Robin Ward
d1c12539dd
SECURITY: XSS with title selector on preferences page
...
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 17:35:26 -04:00
romanrizzi
2a7d270fd6
Revert "FIX: remove misplaced save button"
...
This reverts commit f1381a274b
.
2019-07-03 10:58:33 -03:00
romanrizzi
f1381a274b
FIX: remove misplaced save button
2019-07-03 10:47:54 -03:00
romanrizzi
34d548dbd3
FIX: Remove misplaced outlet
2019-07-03 10:47:43 -03:00
Arpit Jalan
867eebb55e
FIX: creating new badge is failing on empty SQL query ( #7837 )
2019-07-02 15:17:32 +05:30
Sam Saffron
467e03a2ec
DEV: lint file
...
We no longer need that isAppleDevice require
2019-06-27 11:29:51 +02:00
Joffrey JAFFEUX
a91881280d
FIX: closes search-menu on escape ( #7804 )
2019-06-27 09:34:34 +02:00
Joffrey JAFFEUX
690fb5c4fb
FIX: prevents failure when TL was mutated on internal object ( #7808 )
2019-06-27 09:34:31 +02:00
Gerhard Schlager
9c8aa0a906
SECURITY: XSS in routes
...
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2019-06-26 16:45:33 +02:00
Penar Musaraj
8b963bce37
FIX: Do not refresh all settings on save for all settings, limit to only a few
...
- Followup to 0e303c7f5d
- Automatically reloads site settings after saving only for the logo, logo_small and large_icon settings.
2019-06-25 11:49:09 -04:00
Penar Musaraj
e1822034dc
FIX: use correct name for selectable_avatars_enabled site setting
2019-06-25 11:48:56 -04:00
Maja Komel
faf059e018
FIX: remove temporary hack for fixed iOS bug ( #7773 )
...
A bug where input focus is displaced on modals was fixed in iOS 11.3 update. This hack was causing problems on topic page since hiding main-outlet results in lost read position after opening and closing a modal.
2019-06-25 11:48:42 -04:00
Joffrey JAFFEUX
f2d5cde24c
FIX: category-chooser search should be scoped to category ( #7794 )
2019-06-24 11:31:41 +02:00
David Taylor
52387be4a4
SECURITY: Add confirmation screen when logging in via email link
2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080
Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
...
This reverts commit b8340c6c8e
.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
...
* SECURITY: Add confirmation screen when logging in via email link
* SECURITY: Add confirmation screen when logging in via user-api OTP
* FIX: Correct translation key in session controller specs
* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Arpit Jalan
102be5a9e3
DEV: optimize fix for sub-categories not getting pre-filled.
2019-06-17 13:28:08 +05:30
tshenry
c909033f2b
Add plugin outlets to login/create-account modals ( #7770 )
2019-06-17 16:22:00 +10:00
Arpit Jalan
48b9e0d749
FIX: sub-categories was not getting selected for pre-filled topics
2019-06-15 13:46:15 +05:30
Kris
9cb656250d
FIX: Allow tall tables to scroll vertically on iOS
2019-06-14 14:26:59 -04:00
Arpit Jalan
efc05e7224
FIX: remove topic timer info on completion
2019-06-13 17:01:43 +05:30
Joffrey JAFFEUX
fbbce235ce
UX: improves change-timestamp modal ( #7766 )
2019-06-13 13:30:33 +02:00
Joffrey JAFFEUX
19ca2d4772
DEV: reset widget clean callback between tests ( #7761 )
2019-06-12 17:49:02 +02:00
Robin Ward
13b979cb71
FIX: Performing actions on a particular reviewable was displaying an error
...
It was expecting a method to remove the reviewable from the current
list, only we were not displaying a list.
Instead, we refresh the reviewable model with the latest result.
2019-06-12 10:56:30 -04:00
David Taylor
0ebe5ec1f8
FIX: Check postStream.gaps
exists before trying postSteam.gaps.after
2019-06-11 23:48:21 +01:00
Robin Ward
f6e0c79742
FIX: Trigger change event when inserting text
...
This would normally not fire and result in odd behavior in the review
queue when inserting links.
2019-06-11 17:27:34 -04:00
Robin Ward
3d7c26c15e
FIX: Memory Leaks w/ Container ( #7750 )
...
Gives instance initializers the ability to add a `teardown` method that
will be called between tests to clean up after themselves.
2019-06-11 18:41:27 +02:00
Robin Ward
47095a7fa1
FIX: Memory leak when adding ajax prefilter repeatedly.
2019-06-11 11:50:35 -04:00
Robin Ward
c322cccd53
FIX: Memory Leaks when decorating posts ( #7749 )
...
* Remove long-deprecated method
* FIX: Memory Leaks when decorating posts
Previously we'd keep creating mixins dynamically when decorating the
same class.
This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
David Taylor
f4fd75aea4
DEV: Rename variable to avoid conflict
2019-06-11 13:02:40 +01:00
David Taylor
f1d5b992bf
DEV: Correct linting error
2019-06-11 12:51:18 +01:00
Joffrey JAFFEUX
dc15486f0a
Revert "DEV: resets csrf ajax prefilter only if present ( #7747 )"
...
This reverts commit 6612218a4e
.
2019-06-11 13:34:25 +02:00
David Taylor
61b587f66e
FIX: Mark ignored posts as 'read', if last visible post is read ( #7739 )
2019-06-11 12:16:28 +01:00
David Taylor
000a35b219
FIX: Do not live-load posts from ignored users
2019-06-11 12:07:14 +01:00
Joffrey JAFFEUX
6612218a4e
DEV: resets csrf ajax prefilter only if present ( #7747 )
2019-06-11 12:50:20 +02:00
Joffrey JAFFEUX
ebf77f74b7
Revert "DEV: prevents csrf token to leak state between tests ( #7746 )"
...
This reverts commit b29d63a52d
.
2019-06-11 12:19:49 +02:00
Joffrey JAFFEUX
b29d63a52d
DEV: prevents csrf token to leak state between tests ( #7746 )
2019-06-11 11:54:23 +02:00
Joffrey JAFFEUX
e6714d3531
Revert "DEV: attempts to prevent session object to be retain in csrf init ( #7743 )"
...
This reverts commit 62c56b6e59
.
2019-06-11 10:58:32 +02:00
Joffrey JAFFEUX
4deb0f6d59
DEV: prevents post-cooked decorators to leak between tests ( #7744 )
2019-06-11 10:02:10 +02:00
Joffrey JAFFEUX
62c56b6e59
DEV: attempts to prevent session object to be retain in csrf init ( #7743 )
2019-06-11 09:59:14 +02:00
Joffrey JAFFEUX
c407e32368
DEV: should check on object and not length ( #7742 )
2019-06-11 09:45:45 +02:00
Guo Xiang Tan
e5cace9185
FIX: File size text should not be part of link.
2019-06-11 15:21:06 +08:00
Guo Xiang Tan
06d974d55c
FEATURE: Add base62 sha1 to cooked data attribute
...
* FEATURE: Add base62 sha1 to data attribute in `Post#cooked`.
* FIX: Use `Upload#short_url` when quoting an image.
2019-06-11 11:15:45 +10:00
Guo Xiang Tan
bd538f7437
FIX: Composer preview not caching inline onebox.
2019-06-11 09:14:53 +08:00
Bianca Nenciu
9168ffc201
PERF: Use already loaded post when quoting or opening draft.
2019-06-11 08:21:38 +08:00
Roman Rizzi
ace6ce0462
FIX: Add 'deleted' to the list of status filters ( #7738 )
2019-06-10 15:43:49 -03:00
Robin Ward
bdfa55ee5d
UX: Copyedits on reviewable filters
2019-06-10 13:45:38 -04:00
Robin Ward
86f3e74799
DEV: Allow {{d-button}}
to include a href
2019-06-10 13:24:40 -04:00
Robin Ward
8b31b812f8
UX: Use a glyph to indicate a new topic instead of "New Topic:"
...
In the review queue it was easy to miss "New Topic:" so let's try a font
awesome glyph instead.
2019-06-10 12:43:20 -04:00
Robin Ward
8c4e16eafd
FIX: In reply to would sometimes have a broken link
2019-06-10 11:33:10 -04:00