github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 23:38:35 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
30,763 Commits 190 Branches 500 Tags 938 MiB
1960236822
Commit Graph

5938 Commits

Author SHA1 Message Date
Guo Xiang Tan
672e95bcb4 FIX: Staged users should not be mentionable. 2018-11-22 15:00:46 +08:00
Guo Xiang Tan
c5a70eca6e
PERF: Move mention lookups out of the V8 context. (#6640) 
We were looking up each mention one by one without any form of caching and that results
in a problem somewhat similar to an N+1. When we have to do alot of DB
lookups, it also increased the time spent in the V8 context which may
eventually lead to a timeout. The change here makes it such that mention lookups only does a single
DB query per post that happens outside of the V8 context.
 2018-11-22 14:28:48 +08:00
Guo Xiang Tan
596e09aaf9 FIX: Wizard icons step fields have incorrect values. 
https://meta.discourse.org/t/is-the-wizard-supposed-to-not-let-you-skip-adding-icons/102417
 2018-11-22 14:19:36 +08:00
Kyle Zhao
8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Guo Xiang Tan
d298f00046 DEV: Improve specs to be more specific about what has changed. 2018-11-22 10:10:07 +08:00
Gerhard Schlager
c376670bd2 FIX: a search term containing '& could lead to errors 
This also makes sure that the search term in front or after special characters isn't ignored.
 2018-11-21 22:07:56 +01:00
Arpit Jalan
10cc698df3 FIX: respond with proper error message if user not found 2018-11-21 10:47:37 +05:30
Sam
20268385a5 FIX: never attempt to log invalid post numbers 
Previously in some cases we would queue logging of invalid post numbers

The impact would be we would miss logging an incoming link and would leak
an error.
 2018-11-21 11:58:47 +11:00
Sam
86255faa08 FEATURE: do not switch to JPEG unless you meet 75k byte savings 
This also adjusts the algorithm to expect

- 30% saving for JPEG conversion

AND

- Minimum of 75K bytes saved

The reasoning for increase of saving requirements is cause PNG may have been
uploaded unoptimized, 30% saving on PNG is very possible
 2018-11-21 11:01:08 +11:00
Kyle E. Mitchell
15e793fd3b FEATURE: Terms of Service v1.0.0 
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
 2018-11-21 00:45:16 +01:00
Rishabh
eacbe28f55 FIX: Skip gsub for normalizing whitespaces when text is nil (#6631) 2018-11-20 09:12:32 +01:00
Guo Xiang Tan
1a57be3248 Avoid deprecated site setting logging in SiteSetting.settings_hash. 2018-11-20 11:59:38 +08:00
Guo Xiang Tan
81b3bdaabd FIX: Remove site settings override for deprecated url site settings. 2018-11-20 11:42:39 +08:00
Régis Hanol
4459665dee
REFACTOR: use tables instead of custom fields for polls (#6359) 
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
 2018-11-19 14:50:00 +01:00
Joffrey JAFFEUX
e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Guo Xiang Tan
cf21c7f5aa
DEV: Fix typo in specs. 2018-11-19 15:13:54 +08:00
Guo Xiang Tan
fe131c5ea2 Fix missing avatars on topic list page. 
Introduced in b50fab2d72
 2018-11-19 14:55:41 +08:00
Sam
01dc0abb05 dev, give spec a bit more time waiting on timeout 2018-11-19 16:21:39 +11:00
Guo Xiang Tan
b50fab2d72 PERF: Fix N+1 for non-staff users when tagging is enabled. 2018-11-19 12:53:58 +08:00
Kyle Zhao
962fbd1ec7 include '/plugins/' directory for script-src and blob for worker-src 
- plugins may include additional static JS assets
- ACE.js editor register a service worker with a blob for syntax
checking
 2018-11-16 16:31:01 -05:00
Guo Xiang Tan
45f299dfdd PERF: Try to match users before groups. 
User mentions are more common than group mentions so
this will allow us to avoid an extra query.
 2018-11-16 16:41:20 +08:00
Guo Xiang Tan
0ac5126a78 FIX: Clear uploads cache on SiteSetting.refresh!. 
This fixes a bug where the return value of uploads site settings
may defer between processes even though we trigger a refresh via
MessageBus.
 2018-11-16 11:02:51 +08:00
Guo Xiang Tan
9e86b425bc FIX: Job to clean up old URL settings when new setting has been set. 
Related to 44391ee8ab
 2018-11-16 09:33:31 +08:00
Kyle Zhao
055d59373a
CSP: drop 'self' in script-src (#6611) 2018-11-15 12:14:16 -05:00
Joffrey JAFFEUX
c52e68a0c8
FIX: better handling of missing welcome topic in wizard (#6606) 2018-11-15 12:20:48 +01:00
Sam
8e55e61a2e Correct spec 2018-11-15 15:42:16 +11:00
Sam
e7001f879a SECURITY: enforce hostname to match discourse hostname 
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
 2018-11-15 15:23:06 +11:00
Sam
6556a87629 FIX: only check for conflict on edit drafts 
In some unknown cases non edit drafts are being checked for conflict
 2018-11-15 13:14:07 +11:00
Régis Hanol
5852fe7975 FIX: change 'max_consecutive_replies' default to 3 2018-11-14 22:58:05 +01:00
Leo McArdle
7bc121a065 allow CSP reports to be sent when header isn't set by Discourse (#6594) 2018-11-14 16:23:29 -05:00
Maja Komel
c701036034 FIX: reset bump date resets bumped_at to the last regular post in topic (#6605) 2018-11-14 18:56:22 +01:00
Régis Hanol
c78dcde973 FIX: only send originalText when we need to 2018-11-14 17:47:59 +01:00
Bianca Nenciu
b6576d9473 FEATURE: Add new setting to force user edit last post. (#6571) 2018-11-14 15:48:16 +01:00
David Taylor
d003ae45f9 DEV: Correct typo in users_controller_spec 2018-11-14 14:30:44 +00:00
Guo Xiang Tan
df111259fe More URL site settings into a onceoff job. 
* Doing it in a post migration was a bad idea
  because the migration will fail if the site
  is down while trying to download uploads
  which points to the instance. This mainly
  affects self-hosters using `discourse_docker`
  where `./launcher rebuild` will take the
  existing container down.
 2018-11-14 20:29:20 +08:00
Bianca Nenciu
fce0a0ccc8 FEATURE: Compute distance between logins to generate login alerts. (#6562) 2018-11-14 13:26:47 +01:00
Penar Musaraj
f6fb079129 Disable wizard invites step when local_logins are turned off 2018-11-14 13:05:32 +01:00
Bianca Nenciu
34e4d82f1a FEATURE: Report edit conflicts when saving draft. (#6585) 2018-11-14 12:56:25 +01:00
Guo Xiang Tan
861b52b6f3 Fix the build take 2. 2018-11-14 18:07:04 +08:00
Guo Xiang Tan
72370b9c36 Add deprecation warnings for url based site settings. 2018-11-14 16:09:26 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Kyle Zhao
38a9bc740d FIX: change title when primary group changes (#6602) 2018-11-14 08:28:41 +08:00
Robin Ward
467be59d75 FEATURE: Allow expanded posts to return user custom fields 2018-11-13 12:44:54 -05:00
Vinoth Kannan
2374f3e8ac remove unnecessary expectation lines 2018-11-13 16:52:08 +05:30
Guo Xiang Tan
d5df1db3c4 DEV: Improve tests to provide better errors when it fails. 2018-11-13 16:48:04 +08:00
Guo Xiang Tan
e28af0429c DEV: Improve tests to be more specific. 2018-11-13 15:02:46 +08:00
Sam
80ceb57c76 DEV: add API endpoint to destroy_timings only of last post 
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
 2018-11-13 16:07:48 +11:00
Guo Xiang Tan
7b44339529 FIX: Prevent uploads used in site settings from being deleted. 2018-11-13 09:15:16 +08:00
Kyle Zhao
3493ea85cc remove Logster from CSP whitelist (#6593) 
Logster 1.3 no longer has inline JS and is now CSP compliant
 2018-11-13 09:55:57 +11:00
Robin Ward
0cb33d2b52 UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio" 2018-11-12 16:23:37 -05:00
Vinoth Kannan
dda1824270 Use hijack in inline onebox controller 2018-11-13 02:39:20 +05:30
Penar Musaraj
4f81bb8303 Disallow revision edits with empty raw content 2018-11-12 15:28:38 -05:00
Vinoth Kannan
44d95ad5ab FIX: Cache url data for failed inline oneboxes 2018-11-13 01:44:20 +05:30
David Taylor
d89ffbeffd
FEATURE: Add button to delete unused tags (#6587) 
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
 2018-11-12 16:24:34 +00:00
Bianca Nenciu
5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534) 
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
 2018-11-12 15:34:12 +01:00
Maja Komel
012da86a07 FIX user directory time period count (#6586) 2018-11-12 15:30:05 +01:00
Joffrey JAFFEUX
9c616e0679
FIX: handles not found reports in bulk loading (#6582) 2018-11-12 13:47:24 +01:00
Gerhard Schlager
7c4d4331bc FEATURE: Better handling of quotation marks in site text search 
It also matches 3 dots with the ellipsis symbol.
 2018-11-12 13:26:41 +01:00
Guo Xiang Tan
575d6855ea DEV: Improve specs for Validators::UploadValidator. 2018-11-12 14:11:32 +08:00
Sam
e17a13ce19 FEATURE: additional "related messages" section 
This splits out previous message correspondence from suggeted and instead
has a dedicated section called "related messages"
 2018-11-12 13:04:42 +11:00
Régis Hanol
6b51d84dc5 FIX: Don't enqueue topics if the user can't create them 
Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
 2018-11-09 18:24:28 +01:00
Sam
64d9be726f the protection I placed was in the wrong path moved to /session/sso 
correct previous commit
 2018-11-09 17:18:01 +11:00
Sam
3ae4fcd1f7 Improve redirect avoidance for /sso paths 
e6b3310577 was missing an ege case
where return url included current_hostname
 2018-11-09 17:03:58 +11:00
Sam
7d52f5869d Revert "FIX: Don't enqueue topics if the user can't create them" 
This reverts commit 515e103db6.
 2018-11-09 15:25:38 +11:00
Sam
e6b3310577 FIX: never redirect back to /sso it will cause a loop 
If for any reason our return url is set to `/sso` bypass using it
for login redirect
 2018-11-09 14:27:36 +11:00
Vinoth Kannan
515e103db6 FIX: Don't enqueue topics if the user can't create them 2018-11-09 06:10:23 +05:30
Sam
15991677d4 FIX: ensure we never cache login redirects by mistake 2018-11-09 11:14:35 +11:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Guo Xiang Tan
57f92ac808 Revert "Swtich to regexp for DbHelper.remap." 
Regexp is so much slower.

This reverts commit c3f89e3cd7.
 2018-11-08 14:20:09 +08:00
Guo Xiang Tan
c3f89e3cd7 Swtich to regexp for DbHelper.remap. 2018-11-08 14:08:38 +08:00
Sam
42572ff138 Revert font awesome 5 changes 
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
 2018-11-08 16:12:18 +11:00
Guo Xiang Tan
9737938a4a Add option to skip tabels when using DbHelper.remap. 2018-11-08 12:29:37 +08:00
Penar Musaraj
09dc922b3b Fix several FontAwesome 5 issues 
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
 2018-11-07 22:20:53 -05:00
Guo Xiang Tan
3365753bd0 PERF: Reduce number of database queries for DbHelper.remap 
* Cuts number of queries from 273 to 89
* Add some specs
* For a table with 500 posts, benchmarks locally shows a runtime
  reduction from 0.046929135 to 0.032694705.
 2018-11-08 10:54:39 +08:00
Gerhard Schlager
0122b8cd8b Fix random build error 
Request specs could poison the cache since clear_cache! deletes only today and yesterday from the cache.
 2018-11-08 02:51:42 +01:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557) 
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
 2018-11-07 13:05:43 -05:00
Guo Xiang Tan
1e64658c25 Fix brittle specs. 2018-11-07 15:02:53 +08:00
Sam
0a442e319c FIX: correct svg handling for images 
We regressed and optimized images no longer worked with svg

The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
 2018-11-07 15:29:26 +11:00
Bianca Nenciu
2070edf889 FIX: Clarify User.group_locked_trust_level. 
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
 2018-11-07 10:27:44 +08:00
Guo Xiang Tan
bdb8e9efdb DEV: Remove mocks from specs. 2018-11-07 09:55:58 +08:00
Sam
06b9d8223a FIX: search within topic not working correctly in CJK 
We were splitting the term prior to search causing everything to miss
 2018-11-07 09:41:55 +11:00
Jeff Atwood
afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post 
FIX: disable flagging hidden posts
 2018-11-05 11:05:32 -08:00
Penar Musaraj
7b3432f711 Enforce disabling flagging hidden posts server-side 2018-11-05 10:00:59 -05:00
Joffrey JAFFEUX
78954672f9 FIX: uses hex to compare images 
It prevents some terminals from crashing in case of errors and dumping the whole file content into the terminal.
 2018-11-05 09:47:15 -05:00
Maja Komel
1ac3e5473a FIX: don't strip eml attachments from received emails 2018-11-05 09:35:22 +01:00
Sam
d84256a876 FEATURE: add Noindex to robots.txt for disallowed routes 
This strips pages out of indexes that should not exist see:

https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
 2018-11-02 16:39:47 +11:00
Kyle Zhao
f9b36820ef
FIX: only extract script tags with certain types (#6553) 
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
 2018-11-01 16:01:46 -04:00
Robin Ward
ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored 
Display the percentage when reviewing flags.
 2018-11-01 09:59:50 -04:00
Sam
ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Sam
aa044623bd FIX: do not create superflous sessions when logged on 
In some SSO implementations we may want to issue SSO pipelines for
already logged on users

In these cases do not re-log-in a user if they are clearly logged on
 2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Sam
23423ba112 correct spec and error reporting 
previous commit misused warn_exception which caused a spec to fail
 2018-10-31 13:38:05 +11:00
Blake Erickson
589e3fcaa0 FIX: return 400 for missing required params (#6546) 
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
 2018-10-31 13:02:48 +11:00
Bianca Nenciu
e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu
e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482) 
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
 2018-10-30 22:08:57 +00:00
Sam
9933059426 FEATURE: push related PMs to take first 3 slots 
Previously the related PMs were last meaning you would have to work through
all unread to see them.

Also amends it so it either asks for related by group OR user not both.
 2018-10-29 10:47:59 +11:00
Rafael dos Santos Silva
2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
Penar Musaraj
ed9c21e42c FEATURE: hide muted categories from /categories list (#6531) 2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Régis Hanol
306d77b54f FIX: don't use srcset on cropped thumbnails 2018-10-25 16:08:10 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts (#6528) 
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
 2018-10-25 09:52:01 -04:00
David Taylor
56e0f47bcd FIX: Do not update last_seen for API access 
This regressed in 2dc3a50. I have now added tests for the behavior.
 2018-10-25 13:38:57 +01:00
Bianca Nenciu
effbef7d0b UX: Use user locale for locations. (#6527) 
* UX: Use user locale for locations.

* DEV: Added MaxMindDB test data and fixed test.
 2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296 UX: bumps the user-api-key version to 3 (#6526) 
* UX: bumps the user-api-key version to 3

* fix spec
 2018-10-25 09:46:34 +00:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520) 
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
 2018-10-25 09:45:31 +00:00
Régis Hanol
addf6f6d17 FIX: support comma in 'sso_provider_secrets' site setting 2018-10-24 21:23:18 +02:00
Sam
e955a7b49d Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)"" 
This reverts commit 322b27b6dc.

Oops rushed on the revert here... should be good
 2018-10-24 15:14:01 +11:00
Sam
322b27b6dc Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)" 
This reverts commit 63356d883e.

This caused an outage, got to revert
 2018-10-24 15:03:58 +11:00
Kyle Zhao
63356d883e FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523) 2018-10-24 14:34:10 +11:00
Sam
5fd94d3211 PERF: limit unread count to 99 in blue circle 
This revises: e605542c4e

Previous commit was faulty
 2018-10-24 12:10:27 +11:00
Daniel Hollas
cee51672c9 FIX: Strip accents from search query 
4481836 introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well

TODO in search with diacritics:
 - Still need to fix excerpts on search page
 - need to support accent stripping in in_topic search
 - need to make sure that in:title works correctly
 - need to fix "word boldening" in titles
 2018-10-23 12:10:33 +11:00
Sam
b74dd7d379 FIX: stop logging every 404 error when searching for gravatars 2018-10-23 11:43:14 +11:00
Sam
adab7a3a48 improve test, also ensure no zero size is generated 2018-10-23 08:50:07 +11:00
Sam
bea8d337b2 DEV: ensure resizing test does not raise bad error 
Current resizing test was showing binary diff in terminal and failing
in latest image magick 7, this fixes both issues
 2018-10-23 08:45:06 +11:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514) 
do not register new MIME type, parse raw body instead
 2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
Bianca Nenciu
99b43f281b FIX: Fix browser detection for Microsoft Edge. (#6516) 
cool!
 2018-10-22 23:15:41 +11:00
David Taylor
3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
Arpit Jalan
ce0a51665e FIX: count emoji shortcuts in topic title 
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
 2018-10-22 13:44:05 +05:30
Kyle Zhao
dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)" 
This reverts commit fb8231077a.
 2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512) 
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
 2018-10-19 13:44:43 +01:00
Guo Xiang Tan
65faff5832 DEV: Improve specs to provide a better error message. 2018-10-19 14:31:17 +08:00
Sam
9bfc939692 cleanup so gravatar download failures are consistent 
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
 2018-10-19 12:51:55 +11:00
Blake Erickson
f1ba981ae9 Improve add user to group spec for uppercase usernames 
Oops forgot to check for this. See previous commit for more details.
 2018-10-18 13:32:36 -06:00
Blake Erickson
93485facaf FIX: lowercase username for add/rem group members 
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
 2018-10-18 13:17:24 -06:00
Régis Hanol
3973823a33 FIX: always update 'last_gravatar_download_attempt' when updating gravatar 2018-10-18 11:02:54 +02:00
Guo Xiang Tan
bbf542da01 DEV: Prefer <<~ over <<. 2018-10-18 14:17:30 +08:00
Kyle Zhao
0f1afad6da FIX: extracted theme JavaScripts for multisite (#6502) 
* FIX: extracted theme javascripts for multisite

* onceoff to rebake all theme fields
 2018-10-18 17:05:34 +11:00
Bianca Nenciu
f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
David Taylor
501ac4dfa6 DEV: Cleanup properly after user_serializer test 2018-10-17 10:54:22 +01:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499) 
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
 2018-10-17 10:33:27 +01:00
Arpit Jalan
42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Sam
19d7543004 FIX: clear color scheme cache when clearing theme cache 2018-10-16 12:00:46 +11:00
Penar Musaraj
b06dccac49 FIX: force enable a user's email_private_messages option when user replies via email (#6478) 
* Enable user email PM when posting to group or replying to topic via email

* remove extra line

* Add test and fix snake_case

* Only reenable email_private_messages for PM replies
 2018-10-16 10:51:57 +11:00
Davide Porrovecchio
005e1f5373 Add Cache-Control header to CORS (#6490) 2018-10-16 10:46:55 +11:00
Sam
fc94732f88 avoid looking up badge multiple times in spec 2018-10-16 10:42:16 +11:00
Bianca Nenciu
c68a456baa FIX: Do not award badges for links in restricted categories. (#6492) 2018-10-16 10:38:59 +11:00
Neil Lalonde
0724948878 fix failing spec when HUB_BASE_URL is present 2018-10-15 15:06:02 -04:00
Neil Lalonde
d166c38ab7 REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
Kyle Zhao
99d1ded3b3
rename route /javascripts to /theme-javascripts (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel
c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Guo Xiang Tan
8fa59f0548 FIX: Can't clean a tag if the given string is frozen. 2018-10-15 14:48:45 +08:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider 
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
 2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4 DEV: extract inline js when baking theme fields (#6447) 
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
 2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Guo Xiang Tan
5ae4cbcf88 DEV: Clear ColorScheme.hex_cache to avoid leaking state. 2018-10-15 11:16:26 +08:00