Commit Graph

43597 Commits

Author SHA1 Message Date
David Taylor
f45853676f
SECURITY: Ensure _forum_session cookies cannot be reused between sites (#14950)
This only affects multisite Discourse instances (where multiple forums are served from a single application server). The vast majority of self-hosted Discourse forums do not fall into this category.

On affected instances, this vulnerability could allow encrypted session cookies to be re-used between sites served by the same application instance.
2021-11-15 15:50:12 +00:00
Robin Ward
5c43b8a572 DEV: Retry installation of ember exam
Let's try installing it by including it in dependencies AND dev
dependencies so it works in every environment.
2021-11-15 10:30:56 -05:00
Jarek Radosz
2bd2d0d474
FIX: A screen-track/appEvents regression in #14929 (#14943) 2021-11-15 15:04:49 +01:00
Jarek Radosz
67e38e81f7
DEV: Remove unnecessary test setup calls (#14940)
`setURLContainer()` and `setDefaultOwner()` are already called in an application initializer at the beginning of each test.
2021-11-15 13:46:09 +01:00
Jarek Radosz
985d079e47
DEV: Clean up sniff-capabilities (#14938)
Drop jQuery, remove unused caps (`canPasteImages` and `highRes`), enable `canVibrate` for Firefox (per the old comment), and other minor changes.
2021-11-15 13:41:55 +01:00
Arpit Jalan
8c4896f660
FIX: composer education message for group mentions were broken (#14937)
Composer education message for group mentions were broken because the
count parameter is a string instead of a number.
2021-11-15 17:12:06 +05:30
Jarek Radosz
fc3a6e57e3
DEV: Drop support for removing all appEvent listeners (#14936)
Also removes "appEventsCache". (and reduces the reported test memory usage by ~33%)

There's no longer any need to remove appEvent listeners in application-instance initializers' `teardown`, as app instances are recreated before each test (in both legacy and ember cli envs)
2021-11-15 12:31:05 +01:00
Jarek Radosz
f0d963faad
DEV: Use @bind instead of repeated .bind(this) (#14931)
Fixes some cases where event listeners weren't correctly removed. Also fixes a dependency tracking bug in user-private-messages
2021-11-15 10:07:53 +01:00
Martin Brennan
08e625c446
FIX: Use previous chunk to check if local backup chunk upload complete (#14896)
Uppy and Resumable slice up their chunks differently, which causes a difference
in this algorithm. Let's take a 131.6MB file (137951695 bytes) with a 5MB (5242880 bytes)
chunk size. For resumable, there are 26 chunks, and uppy there are 27. This is
controlled by forceChunkSize in resumable which is false by default. The final
chunk size is 6879695 (chunk size + remainder) whereas in uppy it is 1636815 (just remainder).

This means that the current condition of uploaded_file_size + current_chunk_size >= total_size
is hit twice by uppy, because it uses a more correct number of chunks. This
can be solved for both uppy and resumable by checking the _previous_ chunk
number * chunk_size as the uploaded_file_size.

An example of what is happening before that change, using the current
chunk number to calculate uploaded_file_size.

chunk 26: resumable: uploaded_file_size (26 * 5242880) + current_chunk_size (6879695) = 143194575 >= total_size (137951695) ? YES
chunk 26: uppy: uploaded_file_size (26 * 5242880) + current_chunk_size (5242880) = 141557760 >= total_size (137951695) ? YES
chunk 27: uppy: uploaded_file_size (27 * 5242880) + current_chunk_size (1636815) = 143194575 >= total_size (137951695) ? YES

An example of what this looks like after the change, using the previous
chunk number to calculate uploaded_file_size:

chunk 26: resumable: uploaded_file_size (25 * 5242880) + current_chunk_size (6879695) = 137951695 >= total_size (137951695) ? YES
chunk 26: uppy: uploaded_file_size (25 * 5242880) + current_chunk_size (5242880) = 136314880 >= total_size (137951695) ? NO
chunk 27: uppy: uploaded_file_size (26 * 5242880) + current_chunk_size (1636815) = 137951695 >= total_size (137951695) ? YES
2021-11-15 15:08:21 +10:00
Jarek Radosz
9c9ad22626
DEV: Fix qunit/assert-args (#14932)
Just a couple of invalid assertions.
2021-11-15 04:30:42 +01:00
Jarek Radosz
b1c72282c9
DEV: Delete an old appEvents.off call (#14930)
There's no `composer:resize` anymore.
2021-11-15 02:38:10 +01:00
Jarek Radosz
a817ee9f7c
DEV: Update caniuse-lite (#14926)
The repeated notices in the console were tiring…

```
Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db

Why you should do it regularly:
https://github.com/browserslist/browserslist#browsers-data-updating
```
2021-11-15 01:18:11 +01:00
Jarek Radosz
047432735e
DEV: Don't create AppEvents instance in Eyeline (#14928)
Use `Evented` from `@ember/object/evented` instead.
2021-11-15 00:44:07 +01:00
Jarek Radosz
25251d4d00
DEV: Don't set appEvents on app, group injections (#14929) 2021-11-15 00:42:49 +01:00
Jarek Radosz
9711caf7ea
DEV: Fix a computed property overwrite (#14927)
There's a `category` computed property that already does what this piece of code did.
2021-11-15 00:39:20 +01:00
Vinoth Kannan
2b848213f7
FIX: set null to group if groupAttrs param is not available. (#14795)
Because of this bug "all groups" option in the group selector dropdown was not selectable on the user directory page.
2021-11-14 19:53:50 +05:30
Jarek Radosz
4f14e012a7
DEV: Replace $.extend with Object.assign (#14921) 2021-11-14 10:59:22 +01:00
Jarek Radosz
4938381b78
DEV: Fix a computed-property.override warning (#14922)
Regressed in #14307
2021-11-14 10:59:05 +01:00
Jarek Radosz
827b6c99ae
DEV: Fix a call-after-destroy issue (#14923)
Intersection observer callback can be called after the component gets destroyed:

```
Assertion Failed: calling set on destroyed object: <@ember/component:ember6019>.docked = false
    at assert (ember:37774:17)
    at _set2 (ember:17304:46)
    at Class.set (ember:29529:29)
    at Class._intersectionHandler (discourse/app/components/topic-progress:135:16)
    at Backburner._run (ember:56389:25)
    at Backburner._join (ember:56365:21)
    at Backburner.join (ember:56082:19)
    at join (ember:42874:28)
    at IntersectionObserver.eval (ember:42978:19)
```
2021-11-14 10:58:37 +01:00
Jarek Radosz
140ef0ebe7
DEV: Increase Chrome memory limit (#14918)
"Fixes" the build
2021-11-13 15:32:16 +01:00
Jarek Radosz
043e0dcad7
DEV: Don't try to load admin locales in tests (#14917)
It always fails with:

```
Failed to load resource: the server responded with a status of 403 (Forbidden), url: http://localhost:60099/extra-locales/admin?v=[…]
```
2021-11-13 15:31:55 +01:00
Jarek Radosz
906a71a607
DEV: Fix linting issues in core plugins (#14916) 2021-11-13 15:31:42 +01:00
Jarek Radosz
f414d5eace
DEV: Use method definition syntax consistently (#14915) 2021-11-13 14:01:55 +01:00
Jarek Radosz
bdd2c888b0
DEV: Avoid using globals (#14909) 2021-11-13 13:10:13 +01:00
Jarek Radosz
4ad77f3382
DEV: Remove .es6 extensions from core (#14912)
Still supported in plugins though.
2021-11-13 12:51:53 +01:00
Jarek Radosz
cb3cb96149
DEV: Fix Chrome flags (#14914)
```
Error: illegal value for flag --max_semi_space_size
```
2021-11-13 12:37:07 +01:00
Jarek Radosz
904275a8f1
FIX: Use the same hljs version in prod and tests (#14913)
It was at ~10.7.0 (`7f3240ea`) in tests and 10.6.0 (`eb122d3b`) in production build before… So my #14908 broke the build.
2021-11-13 01:45:02 +01:00
Jarek Radosz
9c6ad955aa
DEV: Fix one more use of jQuery global (#14910) 2021-11-12 20:22:43 +01:00
Jarek Radosz
7ea2bf52cc
DEV: Fix hljs.highlightBlock deprecation (#14908) 2021-11-12 20:20:47 +01:00
Rafael dos Santos Silva
6645243a26
SECURITY: Disallow caching of MIME/Content-Type errors (#14907)
This will sign intermediary proxies and/or misconfigured CDNs to not
cache those error responses.
2021-11-12 15:52:25 -03:00
Jarek Radosz
9ca93f57cc
DEV: Remove jQuery global usage where possible (#14905) 2021-11-12 19:23:20 +01:00
Jarek Radosz
97aa56bdc3
FIX: Prevent PreloadStore from calling the finder when value is falsy (#14899) 2021-11-12 17:45:06 +01:00
Joffrey JAFFEUX
79f49dfb7a
DEV: reduces jquery usage in composer-editor (#14903) 2021-11-12 16:40:10 +01:00
Daniel Waterworth
4724f3cbf7
DEV: Remove deprecated method (#14902) 2021-11-12 09:07:44 -06:00
Daniel Waterworth
e7c0bbb9c0
DEV: Let's always give a drop_from param to deprecate (#14901)
So that we know when deprecations can be removed in the future.
2021-11-12 08:52:59 -06:00
Bianca Nenciu
32a174d883
FIX: Use Map instead of Object for caching (#14887)
Objects have default properties, such as "constructor" that can cause
issues when using similar texts as keys.
2021-11-12 15:18:07 +02:00
Joffrey JAFFEUX
904d509cce
FIX: ensures minimum tags logic is correct and shared (#14723)
Also fixes a bug where select-kit was not updating noneItem in multi-selects.
2021-11-12 14:04:48 +01:00
Joffrey JAFFEUX
362c47ce6a
DEV: adds a new topic footer dropdown api (#14747)
This api allows to add a dropdown at the bottom of a topic, note that this API is mobile only for now.

Also included in the commit:
- various doc fixes
- adding tests for both buttons and dropdowns APIs
- uses thrown instead of @ember/error to ensure execution is halted when incorrect parameters are given
2021-11-12 10:21:34 +01:00
Martin Brennan
e0be6ce1ee
DEV: Catch Mocha::ExpectationError in request specs (#14897)
Same issue as 28b00dc6fc, the
Mocha::ExpectationError inherits from Exception instead
of StandardError so RspecErrorTracker does not show the
actual failed expectation in request specs, the status of
the response is just 500 with no further detail.
2021-11-12 13:10:16 +10:00
Martin Brennan
2371da9f25
Revert "Add support for Ember Exam" (#14895)
This reverts commit d1dec23a93.

It was causing issues with internal builds.
2021-11-12 10:31:57 +10:00
dependabot[bot]
d92a213b6d Build(deps): Bump mini_racer from 0.4.0 to 0.5.0
Bumps [mini_racer](https://github.com/discourse/mini_racer) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/discourse/mini_racer/releases)
- [Changelog](https://github.com/rubyjs/mini_racer/blob/master/CHANGELOG)
- [Commits](https://github.com/discourse/mini_racer/compare/v0.4.0...v0.5.0)

---
updated-dependencies:
- dependency-name: mini_racer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-11 16:50:57 -05:00
dependabot[bot]
cd80193582 Build(deps): Bump sprockets-rails from 3.2.2 to 3.3.0
Bumps [sprockets-rails](https://github.com/rails/sprockets-rails) from 3.2.2 to 3.3.0.
- [Release notes](https://github.com/rails/sprockets-rails/releases)
- [Commits](https://github.com/rails/sprockets-rails/compare/v3.2.2...v3.3.0)

---
updated-dependencies:
- dependency-name: sprockets-rails
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-11-11 16:32:03 -05:00
Robin Ward
d1dec23a93 Add support for Ember Exam
This allows us to partition and load balance tests, if we like.
2021-11-11 16:15:50 -05:00
Daniel Waterworth
388f45c570
DEV: Remove deprecated methods (#14885) 2021-11-11 12:21:25 -06:00
Daniel Waterworth
fa3c4ad28b
DEV: Deprecate message bus site settings (#14465)
It makes much more sense for these to be GlobalSettings, since, in
multisite clusters, only the default site's settings would be respected.

Co-authored-by: David Taylor <david@taylorhq.com>
2021-11-11 11:12:25 -06:00
Jarek Radosz
61d14a7694
DEV: Fix 3N+1 query in /admin/customize/themes (#14876) 2021-11-11 18:11:23 +01:00
David Taylor
13fdc979a8
DEV: Improve multisite testing (#14884)
This commit adds the RailsMultisite middleware in test mode when Rails.configuration.multisite is true. This allows for much more realistic integration testing. The `multisite_spec.rb` file is rewritten to avoid needing to simulate a middleware stack.
2021-11-11 16:44:58 +00:00
Roman Rizzi
a3814b1e56
FIX: Display top posts from private categories if the user has access. (#14878)
Users viewing the top topics from the categories page should see those belonging to a private category if they have access to it.
2021-11-11 13:35:03 -03:00
Osama Sayegh
69ec6899f9
Revert "DEV: increase lock timeout for multisite migration (#14831)" (#14883)
* Revert "DEV: increase lock timeout for multisite migration (#14831)"

This partially reverts commit 337ef60303.

We need to revert the mutex around `db:status:json` because the mutex is not available unless the rails environment is loaded which the `db:status:json` doesn't load before the mutex. We can't load the environment before entering the mutex because the mutex is meant to prevent other instances of the task from loading a rails environment while the database is migrating.

Co-authored-by: David Taylor <david@taylorhq.com>

Co-authored-by: David Taylor <david@taylorhq.com>
2021-11-11 16:16:53 +03:00
Alan Guo Xiang Tan
095255c8ec
FIX: Topic queryParams are removed from history state when scrolling. (#14881)
* Also fixed a bug where the queryParams are not removed when toggling
  between filters.
2021-11-11 16:10:00 +08:00