Commit Graph

20127 Commits

Author SHA1 Message Date
Guo Xiang Tan
33a05b9406 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:06:56 +08:00
Sam
c10dfe0d1b SECURITY: prevent reuse of password reset 2016-12-19 18:04:55 +11:00
Sam
9db22bfd3d SECURITY: update onebox gem 2016-12-19 13:21:47 +11:00
Sam
402f06de27 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:18:32 +11:00
Neil Lalonde
8a461e6283 Version bump to v1.6.9 2016-12-14 14:56:40 -05:00
Robin Ward
edeabc81a9 SECURITY: Update to latest onebox gem 2016-12-14 12:51:32 -05:00
Neil Lalonde
af0fbb693e Version bump to v1.6.8 2016-11-28 16:05:54 -05:00
Robin Ward
f71c9758a9 Backport get-owner API so plugins can use it safely 2016-11-21 11:16:49 -05:00
Rafael dos Santos Silva
64b0a4eada Version bump to v1.6.7 2016-11-14 19:27:06 -02:00
Sam
bdbd01ce40 fix oops 2016-11-14 19:24:46 -02:00
Sam
4c226bf12d FIX: properly reset all contexts after forking
Fixes hang on backup
2016-11-14 19:24:34 -02:00
Rafael dos Santos Silva
d5ba32ab2f Version bump to v1.6.6 2016-11-03 22:01:37 -02:00
Sam
90ef577037 FIX: mini_racer will no longer Dispose forked isolates 2016-11-03 20:05:59 -02:00
Sam
98d87a3ed2 update mini_racer to latest version 2016-11-03 20:05:53 -02:00
Neil Lalonde
1d76d255d5 Version bump to v1.6.5 2016-11-02 13:46:41 -04:00
Guo Xiang Tan
2bce183581 FIX: User enabled readonly mode was not working. 2016-10-25 11:50:51 +08:00
Guo Xiang Tan
2c86c202e5 FIX: Randomly failing specs try 2. 2016-09-23 15:05:03 +08:00
Guo Xiang Tan
46732957bc Version bump to v1.6.4 2016-09-23 14:48:07 +08:00
Guo Xiang Tan
5b3cbd3c9d FIX: Make sure constant reflects the right backup extenstion. 2016-09-23 14:46:59 +08:00
Guo Xiang Tan
e4c5cb84cd Version bump to v1.6.3 2016-09-19 08:54:54 +08:00
cpradio
ef440a4381 Escape the hyphen 2016-09-19 08:54:21 +08:00
cpradio
69691fa7a6 FIX: Backup validation wasn't escaping hyphens
Conflicts:
	spec/controllers/admin/backups_controller_spec.rb
2016-09-19 08:53:54 +08:00
Neil Lalonde
cbe623aaee Version bump to v1.6.2 2016-09-16 11:37:30 -04:00
Guo Xiang Tan
82fe884a7f SECURITY: Add filename validation for backup uploads. 2016-09-16 12:50:59 +08:00
Guo Xiang Tan
49ceac26d5 SECUIRTY: Escape input made to system calls. 2016-09-16 12:50:46 +08:00
Neil Lalonde
f7a335a64e Version bump to v1.6.1 2016-08-12 11:45:46 -04:00
Arpit Jalan
746ab933a0 Update Translations 2016-08-12 10:40:41 -04:00
Robin Ward
40d91ff504 FIX: Travis failure 2016-08-11 13:49:14 +08:00
Guo Xiang Tan
adb1e2cbc8 SECURITY: Escape HTML in filename. 2016-08-11 13:48:23 +08:00
Guo Xiang Tan
515024a0ac SECURITY: Escape image title in lightbox. 2016-08-11 11:17:37 +08:00
Régis Hanol
6d2a687ec7 FIX: wasn't able to update category's settings 2016-08-09 23:57:50 +02:00
Sam
0b5c3f5a03 SECURITY: do cookie auth rate limiting earlier 2016-08-09 10:04:49 +10:00
Guo Xiang Tan
1acef41e51 Revert "UX: Centering Badge notification styles on mobile."
This reverts commit fce902ab1e.
2016-08-08 09:36:07 +08:00
Neil Lalonde
4c14894958 Version bump to v1.6.0 2016-08-05 15:15:00 -04:00
Neil Lalonde
2499b56594 Merge master 2016-08-05 15:13:33 -04:00
Neil Lalonde
f1bfc74e79 Update translations 2016-08-05 14:39:55 -04:00
Robin Ward
b17908fab1 SECURITY: XSS issue on Admin users list 2016-08-05 12:48:33 -04:00
Robin Ward
a139e469a7 SECURITY: Avoid mass assignment on user create 2016-08-05 12:43:50 -04:00
Robin Ward
a1e94cb1c1 FIX: Broken test 2016-08-05 12:41:29 -04:00
Robin Ward
3d62e5dd98 SECURITY: XSS issue on Admin users list 2016-08-05 12:01:16 -04:00
Robin Ward
429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Arpit Jalan
cda108da56 use existing method for target_group_names 2016-08-05 18:57:46 +05:30
Arpit Jalan
c064e946b2 FIX: custom reason for flags were not showing for non-english locales 2016-08-05 18:41:11 +05:30
Régis Hanol
d0962d6e5a FIX: serve category images from the CDN 2016-08-05 13:03:49 +02:00
Guo Xiang Tan
33e7df977d FIX: Row resize zone should be full width of composer. 2016-08-05 10:02:01 +08:00
Sam
9b011cb75d UX: increase mobile line height for readability 2016-08-05 09:22:54 +10:00
Robin Ward
e5b529f8e1 FIX: Couldn't move posts with deleted replies 2016-08-04 11:56:01 -04:00
Neil Lalonde
f10c4682cd FIX: muted tags showing in latest topic list 2016-08-04 11:54:48 -04:00
Guo Xiang Tan
6827239444 Merge pull request #4360 from tgxworld/support_new_pg_dump_format
Changes to backup and restore
2016-08-04 10:58:42 +08:00
Guo Xiang Tan
2332422a85 UX: Text wasn't centered properly in badge notification. 2016-08-04 10:51:11 +08:00