we don't properly set
focus on the composer.
2024-12-17 11:57:15 -05:00
Mark VanLandingham
415abe6491
FIX: Correctly place moderator post for full topic move with freeze_original (#30324)
When freeze_original option is passed to PostMover, and we are moving all posts there is an issue. We attempt to put the small_action right after the last moved post. The issue is when there is an existing small action after the last moved "real" post. We then try to put the moderator post at the same location of the existing small action, which causes an index conflict and the move fails.

This makes sure that we place the moderator post at the verrrrrry end of the topic :)
2024-12-17 10:31:34 -06:00
Ella E.
37f032752e
UX: Apply admin table to webhooks (#30317)
* UX: Apply admin table classes for consistent mobile styling on the web hooks page

* DEV: Remove icon on the status component; update status classes

* DEV: Update tests for webhook status component

* DEV: add space var with a smaller value

* DEV: Add styling for different status labels
2024-12-17 08:52:29 -07:00
Ted Johansson
e04f535601
DEV: Don't include blank option for required selects (#30316)
When using FK select, we include a "None" option automatically. However, for required select fields, "None" isn't a valid option, so we exclude it instead.
2024-12-17 18:35:47 +08:00
Gary Pendergast
c2f7da3298
FIX: Restrict duplicate timings from being moved with posts (#30311) 2024-12-17 16:47:34 +11:00
Ted Johansson
c1c7ea8959
DEV: Change hide_email_address_taken default to true (#30293)
We're changing the default of hide_email_address_taken to true. This is a trade-off we want to make, as it prevents account enumeration with minimal impact on legitimate users. If you forget you have an account and try to sign up again with the same e-mail you'll receive an e-mail letting you know.
2024-12-17 10:46:04 +08:00
Krzysztof Kotlarek
0410c07342
UX: the ability to collapse AdminConfigAreaCard (#30310)
Additional `collapsable` argument which makes area cards collapsible.
2024-12-17 11:47:23 +11:00
Sam
55a8184231
FEATURE: Reason and deleted content support in the review queue (#30295)
Add flag reason filter and improve handling of deleted content in review queue

This commit enhances the review queue with several key improvements:

1. Adds a new "Reason" filter to allow filtering flags by their score type
2. Improves UI for deleted content by:
   - Adding visual indication for deleted posts (red background)
   - Properly handling deleted content visibility for staff (category mods can not see deleted content)
3. Refactors reviewable score type handling for better code organization
4. Adds  tests for trashed topics/posts visibility

This change will help moderators more efficiently manage the review queue by
being able to focus on specific types of flags and better identify deleted
content.
2024-12-17 11:44:46 +11:00
Natalie Tay
d43d8e0023
FIX: Searchable user fields do not always have an integer name (#30223) 2024-12-17 11:06:19 +11:00
Krzysztof Kotlarek
a8bdc5f7c5
UX: display link to groups in admin sidebar (#30291)
Add groups link to admin and moderator sidebar for easy access.
Currently, the admin needs to go to `users` first.
2024-12-17 10:07:24 +11:00
Gary Pendergast
2827ca992f
FIX: Handle unrelated timings being moved (#30256) 2024-12-17 10:07:04 +11:00
dependabot[bot]
af8f219377
Build(deps-dev): Bump the embroider group with 3 updates (#30309)
Bumps the embroider group with 3 updates: [@embroider/compat](https://github.com/embroider-build/embroider/tree/HEAD/packages/compat), [@embroider/core](https://github.com/embroider-build/embroider/tree/HEAD/packages/core) and [@embroider/macros](https://github.com/embroider-build/embroider/tree/HEAD/packages/macros).


Updates `@embroider/compat` from 3.7.0 to 3.7.1
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/compat)

Updates `@embroider/core` from 3.4.19 to 3.4.20
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/core)

Updates `@embroider/macros` from 1.16.9 to 1.16.10
- [Release notes](https://github.com/embroider-build/embroider/releases)
- [Changelog](https://github.com/embroider-build/embroider/blob/main/CHANGELOG.md)
- [Commits](https://github.com/embroider-build/embroider/commits/HEAD/packages/macros)

---
updated-dependencies:
- dependency-name: "@embroider/compat"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
- dependency-name: "@embroider/macros"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: embroider
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-16 23:11:37 +01:00
Jordan Vidrine
565a48e8e1
UX: fix active and muted channels (#30308) 2024-12-16 16:02:44 -06:00
Jarek Radosz
e03121c55b
FIX: Correctly display group unread indicator in gjs (#30302) 2024-12-16 20:50:49 +01:00
David Taylor
03bb43f746
DEV: Move topic-list-class transformer to getter (#30301)
Using the (array) helper creates an array instance, passes it to applyValueTransformer, which then allows themes/plugins to mutate it.

When the helper is re-computed, the **same array instance** is passed to the transformers again. Any elements added in the last run are still there.

This commit moves applyValueTransformer to a getter, so that it's run with a brand new array each time.
2024-12-16 19:19:42 +00:00
Joffrey JAFFEUX
41df705188
DEV: replaces topic-notifications-options by DMenu (#30298)
This commit introduces <NotificationsTracking /> which is a wrapper component around <DMenu /> which replaces the select-kit component <TopicNotificationsButton />.

Each tracking case has its dedicated component:

- topic -> `<TopicNotificationsTracking />`
- group -> `<GroupNotificationsTracking />`
- tag -> `<TagNotificationsTracking />`
- category -> `<CategoryNotificationsTracking />`
- chat thread -> `<ThreadNotificationsTracking />`
2024-12-16 19:59:18 +01:00
David Taylor
ea9cdf7d47
DEV: Compile theme raw-hbr to modules (#30299)
Previously, theme hbr files were compiled to an IIFE, which would be executed before the app is booted. That is causing silenced deprecations to be printed, because the deprecation-workflow isn't set up when the IIFE is run.

This commit updates the theme compiler so that it matches the ember-cli-based raw-hbs compiler. Templates are output to normal modules, which will then be loaded by the existing `eager-load-raw-templates` initializer. This runs after the app has started booting.
2024-12-16 17:31:49 +00:00
Kelv
04ba5baec0
DEV: ensure rebaking works even when some users have inconsistent data (#30261)
* DEV: add db consistency check for UserEmail

* DEV: add db consistency check for UserAvatar

* DEV: ignore inconsistent data related to user avatars when deciding whether to rebake old posts


Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>

---------

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-12-16 19:48:25 +08:00
Kelv
a141a096d1
DEV: move CleansUp mixin code to components (#30292)
* DEV: move cleans-up event listeners directly to components
* DEV: inline logic from unnecessary cleanUp func in GroupCardContents
2024-12-16 12:01:14 +08:00
dependabot[bot]
deab88e7eb
Build(deps): Bump @highlightjs/cdn-assets from 11.10.0 to 11.11.0 (#30286) 2024-12-16 00:08:53 +01:00
dependabot[bot]
1ceca2e284
Build(deps): Bump highlight.js from 11.10.0 to 11.11.0 (#30288) 2024-12-16 00:08:41 +01:00
Mark VanLandingham
85773eee21
DEV: Pass in old post to post_moved DiscourseEvent (#30274) 2024-12-13 12:30:00 -06:00
David Taylor
b410677fcd
DEV: Disable Ember's LOG_STACKTRACE_ON_DEPRECATION (#30275)
This feature writes a stack trace as part of the message. That means it is not sourcemapped by the browser, and you have further to scroll to find the real backtrace.

In the past we avoided this feature with our production 'deprecation shim', but that was removed as part of our Ember 5.12 upgrade.
2024-12-13 17:56:11 +00:00