Commit Graph

12006 Commits

Author SHA1 Message Date
Neil Lalonde
2499b56594 Merge master 2016-08-05 15:13:33 -04:00
Robin Ward
b17908fab1 SECURITY: XSS issue on Admin users list 2016-08-05 12:48:33 -04:00
Robin Ward
a139e469a7 SECURITY: Avoid mass assignment on user create 2016-08-05 12:43:50 -04:00
Robin Ward
3d62e5dd98 SECURITY: XSS issue on Admin users list 2016-08-05 12:01:16 -04:00
Robin Ward
429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Arpit Jalan
cda108da56 use existing method for target_group_names 2016-08-05 18:57:46 +05:30
Arpit Jalan
c064e946b2 FIX: custom reason for flags were not showing for non-english locales 2016-08-05 18:41:11 +05:30
Régis Hanol
d0962d6e5a FIX: serve category images from the CDN 2016-08-05 13:03:49 +02:00
Guo Xiang Tan
33e7df977d FIX: Row resize zone should be full width of composer. 2016-08-05 10:02:01 +08:00
Sam
9b011cb75d UX: increase mobile line height for readability 2016-08-05 09:22:54 +10:00
Robin Ward
e5b529f8e1 FIX: Couldn't move posts with deleted replies 2016-08-04 11:56:01 -04:00
Guo Xiang Tan
2332422a85 UX: Text wasn't centered properly in badge notification. 2016-08-04 10:51:11 +08:00
Guo Xiang Tan
66f14ab0b8 Draw grippie with CSS. 2016-08-04 10:24:14 +08:00
Guo Xiang Tan
927bf19d93 UX: Disable dismiss notifications button when there is nothing to dismiss. 2016-08-04 09:48:10 +08:00
Robin Ward
331135a88e Deuglify the admin dashboard loading state. Also clean up the code 2016-08-03 15:36:41 -04:00
Robin Ward
19fa24d888 Add a warning if a user tries to PM themselves 2016-08-03 13:58:24 -04:00
Neil Lalonde
5f67cd7b45 FIX: tag input detects when a tag is not allowed and won't offer to create it anyway 2016-08-03 13:18:56 -04:00
Régis Hanol
e92f5e4fbf FEATURE: new email attachment blacklists site settings 2016-08-03 17:55:54 +02:00
Régis Hanol
cb809784df refactor version-check to ES6 2016-08-03 16:13:02 +02:00
Régis Hanol
35c13bca6c Merge pull request #4363 from cpradio/version-link-shows-compare
FEATURE: Installed Version link shows GitHub Compare to branch being followed
2016-08-03 16:03:57 +02:00
Régis Hanol
a21d52951a don't use startsWith just yet 2016-08-03 14:31:52 +02:00
Robin Ward
1ae625ec2e FIX: Archetype class wasn't being applied on refresh 2016-08-02 15:26:07 -04:00
Robin Ward
2d7b036b9a UX: Display nicer looking numbers for unread in categories 2016-08-02 15:16:07 -04:00
Neil Lalonde
37162e476b FIX: remove gtm_ua_domain_name setting because it's preferable to configure it in Google Tag Manager settings 2016-08-02 14:54:35 -04:00
Robin Ward
857d54162b Redirect to Summary when viewing yourself 2016-08-02 13:21:24 -04:00
Neil Lalonde
d38727efb7 FIX: Google Universal Analytics was tracking two page views on first page view 2016-08-02 12:55:02 -04:00
Robin Ward
7a6cd15c4a FIX: Disable events on hidden timeline buttons 2016-08-02 11:34:27 -04:00
Robin Ward
f4c8070d09 FIX: Couldn't update category notification level 2016-08-02 11:22:02 -04:00
cpradio
1b89c2f0ef FEATURE: Installed Version link shows GitHub Compare to branch being followed 2016-08-02 06:18:44 -04:00
Guo Xiang Tan
dc2dae2cc4 FIX: Logs notice was not displaying the right Date. 2016-08-02 12:40:28 +08:00
Guo Xiang Tan
bf683178a8 FIX: Remove tag plugin code from tag hashtag check. 2016-08-02 10:59:12 +08:00
Jeff Atwood
138e2071c5 slightly increase mobile post body font size 2016-08-01 16:23:41 -07:00
Régis Hanol
681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Régis Hanol
829143bf88 FIX: 'List-Unsubscribe' header wasn't added to emails sent when mailing_list_mode was enabled 2016-08-01 20:19:00 +02:00
Régis Hanol
c591429868 FIX: don't destroy uploads in queued posts and drafts 2016-08-01 18:35:57 +02:00
Régis Hanol
0fa458c5a7 Merge pull request #4356 from acshi/datapayloadarchetype
data.archetype should be data.payload.archetype in topic_tracking_state.js.es6
2016-08-01 14:10:51 +02:00
Sam
9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Rafael dos Santos Silva
5d91355c97 FIX upload hints 2016-07-30 15:39:11 -03:00
Robin Ward
9cb8d5d19e FIX: Whitelist the big tag 2016-07-29 16:11:18 -04:00
Acshi Haggenmiller
26e8eed83b changed data.archetype typo to data.payload.archetype in topic_tracking_state.js.es6 2016-07-29 11:23:00 -04:00
Neil Lalonde
1f12e41029 FIX: query for tag with no sub-categories 2016-07-28 16:59:00 -04:00
Neil Lalonde
82e170d6a6 FIX: 404 when filtering by category, no sub-category, and a tag 2016-07-28 16:19:03 -04:00
Robin Ward
9adfccfad1 FIX: Regression with escaping on badge page
In this branch (stable) we can't run the sanitizer because the bundle is not
loaded. The long badge description is not sanitized, but it
has to be created by an admin so it's extremely low risk.

In the beta / tests-passed branches the text is sanitized.
2016-07-28 16:11:41 -04:00
Robin Ward
efc6408b1d FIX: Regression with escaping on badge page 2016-07-28 15:57:06 -04:00
Robin Ward
5d062206db SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 15:41:03 -04:00
Robin Ward
f416634ea0 SECURITY: Cross-Site Scripting in Category and Group Settings 2016-07-28 15:30:53 -04:00
Robin Ward
90a3cc7f18 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 15:29:05 -04:00
Robin Ward
2891f230d1 SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 13:54:17 -04:00
Robin Ward
cf5b756b1a SECURITY: Cross-Site Scripting in Category and Group Settings 2016-07-28 11:57:59 -04:00
Neil Lalonde
77847f0d46 FIX: meta description tags for tags 2016-07-28 11:49:23 -04:00