github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-15 13:43:45 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
31,872 Commits 214 Branches 500 Tags 960 MiB
2a8118fb44
Commit Graph

31872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Ungureanu
2a8118fb44
SECURITY: Fix tab nabbing. 2019-04-25 00:34:59 +03:00
Gerhard Schlager
b264661fe2 SECURITY: Update nokogiri 2019-04-24 16:37:47 +02:00
Joffrey JAFFEUX
922d93c1d4 SECURITY: jquery CVE-2019-11358 2019-04-24 16:31:26 +02:00
Sam Saffron
e143cc1843 FEATURE: enable NGINX brotli support unconditionally 
Previously we would rely on enable brotli in the web template to turn this
on, going forward this is default on
 2019-04-11 12:42:47 +10:00
Robin Ward
db63a8e468 SECURITY: Update Handlebars to 4.1 
This is to address: https://www.npmjs.com/advisories/755

It is a low priority fix, as Discourse does not allow end users to input
raw handlebars templates.
 2019-04-10 16:15:12 -04:00
Neil Lalonde
63dbac786f Version bump to v2.2.4 2019-03-28 11:03:05 -04:00
Sam Saffron
e073593c86 SECURITY: properly validate return URL for SSO 
Previously carefully crafted URLs could redirect off site
 2019-03-25 09:04:13 +11:00
Jeff Wong
8b761cded1 FIX: remove extra periods (#6998) 
Periods are belong in the translation files not in our templates, if we have them in the templates sentences can not be localized properly.
 2019-03-15 15:47:00 -07:00
Jeff Wong
cbfd9595c4 FEATURE: Add plugin html hook to insert html before any other scripts 2019-03-15 15:38:49 -07:00
Jeff Wong
c9fd2679e4 FIX: lightbox wrapper within open details should show. 2019-03-15 15:38:49 -07:00
Vinoth Kannan
c395755051 FIX: Add helper file for compatibility with latest stable plugin 2019-03-14 09:04:05 +05:30
Roman Rizzi
d8c3c82345 Version bumped to v2.2.3 2019-03-13 16:39:39 -03:00
Roman Rizzi
0f6d5ba4f9 SECURITY: Upgrading Rails version to 5.2.2.1 2019-03-13 16:30:49 -03:00
Neil Lalonde
760d51cab1 Version bump to v2.2.2 2019-03-01 12:27:02 -05:00
Sam
3ac5f526be SECURITY: bypass long GET requests 
In some rare cases we would check URLs with very large payloads
this ensures we always bypass and do not read entire payloads
 2019-02-27 21:52:40 +11:00
David Taylor
c10941bbde REFACTOR: Proxy letter avatars in rails instead of nginx 
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>

This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.

NGINX config has been updated to add caching. This change will require
a container rebuild.

The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
 2019-02-18 08:51:58 +11:00
Kris
4325d0ffc3 UX: Reduce font size on about pages 
(cherry picked from commit 3d11064a33)
 2019-02-14 20:12:55 -05:00
Sam
904e5ac09c FIX: unable to create new categories 
Previous attempt at 70adb940 missed the critical "everyone" group from
staff, leading to a case where staff was no longer able to create categories
 2019-02-15 10:28:13 +11:00
Bianca Nenciu
8e1efe6899 DEV: Improve test. 2019-02-14 23:04:38 +02:00
Bianca Nenciu
426810fcaf FIX: Fix failing test. 2019-02-14 23:04:34 +02:00
Bianca Nenciu
37214bc3eb SECURITY: Do not leak private group names. (#7008) 2019-02-14 23:04:32 +02:00
Vinoth Kannan
2fb5271069 FIX: Bump onebox version to include imgur security fix 
(cherry picked from commit 36ff971c9c)
 2019-02-13 11:51:15 +05:30
Vinoth Kannan
e11ae2a5ab FIX: Bump onebox version to include imgur security fix 
(cherry picked from commit fb911766ee)
 2019-02-13 11:50:35 +05:30
Arpit Jalan
e1094724fb FIX: some posters were not getting added to topic_allowed_users when moving posts to a new PM 
If a user posted twice in a topic then subsequent posters were not getting added as topic_allowed_users.
 2019-02-11 18:25:06 +05:30
Neil Lalonde
e9d1597f81 Version bump to v2.2.1 2019-02-07 10:56:03 -05:00
Kris
3ad5f6ea4b UX: checkboxes were too close to other inputs 2019-02-07 10:09:19 -05:00
Bianca Nenciu
589187b732 FIX: Fix delete button for Tag Groups. (#6965) 2019-02-07 10:09:16 -05:00
Kris
dc43fb69d1 UX: Minor button icon color fixes 2019-02-07 10:09:13 -05:00
Bianca Nenciu
beb6e154ef FIX: in:title should work irrespective of the order. (#6968) 2019-02-07 10:09:08 -05:00
Dan Ungureanu
cc983e3b11 UX: Use translatedLabel for aria-label in buttons. 2019-02-07 10:09:05 -05:00
Maja Komel
7426c427a1 fix typo 2019-02-07 10:09:02 -05:00
David Taylor
9f49007b7b FIX: Rescue and display import errors when updating theme via git 2019-02-07 10:08:59 -05:00
Sam
bfceb29db8 DEV: update logster to stable release 
This update logster to the stable 2.0.1 release instead of running a pre
release
 2019-02-07 10:08:56 -05:00
Gerhard Schlager
d576a3fa57 FIX: S3 endpoint broke bucket creation in non-default region 2019-02-07 10:08:53 -05:00
Kris
12cf3320c2 UX: Turn off autocomplete on composer title 2019-02-07 10:08:50 -05:00
Régis Hanol
1e9a884244 UX: disable browser's autocomplete in search menu 2019-02-07 10:08:47 -05:00
David Taylor
f01ca1f22d FIX: Correctly process {{each}} in raw handlebars templates for themes 2019-02-07 10:08:43 -05:00
Jeff Wong
9564eac72a FIX: Register pan events for touch only 
* touch events - only register touch, not pointer events
* immediately request redraw frame, do not wait for after render to fire.
 2019-02-07 10:08:40 -05:00
Gerhard Schlager
8573ac0d18 FIX: Unpause Sidekiq before uploading backup to S3 
No need to pause Sidekiq longer than really needed. Uploads to S3 can take a long time.
 2019-02-07 10:08:37 -05:00
Kris
a36527ca77 Minor icon color fix 2019-02-07 10:08:34 -05:00
Sam
894b98685b FIX: old migration was loading up invalid model schema 
Generally we should never be touching AR objects in migrations, this is
super risky as we may end up with invalid schema cache.

This code from 2013 did it unconditionally. This change amends it so:

1. We only load up schema if we have no choice
2. We flush the cache before and after

This makes this migration far less risky.
 2019-02-07 10:08:29 -05:00
Kris
5ef75197da UX: Header icon color fix 2019-02-01 17:50:00 +00:00
David Taylor
78eb51f780 SECURITY: Escape HTML in dashboard report tables 2019-02-01 13:11:14 +00:00
David Taylor
94ccedb730 FIX: Login button icons should be white 2019-02-01 11:41:54 +00:00
Kris
34f120c011 Header icon focus color fix 2019-02-01 10:50:40 +00:00
Neil Lalonde
bbb4b6ccef Version bump to v2.2.0 2019-01-31 17:41:36 -05:00
Neil Lalonde
87f89e92a8 Merge diffs from master 2019-01-31 17:24:35 -05:00
Neil Lalonde
23e2a01572 Merge master 2019-01-31 17:18:47 -05:00
Neil Lalonde
6bfd2b6eaf Update translations 2019-01-31 16:27:07 -05:00
Kris
95e16ab0a6 UX: Badge checkmarks should be round 2019-01-31 15:27:46 -05:00