Commit Graph

5985 Commits

Author SHA1 Message Date
Sam
a7628c1d74 FIX: use ordered_posts for last post check, not the posts relation
The `posts` relation on `Topic` is not ordered. Using `Topic.posts.first`
is basically the same as asking for a random post, it will depend on DB
order. This breaks on Topic merge and split for example.

Additionally, a huge problem with that is that it forces active record down
a slow path. `Topic.posts.first` is extremely slow on giant topics, since
it has no default ordering it appears AR materializes the entire set prior
to doing `first`.

This commit also illustrates the importance of testing, initially I only
fixed the second instance of the problem in `post_validator.rb` but testing
revealed that the problem was repeated at the top of the file.

Longer term we should consider a larger change of default ordering the posts
relations so people do not fall down this trap anymore.
2019-01-18 13:18:40 +11:00
Penar Musaraj
020e0d623a DEV: run "yarn install" before lint tests 2019-01-17 14:17:44 -05:00
David Taylor
24b59afe2a FIX: Wrap theme javascript inside IIFE to prevent using global namespace 2019-01-17 14:44:10 +00:00
David Taylor
5bfa661a87 FIX: Theme settings are referenced in JS by settings, not themeSetting 2019-01-17 12:24:21 +00:00
David Taylor
880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Sam
384135845b FEATURE: introduce ultra_low priority queue
This commit introduces an ultra low priority queue for post rebakes. This
way rebakes can never interfere with regular sidekiq processing for cases
where we perform a large scale rebake.

Additionally it allows Post.rebake_old to be run with rate_limiter: false
to avoid triggering the limiter when rebaking. This is handy for cases
where you want to just force the full rebake and not wait for it to trickle
2019-01-17 14:53:19 +11:00
Michael Brown
664c282400 FIX: improve rake emails:test task
* FIX: rake emails:test to bypass the "STARTTLS required" message

* FIX: too much j

* hint meta.discourse.org to people with unknown errors from the mail test
2019-01-17 13:41:10 +11:00
Bianca Nenciu
7d84648d11 FEATURE: Remove full quotes only from new posts. (#6862) 2019-01-17 13:24:32 +11:00
Rishabh
60790eb006 FIX: Use GlobalSetting values instead of ENV variables in migrate_to_s3
TIL how GlobalSetting works in sync with environment variables
Also fixes a small bug where bucket value was being used when it could have been nil
2019-01-16 14:40:38 +05:30
Guo Xiang Tan
51b19e945c DEV: Stablize the multisite tests.
SiteSettingExtension triggers message bus which re-establishes a
DB connection in `SiteSettingExtension#process_message`. That happens
concurrently and a test that requires a connection to the db will
fail when the reconnection is happening.
2019-01-16 10:29:36 +08:00
Gerhard Schlager
e180e14a55 DEV: Reload current client locale file in development mode 2019-01-15 22:55:51 +01:00
Rishabh
ff8f9dc1c9 FIX: prefix should precede folder path (follow-up on 10fbb07e) 2019-01-15 15:58:19 +05:30
Rishabh
10fbb07e1a FIX: include folder name in prefix for listing files on S3 (follow-up on 3ec38f5a)
Fix the destination url in remap since it's already a part of s3_base_url
2019-01-15 15:23:55 +05:30
Guo Xiang Tan
ec58c33e9e DEV: Improve postgresql fallover and multisite tests. 2019-01-15 12:52:45 +08:00
Neil Lalonde
6c2333a780 Version bump to v2.2.0.beta8 2019-01-14 17:03:18 -05:00
Penar Musaraj
b28d68efbf DEV: Use yarn to manage Highlight.js dependency
Moves Highlight.js files to vendor/assets/javascripts

Adds Highlight.js in yarn package management

Removes old rake task and reliance on NPM to build Highlight.js

Highlight.js is now integrated in the "javascript:update" rake task
2019-01-14 12:46:35 -05:00
Florian Heidenreich
39983f9d95 FIX: list staff users within the last month 2019-01-14 10:29:00 -05:00
Arpit Jalan
a121d40771
FIX: do not show PM topics when moving posts to an existing public topic (#6876) 2019-01-14 15:00:45 +05:30
Penar Musaraj
47cbfb1498 FEATURE: plugin support for custom icons
Plugins can now add their own SVG sprites in "plugin-name/svg-icons/".

Example: save the following as "plugin-name/svg-icons/plugin-icons.svg"

```
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
  <symbol id="testplugin-compress" viewBox="0 0 1792 1792">
    <path d="M896 960v448q0 26-19 45t-45 19-45-19l-144-144-332 332q-10 10-23 10t-23-10l-114-114q-10-10-10-23t10-23l332-332-144-144q-19-19-19-45t19-45 45-19h448q26 0 45 19t19 45zm755-672q0 13-10 23l-332 332 144 144q19 19 19 45t-19 45-45 19h-448q-26 0-45-19t-19-45v-448q0-26 19-45t45-19 45 19l144 144 332-332q10-10 23-10t23 10l114 114q10 10 10 23z"></path>
  </symbol>
</svg>
```
and then register the icon by adding this in plugin.rb
```
register_svg_icon "testplugin-compress"
```
2019-01-12 09:59:12 -05:00
Robin Ward
dbe42068a2 REFACTOR: Move option to return emails into the serializer
This makes more sense than having the guardian take an accessor.
The logic belongs in the Serializer, where the JSON is calculated.

Also removed some of the DRYness in the spec. It's fewer lines
and made it easier to test the option on the serializer.
2019-01-11 11:17:23 -05:00
Vinoth Kannan
f94c0283b2
FIX: Use correct version when generating file path for optimized image (#6871) 2019-01-11 18:35:38 +05:30
Penar Musaraj
4852cee946 FIX: add missing “merge selected posts” icon 2019-01-10 17:19:24 -05:00
Penar Musaraj
3e5e6c82be FIX: add missing copyright icon
Icon is used in the admin UI for themes/theme components
2019-01-10 14:26:53 -05:00
Joffrey JAFFEUX
f9648de897
DEV: upgrades from Ember 2.13 to Ember 3.5.1 (#6808)
Co-Authored-By: Bianca Nenciu <nbianca@users.noreply.github.com>
Co-Authored-By: David Taylor <david@taylorhq.com>
2019-01-10 11:06:01 +01:00
Sam
35b59cfa78 SECURITY: escape title HTML for inline onebox 2019-01-10 12:02:05 +11:00
Penar Musaraj
e11c6ffa89 FEATURE: allow extending CSP base-uri and object-src
Plus, ensure :none is stripped, it cannot be combined with other sources
2019-01-09 15:34:14 -05:00
Kyle Zhao
dec8e5879a FEATURE: set CSP base-uri and object-src to none (#6863) 2019-01-09 15:04:50 -05:00
Sam
4232d32699 PERF: reduce workload when optimizing images
Previously, we would initialize an ImageOptim object each time we resize.

This object init is mega expensive (170ms on a VERY fast machine):

```
[1] pry(main)> Benchmark.measure { FileHelper.image_optim   }
=> #<Benchmark::Tms:0x00007f55440c1de0
 @cstime=0.055742,
 @cutime=0.141031,
 @label="",
 @real=0.17165619300794788,
 @stime=0.0002750000000000252,
 @total=0.19890400000000008,
 @utime=0.0018560000000000798>

```

This happens cause during init it hunts for all the right binaries and sets
up internals.

We now memoize this object to avoid a huge amount of pointless work.
2019-01-09 12:28:18 +11:00
Sam
df460b4abd PERF: run sidekiq with nice 5
This ensures that unicorn master forks of sidekiq run with a lower priority
than the webs. It means that a busy sidekiq is less likely to impact web
performance
2019-01-09 09:29:14 +11:00
Régis Hanol
3ec38f5a3b Revert "FIX: migrate_to_s3 rake task with folder path"
This reverts commit 97fd12e8af.
2019-01-08 19:44:31 +01:00
Régis Hanol
97fd12e8af
FIX: migrate_to_s3 rake task with folder path 2019-01-08 18:56:18 +01:00
Rishabh
f181e9cc08
FIX: Add compatibility for bucket folder paths in migrate_to_s3 task (#6855)
* FIX: Add compatibility for bucket folder paths in migrate_to_s3 task
* Refactor bucket_name split logic into S3Helper
2019-01-08 20:04:48 +05:30
Guo Xiang Tan
ec27db78be FIX: Set unique post key for a user outside of transaction.
Previously, the Redis key was set within the transaction and the key
isn't deleted if the transaction is not successful.

Note that this isn't tested because we don't have a repro of what can
raise an error within the transaction.

https://meta.discourse.org/t/body-is-too-similar-to-what-you-previously-posted-even-when-previous-post-didnt-go-through/105436
2019-01-08 15:22:22 +08:00
Rishabh
efc481d9c0 DEV: Use puts instead of printing newline (follow up on c5b7bda1) 2019-01-05 01:20:00 +05:30
Robin Ward
5eaf3cb104 Adjusts the minimum_flag_threshold for TL3/TL4 actions
Before this patch, a high trust level user could flag something
and have an action be taken, as well as skipping the flag queue.

Now, if a TL3/TL4 cause an action, the flag will skip the minimum
visibility check and allow staff to review it.
2019-01-04 13:16:44 -05:00
Gerhard Schlager
c0a8bb9a91 FEATURE: Include "via <site_name>" in email From header 2019-01-04 17:06:19 +01:00
Régis Hanol
788719d271 DEV: speed up posts base imports 2019-01-04 15:30:17 +01:00
Régis Hanol
95e5f8380d FEATURE: Allow plugins to add custom emoji translations
FIX: buildTranslationTree was erroring when translations overlapped (ie. ":-)" and ":-))")
FIX: emoji translations wasn't working properly when translations overlapped
2019-01-04 15:27:46 +01:00
Rishabh
c5b7bda198 DEV: Show migrate_to_s3 output on a new line 2019-01-04 18:09:54 +05:30
Vinoth Kannan
902f535111 FIX: upload method in S3Helper will expect a file object param 2019-01-04 15:30:45 +05:30
Vinoth Kannan
82d7f9ce5e fix the build
Checking size for a file object directly will cause issue if it is a closed stream
2019-01-04 13:25:11 +05:30
Vinoth Kannan
940a61037c DEV: Add option to pass s3 client in param 2019-01-04 12:16:09 +05:30
Vinoth Kannan
75dbb98cca FEATURE: Add S3 etag value to uploads table (#6795) 2019-01-04 14:16:22 +08:00
Guo Xiang Tan
5f0f7f909d FIX: Incorrect CDN URL for site setting uploads when s3 is enabled. 2019-01-04 07:52:13 +08:00
Sam
e2dca641c6 handle exceptions in s3:correct_acl task
We need to handle arbitrary exceptions in this task, especially since the
task is not easily resumable.

Simply output problem uploads as you hit them for now.
2019-01-04 08:32:09 +11:00
Sam
05a3e3670f FEATURE: add rake task that resets ACL on every object in S3
Some previous migrations to S3 may have bad ACLs set on objects. This
introduces a new rake task (`rake s3:correct_acl`) that will reset ACL on
every S3 object.

Vast majority of users will never have to run it, but if you have ACL issues
this is the atomic solution.
2019-01-04 08:13:43 +11:00
Gerhard Schlager
b089ac1537 FIX: Posting without bump raised an error for TL4 2019-01-03 14:14:02 +01:00
Neil Lalonde
9ee08908ad Version bump to v2.2.0.beta7 2019-01-02 15:32:45 -05:00
Gerhard Schlager
c30996129f FEATURE: Allow TL4 users to reset bump date 2019-01-02 16:57:05 +01:00
Gerhard Schlager
e8053d6e7d FIX: Polls didn't work in imported posts
Imports skip validation of posts, but polls are only created during the validation phase.
2019-01-02 15:26:57 +01:00
Gerhard Schlager
a474bf966c DEV: Skip prettier in single plugin test if patterns aren't found
This reverts d06ca90c94
It didn't work because yarn doesn't return the original exit code of the failed command.
2019-01-02 14:36:09 +01:00
Gerhard Schlager
d06ca90c94 DEV: Ignore prettier error when there are no ES6 files 2019-01-02 11:30:09 +01:00
Sam
766e67ce57 FEATURE: introduce lossy color optimization on resized pngs
This feature ensures optimized images run via pngquant, this results extreme amounts of savings for resized images. Effectively the only impact is that the color palette on small resized images is reduced to 256.

To ensure safety we only apply this optimisation to images smaller than 500k.

This commit also makes a bunch of image specs less fragile.
2019-01-02 17:20:02 +11:00
Guo Xiang Tan
9e50813252 FIX: Pass all necessary options in migrate_to_s3 rake task. 2019-01-02 09:11:23 +08:00
Guo Xiang Tan
0daaae1cf3 DEV: Fix rubocop after update. 2019-01-02 05:47:29 +08:00
David Taylor
23c65feb6c DEV: Prevent deprecation warnings being incorrectly logged 2018-12-31 14:41:30 +00:00
Sam
a19170a4c2 DEV: avoid require_dependency for some libs
This avoids require dependency on method_profiler and anon cache.

It means that if there is any change to these files the reloader will not pick it up.

Previously the reloader was picking up the anon cache twice causing it to double load on boot.

This caused warnings.

Long term my plan is to give up on require dependency and instead use:

https://github.com/Shopify/autoload_reloader
2018-12-31 10:53:30 +11:00
Régis Hanol
5381096bfd PERF: new 'migrate_to_s3' rake task 2018-12-26 17:34:49 +01:00
Guo Xiang Tan
2cbb513c98 FIX: Don't use Redis#keys in production.
As per the documentation for KEYS

```
Warning: consider KEYS as a command that should only be used in production environments with extreme care. It may ruin performance when it is executed against large databases. This command is intended for debugging and special operations, such as changing your keyspace layout.
```

Instead SCAN

```
Since these commands allow for incremental iteration, returning only a small number of elements per call, they can be used in production without the downside of commands like KEYS or SMEMBERS that may block the server for a long time (even several seconds) when called against big collections of keys or elements.
```
2018-12-25 15:12:59 +02:00
Jeff Atwood
a74e49c87c use proper typographical × instead of x 2018-12-24 20:33:17 -08:00
David Taylor
7feabd9e49 PERF: Eradicate N+1 queries from the theme admin page 2018-12-21 11:03:58 +02:00
Gerhard Schlager
0bc1fa8aa4 FEATURE: Don't create PM for successful automatic backups 2018-12-20 13:34:24 +01:00
Arpit Jalan
e5fd018f44 DEV: assign constant to preserve_fragment_url_hosts 2018-12-19 17:37:39 +05:30
Maja Komel
2fcbbead45 FIX: move sso provider into its own class so it doesn't interfere with sso client (#6767) 2018-12-19 10:22:10 +01:00
Bianca Nenciu
2eefe6d5d6 FIX: Use CDN for logos and icons. (#6698) 2018-12-19 10:20:48 +01:00
Arpit Jalan
1ab91f0474 FIX: preserve github fragment URL 2018-12-19 12:34:47 +05:30
Rishabh
cae5ba7356 FIX: Ensure that multisite s3 uploads are tombstoned correctly (#6769)
* FIX: Ensure that multisite uploads are tombstoned into the correct paths

* Move multisite specs to spec/multisite/s3_store_spec.rb
2018-12-19 13:32:32 +08:00
Robin Ward
662cfc416b FEATURE: Show a blurry preview when lazy loading images
This generates a 10x10 PNG thumbnail for each lightboxed image.
If Image Lazy Loading is enabled (IntersectionObserver API) then
we'll load the low res version when offscreen. As the image scrolls
in we'll swap it for the high res version.

We use a WeakMap to track the old image attributes. It's much less
memory than storing them as `data-*` attributes and swapping them
back and forth all the time.
2018-12-19 01:57:30 +08:00
Robin Ward
e593d68beb Use an options hash instead of boolean parameters 2018-12-19 01:57:30 +08:00
Rishabh
c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Gerhard Schlager
86546bb5c6 DEV: Use locale fallback even in development mode
Making dev behave differently than prod is a bad idea.
2018-12-18 16:01:14 +01:00
Bianca Nenciu
825ae86857 FEATURE: Remove full quote only if first paragraph. (#6793) 2018-12-18 15:46:20 +01:00
Gerhard Schlager
577af81e76 FIX: Font tag resulted in wrong email trimming 2018-12-18 11:40:54 +01:00
Gerhard Schlager
37461a6398 FIX: Weird mixture of line breaks resulted in wrong email trimming 2018-12-18 11:40:54 +01:00
Guo Xiang Tan
5c2e194d01 SECURITY: Users can pick non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:38:25 +08:00
Guo Xiang Tan
899caf35ba Revert "SECURITY: User could non-avatar uploads."
This reverts commit 89581fa301.
2018-12-18 13:37:31 +08:00
Guo Xiang Tan
89581fa301 SECURITY: User could non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:35:33 +08:00
Guo Xiang Tan
d7660dfe40 FIX: Enabling readonly mode should clear anon cache as well. 2018-12-18 11:56:25 +08:00
Sam Saffron
abbbcb2622 DEV: allow creating users with random passwords via rake
Use: `RANDOM_PASSWORD=1 bin/rake admin:create`

Handy in conjunction with dev mode /session/username/become.
2018-12-18 11:43:16 +08:00
Gerhard Schlager
01cdbd3a13 FEATURE: Prohibit S3 bucket reusage
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
Gerhard Schlager
1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Guo Xiang Tan
c0aae16f6b FIX: Clear anon cache when disabling readonly mode.
`SiteSerializer#is_readonly` is cached for an anonymous user so we have
to clear the cache when disabling readonly mode. Otherwise, the site may
appear to be in readonly mode for an extended period of time.
2018-12-17 17:27:44 +08:00
Guo Xiang Tan
9e795b9d90 Follow up to 704a122656. 2018-12-17 16:39:46 +08:00
Guo Xiang Tan
e75ad37aaf FIX: Switch recently readonly mdoe cache to a DistributedCache.
A per process cache is hard to reason about. During PostgreSQL
failovers. The site may bounce in and out of readonly mode depending on
which server and process that a request hits.
2018-12-17 13:28:36 +08:00
Guo Xiang Tan
704a122656 Remove Ruby warning due to assignment in conditional. 2018-12-17 13:08:12 +08:00
Gerhard Schlager
7e1f20b07f FIX: Create CORS rule on S3 only before a backup upload 2018-12-17 00:15:37 +01:00
Vinoth Kannan
0d3c1cde90 FIX: Use find_by_id method to prevent record not found exception 2018-12-15 03:19:45 +05:30
Neil Lalonde
4ddaceda1a Version bump to v2.2.0.beta6 2018-12-14 12:21:55 -05:00
David Taylor
77fe57f923 FEATURE: Rake task to list users which have been staff in the past month 2018-12-14 16:29:12 +00:00
Kyle Zhao
b0c2e9bb05
minor changes to default script-src (#6770)
- add report-sample to force require a sample of the violating code
- do not whitelist GA/GTM's entire domain
2018-12-14 08:17:31 -05:00
Joffrey JAFFEUX
03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Sam
939b82ef0c DEV: correct intermittent test failure
ActionController::BadRequest can not be re-dispatched, under some conditions
we are getting this vs InvalidParameterError in the following test

59c56bd20f/spec/requests/application_controller_spec.rb (L34-L62)
2018-12-13 18:27:13 +11:00
Sam
94b8ba4f8f FIX: remove slow platform detection from server side
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.

This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.

Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.

This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.

I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.

If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
2018-12-13 13:57:05 +11:00
Bianca Nenciu
7cac04e1a8 * FEATURE: Adds site setting to let quotes on direct replies.
* DEV: Added test.
* FIX: Do not bump topic when removing full quotes.
2018-12-12 15:42:53 +01:00
Maja Komel
dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
Sam
0ca61242b8 FEATURE: polyfill intersection observer for IE11 / iOS Safari
This feature is used for defer loading of images and in future for post cloaking

This gives us a polyfill so we can safely use the feature in problem browsers

The polyfill supports "polling" but it does not appear we need it yet.

If we discover anything odd here, consider setting poll interval per:

https://github.com/w3c/IntersectionObserver/tree/master/polyfill

```
var io = new IntersectionObserver(callback);
io.POLL_INTERVAL = 100; // Time in milliseconds.
```

Keeping the mutation observer cause we often mutate the DOM
2018-12-12 15:36:08 +11:00
David Taylor
c7c56af397
FEATURE: Allow connecting associated accounts when two-factor is enabled (#6754)
Previously the 'reconnect' process was a bit magic - IF you were already logged into discourse, and followed the auth flow, your account would be reconnected and you would be 'logged in again'.

Now, we explicitly check for a reconnect=true parameter when the flow is started, store it in the session, and then only follow the reconnect logic if that variable is present. Setting this parameter also skips the 'logged in again' step, which means reconnect now works with 2fa enabled.
2018-12-11 13:19:00 +00:00
Sam
671469bcc7 FIX: URLs containing two # would fail to work
Some URLs in browsers are non compliant and contain twos `#` this commit adds
special handling for this edge case by auto encoding any fragments containing `#`
2018-12-11 18:03:13 +11:00
David Taylor
9db829134c
FIX: Use database to persist metadata during social registration (#6750)
Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 15:10:06 +00:00
Rishabh
314c084e5d DEV: nuke code dependent comments from scheduler.rake 2018-12-10 16:16:19 +05:30
Rishabh
4767a5a26e
DEV: Update incorrect Job frequency 2018-12-10 13:26:19 +05:30
Sam
e17d0c0526 FIX: don't double add users to topic allowed users
In latest rails building the same relation twice results in an error
Previous versions would deduplicate
2018-12-10 14:45:02 +11:00
Sam
955cdad649 FIX: exec_params needs instrumentation
the method no longer routes to "exec" or "async_exec" in latest PG so we
need to explicitly intercept
2018-12-10 14:28:10 +11:00
Sam
502a0fe778 FIX: support connecting GitHub with existing accounts 2018-12-10 09:27:00 +11:00
David Taylor
25aed5a47c FIX: Add missing android icon
Used in the "Recently Used Devices" section of user preferences
2018-12-07 15:49:40 +00:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
David Taylor
86f8734bc0 FIX: Prioritize explicit 'connect' over matching by email
This is an edge case that was previously handled by TwitterAuthenticator, but not FacebookAuthenticator.
2018-12-07 15:05:51 +00:00
David Taylor
3cad3f9df1 DEV: Add profile fetching support to ManagedAuthenticator 2018-12-07 15:05:51 +00:00
David Taylor
f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature (#6738) 2018-12-07 15:01:44 +00:00
David Taylor
6c71395bf6
FIX: Only hide shared draft topics from latest (#6737)
Previously we were hiding them from all topic lists, which can result in
topics being "stuck" in an unread state with no easy way to clear them.
2018-12-07 12:44:23 +00:00
Bianca Nenciu
41e184280d FEATURE: Remove full quotes of direct replies. (#6729) 2018-12-07 13:07:11 +01:00
Gerhard Schlager
df3bb07ec6 UX: Add missing icons 2018-12-07 13:00:02 +01:00
David Taylor
5e09398c5b
FIX: Do not serialize user fields unless they are specified for display (#6736) 2018-12-07 10:57:28 +00:00
David Taylor
0b1d660876
UX: Make shared drafts behaviour consistent for non-staff users (#6734)
This makes it easier to diagnose the problem when a public category
is set as the 'shared drafts category'. Doing this is not recommended.
2018-12-06 18:59:29 +00:00
David Taylor
ded3639f87 DEV: Add openid-connect as an official plugin 2018-12-06 16:16:47 +00:00
Xiao Guan
7ec124fc89 FEATURE: Improved deprecation warnings (#6722)
* FEATURE: Discourse.deprecate can report version

* Ember counterpart for deprecation
2018-12-06 11:38:01 +00:00
Gerhard Schlager
43cfdb1cb9 FIX: Wizard tries harder to find existing Welcome Topic
The wizard searches for:

* a topic that with the "is_welcome_topic" custom field
* a topic with the correct slug for the current default locale
* a topic with the correct slug for the English locale
* the oldest globally pinned topic

It gives up if it didn't find any of the above.
2018-12-06 10:27:22 +01:00
Guo Xiang Tan
978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Gerhard Schlager
99117d664c FEATURE: Multisite support for S3 backup store (#6700) 2018-12-05 10:10:39 +08:00
David Taylor
e117deb2ba FIX: Improve avatar loading, and add tests
Follow-up from 4e2cc9c
2018-12-04 15:09:32 +00:00
Régis Hanol
3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
David Taylor
9248ad1905 DEV: Enable Style/SingleLineMethods and Style/Semicolon in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
Penar Musaraj
56948896ff UX: replace FA5 compress/expand icons
Adds a new SVG sprite file that contains non-FontAwesome 5 icons to our subset.

Adds the FontAwesome 4.7.0 icons for expand / collapse.
2018-12-03 22:29:20 -05:00
David Taylor
4831c4c2ee FIX: Use safe navigation operator throughout statement 2018-12-03 20:00:28 +00:00
David Taylor
e32cdb00cb Fix the build 2018-12-03 18:51:07 +00:00
David Taylor
b373ff47e2 FIX: Topic is nil when first post is being created 2018-12-03 18:30:52 +00:00
David Taylor
4e2cc9caf0 FIX: Use safe navigation operator when looking for avatar URL 2018-12-03 17:28:21 +00:00
David Taylor
404acef6e3 DEV: Move run-qunit.js out of the vendor directory 2018-12-03 16:16:37 +00:00
Penar Musaraj
f8e6a37858 FIX: raise exception when getting dimensions of missing image
- follow-up on 0eacd45ab1
2018-12-03 10:19:49 -05:00
David Taylor
9125b5fbc4 DEV: Reformat single line method definition
Following comments on 71aaed272c
2018-12-03 15:03:00 +00:00
Bianca Nenciu
3f8fa4ad4e FEATURE: Do not check consecutive replies for original poster. (#6714) 2018-12-03 02:32:29 -08:00
Rishabh
503ae1829f FIX: All multisite upload paths should start with /uploads/default/.. (#6707) 2018-12-03 12:04:14 +08:00
Maja Komel
6121d11187 FIX: make staff_edit_locks_post work with download_remote_images_to_local 2018-12-03 14:14:59 +11:00
Joffrey JAFFEUX
f94c3aef7b DEV: upgrades highlight.js from v9.12.0 to v9.13.1 2018-12-03 09:45:52 +11:00
Maja Komel
1073634271 FIX: show generic title when quoting off-topic secure category posts 2018-12-03 09:42:32 +11:00
David Taylor
71aaed272c
DEV: Correct auth_provider deprecation warning 2018-11-30 22:22:26 +00:00
David Taylor
4e010382cc REFACTOR: Initialize auth providers after plugin.activate!
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Penar Musaraj
7dec963f2e FIX: add vkontakte icon alias 2018-11-30 08:50:38 -05:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
David Taylor
534e1b1b18 DEV: Introduce Auth::ManagedAuthenticator
A generic implementation of Auth::Authenticator which stores data in the
new UserAssociatedAccount model. This should help significantly reduce the duplicated
logic across different auth providers.
2018-11-30 11:18:11 +00:00
Vinoth Kannan
fc0b7c9e26 FIX: incoming email matches the wrong user if null bounce key available in db 2018-11-30 12:29:51 +05:30
Penar Musaraj
ad665b901a FIX: Refactor commit a8c3ca, add test 2018-11-29 19:12:00 -05:00
Penar Musaraj
a58c3ca430 FIX: limit SvgSprite scan to string setting values 2018-11-29 18:36:48 -05:00
Penar Musaraj
0eacd45ab1 FIX: refactor ImageSizer.resize
reverts 140d9c2
2018-11-29 15:28:45 -05:00
Arpit Jalan
40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies (#6702) 2018-11-29 22:44:18 +05:30
Neil Lalonde
075d9fc558 Version bump to v2.2.0.beta5 2018-11-29 11:18:11 -05:00
Bianca Nenciu
ddd260941e FIX: Fix query selecting users not accepting PMs. 2018-11-29 15:59:30 +08:00
Guo Xiang Tan
56034c733a UX: Strip class when link is not oneboxed due to site setting limits. 2018-11-29 14:33:01 +08:00
Rishabh
871d4543cc FIX: Use File.join for relative_base_url, fix spec 2018-11-29 09:49:56 +05:30
Rishabh
05a4f3fb51 FEATURE: Multisite support for S3 image stores (#6689)
* FEATURE: Multisite support for S3 image stores

* Use File.join to concatenate all paths & fix linting on multisite/s3_store_spec.rb
2018-11-29 12:11:48 +08:00
Penar Musaraj
6568832235 FIX: map discord/patreon FA5 icons for login buttons correctly 2018-11-28 14:36:36 -05:00
Vinoth Kannan
bfb3c4d9f9 DEV: create bounce alert earlier if email_log detected from bounce_key 2018-11-28 21:13:06 +05:30
Penar Musaraj
654b80e472 FIX: add FA Discourse icon, update setting instructions 2018-11-28 09:53:06 -05:00
Vinoth Kannan
25253dec56 FIX: Get email address from email_log if bounced with verp
We can not access mail.final_recipient attr if it bounced with verp
2018-11-28 19:04:09 +05:30
Arpit Jalan
851ef14096 Revert "FIX: do not agree flags by default when deleting posts"
This reverts commit cb6fc8057b.
2018-11-28 10:21:11 +05:30
Vinoth Kannan
7dbf709467 FIX: create whisper post in PMs when bounces with verp and user is staged 2018-11-28 08:24:23 +05:30
Guo Xiang Tan
a1e77aa2ed
FEATURE: Reimplement SiteSetting.max_oneboxes_per_post. (#6668)
Previously, the site setting was only effective on the client side of
things. Once the site setting was been reached, all oneboxes are not
rendered. This commit changes it such that the site setting is respected
both on the client and server side. The first N oneboxes are rendered and
once the limit has been reached, subsequent oneboxes will not be
rendered.
2018-11-27 16:00:31 +08:00
Arpit Jalan
6cb49cd42c
Merge pull request #6671 from techAPJ/destroy-posts-flags
FIX: do not agree flags by default when deleting posts
2018-11-27 11:27:23 +05:30
Arpit Jalan
cb6fc8057b FIX: do not agree flags by default when deleting posts 2018-11-27 10:57:20 +05:30
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Vinoth Kannan
bcdf5b2f47 DEV: improve missing uploads query and skip checking file size 2018-11-27 02:21:33 +05:30
Vinoth Kannan
4ccf9d28eb Remove trailing whitespaces 2018-11-27 01:15:29 +05:30
Vinoth Kannan
fd272eee44 FEATURE: Make uploads:missing task compatible with s3 uploads 2018-11-27 00:54:51 +05:30
Vinoth Kannan
cedd2118c4
FEATURE: If PM email bounced for staged user then alert in whisper reply (#6648) 2018-11-27 00:29:37 +05:30
David Taylor
afcf149c34 FIX: Fix mentions for mixed case group names 2018-11-26 15:34:56 +00:00
Joffrey JAFFEUX
4546d8fbbf FEATURE: allows plugins to register no module files (#6664) 2018-11-26 16:01:28 +08:00
Guo Xiang Tan
565603ad0d Remove unused variable. 2018-11-26 14:45:00 +08:00
Guo Xiang Tan
3188d3506d Re-add option that was removed by mistake in 482013a1d4. 2018-11-26 14:24:23 +08:00
Guo Xiang Tan
482013a1d4 FIX: Group mentions missing after post processing. 2018-11-26 12:57:07 +08:00
Guo Xiang Tan
57e2f4990d
PERF: Move processing of inline onebox out of V8 context. (#6658) 2018-11-26 09:21:38 +08:00
Bianca Nenciu
172b3bf4d3 FIX: Fix broken theme field URLs. (#6622) 2018-11-23 16:11:05 +01:00
Guo Xiang Tan
7f7464e3e6 DEV: Remove unused variable. 2018-11-23 08:32:29 +08:00
Sam
7ba681383d DEV: run plugin tests in autospec 2018-11-23 11:27:08 +11:00
David Taylor
f645cb9c14
FEATURE: Use translated name for 'your email has been authenticated by' (#6649) 2018-11-22 19:12:04 +00:00
David Taylor
052bf37578 FIX: Use Discourse.deprecate instead of Rails.logger.warn
This will significantly reduce the volume of logs when the condition is hit
2018-11-22 15:59:47 +00:00
Gerhard Schlager
bf27aecce2 REFACTOR: compact! works since the array can't contain empty strings 2018-11-22 13:27:34 +01:00
Guo Xiang Tan
96168cb3c6 DEV: Use a set in SiteSetting.settings_hash. 2018-11-22 17:16:40 +08:00
Guo Xiang Tan
4752ddc908 Avoid DB query when there are no mentions. 2018-11-22 16:44:17 +08:00
Guo Xiang Tan
28a6cf8228 FIX: Mention lookup should be case insensitive. 2018-11-22 16:32:56 +08:00
Guo Xiang Tan
3f636b2d19 FIX: Check whether group is mentionable by user when cooking post. 2018-11-22 16:16:33 +08:00
Guo Xiang Tan
672e95bcb4 FIX: Staged users should not be mentionable. 2018-11-22 15:00:46 +08:00
Guo Xiang Tan
c5a70eca6e
PERF: Move mention lookups out of the V8 context. (#6640)
We were looking up each mention one by one without any form of caching and that results
in a problem somewhat similar to an N+1. When we have to do alot of DB
lookups, it also increased the time spent in the V8 context which may
eventually lead to a timeout. The change here makes it such that mention lookups only does a single
DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
Guo Xiang Tan
596e09aaf9 FIX: Wizard icons step fields have incorrect values.
https://meta.discourse.org/t/is-the-wizard-supposed-to-not-let-you-skip-adding-icons/102417
2018-11-22 14:19:36 +08:00
Maja Komel
993d8f346e FIX notifications for flag PMs (#6641) 2018-11-22 10:25:19 +08:00
Gerhard Schlager
c376670bd2 FIX: a search term containing '& could lead to errors
This also makes sure that the search term in front or after special characters isn't ignored.
2018-11-21 22:07:56 +01:00
Sam
966d3c8437 remove unneeded code
```
irb(main):001:0> def test; if false; puts "hi"; end; end
=> :test
irb(main):002:0> test
=> nil

```
2018-11-21 12:57:34 +11:00
Sam
20268385a5 FIX: never attempt to log invalid post numbers
Previously in some cases we would queue logging of invalid post numbers

The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
Sam
86255faa08 FEATURE: do not switch to JPEG unless you meet 75k byte savings
This also adjusts the algorithm to expect

- 30% saving for JPEG conversion

AND

- Minimum of 75K bytes saved

The reasoning for increase of saving requirements is cause PNG may have been
uploaded unoptimized, 30% saving on PNG is very possible
2018-11-21 11:01:08 +11:00
Kyle E. Mitchell
15e793fd3b FEATURE: Terms of Service v1.0.0
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Rishabh
eacbe28f55 FIX: Skip gsub for normalizing whitespaces when text is nil (#6631) 2018-11-20 09:12:32 +01:00
Vinoth Kannan
bc41057949 minor copy edit 2018-11-20 12:07:56 +05:30
Guo Xiang Tan
1a57be3248 Avoid deprecated site setting logging in SiteSetting.settings_hash. 2018-11-20 11:59:38 +08:00
Sam
1b4f2029d7 FIX: clear theme cache when restoring
Previously old themes may be cached incorrectly, this also forces
a rebake of old themes to ensure version can compile cleanly
2018-11-20 13:37:58 +11:00
Guo Xiang Tan
fe131c5ea2 Fix missing avatars on topic list page.
Introduced in b50fab2d72
2018-11-19 14:55:41 +08:00
Vinoth Kannan
1a9a2bd5c1 DEV: Report the missing uploads count 2018-11-19 12:06:46 +05:30
Sam
d1e3c213a7 Do not look up blank ips
No point attempting any kind of lookup on blank ip addresses
this simply adds log noise

Also ... freeze strings
2018-11-19 15:50:21 +11:00
Kyle Zhao
962fbd1ec7 include '/plugins/' directory for script-src and blob for worker-src
- plugins may include additional static JS assets
- ACE.js editor register a service worker with a blob for syntax
checking
2018-11-16 16:31:01 -05:00
Guo Xiang Tan
45f299dfdd PERF: Try to match users before groups.
User mentions are more common than group mentions so
this will allow us to avoid an extra query.
2018-11-16 16:41:20 +08:00
Guo Xiang Tan
0ac5126a78 FIX: Clear uploads cache on SiteSetting.refresh!.
This fixes a bug where the return value of uploads site settings
may defer between processes even though we trigger a refresh via
MessageBus.
2018-11-16 11:02:51 +08:00
Kyle Zhao
6fba8b8aef CSP: include worker_src
`worker_src` fallbacks to `script_src`, but #6611 made `script_src` too
restrict to include the service worker.
2018-11-15 13:57:15 -05:00
Kyle Zhao
055d59373a
CSP: drop 'self' in script-src (#6611) 2018-11-15 12:14:16 -05:00
Maja Komel
fc95f772bc FIX: avoid using absolute positioning for box category style in emails (#6607) 2018-11-15 14:35:50 +01:00
Joffrey JAFFEUX
c52e68a0c8
FIX: better handling of missing welcome topic in wizard (#6606) 2018-11-15 12:20:48 +01:00
Guo Xiang Tan
a895626d10 DB based S3 settings fixes for s3:upload_assets. 2018-11-15 15:48:40 +08:00
Guo Xiang Tan
68b640f6a9 Allow s3:upload_assets to use site settings from DB take 2. 2018-11-15 15:10:39 +08:00
Guo Xiang Tan
c56d682f45 Allow s3:upload_assets to use site settings from DB. 2018-11-15 15:06:19 +08:00
Sam
e7001f879a SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Bianca Nenciu
b6576d9473 FEATURE: Add new setting to force user edit last post. (#6571) 2018-11-14 15:48:16 +01:00
Penar Musaraj
f6fb079129 Disable wizard invites step when local_logins are turned off 2018-11-14 13:05:32 +01:00
Guo Xiang Tan
861b52b6f3 Fix the build take 2. 2018-11-14 18:07:04 +08:00
Guo Xiang Tan
2220345a8b Fix the build. 2018-11-14 17:32:32 +08:00
Guo Xiang Tan
72370b9c36 Add deprecation warnings for url based site settings. 2018-11-14 16:09:26 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Rishabh
4a12cfaecb Remove trailing whitespace for Rubocop 2018-11-13 17:19:26 +05:30
Brian Helba
ea94323766 FIX: 'migrate_from_s3' rake task should respect max sizes (#6598)
Rather than hardcode a maximum size of 20MB for uploads migrated from S3, the task should use site settings for this value.
2018-11-13 12:27:38 +01:00
Kyle Zhao
3493ea85cc remove Logster from CSP whitelist (#6593)
Logster 1.3 no longer has inline JS and is now CSP compliant
2018-11-13 09:55:57 +11:00
Penar Musaraj
4f81bb8303 Disallow revision edits with empty raw content 2018-11-12 15:28:38 -05:00
Vinoth Kannan
44d95ad5ab FIX: Cache url data for failed inline oneboxes 2018-11-13 01:44:20 +05:30
Régis Hanol
182b34243d
FIX: opts is a hash in 'log_on_user'
cc @nbianca
2018-11-12 16:00:12 +01:00
Bianca Nenciu
5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534)
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Gerhard Schlager
7c4d4331bc FEATURE: Better handling of quotation marks in site text search
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Sam
e17a13ce19 FEATURE: additional "related messages" section
This splits out previous message correspondence from suggeted and instead
has a dedicated section called "related messages"
2018-11-12 13:04:42 +11:00
Régis Hanol
6b51d84dc5 FIX: Don't enqueue topics if the user can't create them
Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
2018-11-09 18:24:28 +01:00
Sam
bc7c1e411c DEV: Ruby 2.5.1 is no longer supported with Discourse
This removes a monkey patch we no longer need since our containers require
2.5.2 or up for all Discourse installs.

If you are looking to deploy on 2.5.1 which is highly not recommended you
will need to figure out how to apply this diff.
2018-11-09 18:24:58 +11:00
Sam
7d52f5869d Revert "FIX: Don't enqueue topics if the user can't create them"
This reverts commit 515e103db6.
2018-11-09 15:25:38 +11:00
Vinoth Kannan
515e103db6 FIX: Don't enqueue topics if the user can't create them 2018-11-09 06:10:23 +05:30
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Guo Xiang Tan
14ff47f6f1 Fix typo. 2018-11-08 16:42:12 +08:00
Guo Xiang Tan
7290145641 PERF: Speed up migrate_to_s3 rake task.
* Prioritizes non-image uploads
* Does one remap per upload instead of 3 remaps previously
* Every 100 uploads migrated, do 2 remaps which fixes broken
  URLs
* Exclude email_logs table from remap
2018-11-08 16:39:56 +08:00
Guo Xiang Tan
57f92ac808 Revert "Swtich to regexp for DbHelper.remap."
Regexp is so much slower.

This reverts commit c3f89e3cd7.
2018-11-08 14:20:09 +08:00
Guo Xiang Tan
c3f89e3cd7 Swtich to regexp for DbHelper.remap. 2018-11-08 14:08:38 +08:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Guo Xiang Tan
0232a3b5e5 PERF: Exclude tables when remapping in migrate_to_s3 rake task. 2018-11-08 12:37:36 +08:00
Guo Xiang Tan
9737938a4a Add option to skip tabels when using DbHelper.remap. 2018-11-08 12:29:37 +08:00
Penar Musaraj
09dc922b3b Fix several FontAwesome 5 issues
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
Guo Xiang Tan
3365753bd0 PERF: Reduce number of database queries for DbHelper.remap
* Cuts number of queries from 273 to 89
* Add some specs
* For a table with 500 posts, benchmarks locally shows a runtime
  reduction from 0.046929135 to 0.032694705.
2018-11-08 10:54:39 +08:00
Penar Musaraj
9a34c6153e Fix small issues with FA5 icons 2018-11-07 16:39:04 -05:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Gerhard Schlager
555f467727 DEV: Add less confusing aliases for base_uri and base_url_no_prefix 2018-11-07 11:33:52 +01:00
Guo Xiang Tan
dfc0519cd3 Remove deprecation notice for old site settings. 2018-11-07 14:36:59 +08:00
Sam
0a442e319c FIX: correct svg handling for images
We regressed and optimized images no longer worked with svg

The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Bianca Nenciu
2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Sam
06b9d8223a FIX: search within topic not working correctly in CJK
We were splitting the term prior to search causing everything to miss
2018-11-07 09:41:55 +11:00
Robin Ward
71460fc203 PERF: Use mini_sql for the query
On sites with many flages, it could take quite a long time for
ActiveRecord to return all the joined data.

It's now 3 queries instead of one, but significantly faster, especially
if you have a minimum threshold set.
2018-11-05 14:44:27 -05:00
Jeff Atwood
afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post
FIX: disable flagging hidden posts
2018-11-05 11:05:32 -08:00
Penar Musaraj
7b3432f711 Enforce disabling flagging hidden posts server-side 2018-11-05 10:00:59 -05:00
Bianca Nenciu
5fc09a6467 DEV: Fix build. 2018-11-05 14:16:03 +02:00
David Taylor
1acbf8262b Version bump to v2.2.0.beta4 2018-11-05 11:16:58 +00:00
David Taylor
a84b6b6b0c SECURITY: Add CSRF protections to OpenID callback 2018-11-05 11:16:57 +00:00
Maja Komel
1ac3e5473a FIX: don't strip eml attachments from received emails 2018-11-05 09:35:22 +01:00
Bianca Nenciu
ab02b9a5d8 FIX: Use 'require' for dependencies. (#6552) 2018-11-02 09:16:45 +11:00
Robin Ward
ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
23423ba112 correct spec and error reporting
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Sam
31ad7a60ab FIX: improve error handling for missing maxmind dbs
Correct issue where we kept on looking up data on a Logster::Message object
2018-10-31 12:57:18 +11:00
Sam
32b1f34910 PERF: avoid DNS lookups when getting IP info
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
Bianca Nenciu
e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Sam
5c86e2d749 tweaks to related message list generation
- exclude users in groups I am in from related message search
- correctly limit number of related messages
2018-10-29 16:09:58 +11:00
Sam
9933059426 FEATURE: push related PMs to take first 3 slots
Previously the related PMs were last meaning you would have to work through
all unread to see them.

Also amends it so it either asks for related by group OR user not both.
2018-10-29 10:47:59 +11:00
Régis Hanol
d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Régis Hanol
306d77b54f FIX: don't use srcset on cropped thumbnails 2018-10-25 16:08:10 +02:00
David Taylor
56e0f47bcd FIX: Do not update last_seen for API access
This regressed in 2dc3a50. I have now added tests for the behavior.
2018-10-25 13:38:57 +01:00
Bianca Nenciu
effbef7d0b UX: Use user locale for locations. (#6527)
* UX: Use user locale for locations.

* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Régis Hanol
addf6f6d17 FIX: support comma in 'sso_provider_secrets' site setting 2018-10-24 21:23:18 +02:00
Sam
e955a7b49d Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)""
This reverts commit 322b27b6dc.

Oops rushed on the revert here... should be good
2018-10-24 15:14:01 +11:00
Sam
322b27b6dc Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)"
This reverts commit 63356d883e.

This caused an outage, got to revert
2018-10-24 15:03:58 +11:00
Kyle Zhao
63356d883e FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523) 2018-10-24 14:34:10 +11:00
Daniel Hollas
cee51672c9 FIX: Strip accents from search query
4481836 introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well

TODO in search with diacritics:
 - Still need to fix excerpts on search page
 - need to support accent stripping in in_topic search
 - need to make sure that in:title works correctly
 - need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
David Taylor
bafe3cd99a Revert "DEV: Lint official plugins in CI (#6519)"
This reverts commit 093cab2db0.
2018-10-22 22:30:33 +01:00
David Taylor
093cab2db0
DEV: Lint official plugins in CI (#6519) 2018-10-22 21:28:38 +01:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Bianca Nenciu
99b43f281b FIX: Fix browser detection for Microsoft Edge. (#6516)
cool!
2018-10-22 23:15:41 +11:00
Arpit Jalan
597d4863d6 fix the build 2018-10-22 15:09:25 +05:30
Arpit Jalan
ce0a51665e FIX: count emoji shortcuts in topic title
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao
dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Bianca Nenciu
b69652278f FEATURE: Add Wiki Editor badge. (#6511) 2018-10-19 15:30:27 +02:00
Gerhard Schlager
341836eb42 Fix the rake task and importer instead 2018-10-17 16:48:09 +02:00
Gerhard Schlager
ee18d9ace0 FIX: mbox importer and rake task were broken 2018-10-17 16:34:18 +02:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Matt Palmer
b1d7582abe Run specs on discourse-prometheus-alert-receiver
Sam wants to watch the world burn.
2018-10-17 15:32:57 +11:00
Matt Palmer
f367eebb10 Override problematic .gemrc setting 2018-10-17 15:31:58 +11:00
Penar Musaraj
b06dccac49 FIX: force enable a user's email_private_messages option when user replies via email (#6478)
* Enable user email PM when posting to group or replying to topic via email

* remove extra line

* Add test and fix snake_case

* Only reenable email_private_messages for PM replies
2018-10-16 10:51:57 +11:00
Bianca Nenciu
c68a456baa FIX: Do not award badges for links in restricted categories. (#6492) 2018-10-16 10:38:59 +11:00
Vinoth Kannan
4c2331260e run specs on discourse-calendar plugin 2018-10-16 01:26:24 +05:30
Neil Lalonde
d166c38ab7 REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
Maja Komel
c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
Arpit Jalan
d76658ff8c FEATURE: new rake task to anonymize all users 2018-10-15 16:19:25 +05:30
Guo Xiang Tan
8fa59f0548 FIX: Can't clean a tag if the given string is frozen. 2018-10-15 14:48:45 +08:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Bianca Nenciu
d408073fc2 DEV: Update official plugins list
canned replies is now named discourse-canned-replies which keeps our naming consistent
2018-10-15 13:53:21 +11:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Joshua Rosenfeld
fd58ca1903
remove manually mapping of discourse-logster-rate-limit-checker, repo renamed to match 2018-10-12 15:56:23 -04:00
Joshua Rosenfeld
43a7b08a48
don't run specs on prometheus-alert-receiver for now either 2018-10-12 12:20:49 -04:00
Joshua Rosenfeld
ca71815bb2
don't run specs on calendar for now 2018-10-12 12:12:21 -04:00
Neil Lalonde
d19fb61f10 Version bump to v2.2.0.beta3 2018-10-12 10:55:45 -04:00
Joshua Rosenfeld
9d4916012a
manually map discourse-perspective too 2018-10-12 10:32:07 -04:00
Joshua Rosenfeld
2cb176f1ed
manually map discourse-logster-rate-limit-checker
also remove obsolete plugins
2018-10-12 10:27:24 -04:00
Joshua Rosenfeld
aba4dec27f
Update official plugin list
* Remove duplicate entry
* Add missing plugins
* Update list for new names
2018-10-12 10:12:31 -04:00