Commit Graph

144 Commits

Author SHA1 Message Date
Neil Lalonde
71b65be6f6 SECURITY: prevent use of X-Forwarded-Host to perform XSS 2018-08-13 16:45:22 -04:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Guo Xiang Tan
875008522d FIX: Discourse.S3BaseUrl did not account for subfolder bucket names. 2018-07-06 15:53:57 +08:00
Guo Xiang Tan
73e30ff4c2 Revert "Rename s3 vars, change condition when displaying s3 uploads"
The new variables do not reflect that they represent S3 settings.

This reverts commit 24dfa1b657.
2018-07-06 15:53:57 +08:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Maja Komel
24dfa1b657 Rename s3 vars, change condition when displaying s3 uploads 2018-06-25 17:16:01 +02:00
Robin Ward
a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Robin Ward
fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Jeff Wong
32f919ea34 Fix - service worker registrations
* register service workers in a development env

* register service worker from ember initialize fn
2018-04-10 15:17:32 -07:00
Neil Lalonde
b7ecdb72d6 FIX: update Google Tag Manager javascript 2018-04-03 14:22:06 -04:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Guo Xiang Tan
70f14da732 UX: Use 'tel' input type for 2FA token inputs. 2018-02-27 09:30:44 +08:00
Guo Xiang Tan
7902296c11 Oops we should register a service worker as long as it is supported. 2018-02-15 15:02:14 +08:00
Guo Xiang Tan
28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Neil Lalonde
7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Sam
70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Leo McArdle
e183600563 FIX: redirect loop for new users visiting /new-topic using full screen login 2017-09-07 21:02:41 +01:00
Sam Saffron
d0c5205a52 Feature: Change markdown engine to markdown it
This commit removes the old evilstreak markdownjs engine.

- Adds specs to WhiteLister and changes it to stop using globals
    (Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
    CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
Neil Lalonde
3ebd8838af FEATURE: cross-domain tracking for Google universal analytics 2017-07-13 15:21:44 -04:00
Sam
79a084dd58 Revert "remove old markdown engine work-in-progress"
This reverts commit ee470b5317.
2017-07-12 18:10:51 -04:00
Sam Saffron
ee470b5317 remove old markdown engine work-in-progress 2017-07-12 17:44:40 -04:00
Sam
234694b50f Feature: CommonMark support
This adds the markdown.it engine to Discourse.
https://github.com/markdown-it/markdown-it

As the migration is going to take a while the new engine is default
disabled. To enable it you must change the hidden site setting:
enable_experimental_markdown_it.

This commit is a squash of many other commits, it also includes some
improvements to autospec (ability to run plugins), and a dev dependency
on the og gem for html normalization.
2017-06-23 12:01:33 -04:00
Robin Ward
30ebaf6b6a Update FontAwesome to 4.7.0 2017-04-26 15:16:30 -04:00
Sam
bbed29ba57 correct font preloading 2017-04-20 11:18:37 -04:00
Sam
5dd752877e FEATURE: try adding some preload hints for chrome 2017-04-17 11:52:43 -04:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam
30e0154e5d SECURITY: fix reflected XSS with safe_mode param
(only applies to beta and master)
2016-12-19 10:11:51 +11:00
Sam
e2c87da42a FEATURE: Add basic support for Safe Mode
In Safe Mode all JS extensions and site customizations are disabled.

To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Neil Lalonde
d38727efb7 FIX: Google Universal Analytics was tracking two page views on first page view 2016-08-02 12:55:02 -04:00
Neil Lalonde
ba637e40b6 FEATURE: Google Tag Manager Universal Analytics support 2016-07-14 16:35:20 -04:00
Robin Ward
bba0fd0654 REFACTOR: PreloadStore to ES6 2016-07-11 12:57:05 -04:00
Robin Ward
25d6915cac Migrate discourse.js to ES6 2016-07-11 12:57:05 -04:00
Robin Ward
a546395397 REFACTOR: Migrate markdown functionality in ES6 2016-07-11 12:57:05 -04:00
Jeff Atwood
36e3e53798 is it really necessary to specify 'normal' font? 2016-04-11 02:30:11 -07:00
Jeff Atwood
e45243924e oops 2016-04-11 02:00:16 -07:00
Jeff Atwood
fff03fb7c3 woff and woff2 are all we need for webfonts
on any browser that is remotely modern
2016-04-11 01:37:17 -07:00
Sam Saffron
38983bc977 oops 2016-02-08 09:53:47 +11:00
Sam Saffron
b032c63773 FIX: properly defer authentication complete 2016-02-08 08:44:12 +11:00
Robin Ward
6c2dee29a8 UX: Upgrade Font Awesome to 4.5.0 2015-12-10 17:19:23 -05:00
Robin Ward
8ba7c06b7d Merge pull request #3735 from riking/patch-4
FIX: Discourse.BaseUri should not default to /
2015-11-06 14:52:19 -05:00
Sam
b6c2aa13e6 clean up implementation of non frame login / registration 2015-10-13 14:49:09 +11:00
Sam
45ab42dea9 UX: upgrade font awesome to 4.4 2015-09-21 12:46:58 +10:00
Kane York
aca70805f1 FIX: Discourse.BaseUri should not default to / 2015-09-10 17:34:08 -07:00
Robin Ward
707c493e3c FIX: When changing colors, refresh the admin stylesheet 2015-08-18 14:13:40 -04:00
Robin Ward
22844b9e46 Ember 1.12 support 2015-08-13 11:14:16 -04:00
Robin Ward
59cdde330f Raise errors in development mode on deprecation
We've had quite some time to find the deprecation errors in Ember and
most should be fixed. It is time to turn up the difficulty, which will
raise exceptions in development/test mode if a deprecation is present.
This will force developers to fix them as they encounter them.
2015-08-04 13:23:42 -04:00
Robin Ward
9911e92e24 Merge pull request #3609 from riking/patch-7
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
Sam
6d9674278e UX: remove zocial and use font awesome instead
UX: use github logo for github login
2015-07-21 15:47:58 +10:00
Kane York
728845d008 FEATURE: Localization fallbacks (client)
This patch sets I18n.defaultLocale in the Discourse.start() script block (it
was formerly always 'en') to SiteSetting.default_locale, and patches
translate() to perform fallback to defaultLocale followed by english.
Additionally, when enable_verbose_localization() is called, no fallbacks will
be performed.

It also memoizes the file loading operations in JsLocaleHelper and strips out
translations from the fallbacks that are also present in a prefered language,
to minimize file size.
2015-07-15 10:17:28 -07:00