Commit Graph

9810 Commits

Author SHA1 Message Date
Neil Lalonde
01d0aeb5a9 merge master 2016-03-31 17:40:54 -04:00
Arpit Jalan
331a9c8a2f SECURITY: Backport XSS fix 2016-03-08 21:08:05 +05:30
Régis Hanol
f9710d0d7c FIX: unescape emojis in digests 2016-03-08 21:05:50 +05:30
Robin Ward
9f56d61305 Backported PluginAPI for compatibility with plugins 2016-02-17 12:19:07 -05:00
Régis Hanol
e953c1c5a6 fix eslint 2016-02-05 16:10:49 +01:00
Régis Hanol
28e4ea3178 we still need md5 2016-02-05 16:01:23 +01:00
Sam Saffron
45a166b315 SECURITY: hoist blocks using guids, not md5 hashes 2016-02-05 16:01:15 +01:00
Sam Saffron
51da6676f0 SECURITY: topic titles can show up in user page unescaped when streamed in 2016-02-01 21:02:23 +11:00
Robin Ward
b792629208 FIX: Precompiler should apply get magic too 2016-01-15 15:26:19 -05:00
Robin Ward
2ad461f218 SECURITY: Upgrade Ember to fix CVE-2015-7565. Also upgrade Handlebars 2016-01-15 15:23:58 -05:00
Robin Ward
189595466c SECURITY: Backported XSS fixes from Handlebars 2015-11-24 16:30:52 -05:00
Robin Ward
e9f80464b4 SECURITY: XSS Protection on Queued Posts 2015-11-20 14:28:03 -05:00
Robin Ward
c72f0160de SECURITY: Unread post notifications should respect whispers 2015-10-19 16:32:55 -04:00
Robin Ward
b7bdaac081 SECURITY: Moderators should not see API keys 2015-10-14 15:46:46 -04:00
Sam
1fef49a094 SECURITY: XSS in search results term
Thanks to Jerbi Nessim
2015-10-07 10:53:48 +11:00
Sam
fe786dfc64 FIX: don't use Safari hack on Windows Phone 2015-09-28 17:20:54 +10:00
Robin Ward
41c5b262b2 FIX: max_topics_per_day was not working 2015-09-25 12:47:38 -04:00
Régis Hanol
e13906d5fb FIX: replaceMarkdown should be smart about current caret position 2015-09-25 12:47:38 -04:00
Sam
be8a20db67 FIX: disable cloaked view while running ios positioning hack 2015-09-25 12:47:38 -04:00
Sam
2f3bc60e59 FIX: whispers should not be revealed in reply to, or reply expansion
FEATURE: mark whisper as experimental
FIX: badges should never apply to whispers
2015-09-25 12:47:38 -04:00
Sam
d7f2933743 FIX: when replying to a expanded reply, correctly attribute author 2015-09-25 12:47:37 -04:00
Robin Ward
7a155710dd FIX: Category Logo preview should not repeat 2015-09-25 12:47:37 -04:00
Régis Hanol
931812ce69 FIX: only disable the composer grip when the device is touch-only 2015-09-25 12:47:37 -04:00
Régis Hanol
33f689357a FIX: pikaday wasn't working when using the mouse with a touch-enabled monitor 2015-09-25 12:47:37 -04:00
Sam
b2e3703ae7 Revert "UX: always show logout link in user menu, use CSS to hide"
oops was on wrong branch

This reverts commit 2cbb49baec.
2015-09-25 12:16:17 +10:00
Sam
2cbb49baec UX: always show logout link in user menu, use CSS to hide
.menu-panel .logout-link {display: none}
2015-09-25 12:14:20 +10:00
Sam
60a8e203db Revert "FIX: properly filter badges when they're on a whisper"
This reverts commit 584a170534.
2015-09-25 10:22:08 +10:00
Régis Hanol
584a170534 FIX: properly filter badges when they're on a whisper 2015-09-25 00:39:39 +02:00
Régis Hanol
62b493281e FIX: notifications & messages were missing from user profile 2015-09-24 19:17:06 +02:00
Robin Ward
4236317f69 FIX: Double load sometimes on topic lists 2015-09-23 16:41:01 -04:00
Neil Lalonde
65e159b073 Merge master 2015-09-22 15:00:32 -04:00
scossar
9a93a43905 reduce z-index 2015-09-22 11:01:43 -07:00
Robin Ward
79beb9f409 FIX: You could set reply_to_post_number when replying as a new topic 2015-09-22 13:32:19 -04:00
Robin Ward
9f89aefdd3 FIX: Don't update the last poster when a whisper is made 2015-09-22 12:23:37 -04:00
Régis Hanol
e65ddc6c25 FIX: immediately remove upload placeholder when cancelling the upload
FIX: prevent post submit when something is uploading
2015-09-22 18:16:53 +02:00
Régis Hanol
6a4b9a3d38 FIX: remove upload placeholder when cancelling the upload 2015-09-22 17:58:12 +02:00
Régis Hanol
a6934a200e FIX: don't use the filename for the upload placeholder 2015-09-22 17:45:55 +02:00
Sam
a0524ea4d1 FIX: render canonical URLs 2015-09-22 09:37:52 +10:00
Régis Hanol
4f7140fb32 FIX: properly filter whispers in user stream 2015-09-22 00:50:52 +02:00
Neil Lalonde
2ae032c9b0 FIX: categories page would sometimes show no topics, even if there are some visible topics to show 2015-09-21 18:13:14 -04:00
Sam
6e384cd4c7 highlight title in full page search 2015-09-22 07:39:44 +10:00
Robin Ward
b6155889d5 FIX: Respect sort order when user fields are shown publically 2015-09-21 15:26:11 -04:00
Robin Ward
cc0f76e60a Merge pull request #3798 from riking/patch-6
FIX: :( page was never showing the URL
2015-09-21 14:45:42 -04:00
Kane York
e36c0966d0 FIX: :( page was never showing the URL 2015-09-21 11:38:37 -07:00
Régis Hanol
fe656fb04d FIX: select appropriate period when redirecting to top 2015-09-21 20:28:20 +02:00
Robin Ward
b49e9fb174 FIX: Load order of TopicTrackingState was off 2015-09-21 14:15:25 -04:00
Robin Ward
9f6ce653a9 FIX: Selecting posts was broken on IOS9 iPad 2015-09-21 13:50:05 -04:00
Régis Hanol
af7f00099f FIX: uploading a file with a non-ASCII character wasn't removing the placeholder 2015-09-21 16:17:25 +02:00
Arpit Jalan
4f31745e10 UX: improve twitter onebox 2015-09-21 17:40:17 +05:30
Guo Xiang Tan
e3d5cc54a1 UX: Disable button when Notification permission is denied. 2015-09-21 18:14:13 +08:00