Commit Graph

36329 Commits

Author SHA1 Message Date
Martin Brennan
0df72a51b8
FIX: Stop infinite lookup-urls issue for video/audio on page (#9096)
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119

* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
2020-03-03 15:44:01 +11:00
OsamaSayegh
5035a490b2 DEV: Bump Logster version to 2.7.1
This version includes a fix to stop `env` mutation that occurred in
Logster default store which caused chained loggers to report different
backtraces for the same message when backtrace is provided via `env`.

https://github.com/discourse/logster/compare/v2.7.0...v2.7.1
2020-03-03 07:02:01 +03:00
Martin Brennan
0388653a4d
DEV: Upload and secure media retroactive rake task improvements (#9027)
* Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security

* Improved uploads:disable_secure_media to be more efficient and provide better messages to the user.

* Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL

* Many improvements to uploads:secure_upload_analyse_and_update

* Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload.

* Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-03 10:03:58 +11:00
dependabot-preview[bot]
8a696a4ffc
Build(deps-dev): Bump annotate from 3.0.3 to 3.1.0 (#9091)
Bumps [annotate](https://github.com/ctran/annotate_models) from 3.0.3 to 3.1.0.
- [Release notes](https://github.com/ctran/annotate_models/releases)
- [Changelog](https://github.com/ctran/annotate_models/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ctran/annotate_models/compare/v3.0.3...v3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 16:35:13 -05:00
dependabot-preview[bot]
ee35bbdbba
Build(deps): Bump oj from 3.10.2 to 3.10.3 (#9092)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.2 to 3.10.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.2...v3.10.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 16:34:53 -05:00
Jarek Radosz
4da357e378
DEV: Use async functions in tests (#9087)
This change both improves readability and fixes potential race-condition issues where promises were nested instead of being chained.

Also includes:
* Use arrow functions and Promise shorthands
* Remove the obsolete `asyncTestDiscourse` helper
2020-03-02 21:20:19 +01:00
Roman Rizzi
537f87562e
FIX: We need to skip users with associated reviewables when auto-approving (#9080)
* FIX: We need to skip users with associated reviewables when auto-approving them

* Update spec/initializers/track_setting_changes_spec.rb

* Update spec/initializers/track_setting_changes_spec.rb

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-03-02 14:33:52 -05:00
dependabot-preview[bot]
f44ad91a52
Build(deps): Bump hashdiff from 1.0.0 to 1.0.1 (#9068)
Bumps [hashdiff](https://github.com/liufengyun/hashdiff) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/liufengyun/hashdiff/releases)
- [Changelog](https://github.com/liufengyun/hashdiff/blob/master/changelog.md)
- [Commits](https://github.com/liufengyun/hashdiff/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:31:19 -05:00
dependabot-preview[bot]
b78df9c4c9
Build(deps): Bump aws-sigv4 from 1.1.0 to 1.1.1 (#9067)
Bumps [aws-sigv4](https://github.com/aws/aws-sdk-ruby) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sigv4/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/1.1.0...1.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:31:06 -05:00
Joffrey JAFFEUX
11425f8adc
FEATURE: alows to add a description link to a report (#9065)
This commit adds a description link to users_per_trust_level report linking to our blog  article on the subject https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/
2020-03-02 14:30:51 -05:00
Mark VanLandingham
c11e5eb042
DEV: Run prettier on staged files before commit using lefthook (#9064)
* DEV: Run prettier on staged files before commit using lefthook

* excluded some js files
2020-03-02 14:30:23 -05:00
Dan Ungureanu
c62d5b139b
FIX: Allow users to create polls in PMs with non human users (#9055) 2020-03-02 14:29:40 -05:00
Robin Ward
a653737a66
FIX: Add aria-labels to topic list items (#9048)
* FIX: Add aria-labels to topic list items

Before this fix you could navigate the topic list using a screen reader
and a keyboard but some of the items were not as descriptive as they
could be. The newly added labels make it easier to understand what you
are tabbing over.

context:
https://meta.discourse.org/t/accessibility-aria-attributes-are-not-defined-for-links-under-replies-category/142539

* Update app/assets/javascripts/discourse/lib/utilities.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Multiline fix

* Fix more tests

Co-authored-by: Régis Hanol <regis@hanol.fr>
2020-03-02 14:28:54 -05:00
Joffrey JAFFEUX
f17459c620
UX: attempts to increate popup menu hitzone on mobile (#9038) 2020-03-02 14:27:50 -05:00
Mark VanLandingham
176aa0ac7d
DEV: Import pretender instead of global server var (#8996)
* DEV: Remove server global test variable

* Delete yarn-error.log

* prettier and some eslint fixes

* add global server variable back for plugins

* rename imported server to pretender

* prettier

* support plugin server. usage

* Export pretender as named

* Prettier

* change default pretender export

* fix bad import

* Use pretender() and original default export

* export new Pretender as default

* fix accidental change

* WIP testing

* add pretend handlers in correct location

* move more stuff into the correct pretender

* Consolidated more pretenders

* comment out another bad test

* fix user acceptance tests

* commented out bad test

* fixed another composer server stub

* fix more tests

* fixed tag test pretender

* Fix admin email test

* removed another draft handler

* add back test

* fix and uncomment another test

* remove test that is not useful

* remove commented out lines

* reapply handlers between every test

* no need to re-stub requests now :)

* cleanup from review

* more cleanup
2020-03-02 14:24:31 -05:00
Jarek Radosz
fedd8e3e3a
DEV: Remove uses of deprecated Ember.copy and Copyable (#8978) 2020-03-02 14:24:05 -05:00
Jarek Radosz
76a06dfa03
DEV: Remove the last (defunct) use of Ember.View (#8976)
This codepath has been deprecated 3 years ago in c5687100b0.

Ember.View has been removed in Ember 2.0.
2020-03-02 14:23:46 -05:00
David Taylor
f9cc3dc4b7
PERF: Allow passing an existing list of user field ids when loading (#8970)
* PERF: Allow passing an existing list of user field ids when loading

This avoids the need for running `UserField.pluck(:id)` for each user that is serialized

* Memoize user_fields to avoid rebuilding hash ever time
2020-03-02 14:22:49 -05:00
tshenry
a09e5d12c2
FIX: Topics should honor auto-close when published to category (#8963)
* FIX: Topics should honor auto-close when published to category

* Add test
2020-03-02 14:21:35 -05:00
Gerhard Schlager
5c39e21c18
UX: Allow correct pluralization for "too few topics and posts" notices (#8947) 2020-03-02 14:20:37 -05:00
dependabot-preview[bot]
8e7868b405
Build(deps-dev): Bump rubocop from 0.80.0 to 0.80.1 (#9081)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.80.0 to 0.80.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.80.0...v0.80.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:10:19 -05:00
dependabot-preview[bot]
93b8d7ec89
Build(deps): Bump puma from 4.3.2 to 4.3.3 (#9079)
Bumps [puma](https://github.com/puma/puma) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.2...v4.3.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:09:56 -05:00
dependabot-preview[bot]
98d4b7bbc1
Build(deps-dev): Bump better_errors from 2.5.1 to 2.6.0 (#9043)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.5.1...v2.6.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:09:33 -05:00
dependabot-preview[bot]
d85726a866
Build(deps-dev): Bump simplecov from 0.18.3 to 0.18.5 (#9044)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.18.3 to 0.18.5.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.18.3...v0.18.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:09:05 -05:00
Joffrey JAFFEUX
ed85cfe141
FIX: prevents click on sk header to bubble (#9084) 2020-03-02 20:06:02 +01:00
Rafael dos Santos Silva
d05142d3f7 FEATURE: Enable service worker on iOS PWA 2020-03-02 15:55:09 -03:00
Gerhard Schlager
5889309d3b FIX: Restoring with disable_emails: false didn't work anymore 2020-03-02 17:44:01 +01:00
Gerhard Schlager
d7ccb58559 FIX: Google Groups scraper failed to login 2020-03-02 17:24:48 +01:00
Rafael dos Santos Silva
fd38ed3631
DEV: Fix lint error introduced in 58f16f2 2020-03-02 13:04:52 -03:00
Rafael dos Santos Silva
58f16f2e2b
FIX: Make FooterNav work with PWAs on iPadOS 2020-03-02 12:56:37 -03:00
David Taylor
68c7699c46 Revert "Build(deps-dev): Bump annotate from 3.0.3 to 3.1.0 (#9013)"
v3.1.0 has a bug which rewrites default annotations with erroneous quotes. https://github.com/ctran/annotate_models/issues/762

This reverts commit dd4a04e72c.
2020-03-02 13:34:39 +00:00
dependabot-preview[bot]
34fddaa824
Build(deps): Bump rails_multisite from 2.0.7 to 2.1.0 (#9083)
Bumps [rails_multisite]() from 2.0.7 to 2.1.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 10:34:17 +00:00
Martin Brennan
8123538c94
DEV: Minor review fixes and fix bookmark spec logging (#9045)
As per:

https://review.discourse.org/t/fix-never-allow-custom-emoji-to-be-marked-secure-8965/9072
https://review.discourse.org/t/feature-improving-bookmarks-part-2-topic-bookmarking-8954/9038
2020-03-02 15:40:29 +10:00
Kane York
4635be10c8 DEV: Add docker cleanup script to d/ folder 2020-03-01 12:09:07 -08:00
Sam Saffron
e23e247dff
DEV: spec suite fails on leap years
Something about year math fails here on leap years, just
set up the clock so it is consistent to avoid it.
2020-02-29 18:30:08 +11:00
Sam Saffron
b4999acadd
PERF: improve performance of category topic list
In some cases CTE caused pathologically bad query plans.
This optimises it so query runs by itself and caches for lifetime
of the topic query object.

This lightweight caching is done cause topic query will often
execute two queries (one for pinned and one for non pinned)
2020-02-29 15:40:54 +11:00
Sam Saffron
18209e1daf
DEV: remove dead code
This code is not called anywhere, remove it
2020-02-29 15:05:09 +11:00
dependabot-preview[bot]
18ed2cc7d8
Build(deps): Bump puma from 4.3.1 to 4.3.2 (#9063)
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-28 14:25:52 -05:00
Joffrey JAFFEUX
2db8ada222
FIX: ensures category url of category drop is built using slug and id (#9069) 2020-02-28 17:58:22 +01:00
Brad Morrical
ff5ff8d0d2
fix invalid byte sequence in UTF-8 (ArgumentError) (#9077) 2020-02-28 10:26:18 -05:00
David Taylor
0903aa44bb
FEATURE: Always disable customizations on the /safe-mode route (#9052)
This makes it easier to enter safe mode when a customization has made the UI unusable
2020-02-28 10:53:11 +00:00
Dan Ungureanu
8cbb6e35cb
DEV: Fix build
Follow up to 60184a290c.
2020-02-28 11:31:04 +02:00
Dan Ungureanu
60184a290c
FIX: Sync preload key format for category topic lists
The server and client used two different formats for preload keys. The
server was using 'topic_list_c/SLUG/l/latest', but the client was using
'topic_list_c/SLUG/ID/l/latest'.

This commit is an addition to 374534f00e.
2020-02-28 11:10:03 +02:00
Martin Brennan
14adddd18d
FIX: Ignore secure-media-uploads for miniprofiler (#9070) 2020-02-28 12:11:30 +10:00
Sam Saffron
8e5edae093
FEATURE: unconditionally skip indexing on search controller
There are absolutely no actions in search that need indexing

Also no point adding this header on non get requests
2020-02-28 09:21:31 +11:00
Mark VanLandingham
f358114361
FIX: Prettier on iframed-html component (#9062) 2020-02-27 11:56:13 -06:00
Mark VanLandingham
337b823ec6
Merge pull request from GHSA-vw39-6w7q-gfx5
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-02-27 11:47:15 -06:00
Roman Rizzi
87f15f9ed6
FIX: When appending tags to restricted category posts, we need to pass the category id, or it won't work. (#9020) 2020-02-27 14:10:14 -03:00
Joffrey JAFFEUX
c9b53d5647
FIX: prevnets loading to show during debouncing (#9060)
This will also fix a bug in IE11 where click event would not be triggered on row
2020-02-27 15:20:30 +01:00
Joffrey JAFFEUX
501936f0da
FIX: prevents loading to show during debouncing (#9060)
This will also fix a bug in IE11 where click event would not be triggered on row
2020-02-27 15:20:04 +01:00