Maja Komel
018cb7f36b
add a custom user onebox ( #5542 )
...
* add custom user onebox
* add specs
2018-01-30 11:03:08 +01:00
Maja Komel
330912e1e5
FIX: allowed href scheme link can start with a + ( #5537 )
...
* allowed href scheme link can start with a +
* allow tel:// links only to start with +
* add missing semicolon
* add test
2018-01-30 11:02:23 +11:00
Sam
f3502853fa
correct spec regression
2018-01-30 08:54:37 +11:00
Sam
f946db4afe
FIX: inline oneboxer min title length of 2
...
also: cache mini onebox misses as well to cut down traffic
2018-01-30 08:40:04 +11:00
Arpit Jalan
8ab585e25f
add more tests for 'log private message views' feature
2018-01-29 13:11:20 +05:30
Sam
fa5880e04f
PERF: ability to crawl for titles without extra HEAD req
...
Also, introduces a much more aggressive timeout for title crawling
and introduces gzip to body that is crawled
2018-01-29 15:40:12 +11:00
Arpit Jalan
1f6adbea5c
FEATURE: log private message views
2018-01-29 08:08:08 +05:30
Robin Ward
44e2038b53
Setting to automatically lock posts when edited by staff
2018-01-26 14:01:30 -05:00
Robin Ward
6b04967e2f
FEATURE: Staff members can lock posts
...
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
2018-01-26 14:01:30 -05:00
Arpit Jalan
7b4e6d508b
improve reviving_old_topic education message
2018-01-26 00:06:53 +05:30
Gerhard Schlager
eb52c5469e
FEATURE: Allow plugins to register a new locale
2018-01-25 14:57:41 +01:00
Gerhard Schlager
ce060e2b86
FIX: Server didn't use default_locale as fallback locale
2018-01-25 14:57:41 +01:00
Sam
adae963751
ensure we do not override charset for content type
2018-01-25 18:43:42 +11:00
Sam
3492a91056
FEATURE: allow site operators to disable emoji shortcuts
2018-01-24 12:21:44 +11:00
Robin Ward
782d75069e
FIX: UX improvements for system messages when PMs are disabled
2018-01-23 13:12:11 -05:00
Robin Ward
17ebfd1715
FIX: Don't show suggested messages if private messages are disabled
2018-01-23 12:05:44 -05:00
Régis Hanol
cbb321658f
FIX: support for generating excerpt when nesting <details> blocks
2018-01-22 19:17:35 +01:00
Sam
f26ff290c3
FEATURE: Shorten setting name to max_reqs
...
So it is consistent with other settings
2018-01-22 13:18:30 +11:00
Sam
fc36f095a7
FIX: ensure proper header transfer (except for cache control)
...
allows discourse special headers to be visible on hijacked reqs
2018-01-21 14:26:42 +11:00
Sam
12872d03be
PERF: run post timings in background
...
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
Gerhard Schlager
2a22b90538
SECURITY: email domain whitelist could be bypassed
2018-01-17 21:45:32 +01:00
Robin Ward
34ed6088b9
FEATURE: New modal to show flags received for a user
2018-01-17 15:08:08 -05:00
Arpit Jalan
e04fb9a877
fix the build
2018-01-17 12:57:33 +05:30
Arpit Jalan
79eb9d7086
FEATURE: show header search results on search log term details page
2018-01-17 12:47:16 +05:30
Arpit Jalan
1208254961
FIX: validate presence of 'top menu' setting
2018-01-17 01:43:53 +05:30
Sam
d7657d8e47
correct specs, ensure crawler layout only applies to html
2018-01-16 16:28:11 +11:00
Sam
7b562d2f46
FEATURE: much improved and simplified crawler detection
...
- phase one does it match 'trident|webkit|gecko|chrome|safari|msie|opera'
yes- well it is possibly a browser
- phase two does it match 'rss|bot|spider|crawler|facebook|archive|wayback|ping|monitor'
probably a crawler then
Based off: https://gist.github.com/SamSaffron/6cfad7ea3e6df321ffb7a84f93720a53
2018-01-16 15:41:45 +11:00
Sam
215c0d5569
FEATURE: allow system api to target users via external id or user id
...
usage ?api_key=XYZ&api_user_external_id=ABC
usage ?api_key=XYZ&api_user_id=123
2018-01-12 17:40:18 +11:00
Vinoth Kannan
988b13ac77
FIX: GitHub auth always asking to verify email for new users ( #5487 )
2018-01-12 15:17:29 +11:00
Gerhard Schlager
9f7ae908d8
Add specs to check email domain whitelist/blacklist for To and Cc
2018-01-10 16:57:26 +01:00
Sam
cecd7d0d07
FEATURE: global rate limiter can bypass local IPs
2018-01-08 08:39:17 +11:00
Gerhard Schlager
f086d28b30
FIX: Do not validate messages sent to mailing list mirror
2018-01-05 11:21:53 +01:00
Gerhard Schlager
e0d73a957d
FEATURE: Allow posting via email to read-only mailing list mirror category
2018-01-05 11:21:53 +01:00
Gerhard Schlager
d7cd7e4dc7
FIX: Never mark emails sent to mailing list mirror as auto-generated
2018-01-05 11:21:53 +01:00
Gerhard Schlager
ceb7590bcb
FIX: bounced email can contain multiple status codes
2018-01-03 17:59:20 +01:00
Guo Xiang Tan
805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
...
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
Sam
a9e2fc59c4
FIX: [constructor] bbcode would cause markdown crash
2017-12-27 16:11:30 +11:00
Arpit Jalan
ef4c6c67ba
fix the build
2017-12-23 14:42:40 +05:30
Arpit Jalan
0514ac4ee2
FIX: verify presence of 'sso url' before enabling 'enable sso'
2017-12-23 13:30:49 +05:30
Régis Hanol
d6b22e6cc1
FIX: whitelist oneboxed iframes
2017-12-23 01:56:33 +01:00
Guo Xiang Tan
4b51871f6a
Treat non-ascii URLs in UrlValidator
.
2017-12-21 14:22:55 +08:00
Guo Xiang Tan
6ecf37c482
Improve URL validation to check for a valid host.
...
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:
URI.parse("http://https://google.com ")
=> #<URI::HTTP http://https//google.com >
2017-12-21 13:50:15 +08:00
Robin Ward
21e1b05c7e
FIX: Don't disable details when below truncate limit
2017-12-20 15:45:00 -05:00
Robin Ward
a0aca83c12
FIX: Broken spec
2017-12-19 17:55:41 -05:00
Robin Ward
b3fda0ea86
FIX: details tags broke excerpts
2017-12-19 17:28:55 -05:00
Sam
57a1190b07
FIX: correct issue with search omitting words with multiple dots
...
Previously we used to break up words with dots incorrectly leading to
missing search terms
2017-12-19 16:04:24 +11:00
Sam
81b3a4a3da
improve spec
2017-12-15 11:42:51 +11:00
Guo Xiang Tan
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
Sam
67aecff59c
FEATURE: store twitter supplied email for auditing
2017-12-14 15:54:32 +11:00
Gerhard Schlager
e30851e45a
Move escape_uri method to a more suitable place
2017-12-12 20:17:46 +01:00