Commit Graph

94 Commits

Author SHA1 Message Date
Neil Lalonde
01d0aeb5a9 merge master 2016-03-31 17:40:54 -04:00
Régis Hanol
f9710d0d7c FIX: unescape emojis in digests 2016-03-08 21:05:50 +05:30
Régis Hanol
28e4ea3178 we still need md5 2016-02-05 16:01:23 +01:00
Sam Saffron
45a166b315 SECURITY: hoist blocks using guids, not md5 hashes 2016-02-05 16:01:15 +01:00
Robin Ward
189595466c SECURITY: Backported XSS fixes from Handlebars 2015-11-24 16:30:52 -05:00
Guo Xiang Tan
6a31a5d52b Extract logic for censored-words so that it can be reused. 2015-08-25 22:26:01 +08:00
Robin Ward
e2e3e7c0e0 Add ES6 support to more files 2015-08-13 10:49:08 -04:00
Régis Hanol
c17f8d1769 keep pretty_text in sync with client code 2015-07-16 00:01:00 +02:00
Robin Ward
b52e5d1536 FIX: default_avatars wasn't being used for some server side templates 2015-06-26 13:38:09 -04:00
Régis Hanol
189cb3ff12 FEATURE: move migrate_to_new_scheme into a background job
- new hidden site setting 'migrate_to_new_scheme' (defaults to false)
- new rake tasks to toggle migration to new scheme
- FIX: migrate_to_new_scheme also works with CDN
- PERF: improve perf of the DbHelper.remap method
- REFACTOR: UrlHelper is now a class
2015-06-12 12:07:57 +02:00
Sam Saffron
b7a0a295c0 FIX: s3 cdn would break cooking if <img> tag had no src 2015-06-10 19:28:21 +10:00
Sam
93ab03966e FIX: no-follow not handled correctly for sub domains
if a.com was whitelisted aa.com would pass through
2015-05-27 14:31:01 +10:00
Sam
90eaad336d FEATURE: allow users to pick a CDN for s3 assets 2015-05-26 11:13:12 +10:00
Robin Ward
2e4d43364a Server side quote templates don't seem to be used? 2015-05-11 11:20:45 -04:00
Régis Hanol
a737090442 - FEATURE: revamped poll plugin
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Régis Hanol
4a9587fa23 FIX: auto-load all plugin locales so that they can be used in PrettyText 2015-04-09 17:04:14 +02:00
Sam
a82530012a FEATURE: Allow selection of highlight js languages
PERF: stop loading highlight js on load

To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Robin Ward
893c1aa067 FIX: Quoting an avatar when default_avatars was set was broken. 2015-03-12 15:51:28 -04:00
Régis Hanol
6a68e8c272 FIX: use CDN for user card/profile background and user avatars (for real this time) 2015-01-29 22:53:48 +01:00
Régis Hanol
22adb682d8 revert - FIX: use CDN for user card/profile background and user avatars 2015-01-29 20:42:05 +01:00
Régis Hanol
07d5d8faac fix the build... 2015-01-29 20:28:50 +01:00
Régis Hanol
3a24df6956 FIX: adding a custom emoji needed an application restart to work on the server-side rendering 2015-01-29 17:35:52 +01:00
Gerhard Schlager
361b3fb07a FIX: Loading of Emoji files depended on working directory
The importer scripts could not be used unless the working directory was
the Discourse root directory.
2015-01-24 00:07:39 +01:00
Régis Hanol
118d33798a FIX: load custom emoji API before the plugins 2014-12-23 11:06:55 +01:00
Régis Hanol
5d33dee817 FIX: custom emoji weren't properly baking 2014-12-23 02:22:10 +01:00
Sam
a79b1807d7 FEATURE: attempt to recover from corrupt markdown engine 2014-11-14 17:51:04 +11:00
Régis Hanol
a5616146eb FIX: remove meta data from lightbox in both excerpt (html & text) 2014-11-05 20:37:00 +01:00
Jens Maier
3198c3333a Fix pretty_text translation helper again, this time for real 2014-10-02 22:08:40 +02:00
Jens Maier
b6bbfb907c FIX: quoting non-existing messages would break SMF2 importer 2014-10-02 00:44:03 +02:00
Robin Ward
d0fb8bbcfc Instead of .js.handlebars use .hbs for handlebars templates 2014-09-26 15:23:15 -04:00
Robin Ward
19b4364d79 SECURITY: Stripping links could unescape html fragments 2014-09-17 12:08:00 -04:00
Robin Ward
f67f34d889 FIX: Load order of Javascript files 2014-08-22 19:27:20 -04:00
Sam
84836944e8 FIX: crash on invalid uri component 2014-07-30 17:09:55 +10:00
Sam
89fc989adb FEATURE: First Quote badge 2014-07-11 14:17:43 +10:00
Régis Hanol
27f7730fe8 fix the build 2014-07-09 17:39:38 +02:00
Robin Ward
64355c989e FIX: Don't extract links from empty quotes 2014-05-20 17:20:52 -04:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Robin Ward
87682f7539 FIX: Don't include image meta data when embedded in an email 2014-04-17 12:32:51 -04:00
Régis Hanol
2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
riking
9c4dd1cb35 Change comma-delim site settings to pipe-delim 2014-04-08 14:17:55 -07:00
Régis Hanol
f25bcc5067 couple of bugfixes identified while importing from VB 2014-03-07 10:44:04 +01:00
Robin Ward
91ff3451c3 FIX: Include html helpers in the server rendering. This allows plugins
to easily register HTML fragments without breaking posting.
2014-02-26 10:09:17 -05:00
Sam
a28a0bbeeb PERF: stop messing with strings that come back from I18n.t
allows better caching
2014-02-18 14:10:03 +11:00
Sam
d54f6faa35 minor style fix 2014-02-04 12:57:16 +11:00
Sam
1556548ff6 BUGFIX: JS errors could crash our process 2014-02-04 11:14:04 +11:00
Neil Lalonde
4f6b208e8d Posts by trust level 3 users do not have nofollow on their external links. 2014-01-15 11:40:51 -05:00
Sam
b703d8c77a BUGFIX: redis-rails has always been a problem child
implemented an ActiveSupport::Cache::Store for our internal use.
* allows for expire by family
* works correctly in multisite
* namespaced correctly

Removed redis-rails from the project, no longer needed
2014-01-06 16:50:04 +11:00
Régis Hanol
567d2bd23c add top page 2013-12-24 00:50:36 +01:00
Sam
6ebc2dcf5c never allow any js that takes longer than 5 seconds to run. 2013-12-09 12:44:09 +11:00
Neil Lalonde
4ec0543362 FIX: emails with embedded posts should always use absolute URLs 2013-11-28 15:57:21 -05:00