Sam
1d3f04d4bb
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:48 -05:00
Régis Hanol
f49c9f6c43
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:58:04 +01:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Arpit Jalan
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
Guo Xiang Tan
d6bf5b0e78
Use any
orientation for web app manifest.
2017-01-11 17:32:24 +08:00
Guo Xiang Tan
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
Neil Lalonde
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
Guo Xiang Tan
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
Neil Lalonde
685e6bdbab
FIX: tags canonical url can raise error or be wrong
2017-01-05 15:17:23 -05:00
Claas Augner
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
Guo Xiang Tan
5098baee2f
FIX: Undefined variable.
2017-01-04 17:37:23 +08:00
Guo Xiang Tan
43671b1fda
UX: Display group fullname in mention autocomplete.
2017-01-04 11:40:14 +08:00
Rafael dos Santos Silva
d3fb724578
Merge pull request #4632 from xfalcox/native-app-banner
...
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
Rafael dos Santos Silva
d7c8c2d5e3
FEATURE: Opt-in native Discourse app install banner on Android/iOS
2017-01-03 15:50:45 -02:00
Guo Xiang Tan
ad4a96d387
FIX: Only send membership request to the last 5 active group owners.
2017-01-03 15:33:57 +08:00
Guo Xiang Tan
5aee2673c7
FIX: Push null fields to last when sorting group members.
2016-12-22 14:55:24 +08:00
Guo Xiang Tan
5605700fa9
UX: Sort groups by name.
2016-12-22 14:46:20 +08:00
Guo Xiang Tan
8551d821a0
FEATURE: Add site setting to disable group directory.
2016-12-22 14:14:22 +08:00
Guo Xiang Tan
5e75d5c1bf
PERF: N+1 query on groups page.
2016-12-21 20:59:09 +08:00
Guo Xiang Tan
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
Guo Xiang Tan
9db5d5b6a7
FIX: Incorrect serializer for groups page.
2016-12-20 15:44:22 +08:00
Guo Xiang Tan
7c7c233c1c
FIX: Can't update Groups#allow_membership_requests
in admin.
2016-12-20 15:14:35 +08:00
Guo Xiang Tan
502e114c60
FIX: Incorrect count when loading more groups.
2016-12-20 14:39:44 +08:00
Guo Xiang Tan
193f8301a4
FIX: Do not show automatic groups to normal users.
2016-12-20 14:26:49 +08:00
Régis Hanol
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Joe Buhlig
87251fded7
FEATURE: Category setting to make all topics wikis
...
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
18c8323987
FIX: Incorrect path for redirect.
2016-12-19 18:12:15 +08:00
Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
dd383300b1
FEATURE: rate limit by login on password reset
2016-12-19 11:03:07 +11:00
Sam
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
Sam
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
Guo Xiang Tan
4b940dc8bd
FEATURE: Add groups page.
2016-12-14 17:27:47 +08:00
Robin Ward
03bc6f70f9
Better error messages when embedding fails
2016-12-13 14:38:05 -05:00
Guo Xiang Tan
2686ee5ab2
FIX: Admin can't add/remove public group users.
2016-12-13 16:39:44 +08:00
Guo Xiang Tan
43ee9f884e
FEATURE: Add Group#full_name
.
2016-12-13 16:16:26 +08:00
Guo Xiang Tan
7bfabb029b
UX: Move editing group from into an individual tab.
2016-12-13 15:15:20 +08:00
Guo Xiang Tan
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
Guo Xiang Tan
9a800107cb
FIX: Associate category logo and background to uploads record.
2016-12-12 17:37:28 +08:00
Guo Xiang Tan
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
Guo Xiang Tan
790f1ef9f3
FIX: Permit missing params.
2016-12-12 17:00:30 +08:00
Guo Xiang Tan
be5b5f6bea
FEATURE: Public groups.
2016-12-12 17:00:30 +08:00
Guo Xiang Tan
b9b4b0c175
FIX: Members should be ordered by username.
2016-12-08 14:27:38 +08:00
Guo Xiang Tan
a2da2971af
FEATURE: Allow columns on group members page to be sortable.
2016-12-08 10:49:12 +08:00
Robin Ward
d379f57c58
FIX: Show an error page if finish-installation
can't run
2016-12-07 11:10:08 -05:00
Guo Xiang Tan
81d333289e
FIX: Return 503 when in readonly mode.
2016-12-07 14:04:42 +08:00
Guo Xiang Tan
545dfa7191
FEATURE: Allow group owners to edit title.
2016-12-07 10:26:28 +08:00