Commit Graph

45077 Commits

Author SHA1 Message Date
David Taylor
166fe3bb34
FIX: Apply 'allowed_href_schemes' to all src/srcset attributes (#16860)
Previously we were only applying the restriction to `a[href]` and `img[src]`. This commit ensures we apply the same logic to all allowlisted media src attributes.
2022-05-19 11:18:30 +01:00
dependabot[bot]
95c85a278e
Build(deps): Bump json from 2.6.1 to 2.6.2 (#16848)
Bumps [json](https://github.com/flori/json) from 2.6.1 to 2.6.2.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.6.1...v2.6.2)

---
updated-dependencies:
- dependency-name: json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 10:56:05 +02:00
dependabot[bot]
f927ac6a01
Build(deps): Bump rubocop-rspec from 2.10.0 to 2.11.1 (#16868)
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.10.0 to 2.11.1.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.10.0...v2.11.1)

---
updated-dependencies:
- dependency-name: rubocop-rspec
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 10:55:06 +02:00
Chapoi
a6abf8d07a
UX: update hljs-builtin-name colour (#16863) 2022-05-18 16:11:59 -04:00
Gabe Pacuilla
4284ba9c27
FIX(cache_critical_dns): use correct DISCOURSE_DB_USERNAME envvar (#16862) 2022-05-18 13:01:18 -04:00
Bianca Nenciu
4d1c6396c9
FIX: Allow users to select "regular" categories (#16857)
Categories that had a CategoryUser record and the notification level
set to "Normal" were not selectable in any of the "Watched", "Tracked",
"Watching First Post" or "Muted" inputs. This happened because the
category seemed to be already selected in the "Normal" input, but that
does not exist (it is the default value if category is not present in
any of the other inputs).
2022-05-18 17:57:57 +03:00
Loïc Guitaut
aa4b1d9c38 DEV: Use new defaults for ActiveSupport::Digest
Use the `OpenSSL::Digest::SHA256` class for `ActiveSupport::Digest`.
This could lead to cache invalidation.
2022-05-18 16:51:07 +02:00
Penar Musaraj
71c74a262d
FEATURE: Include participants in PN search data (#16855)
This makes it easier to find PMs involving a particular user, for
example by searching for `in:messages thisUser` (previously, that query
would only return results in posts where `thisUser` was in the post body).
2022-05-18 10:34:01 -04:00
Chapoi
96d656f450
UX: update hljs-builtin-name highlight (#16859)
* update hljs-builtin-name highlight

* Move dark-light function to better file
2022-05-18 15:55:40 +02:00
Gabe Pacuilla
9f246e6969
FIX(cache_critical_dns): use discourse database name and user by default (#16856) 2022-05-17 16:09:32 -04:00
Bianca Nenciu
9ea8a4a9af
FIX: Use CSS transition to make room for composer (#16750)
The composer is displayed over the bottom part of the page. To make sure
that no content is covered by the composer, a bottom padding is added
equal to the height of the composer. When the composer is opened or
closed that padding is added after around 300ms because of a debounce.

This commit makes sure that the padding is added as soon as the composer
state changes by using a CSS custom property (variable) and transition
property for a smooth user interface.
2022-05-17 22:44:25 +03:00
Daniel Waterworth
6e53f4d913
DEV: New readonly mode. Only applies to non-staff (#16243) 2022-05-17 13:06:08 -05:00
Bianca Nenciu
985afe1092
FEATURE: Add page title to 404 pages (#16846)
The title had to be added both on the 404 page generated by the server
side, displayed when the user reaches a bad page directly and the 404
page rendered by Ember when a user reaches a missing topic while
navigating the forum.
2022-05-17 18:37:43 +03:00
Loïc Guitaut
0feffa6f88 DEV: Enable Rails 7 cache format version 2022-05-17 17:32:10 +02:00
David Taylor
8bc8dbc134
Revert "DEV: Drop our mail gem fork (#16622)" (#16853)
This reverts commit 0d30c19b7e.

Pending resolution of https://github.com/mikel/mail/issues/1489
2022-05-17 16:11:39 +01:00
Discourse Translator Bot
ddb5d88158
Update translations (#16852) 2022-05-17 16:51:11 +02:00
Rafael dos Santos Silva
5f1c3b4c9f
FIX: acted state in post action like could desync with multiple likes (#16847)
If userA has multiple tab/devices on the same topic, and:

1. userA likes a post in tab1
2. userB likes the same post
3. userA post like `acted` attr would desync in tab2

This fix handles this case and also the reverse one when removing likes
interleaved with other users acting on the same post.

Reported in Meta at https://meta.discourse.org/t/-/227239/3
2022-05-17 10:21:17 -03:00
Meghna
28affa8cba
UX: consistent spacing on group interaction form (#16851) 2022-05-17 18:38:46 +05:30
Loïc Guitaut
73de203843 FIX: Apply 'hide email account' for invites 2022-05-17 09:56:06 +02:00
Penar Musaraj
f31301b6de
UX: Fix status icon size in suggested topics (#16845) 2022-05-16 15:53:40 -04:00
David Taylor
38216f6f0b
DEV: Make user field validation more specific (#16746)
- Only validate if custom_fields are loaded, so that we don't trigger a db query
- Only validate public user fields, not all custom_fields

This commit also reverts the unrelated spec changes in ba148e08, which were required to work around these issues
2022-05-16 14:21:33 +01:00
Chapoi
b65ecf6987
UX: Add back link on taggroup page (#16700)
* Add back button to taggroup page

* Lint update + enclosing tags

* Linting

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-05-16 10:34:09 +02:00
dependabot[bot]
ce1f2473b9
Build(deps-dev): Bump faker from 2.20.0 to 2.21.0 (#16842)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.20.0 to 2.21.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.20.0...v2.21.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 00:42:31 +02:00
dependabot[bot]
adbd1b5565
Build(deps): Bump rubocop-ast from 1.17.0 to 1.18.0 (#16841)
Bumps [rubocop-ast](https://github.com/rubocop/rubocop-ast) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/rubocop/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-ast/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 00:42:15 +02:00
dependabot[bot]
8ce29a4a22
Build(deps): Bump loofah from 2.17.0 to 2.18.0 (#16726)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.17.0 to 2.18.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.17.0...v2.18.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-14 23:00:10 +02:00
Isaac Janzen
4e622c9fd8
DEV: Remove 'htmlSafe' string prototype extensions (#16828)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 16:24:05 -05:00
Isaac Janzen
85ceafb4dc
DEV: Remove 'htmlSafe' string prototype extensions (#16766)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 14:58:26 -05:00
Daniel Waterworth
9eadabe9fc
DEV: Let's deny access to sso endpoints when disabled consistently (#16752) 2022-05-13 14:33:28 -05:00
Daniel Waterworth
6a4696eec8
DEV: Add helper method for repeated sso logging pattern (#16749) 2022-05-13 12:19:44 -05:00
Isaac Janzen
ce8dd8810e
DEV: Remove 'underscore' string prototype extensions (#16748)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 11:32:38 -05:00
Isaac Janzen
839ae52c20
DEV: Remove 'decamelize' string prototype extensions (#16747) 2022-05-13 11:32:19 -05:00
Isaac Janzen
aa95a3d654
DEV: Remove 'dasherize' string prototype extensions (#16740)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 10:56:23 -05:00
Daniel Waterworth
66a04c5cfe
FIX: Prevent all kinds of login in readonly mode (#16743) 2022-05-13 10:52:01 -05:00
Andrei Prigorshnev
7412f665e7
DEV: improve timezone API on the client (#16660) 2022-05-13 13:21:56 +04:00
David Taylor
6bea6cba5d
FIX: Add safari 12 to ember-cli build targets in production (#16745)
cf273ec6 removed ie11 as a target. A side effect is that this also removed support for Safari 12, which we will be maintaining support for until January 2023

https://meta.discourse.org/t/224747
2022-05-13 10:08:59 +01:00
Alan Guo Xiang Tan
de9fe907ee
DEV: Readonly Redis support for DiscourseRedis#multi/pipelined (#16744)
Follow-up to 2df3c65ba9
2022-05-13 16:18:13 +08:00
Alan Guo Xiang Tan
2cc9f0e7d9
DEV: Setup categories section in sidebar for future work (#16733) 2022-05-13 09:35:15 +08:00
dependabot[bot]
ab9433569a
Build(deps): Bump rubocop from 1.29.0 to 1.29.1 (#16742)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.29.0 to 1.29.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.29.0...v1.29.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-13 00:17:50 +02:00
Daniel Waterworth
1d7e423f86
FIX: Make read only errors respect the request format (#16741) 2022-05-12 17:04:49 -05:00
Penar Musaraj
18ebe2fc28
DEV: Add ability to populate private messages (#16705) 2022-05-12 14:29:49 -04:00
Isaac Janzen
88b34172af
DEV: Remove 'classify' string prototype extensions (#16739)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-12 13:17:59 -05:00
Isaac Janzen
324a89c9d6
DEV: Remove 'capitalize' string prototype extensions (#16738)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-12 13:17:33 -05:00
Isaac Janzen
20740f196c
FIX: handle quote rendering for external Discourse instance (#16722)
Gracefully handle quotes from an external discourse instance by stripping quote-controls and including username in the title
2022-05-12 10:07:43 -05:00
David Taylor
991b62b6f1
DEV: Drop old hotlinked image data from post_custom_fields (#16594)
`20220428094026_create_post_hotlinked_media` moved this data into a dedicated table
2022-05-12 15:34:35 +01:00
Isaac Janzen
459060db0b
DEV: Remove string prototype extensions (#16736)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-12 09:23:23 -05:00
Loïc Guitaut
9957929a15 DEV: Use hybrid cookies instead of marshal ones
Now that we’re sure about not reverting from Rails 7, we can enable the
hybrid cookie serializer to convert our cookies automatically.
2022-05-12 11:50:15 +02:00
Alan Guo Xiang Tan
0bc04cb003
DEV: Add missing titles on sidebar buttons. (#16730)
* Also small refactor to reduce magical generation of translation string
key when using `Section` and `SectionLink` components.
2022-05-12 15:10:14 +08:00
Bianca Nenciu
61eefcf037
FIX: Checked allowed tag when editing Reviewables (#16713)
While editing a reviewable's tags, the tag chooser did not show the tags
restricted to a specific category. This happened because the tag-chooser
did not pass the categoryId to the server while it was requesting the
list of tags the user can use.
2022-05-12 09:46:11 +03:00
Alan Guo Xiang Tan
fd1dc91eed
DEV: Don't cache watched words in test env (#16731)
The cache was causing state to leak between tests since the `WatchedWord` record in the DB would have been rolled back but `WordWatcher` still had the word in the cache.
2022-05-12 14:45:05 +08:00
Martin Brennan
8e9164fb60
DEV: Minor bookmark tweaks for polymorphism (#16728)
* Make the modal for bookmarks display more consistently
* Make sure bookmark query can handle empty results for certain
  bookmarkable queries
2022-05-12 10:29:01 +10:00