Guo Xiang Tan
|
33a05b9406
|
SECURITY: Users can only bookmark posts which they can see.
|
2016-12-21 12:06:56 +08:00 |
|
Sam
|
c10dfe0d1b
|
SECURITY: prevent reuse of password reset
|
2016-12-19 18:04:55 +11:00 |
|
Sam
|
9db22bfd3d
|
SECURITY: update onebox gem
|
2016-12-19 13:21:47 +11:00 |
|
Sam
|
402f06de27
|
SECURITY: protect upload params, only allow very strict filenames
|
2016-12-19 10:18:32 +11:00 |
|
Neil Lalonde
|
8a461e6283
|
Version bump to v1.6.9
|
2016-12-14 14:56:40 -05:00 |
|
Robin Ward
|
edeabc81a9
|
SECURITY: Update to latest onebox gem
|
2016-12-14 12:51:32 -05:00 |
|
Neil Lalonde
|
af0fbb693e
|
Version bump to v1.6.8
|
2016-11-28 16:05:54 -05:00 |
|
Robin Ward
|
f71c9758a9
|
Backport get-owner API so plugins can use it safely
|
2016-11-21 11:16:49 -05:00 |
|
Rafael dos Santos Silva
|
64b0a4eada
|
Version bump to v1.6.7
|
2016-11-14 19:27:06 -02:00 |
|
Sam
|
bdbd01ce40
|
fix oops
|
2016-11-14 19:24:46 -02:00 |
|
Sam
|
4c226bf12d
|
FIX: properly reset all contexts after forking
Fixes hang on backup
|
2016-11-14 19:24:34 -02:00 |
|
Rafael dos Santos Silva
|
d5ba32ab2f
|
Version bump to v1.6.6
|
2016-11-03 22:01:37 -02:00 |
|
Sam
|
90ef577037
|
FIX: mini_racer will no longer Dispose forked isolates
|
2016-11-03 20:05:59 -02:00 |
|
Sam
|
98d87a3ed2
|
update mini_racer to latest version
|
2016-11-03 20:05:53 -02:00 |
|
Neil Lalonde
|
1d76d255d5
|
Version bump to v1.6.5
|
2016-11-02 13:46:41 -04:00 |
|
Guo Xiang Tan
|
2bce183581
|
FIX: User enabled readonly mode was not working.
|
2016-10-25 11:50:51 +08:00 |
|
Guo Xiang Tan
|
2c86c202e5
|
FIX: Randomly failing specs try 2.
|
2016-09-23 15:05:03 +08:00 |
|
Guo Xiang Tan
|
46732957bc
|
Version bump to v1.6.4
|
2016-09-23 14:48:07 +08:00 |
|
Guo Xiang Tan
|
5b3cbd3c9d
|
FIX: Make sure constant reflects the right backup extenstion.
|
2016-09-23 14:46:59 +08:00 |
|
Guo Xiang Tan
|
e4c5cb84cd
|
Version bump to v1.6.3
|
2016-09-19 08:54:54 +08:00 |
|
cpradio
|
ef440a4381
|
Escape the hyphen
|
2016-09-19 08:54:21 +08:00 |
|
cpradio
|
69691fa7a6
|
FIX: Backup validation wasn't escaping hyphens
Conflicts:
spec/controllers/admin/backups_controller_spec.rb
|
2016-09-19 08:53:54 +08:00 |
|
Neil Lalonde
|
cbe623aaee
|
Version bump to v1.6.2
|
2016-09-16 11:37:30 -04:00 |
|
Guo Xiang Tan
|
82fe884a7f
|
SECURITY: Add filename validation for backup uploads.
|
2016-09-16 12:50:59 +08:00 |
|
Guo Xiang Tan
|
49ceac26d5
|
SECUIRTY: Escape input made to system calls.
|
2016-09-16 12:50:46 +08:00 |
|
Neil Lalonde
|
f7a335a64e
|
Version bump to v1.6.1
|
2016-08-12 11:45:46 -04:00 |
|
Arpit Jalan
|
746ab933a0
|
Update Translations
|
2016-08-12 10:40:41 -04:00 |
|
Robin Ward
|
40d91ff504
|
FIX: Travis failure
|
2016-08-11 13:49:14 +08:00 |
|
Guo Xiang Tan
|
adb1e2cbc8
|
SECURITY: Escape HTML in filename.
|
2016-08-11 13:48:23 +08:00 |
|
Guo Xiang Tan
|
515024a0ac
|
SECURITY: Escape image title in lightbox.
|
2016-08-11 11:17:37 +08:00 |
|
Régis Hanol
|
6d2a687ec7
|
FIX: wasn't able to update category's settings
|
2016-08-09 23:57:50 +02:00 |
|
Sam
|
0b5c3f5a03
|
SECURITY: do cookie auth rate limiting earlier
|
2016-08-09 10:04:49 +10:00 |
|
Guo Xiang Tan
|
1acef41e51
|
Revert "UX: Centering Badge notification styles on mobile."
This reverts commit fce902ab1e .
|
2016-08-08 09:36:07 +08:00 |
|
Neil Lalonde
|
4c14894958
|
Version bump to v1.6.0
|
2016-08-05 15:15:00 -04:00 |
|
Neil Lalonde
|
2499b56594
|
Merge master
|
2016-08-05 15:13:33 -04:00 |
|
Neil Lalonde
|
f1bfc74e79
|
Update translations
|
2016-08-05 14:39:55 -04:00 |
|
Robin Ward
|
b17908fab1
|
SECURITY: XSS issue on Admin users list
|
2016-08-05 12:48:33 -04:00 |
|
Robin Ward
|
a139e469a7
|
SECURITY: Avoid mass assignment on user create
|
2016-08-05 12:43:50 -04:00 |
|
Robin Ward
|
a1e94cb1c1
|
FIX: Broken test
|
2016-08-05 12:41:29 -04:00 |
|
Robin Ward
|
3d62e5dd98
|
SECURITY: XSS issue on Admin users list
|
2016-08-05 12:01:16 -04:00 |
|
Robin Ward
|
429f27ec96
|
SECURITY: Avoid mass assignment on user create
|
2016-08-05 11:57:13 -04:00 |
|
Arpit Jalan
|
cda108da56
|
use existing method for target_group_names
|
2016-08-05 18:57:46 +05:30 |
|
Arpit Jalan
|
c064e946b2
|
FIX: custom reason for flags were not showing for non-english locales
|
2016-08-05 18:41:11 +05:30 |
|
Régis Hanol
|
d0962d6e5a
|
FIX: serve category images from the CDN
|
2016-08-05 13:03:49 +02:00 |
|
Guo Xiang Tan
|
33e7df977d
|
FIX: Row resize zone should be full width of composer.
|
2016-08-05 10:02:01 +08:00 |
|
Sam
|
9b011cb75d
|
UX: increase mobile line height for readability
|
2016-08-05 09:22:54 +10:00 |
|
Robin Ward
|
e5b529f8e1
|
FIX: Couldn't move posts with deleted replies
|
2016-08-04 11:56:01 -04:00 |
|
Neil Lalonde
|
f10c4682cd
|
FIX: muted tags showing in latest topic list
|
2016-08-04 11:54:48 -04:00 |
|
Guo Xiang Tan
|
6827239444
|
Merge pull request #4360 from tgxworld/support_new_pg_dump_format
Changes to backup and restore
|
2016-08-04 10:58:42 +08:00 |
|
Guo Xiang Tan
|
2332422a85
|
UX: Text wasn't centered properly in badge notification.
|
2016-08-04 10:51:11 +08:00 |
|