Commit Graph

20379 Commits

Author SHA1 Message Date
Gerhard Schlager
7e69c5cc36 Revert "FEATURE: Use configured quotation marks in fancy topic title"
This reverts most of commit ce8e099639.

The rake task to update fancy topic titles is still there, because that's useful even without this feature.
2019-07-18 11:55:49 +02:00
Blake Erickson
092eeb5ca3 FEATURE: Create a rake task for destroying categories
Created a rake task for destroying multiple categories along with any
subcategories and topics the belong to those categories.

Also created a rake task for listing all of your categories.

Refactored existing destroy rake tasks to use new logging method, that
allows for puts output in the console but prevents it from showing in
the specs.
2019-07-17 12:44:14 -06:00
Vinoth Kannan
4f0004a0c2 Fix typo in dc6b13e4d2. 2019-07-17 15:54:42 +05:30
Arpit Jalan
d4d81515d2 Fix the build. 2019-07-17 12:03:45 +05:30
Arpit Jalan
e4d743910d FIX: respect logout_redirect setting on 'Log out all' 2019-07-17 11:58:04 +05:30
Vinoth Kannan
dc6b13e4d2 FIX: when 'raw' started with non-image upload url it's not converted to short-url.
dd0f0494c6
2019-07-17 11:13:50 +05:30
Vinoth Kannan
dd0f0494c6 FIX: convert hotlinked non-image urls to short url.
3840ace978
2019-07-17 09:15:09 +05:30
Rafael dos Santos Silva
2a0cd066a7 FIX: Remove all service workers from Apple devices *again*
There is a bug that when Safari starts up, and reloads the tabs from
the previous session **and** there is a service worker registered for
the scope of the document, all cookies marked as `SameSite=Lax` won't be
sent in the request.

This puts Discourse in a **very** broken state, where:

- You appear as a anon user
- Subsequent xhr requests will come with logged in data
- Refreshing doesn't log you in (cookies are still not sent)
- Clicking on the address bar and hitting enter, will log you in (as it
will finally send those damn `SameSite=Lax` cookies.

Looks a lot like a corner case missed by the fix at
https://trac.webkit.org/changeset/241918/webkit
2019-07-16 19:30:38 -03:00
Penar Musaraj
a571efba35
FIX: Rename deprecated icons, allow custom icons in badges
- adds a migration renaming FA4 icon names in badges
- allows all icons to be used in badges (previously was limited to icons prefixed with fa-)
- renames remaining FA 4.7 icons equivalents
2019-07-16 11:13:44 -04:00
David Taylor
ed5b31f427 FIX: Recompile extra_js theme assets when COMPILER_VERSION changes (#7897) 2019-07-16 16:34:33 +02:00
Osama Sayegh
eff1c19e3b FIX: Fallback to gzip compression if brotli isn't supported (#7895) 2019-07-16 11:05:37 -03:00
Vinoth Kannan
3840ace978 FIX: skip markdown conversion for hotlinked non image urls 2019-07-16 18:05:17 +05:30
Joffrey JAFFEUX
b3eb67976d
DEV: Upgrades to Ember 3.10 (#7871)
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-07-16 12:45:15 +02:00
David Taylor
e2fa5704e9 UX: Remove duplicate copy in two-factor preferences 2019-07-16 10:57:11 +01:00
Régis Hanol
7ecbf3865b UX: use SCSS color variables 2019-07-16 11:53:34 +02:00
Michael Brown
e8ee392186 Revert "FIX: apply defaults constraints to routes format (#7890)"
This reverts commit 7d01c5de1a.

Trivial get on / was failing with a 404 with this change.
2019-07-15 17:31:24 -04:00
romanrizzi
12e71f1fb2 UX: Swap ignore and mute sections to move the 'Save changes' button to the bottom 2019-07-15 17:30:01 -03:00
OsamaSayegh
8a525cafec UX: Use height relative to the viewport for robots.txt textarea 2019-07-15 19:35:50 +00:00
Rafael dos Santos Silva
b505d1d700 DEV: Force workboxjs debug to false on dev env too 2019-07-15 16:07:49 -03:00
Osama Sayegh
7d01c5de1a
FIX: apply defaults constraints to routes format (#7890)
This fixes the problem where if a route ends with a dynamic segment and the segment contains a period e.g. `my.name`, `name` is interpreted as the format. This applies a default format constraints `/(json|html)/` on all routes. If you'd like a route to have a different format constraints, you can do something like this:

```ruby
get "your-route" => "your_controlller#method", constraints: { format: /(rss|xml)/ }

#or
get "your-route" => "your_controlller#method", constraints: { format: :xml }
```
2019-07-15 21:55:11 +03:00
Osama Sayegh
6515ff19e5
FEATURE: Allow customization of robots.txt (#7884)
* FEATURE: Allow customization of robots.txt

This allows admins to customize/override the content of the robots.txt
file at /admin/customize/robots. That page is not linked to anywhere in
the UI -- admins have to manually type the URL to access that page.

* use Ember.computed.not

* Jeff feedback

* Feedback

* Remove unused import
2019-07-15 20:47:44 +03:00
Penar Musaraj
90e0f1b378 UX: rearrange controls in edit modals
Allows users to see the controls even after scrolling contents of edit modal.
2019-07-15 13:44:44 -04:00
Rafael dos Santos Silva
1221d34284
FEATURE: Make Discourse work offline with WorkboxJS (#7870) 2019-07-15 13:05:55 -03:00
Vinoth Kannan
839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Bianca Nenciu
8e133de831
FIX: Ensure suppressed categories do not produce any featured topics. (#7863) 2019-07-15 17:32:03 +03:00
Joffrey JAFFEUX
ff66e62e0c
UX: ensures popup-tip shows over dropdowns (#7891) 2019-07-15 08:55:20 +02:00
Guo Xiang Tan
4b0cf7f6dd SECURITY: XSS when displaying watched words in admin panel.
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:55:50 +08:00
Guo Xiang Tan
a4234e9be0 DEV: Minor tweaks to Admin::WatchedWordsController. 2019-07-15 10:22:46 +08:00
Gerhard Schlager
ce8e099639 FEATURE: Use configured quotation marks in fancy topic title 2019-07-12 21:10:10 +02:00
Gerhard Schlager
8f89254554 FIX: Recalculate settings when dependent settings change 2019-07-12 21:10:10 +02:00
Gerhard Schlager
7311eeed39 FIX: Use default locale for flag reasons 2019-07-12 12:04:23 +02:00
Bianca Nenciu
c4d1833588 FIX: Do not show bootbox if post has no replies. (#7866)
When we delete a post that has replies, we show a modal asking if the user wants to delete the post, the post and its direct replies or the post and all its replies.

If replies are deleted before a post, that modal would ask the user if they want to delete the post and 0 replies.

That commit ensure we skip the modal and directly delete the post in this case.
2019-07-12 11:42:57 +02:00
Gerhard Schlager
4a095b286b Follow-up for 9a11a8b3 to fix qunit tests 2019-07-11 23:56:22 +02:00
Gerhard Schlager
9a11a8b33b FEATURE: Site setting for typographic quotation marks
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
Robin Ward
1d38040579 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
Joe
fd4557a9ef UX: Mobile editor style fixes (#7878) 2019-07-11 09:57:53 -04:00
Arpit Jalan
e0562a8172 UX: update placeholder for Tags Groups 2019-07-11 12:34:11 +05:30
Kris
aa7181820c UX: Add title attribute and aria-label to PM icon link 2019-07-10 23:05:57 -04:00
Kris
bdaf07adcf Hide empty anchor tag from screen readers 2019-07-10 22:39:25 -04:00
Kris
1983f0d06e Don't load PM icon in title unless topic is a PM 2019-07-10 22:38:32 -04:00
Kris
b848bd4ddc True should be a string to display properly in aria-haspopup 2019-07-10 22:02:21 -04:00
Joffrey JAFFEUX
bd35a8f334
FIX: ensures spinner is showing on tags/show when loading more (#7876)
Context: https://meta.discourse.org/t/issue-while-scrolling-down-after-selecting-a-tag-on-the-home-page/122542
2019-07-10 21:37:31 +02:00
Joffrey JAFFEUX
142344e45d
FIX: ensures routing with hash doesn't stuck history (#7872)
* FIX: ensures routin with hash doesnt stuck history

Original issue: https://meta.discourse.org/t/hash-anchor-in-url-prevents-further-url-updates/122068/4

Basically when the path has a hash, state would be null, and nothing would happen.

* Update app/assets/javascripts/discourse/lib/discourse-location.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-10 20:43:03 +02:00
romanrizzi
f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Dan Ungureanu
90fcdad3cd UX: Discard selected post if it is not in viewport. (#7869)
This way, users can combine keyboard shortcuts with mouse scrolling.
2019-07-10 10:22:09 -04:00
Roman Rizzi
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Robin Ward
629bb8adf2 SECURITY: XSS with title selector on preferences page
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 15:49:24 -04:00
Neil Lalonde
6e22499e5f Remove unused file resubscribe.html.erb 2019-07-09 15:17:33 -04:00
Gerhard Schlager
a65a9a85d5 FEATURE: Remap uploads during restore when S3 or CDN changes
In order for this to work the Backuper stores a couple of site settings
in the new backup_metadata table, because the old setting values might
not be available on restore anymore.
2019-07-09 14:04:16 +02:00
Dan Ungureanu
9f5cfa192e
FEATURE: Allow Markdown in post notices. (#7864) 2019-07-09 14:42:02 +03:00
Penar Musaraj
f4dc6de9f1 FIX: Clear theme editor content on switching tabs
Issue happens when sending a null value to ACE Editor.
Fixed by sending an empty string to ACE instead of null.
2019-07-08 20:06:56 -04:00
Arpit Jalan
324e182842
FEATURE: show login and signup button on no-ember layout (#7867) 2019-07-09 04:51:19 +05:30
Penar Musaraj
7b0517895e FEATURE: Add "Group owners" to posting options for groups
Context: https://meta.discourse.org/t/121589

This new setting option lets group owners message/mention large groups
without granting that privilege to all members.
2019-07-08 17:14:11 -04:00
Penar Musaraj
b690fc3d98
FEATURE: Add new group visibility option for "logged on users" (#7814)
Groups can now be marked as visible to "logged on users". All automatic groups (except `everyone`) are now visible to "logged on users", previously they were marked as public but suppressed in the group page for non-staff.
2019-07-08 15:09:50 -04:00
Arpit Jalan
bb8cf81089 Bump onebox version.
- better placeholders for audio/video/trello/typeform oneboxes
- added CSS for audio/video/trello/typeform onebox placeholders
2019-07-08 21:40:33 +05:30
Joe
e49b5fa30c
UX: expand-post button alignment fix (#7865) 2019-07-08 14:36:15 +08:00
Arpit Jalan
2cd4e95d82 FIX: show category name in title for crawler view
Show category name in title for crawler view despite presence of `short_site_description`.

Bug reported here: https://meta.discourse.org/t/short-site-description-break-category-title-for-crawler-or-its-the-expected-behavior/122109/
2019-07-08 11:42:39 +05:30
Robin Ward
3132a9007b FIX: Use correct timezone for manual SQL 2019-07-06 15:14:07 -04:00
Robin Ward
a075fd46fd FIX: Don't use exceptions to catch conflicts
If a database exception is raised ActiveRecord will always rollback
even if caught.

Instead we build the query in manual SQL and DO NOTHING when there's a
conflict. If we detect nothing was done, perform an update.
2019-07-06 14:43:56 -04:00
Kris
a9982b5aa2 UX: Make default site logo height an even 40px 2019-07-05 23:46:43 -04:00
Robin Ward
de6edf9e4e FIX: Back button would go to previous topic instead of list
See related topic:
https://meta.discourse.org/t/back-button-history-not-properly-working/122183

The issue here is the transition was not completing properly which meant
if you backed out of a topic quickly and entered a new one, hitting back
in the second topic would sometimes take you to the previous one instead
of back to the topic list.
2019-07-05 15:53:14 -04:00
Robin Ward
66214eee85 SECURITY: Strip HTML from invite emails
We also strip new lines from the emails because it ruins the markdown
formatting which expects a one line message.
2019-07-05 14:57:11 -04:00
Régis Hanol
155cad8b85 FIX: only add image size when with & height are in pixels 2019-07-05 20:34:11 +02:00
Kris
589351d996 UX: Give badge icons width to accommodate for dimensionless SVGs 2019-07-05 12:37:18 -04:00
Penar Musaraj
7c130990e9 FIX: IE grid layout issue on user's own activity page 2019-07-05 12:05:58 -04:00
Arpit Jalan
5494e17c71 UX: improve twitter status onebox with line breaks 2019-07-05 20:37:08 +05:30
Arpit Jalan
5bc1fd23b0 Bump onebox version.
- update HTML for twitter quoted onebox
- updated CSS for twitter quoted onebox
2019-07-05 19:35:36 +05:30
Arpit Jalan
bd084b2147 FIX: do not show invite button if local logins are disabled 2019-07-05 15:16:20 +05:30
Joffrey JAFFEUX
f140c4d499
FIX: ensures routing to / with query string works (#7859) 2019-07-05 09:40:19 +02:00
Vinoth Kannan
1bb258ab49 DEV: use upload short-url in html to markdown conversion if 'base62-sha1' data attr available. 2019-07-05 10:06:41 +05:30
Ralph Rooding
1318e0b288 FEATURE: Rake themes installer (#7848)
* Delete remote_theme when deleting the theme

* Install themes and theme components through rake

* Removed unnecessary test
2019-07-04 14:33:05 -04:00
Robin Ward
72bac61c90 FIX: Upsert a custom field if a unique constraint fails 2019-07-04 13:26:25 -04:00
Penar Musaraj
c78634284c UI: when in a different topic context, allow dismissing draft without destroying it
This changes the label and behaviour of the "No, keep" button in the confirmation modal when user cancels a draft while on a different topic. The new button label is "No, save draft", and when clicked, the composer will be dismissed without destroying the draft.
2019-07-04 11:45:57 -04:00
Penar Musaraj
03805e5a76
FIX: Ensure lightbox image download has correct content disposition in S3 (#7845) 2019-07-04 11:32:51 -04:00
Mario Santos
c5625b70f1 FIX: Prevent emoji-picker from not showing (#7856)
If an external plugin inserts an element with class "emoji-picker", something probable if they extend EmojiPicker, it could cause troubles as css is added depending on the emoji-picker height. Just by adding a class of a parent <div> as could be d-editor, we prevent this from happening.
2019-07-04 11:46:21 +02:00
Gerhard Schlager
a5e80079d6 FEATURE: Add Belarusian language 2019-07-04 11:37:37 +02:00
David Taylor
2063d20e9a Revert "DEV: Let OmniAuth strategies return auth result. (#7833)"
This reverts commit dc5eb76551.

It is better to keep any custom redirect logic within omniauth, without relying on the app
2019-07-04 10:06:18 +01:00
Joffrey JAFFEUX
71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852)
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 10:12:39 +02:00
David Taylor
5fdf228db6
FIX: Respect the full_screen_login parameter from plugin auth providers (#7855)
This behavior was regressed in 427979e7e5
2019-07-04 09:06:29 +01:00
Arpit Jalan
1708be4f27
FEATURE: support query params when redirecting to internal link on login (#7829) 2019-07-04 11:11:43 +05:30
David Taylor
0f813fc7c7 DEV: Remove reference to non-existent letter_proxy route
This was introduced in f04471e422, but never actually used
2019-07-03 23:48:32 +01:00
Bianca Nenciu
459932f4e2 FIX: Use title attribute for notification items. (#7840) 2019-07-03 10:48:13 -04:00
Julian Calvento
f3c9dbcf20 UX: Add styling for quoted tweets (#7832) 2019-07-03 10:34:46 -04:00
romanrizzi
9ca1bbe900 Revert "FIX: remove misplaced save button"
This reverts commit 4f468ef210.
2019-07-03 10:56:08 -03:00
Joffrey JAFFEUX
f9f1df7611
DEV: prevents reports key to be time dependant when testing (#7850) 2019-07-03 15:43:01 +02:00
romanrizzi
4f468ef210 FIX: remove misplaced save button 2019-07-03 10:39:01 -03:00
Bianca Nenciu
bfdf740a05 FIX: Show 'Export' button for all tabular reports. (#7838) 2019-07-03 14:47:36 +02:00
OsamaSayegh
426c8045de FIX: logs for enabling/disabling components should show up in the staff actions logs 2019-07-03 12:33:25 +00:00
Osama Sayegh
3d64532273 FEATURE: allow disabling theme components (#7812)
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
2019-07-03 18:18:11 +10:00
Joffrey JAFFEUX
ecf0215ee7
DEV: resets page tracking state between tests (#7847) 2019-07-03 10:08:05 +02:00
Joffrey JAFFEUX
9ee2c121c1
FIX: ensures emoji helper is working with custom emojis (#7843) 2019-07-03 09:23:40 +02:00
Joffrey JAFFEUX
0733ed3a2b
FIX: ensures /t/TOPIC_ID/POST_NUMBER is correctly routing (#7841) 2019-07-03 09:23:23 +02:00
Penar Musaraj
6e3e0685fb DEV: add useBlockMode option for toolbar button text selection
Allows buttons to switch selection to block mode if needed.
2019-07-02 18:02:40 -04:00
Rafael dos Santos Silva
c422520b4a FEATURE: Add CSS classes to associated accounts rows 2019-07-02 16:56:15 -03:00
Joffrey JAFFEUX
72441e2c7c
FIX: page starts at 1 (#7844) 2019-07-02 17:26:23 +02:00
romanrizzi
8404921b91 FIX: Remove misplaced outlet 2019-07-02 11:26:40 -03:00
Arpit Jalan
ccb3ba509d
FIX: creating new badge is failing on empty SQL query (#7837) 2019-07-02 15:12:53 +05:30
Joffrey JAFFEUX
1b45096aa5
UX: improves styling of similar topics results in composer (#7839) 2019-07-02 11:26:43 +02:00
Penar Musaraj
fca2f0f212 FIX: Only show remove timer button to users with permission to do so 2019-07-01 22:17:02 -04:00
Osama Sayegh
f1c67729de Different fix (#7815) 2019-07-02 11:53:16 +10:00
Sam Saffron
4dcc5f16f1 FEATURE: when under extreme load disable search
The global setting disable_search_queue_threshold
(DISCOURSE_DISABLE_SEARCH_QUEUE_THRESHOLD) which default to 1 second was
added.

This protection ensures that when the application is unable to keep up with
requests it will simply turn off search till it is not backed up.

To disable this protection set this to 0.
2019-07-02 11:22:01 +10:00
Dan Ungureanu
dc5eb76551 DEV: Let OmniAuth strategies return auth result. (#7833) 2019-07-01 13:13:11 -03:00
Arpit Jalan
f56d86a852 FIX: use normal title instead of fancy title for prefilled composer 2019-07-01 17:55:24 +05:30
Joffrey JAFFEUX
7b52a110b8
DEV: removes DOMTokenList polyfill (#7831)
Creates more issues than it solves especially on IOS, I dont trust it anymore. Will reconsider if this is an issue in the future.
2019-07-01 14:08:38 +02:00
Gerhard Schlager
d513c28e3b FIX: Don't send notification email when user isn't allowed to see topic 2019-07-01 14:03:03 +02:00
Arpit Jalan
997250586c FEATURE: prefill title for direct messages from topic
https://meta.discourse.org/t/default-re-title-title-for-direct-messages-from-topic/121413
2019-07-01 17:14:08 +05:30
Joffrey JAFFEUX
af58049eeb
UX: puts tags and categories on same line in search-menu-results (#7830) 2019-07-01 13:11:43 +02:00
Joffrey JAFFEUX
384f5cea05
FIX: ensures static pages are using absolute path (#7828) 2019-07-01 11:25:45 +02:00
Joffrey JAFFEUX
11ae5c78db
FEATURE: adds infite scroll on admin users list page (#7821) 2019-07-01 11:00:06 +02:00
Bianca Nenciu
4f97f85178 DEV: Fix lint. (#7824) 2019-06-28 20:24:09 +02:00
Kris
aa9b9e1930 UX: improved mobile positioning of topic timer remove button 2019-06-28 14:09:42 -04:00
Joffrey JAFFEUX
5bab4f8007
UX: gives each info its own line in search-menu-results (#7825) 2019-06-28 11:14:38 +02:00
Joffrey JAFFEUX
61438c825a
fix prettier (#7823) 2019-06-28 09:36:38 +02:00
Bianca Nenciu
b2eb0f4ad6 FEATURE: Export any type of report supporting table mode. (#7662) 2019-06-28 08:50:31 +02:00
Kris
82f2af8a0d UX: Move link to show tracked topics, simplify translation 2019-06-27 21:36:24 -04:00
Penar Musaraj
27387b0859 Do not collapse quote notifications
This prevents an issue where edits to a post with a quote would trigger push notifications indefinitely.
2019-06-27 18:20:43 -04:00
Ralph Rooding
4ba35472e6 Don't check for second factor when switching to anonymous account (#7803) 2019-06-27 15:01:26 -07:00
Joffrey JAFFEUX
a61147d838
FEATURE: displays tags in search menu results when enabled (#7819) 2019-06-27 19:26:14 +02:00
Robin Ward
ed936bcb01 FIX: Fix a navigation bug
To reproduce:

1. Visit a url in a new tab such as `/latest?order=views`

2. Click a topic link

3. Click the back button

Before this patch, you would not be sent back to the latest list.

Now, I am somewhat hesitant to delete code like this, but the [original
commit](b2b7f4d905)
explains a situation that I cannot reproduce with the code missing.

I cannot seem to keep the filters as sticky even if I try. At the very
least this is better to commit right now than the currently known broken
situation.
2019-06-27 09:06:10 -04:00
Gerhard Schlager
fe870a1e54 DEV: Respond with error 400 to uploads requested via XHR
follow-up to 13f38055
2019-06-27 11:15:35 +02:00
Sam Saffron
8f7a387aa7 FEATURE: add support for tag group search
The behaviour of #TERM in search has been amended

1. We try category or subcategory slugs
2. We try tags
3. We try tag-groups

The term `hello #my-group` will search for all posts tagged with any of
the tags in the tag group `My Group`

Future work may be introducing a slug cache here or caching it in the table
but the assumption is that the number of tag groups will not be huge
2019-06-27 17:53:26 +10:00
Arpit Jalan
9a2eb5c8cb UX: change icon for video placeholder 2019-06-27 12:27:14 +05:30
Sam Saffron
5bc5c02af6 FIX: mark topics in sub categories as unread when dismissing parent
Previously we would only dismiss the parent category and leave the
child categories unread
2019-06-27 13:26:48 +10:00
Jeff Wong
88ef5e55fe
FEATURE: add ability to have multiple totp factors (#7626)
Adds a second factor landing page that centralizes a user's second factor configuration.

This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2019-06-26 16:58:06 -07:00
Osama Sayegh
50e4ecc77e
UX: hide post is unread tooltip after the post is read (#7813)
Note we can't use `display: none` here because it doesn't work with
animations.
2019-06-26 22:39:57 +03:00
Arpit Jalan
a3bcb8e887 UX: make onebox video placeholder icon grey 2019-06-26 23:40:36 +05:30
Arpit Jalan
168a38dc29 Bump onebox version.
- better Twitch placeholder
- CSS for said placeholder
2019-06-26 23:22:29 +05:30
Robin Ward
817661aed9 UX: Require a confirmation if approving a post in a closed topic 2019-06-26 12:21:49 -04:00
Robin Ward
14a64e7c4c Move "Hide Post" option up to the top on the review interface
If you agree with the post you are likely to want to hide it.
2019-06-26 11:35:59 -04:00
Robin Ward
eedec7d79b FIX: Only include pending/agreed scores in the total score
This should prevent posts from being hidden if a previous flag was
rejected and a new one was added.
2019-06-26 11:21:35 -04:00
Joffrey JAFFEUX
c63268467e
DEV: prettier 1.18.2 (#7810) 2019-06-26 17:09:52 +02:00
Penar Musaraj
76307611dc
UX: new inline button to remove a topic timer (#7790) 2019-06-26 11:08:53 -04:00
Gerhard Schlager
13f38055ac SECURITY: XSS in routes
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2019-06-26 16:34:15 +02:00
Joffrey JAFFEUX
56b76f31dc
fix prettier linting (#7809) 2019-06-26 15:26:02 +02:00
Joffrey JAFFEUX
dfde59f631
FIX: provides an emoji helper to replace codes by images (#7802) 2019-06-26 15:11:04 +02:00
Daniel Waterworth
65a6e2c860 Change Widget#attach signature
Take a fallback option instead of a list of names
2019-06-26 09:01:25 -04:00
Daniel Waterworth
37b8f5d989 Use dasherize instead of replace 2019-06-26 09:01:25 -04:00
Daniel Waterworth
d025e188e8 Make the linter happy 2019-06-26 09:01:25 -04:00
Daniel Waterworth
70e27641eb Pass data to description to prevent duplication 2019-06-26 09:01:25 -04:00
Daniel Waterworth
8c349101c5 Pass data to text method to prevent duplication 2019-06-26 09:01:25 -04:00
Daniel Waterworth
86d5208b31 Pass data to url method to avoid duplication 2019-06-26 09:01:25 -04:00
Daniel Waterworth
ac6f7b3625 Remove notificationType argument from text 2019-06-26 09:01:25 -04:00
Daniel Waterworth
a3254b8446 Pull invitee accepted notification behaviour into its own class 2019-06-26 09:01:25 -04:00
Daniel Waterworth
7c52ba1431 Pull liked consolidated notification behaviour into its own class 2019-06-26 09:01:25 -04:00
Daniel Waterworth
42143a874e Pull custom notification behaviour into its own class 2019-06-26 09:01:25 -04:00
Daniel Waterworth
305562bf66 Pull title logic into its own method 2019-06-26 09:01:25 -04:00
Daniel Waterworth
d83147d137 Rename "title" variable to more apt "description" 2019-06-26 09:01:25 -04:00
Daniel Waterworth
02deaa4bc6 Pull icon choosing into its own method 2019-06-26 09:01:25 -04:00
Daniel Waterworth
36d7abed0b Pull group message summary behaviour into its own class 2019-06-26 09:01:25 -04:00
Daniel Waterworth
396e13aaa7 Pull liked notification behaviour in its own class 2019-06-26 09:01:25 -04:00
Daniel Waterworth
bd062fcbef Export DefaultNotificationItem 2019-06-26 09:01:25 -04:00
Daniel Waterworth
04a75b1cb3 Change the way notification items are created
Look for the specialised version first, before falling back to the
default. This allows the behaviour to be customised based on the type of
notification.
2019-06-26 09:01:25 -04:00
Daniel Waterworth
cdf0cd3ecd createWidgetFrom creates a new widget with an arbitrary base class 2019-06-26 09:01:25 -04:00
Daniel Waterworth
01a7fd4225 Make attach optionally take a list of widget names to try 2019-06-26 09:01:25 -04:00
Daniel Waterworth
41129f933d Rename notification-item to default-notification-item 2019-06-26 09:01:25 -04:00
Daniel Waterworth
7e70db3fb7 s/notName/notificationName/g 2019-06-26 09:01:25 -04:00
Joffrey JAFFEUX
7c9d62c280
FIX: prevents failure when TL was mutated on internal object (#7808) 2019-06-26 14:51:45 +02:00
Joffrey JAFFEUX
01de7e1444
FIX: calling action with a string is deprecated (#7807) 2019-06-26 12:42:46 +02:00
Joffrey JAFFEUX
e64544ae44
icon s/trash/trash-alt (#7806) 2019-06-26 12:31:49 +02:00
Joffrey JAFFEUX
ea2a9bc4fc
FIX: closes search-menu on escape (#7804) 2019-06-26 11:53:39 +02:00
Arpit Jalan
2af4002817 Bump onebox version.
- Add a placeholder icon for Twitch onebox preview
- Add CSS for showing fontawesome play icon for placeholder class
2019-06-26 13:40:14 +05:30
Sam Saffron
333b5a19b2 FIX: do not include uncategorized_category_id in topic_create_allowed if posting in uncategorized is disabled
Previously users were still allowed to create topic via API even if
uncategorized was disabled.

Not 100% happy with all this special casing, but I guess we have to do
something.

This also splits up a mega spec now that we have fab! into a more easy to
understand structure (I hope)
2019-06-26 17:41:07 +10:00
Osama Sayegh
2eece2c41b
UX: add shortcut for deferring topics (#7798) 2019-06-25 07:20:55 +03:00
David Taylor
afb5ec811d FIX: Don't use DistributedCache to store redis readonly state
This can cause unbound CPU usage in some cases, and excessive logging in other cases. This commit moves redis readonly information into the local process, but maintains the DistributedCache for postgres readonly state.
2019-06-25 11:20:34 +08:00
Sam Saffron
f3e4e6941c DEV: Correct batch setting of categories
followup to #bc03c509

There were 2 problems

1. VALUES was not properly getting multiple results ... we need (1),(2),(3)
not (1,2,3)

2. changes was mistakenly lazy evaluated eg `changed ||=` which meant some
queries were not running
2019-06-25 13:05:43 +10:00
Daniel Waterworth
bc03c509ab FIX: CategoryUser#batch_set (#7787)
* Remove unused method

* Prefabricate user in category_user_spec.rb

* FIX: Remove notification_level from category_users unique indexes

* FIX: CategoryUser#batch_set wasn't updating pre-existing records

* Improve tests for CategoryUser#batch_set

* FIX: changed was being reported incorrectly

* DEV: Rewrote query to do a bulk insert

* DEV: remove unnecessary parentheses
2019-06-25 12:13:27 +10:00
Jeff Wong
6de254f642 FIX: iterate when clearing watched words cache 2019-06-24 17:17:56 -07:00
Vinoth Kannan
b1ca64487a FIX: multisite upload urls must have either db name or the word 'short-url'. 2019-06-25 01:19:58 +05:30
Kris
9e54e0141e FIX: mobile overflow for tall fixed modals 2019-06-24 12:24:13 -04:00
Joffrey JAFFEUX
c1ca942a77
REFACTOR: removes self pattern from safari-hacks lib (#7795) 2019-06-24 11:12:06 +02:00
Joffrey JAFFEUX
e064db35d9
REFACTOR: removes self pattern from eyeline lib (#7796) 2019-06-24 10:58:59 +02:00
Joffrey JAFFEUX
cea3a027f3
FIX: category-chooser search should be scoped to category (#7794) 2019-06-24 10:45:30 +02:00
Joffrey JAFFEUX
7cabc47945
UX: improves change-timestamp modal datepicker (#7771) 2019-06-24 10:24:54 +02:00
Dan Ungureanu
ee8669d778
FIX: Ensure :after_auth event is triggered. (#7791) 2019-06-21 21:57:49 +03:00
Robin Ward
02f6db4e59 FIX: Back button shenanigans when redirecting from index routes
This is a problem that has long plagued Discourse. The root issue here
is that we have to implement our own link click handler, because
Discourse allows users to create HTML blobs of content with links, and
when those links are clicked they must be handled by the Ember router.

This always involved a certain amount of use of private Ember APIs which
of course evolved over time.

The API has more or less stabilized in the last two years, however we
have hacks in our URLs to handle a dynamic root path, depending on how
forums have set up their filters and in what order.

This patch adds a special case for the root path so we needn't update
the URL ourselves otherwise, which preserves the back button on index
routes. The update call would otherwise insert an extra history event if
a route redirected on transition, breaking the back button.
2019-06-21 14:42:01 -04:00
Penar Musaraj
e51de4cc25
FEATURE: Add endpoint to individually update a theme setting (#7789)
- also adds a new staff action type called "change theme setting" for easier logging of staff changes to theme settings
2019-06-21 13:49:14 -04:00
Arpit Jalan
2738d11f60
UX: show like icon on archived posts (#7775) 2019-06-21 20:47:32 +05:30
Joffrey JAFFEUX
1cbe2dd2ce
DEV: adds polyfill to fully support DOMTokenList in IE (#7765) 2019-06-21 09:59:28 +02:00
Guo Xiang Tan
7c86f16aa3 FIX: Support carriage return in InlineUploads.
Follow up to 8deaef3872.
2019-06-21 14:07:06 +08:00
Guo Xiang Tan
8deaef3872 FIX: Don't replace img tags within anchor tags with markdown format.
Follow up to 9a25b0d614.
2019-06-21 12:32:02 +08:00
Guo Xiang Tan
9a25b0d614 FIX: Edge case with anchor tag in InlineUploads. 2019-06-21 09:55:56 +08:00
Robin Ward
fc026e12a5 FIX: Some toolbar operations weren't triggering the change event
This would mean that some simple edits to queued posts did not get
saved.
2019-06-20 13:35:12 -04:00
Penar Musaraj
0e26c57afa FIX: Do not refresh all settings on save for all settings, limit to only a few
- Followup to 0e303c7f5d

- Automatically reloads site settings after saving only for the logo, logo_small and large_icon settings.
2019-06-20 10:57:31 -04:00
Vinoth Kannan
56b7777705 FIX: 'status' param change not filtering the topics in tag route.
Use existing 'filterQueryParams' helper method to set 'queryParams' value for tag route.
2019-06-20 17:27:32 +05:30
Guo Xiang Tan
53efb7bd24 FIX: BBcode edge case for InlineUploads. 2019-06-20 11:47:51 +08:00
Penar Musaraj
f096c994de FIX: use correct name for selectable_avatars_enabled site setting 2019-06-19 13:18:16 -04:00
Guo Xiang Tan
34f382b758 FIX: InlineUploads should replace attachment links with markdown text. 2019-06-19 11:15:02 +08:00
Guo Xiang Tan
73a45048a0 FIX: Upload#short_url generates incorrect URL when extension is nil. 2019-06-19 09:10:50 +08:00
Robin Ward
6fec4982d9 FIX: Couldn't modify a widget that wasn't in the registry 2019-06-18 12:28:18 -04:00
Sam Saffron
03ba1d49fb DEV: lint file
We no longer need that isAppleDevice require
2019-06-18 17:12:55 +10:00
Maja Komel
506de13896 FIX: remove temporary hack for fixed iOS bug (#7773)
A bug where input focus is displaced on modals was fixed in iOS 11.3 update. This hack was causing problems on topic page since hiding main-outlet results in lost read position after opening and closing a modal.
2019-06-18 16:25:29 +10:00
Jeff Wong
893b50031d
replace subfolder on cdn url conversion between general cdn and s3 (#7764)
When both a cdn URL and an s3 cdn URL defined, subfolder paths were leaking
through to the s3 cdn URL. If we are replacing the cdn url with the s3_cdn url,
we also need to make sure that the subpath is removed as well, as it appears in
the original cdn url.

The test should give a fairly good gist of the situations - in subfolder
situations where s3_cdn and a cdn is defined:
`asset_path` returns the asset with a subfolder, in the form `{cdn_url}/{subfolder}/{asset_path}`

Currently this is being replaced to `{s3_cdn_url}/{subfolder}/{asset_path}`
I am proposing we change this to: `{s3_cdn_url}/{asset_path}` as it seems like
for s3_cdn urls we should not be carrying around app subfolder pathing anywhere
we are looking up s3 paths.
2019-06-17 11:51:17 -07:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Arpit Jalan
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Arpit Jalan
102be5a9e3 DEV: optimize fix for sub-categories not getting pre-filled. 2019-06-17 13:28:08 +05:30
tshenry
c909033f2b Add plugin outlets to login/create-account modals (#7770) 2019-06-17 16:22:00 +10:00
Sam Saffron
704c579550 FIX: do not allow unbound membership lookups
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
Sam Saffron
fe4f0a4369 FIX: staged users should not be included in TL groups
staged users should not be included in any automatic groups cause for all
purposes they do not exist.
2019-06-17 15:10:47 +10:00
Arpit Jalan
48b9e0d749 FIX: sub-categories was not getting selected for pre-filled topics 2019-06-15 13:46:15 +05:30
Kris
9cb656250d FIX: Allow tall tables to scroll vertically on iOS 2019-06-14 14:26:59 -04:00
Guo Xiang Tan
77c06384c0 Fix the build. 2019-06-14 13:56:35 +08:00
Guo Xiang Tan
5d16d10a9e DEV: Fix edge case for InlineUploads. 2019-06-14 13:48:03 +08:00
Guo Xiang Tan
befb074c98 DEV: InlineUploads should process CDN upload URLs as well. 2019-06-14 13:14:37 +08:00
Guo Xiang Tan
41abebcbce DEV: Support both http and https for InlineUploads. 2019-06-14 12:48:31 +08:00
Guo Xiang Tan
c9db897777 FIX: Remove onebox src from Jobs::PullHotlinkedImages.
The test that was added is incorrect because the post was not cooked.
2019-06-14 09:21:25 +08:00
Sam Saffron
457be89445 DEV: only skip migration if a non seeded upload exists
Followup to 667b9801
2019-06-14 09:52:02 +10:00
Sam Saffron
667b98017a FIX: do not attempt to migrate pre-existing uploads
This makes this job re-runnable just in case cause it will skip creation
of new uploads if an upload already exists
2019-06-14 09:39:22 +10:00
Arpit Jalan
efc05e7224 FIX: remove topic timer info on completion 2019-06-13 17:01:43 +05:30
Joffrey JAFFEUX
fbbce235ce
UX: improves change-timestamp modal (#7766) 2019-06-13 13:30:33 +02:00
Guo Xiang Tan
9daed05ad0 Fix the build. 2019-06-13 13:53:43 +08:00
Guo Xiang Tan
7a0d031bc4 FIX: InlineUploads matching on external bbcode img url. 2019-06-13 13:47:36 +08:00
Guo Xiang Tan
782e583844 FIX: Edge cases with markdown references for InlineUploads. 2019-06-13 12:08:01 +08:00
Guo Xiang Tan
93c552afda FIX: InlineUploads does not correct urls with uppercase extension. 2019-06-13 11:19:33 +08:00
Sam
fa2a5f6f56
FEATURE: SKIP_DB_AND_REDIS env var (#7756)
Sometimes we would like to create a base image without any DB access, this
assists in creating custom base images with custom plugins that already
includes `public/assets`

Following this change set you can run:

```
SPROCKETS_CONCURRENT=1 DONT_PRECOMPILE_CSS=1 SKIP_DB_AND_REDIS=1 RAILS_ENV=production bin/rake assets:precompile
```

Then it is straight forward to create a base image without needing a DB or
Redis.
2019-06-13 12:58:27 +10:00
Joffrey JAFFEUX
19ca2d4772
DEV: reset widget clean callback between tests (#7761) 2019-06-12 17:49:02 +02:00
Robin Ward
13b979cb71 FIX: Performing actions on a particular reviewable was displaying an error
It was expecting a method to remove the reviewable from the current
list, only we were not displaying a list.

Instead, we refresh the reviewable model with the latest result.
2019-06-12 10:56:30 -04:00
Arpit Jalan
36e53db300 Fix the build. 2019-06-12 16:44:17 +05:30
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Guo Xiang Tan
f0846ea7cf DEV: Remove unused line. 2019-06-12 17:38:30 +08:00
Guo Xiang Tan
641521896c FIX: Cover more edge cases in InlineUploads. 2019-06-12 17:06:58 +08:00
Maja Komel
0a1b16bb16 FIX: clean up cooked group bio when bio is removed (#7745) 2019-06-12 16:18:38 +10:00
Guo Xiang Tan
73bf880f74 FIX: Correct more edge cases with InlineUploads. 2019-06-12 10:44:25 +08:00
Guo Xiang Tan
ff48fbdfda FIX: InlineUploads raises an error when img tag is invalid. 2019-06-12 10:31:00 +08:00
David Taylor
0ebe5ec1f8 FIX: Check postStream.gaps exists before trying postSteam.gaps.after 2019-06-11 23:48:21 +01:00
Robin Ward
f6e0c79742 FIX: Trigger change event when inserting text
This would normally not fire and result in odd behavior in the review
queue when inserting links.
2019-06-11 17:27:34 -04:00
Robin Ward
3d7c26c15e FIX: Memory Leaks w/ Container (#7750)
Gives instance initializers the ability to add a `teardown` method that
will be called between tests to clean up after themselves.
2019-06-11 18:41:27 +02:00
Robin Ward
47095a7fa1 FIX: Memory leak when adding ajax prefilter repeatedly. 2019-06-11 11:50:35 -04:00
Robin Ward
c322cccd53 FIX: Memory Leaks when decorating posts (#7749)
* Remove long-deprecated method

* FIX: Memory Leaks when decorating posts

Previously we'd keep creating mixins dynamically when decorating the
same class.

This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
Bianca Nenciu
934adb14d2
FIX: On tag change notify only users watching the tag. (#7707) 2019-06-11 18:06:54 +03:00
Vinoth Kannan
788f995f30 FIX: skip external urls which has upload url in query string.
Add spec tests for post.each_upload_url method. e8fafbc123
2019-06-11 19:55:02 +05:30
Arpit Jalan
e2636f0ec7 FIX: handle array in redirect param 2019-06-11 17:49:09 +05:30
David Taylor
f4fd75aea4 DEV: Rename variable to avoid conflict 2019-06-11 13:02:40 +01:00
David Taylor
f1d5b992bf DEV: Correct linting error 2019-06-11 12:51:18 +01:00
Joffrey JAFFEUX
dc15486f0a Revert "DEV: resets csrf ajax prefilter only if present (#7747)"
This reverts commit 6612218a4e.
2019-06-11 13:34:25 +02:00
David Taylor
61b587f66e
FIX: Mark ignored posts as 'read', if last visible post is read (#7739) 2019-06-11 12:16:28 +01:00
David Taylor
000a35b219 FIX: Do not live-load posts from ignored users 2019-06-11 12:07:14 +01:00
Joffrey JAFFEUX
6612218a4e
DEV: resets csrf ajax prefilter only if present (#7747) 2019-06-11 12:50:20 +02:00
Joffrey JAFFEUX
ebf77f74b7 Revert "DEV: prevents csrf token to leak state between tests (#7746)"
This reverts commit b29d63a52d.
2019-06-11 12:19:49 +02:00
Joffrey JAFFEUX
b29d63a52d
DEV: prevents csrf token to leak state between tests (#7746) 2019-06-11 11:54:23 +02:00
Joffrey JAFFEUX
e6714d3531 Revert "DEV: attempts to prevent session object to be retain in csrf init (#7743)"
This reverts commit 62c56b6e59.
2019-06-11 10:58:32 +02:00
Joffrey JAFFEUX
4deb0f6d59
DEV: prevents post-cooked decorators to leak between tests (#7744) 2019-06-11 10:02:10 +02:00
Joffrey JAFFEUX
62c56b6e59
DEV: attempts to prevent session object to be retain in csrf init (#7743) 2019-06-11 09:59:14 +02:00
Joffrey JAFFEUX
c407e32368
DEV: should check on object and not length (#7742) 2019-06-11 09:45:45 +02:00
Guo Xiang Tan
e5cace9185 FIX: File size text should not be part of link. 2019-06-11 15:21:06 +08:00
Guo Xiang Tan
fb0a655e8a FEATURE: Update pull hotlinked images to use Upload#short_url. 2019-06-11 15:17:29 +08:00
Guo Xiang Tan
9d0fba64c0 FIX: Use attachment format in user export system post take 2. 2019-06-11 12:15:11 +08:00
Dan Ungureanu
a046f6ced5 FEATURE: Trigger Discourse events from authenticators. (#7724) 2019-06-11 11:28:42 +10:00
Daniel Waterworth
d073a7d5a8 DEV: Added commit approved notification type for discourse-code-review
We need to reserve ids in core so plugins do not clash.
2019-06-11 11:17:23 +10:00
Guo Xiang Tan
06d974d55c FEATURE: Add base62 sha1 to cooked data attribute
* FEATURE: Add base62 sha1 to data attribute in `Post#cooked`.

* FIX: Use `Upload#short_url` when quoting an image.
2019-06-11 11:15:45 +10:00
Guo Xiang Tan
bd538f7437 FIX: Composer preview not caching inline onebox. 2019-06-11 09:14:53 +08:00
Bianca Nenciu
9168ffc201 PERF: Use already loaded post when quoting or opening draft. 2019-06-11 08:21:38 +08:00
Sam Saffron
7b17eb06da FEATURE: ban any SSO attempts with invalid external id
We now treat any external_id of blank string (" " or "     " or "", etc) or a
invalid word (none, nil, blank, null) - case insensitive - as invalid.

In this case the client will see "please contact admin" the logs will explain
the reason clearly.
2019-06-11 10:04:26 +10:00
Robin Ward
ecebff5060 Only show deprecation warning if the webhook is active 2019-06-10 16:23:12 -04:00
Roman Rizzi
ace6ce0462
FIX: Add 'deleted' to the list of status filters (#7738) 2019-06-10 15:43:49 -03:00
Robin Ward
bdfa55ee5d UX: Copyedits on reviewable filters 2019-06-10 13:45:38 -04:00
Robin Ward
86f3e74799 DEV: Allow {{d-button}} to include a href 2019-06-10 13:24:40 -04:00
Robin Ward
8b31b812f8 UX: Use a glyph to indicate a new topic instead of "New Topic:"
In the review queue it was easy to miss "New Topic:" so let's try a font
awesome glyph instead.
2019-06-10 12:43:20 -04:00
Robin Ward
8c4e16eafd FIX: In reply to would sometimes have a broken link 2019-06-10 11:33:10 -04:00
Joffrey JAFFEUX
af08ab5b7b Revert "DEV: prevents csrf-token initializer to leak session object (#7730)"
This reverts commit da5255e560.
2019-06-07 18:31:16 +02:00
Joffrey JAFFEUX
ebecd0b7d1 Revert "fix tests, crsf token meta is not present on tests (#7733)"
This reverts commit 240b61e844.
2019-06-07 18:31:13 +02:00
Gerhard Schlager
bae7b75e23 FIX: Updating a user profile as admin shouldn't change the user's locale 2019-06-07 17:53:46 +02:00
Joffrey JAFFEUX
2dce650b72
FIX: prevents screen-track from leaking object (#7734) 2019-06-07 17:18:27 +02:00
Joffrey JAFFEUX
240b61e844
fix tests, crsf token meta is not present on tests (#7733) 2019-06-07 17:11:16 +02:00
Joffrey JAFFEUX
dfb66334c1
DEV: prevents global-notice events to leak (#7732) 2019-06-07 16:49:59 +02:00
Joffrey JAFFEUX
55325679ac
DEV: prevents share-popup to leak events (#7731) 2019-06-07 16:48:45 +02:00
Joffrey JAFFEUX
da5255e560
DEV: prevents csrf-token initializer to leak session object (#7730) 2019-06-07 16:46:55 +02:00
Joffrey JAFFEUX
df01249db4
FIX: removes leaking handler in select-kit (#7729) 2019-06-07 16:12:22 +02:00
Joffrey JAFFEUX
fca90106b9
FIX: select-kit events were sometimes not cleaned up (#7728) 2019-06-07 15:20:01 +02:00
David Taylor
54afa314fb FIX: Do not download emojis in pull_hotlinked_images 2019-06-07 13:00:52 +01:00
Gerhard Schlager
d1228f47bb FIX: Handle missing plural keys on client 2019-06-07 10:24:17 +02:00
Sam Saffron
cbd4d06da0 PERF: only check for totp record on current user at when needed
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
2019-06-07 16:25:04 +10:00
Joffrey JAFFEUX
a652d620f6 FIX: safari desktop doesnt support input[time] (#7719)
This commit attempts to improve the experience by:
- showing time input as disabled on any platform if date hasn't been set
- showing a placeholder --:-- to emphasize the expected format
2019-06-07 15:50:43 +10:00
Sam Saffron
a0474a0774 FIX: always take the first post in the RSS fee
`.posts.first` may be the first post and may not, depending on luck

Also add protection for corrupt topics
2019-06-07 14:57:56 +10:00
Sam Saffron
ff3a1eae3a FIX: ensure consistency should handle cases where a topic trashed
Followup to c05b6170
2019-06-07 14:57:56 +10:00
Guo Xiang Tan
ee142c2173 DEV: More improvements to InlineUploads.
* Convert inline links to short path

```
<link> <link>
<link>
```

to

```
<short_path> <short_path>
<short_path>
```
2019-06-07 11:49:30 +08:00
Sam Saffron
c05b617067 FIX: ensure_consistency was able to create corrupt category topics
- Correct create_category_definition to skip validations and use a
transaction, no longer able to create corrupt topics

- ensure_consistency now clears topic_id if pointing at deleted or missing
topic_id

- Stop creating category definition topics for uncategorized
2019-06-07 11:20:13 +10:00
Maja Komel
9db1fef4e3 FIX: add support for custom/plugin notification title attribute 2019-06-07 09:09:16 +08:00
Neil Lalonde
1f73a3ba6d FIX: round the calculated heat values
Views heats like 12135 will become 12000, like ratios like
1.666666666667 will become 1.67.
2019-06-06 15:44:55 -04:00
Bianca Nenciu
35da531f1d FIX: Do not resize images in Onebox while lazy loading.
Follow-up to 35d0fd0.
2019-06-06 18:36:18 +03:00
Arpit Jalan
9acd851b9a FIX: correct link to list of watched words 2019-06-06 20:21:54 +05:30
Joffrey JAFFEUX
48b6391777
FIX: s/thumb-tack/thumbtack (#7718) 2019-06-06 14:43:16 +02:00
Joffrey JAFFEUX
c462c2f271
FIX: prevents appEvents to leak (#7714) 2019-06-06 12:33:52 +02:00
Bianca Nenciu
5377d1672f DEV: Fix linting issue. 2019-06-06 13:20:16 +03:00
Bianca Nenciu
f63b8bb79d FIX: Periodically ensure consistency of categories. (#7663) 2019-06-06 11:30:52 +02:00
Guo Xiang Tan
782da448a2 FIX: Missing title attribute when quoting an image. 2019-06-06 16:45:12 +08:00
Guo Xiang Tan
2265c5102f DEV: Remove unnecessary condition.
Follow up to 21876d46d6.
2019-06-06 15:55:49 +08:00
Guo Xiang Tan
95db609586 DEV: Support more formats of inline images. 2019-06-06 15:50:56 +08:00
Guo Xiang Tan
21876d46d6 DEV: Missing loading spinner for staff action logs.
Follow up to e0c821ebb0.
2019-06-06 15:41:55 +08:00
Penar Musaraj
f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677)
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
Bianca Nenciu
e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00
Saurabh Patel
b510006ca8 FEATURE: show tags in crawler view of tags page for static site
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
Roman Rizzi
c3a38d2304 DEV: Make groups/new extensible by plugins (#7642)
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
Guo Xiang Tan
7bd8f715bc DEV: Prefer this.site.notification_types. 2019-06-06 09:39:59 +08:00
Guo Xiang Tan
d9d36f241d DEV: Use this.site.get("notification_types") instead.
Follow up to fcb7422213.
2019-06-06 08:18:25 +08:00
Kris
54db23e4ff UX: Make input caret color match text color 2019-06-05 14:27:27 -04:00
Robin Ward
58ff7216ca UX: Display "Queued Topic" if a Queued Post will create a topic 2019-06-05 14:11:28 -04:00
Robin Ward
d902c4eb9f FEATURE: Can sort reviewable queue
Choices are Priority / Created At (and desc versions.)
2019-06-05 13:21:05 -04:00