Commit Graph

194 Commits

Author SHA1 Message Date
Neil Lalonde
71b65be6f6 SECURITY: prevent use of X-Forwarded-Host to perform XSS 2018-08-13 16:45:22 -04:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Guo Xiang Tan
875008522d FIX: Discourse.S3BaseUrl did not account for subfolder bucket names. 2018-07-06 15:53:57 +08:00
Guo Xiang Tan
73e30ff4c2 Revert "Rename s3 vars, change condition when displaying s3 uploads"
The new variables do not reflect that they represent S3 settings.

This reverts commit 24dfa1b657.
2018-07-06 15:53:57 +08:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Maja Komel
24dfa1b657 Rename s3 vars, change condition when displaying s3 uploads 2018-06-25 17:16:01 +02:00
Robin Ward
a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Robin Ward
fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Jeff Wong
32f919ea34 Fix - service worker registrations
* register service workers in a development env

* register service worker from ember initialize fn
2018-04-10 15:17:32 -07:00
Neil Lalonde
b7ecdb72d6 FIX: update Google Tag Manager javascript 2018-04-03 14:22:06 -04:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611)
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
2018-03-04 19:04:23 -05:00
Guo Xiang Tan
70f14da732 UX: Use 'tel' input type for 2FA token inputs. 2018-02-27 09:30:44 +08:00
Guo Xiang Tan
7902296c11 Oops we should register a service worker as long as it is supported. 2018-02-15 15:02:14 +08:00
Guo Xiang Tan
28365f8ae5 PERF: Have nginx cache and serve the service worker file. 2018-02-15 10:50:39 +08:00
Neil Lalonde
7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Sam
70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Leo McArdle
e183600563 FIX: redirect loop for new users visiting /new-topic using full screen login 2017-09-07 21:02:41 +01:00
Sam Saffron
d0c5205a52 Feature: Change markdown engine to markdown it
This commit removes the old evilstreak markdownjs engine.

- Adds specs to WhiteLister and changes it to stop using globals
    (Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
    CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
Neil Lalonde
3ebd8838af FEATURE: cross-domain tracking for Google universal analytics 2017-07-13 15:21:44 -04:00
Sam
79a084dd58 Revert "remove old markdown engine work-in-progress"
This reverts commit ee470b5317.
2017-07-12 18:10:51 -04:00
Sam Saffron
ee470b5317 remove old markdown engine work-in-progress 2017-07-12 17:44:40 -04:00
Sam
234694b50f Feature: CommonMark support
This adds the markdown.it engine to Discourse.
https://github.com/markdown-it/markdown-it

As the migration is going to take a while the new engine is default
disabled. To enable it you must change the hidden site setting:
enable_experimental_markdown_it.

This commit is a squash of many other commits, it also includes some
improvements to autospec (ability to run plugins), and a dev dependency
on the og gem for html normalization.
2017-06-23 12:01:33 -04:00
Robin Ward
30ebaf6b6a Update FontAwesome to 4.7.0 2017-04-26 15:16:30 -04:00
Sam
bbed29ba57 correct font preloading 2017-04-20 11:18:37 -04:00
Sam
5dd752877e FEATURE: try adding some preload hints for chrome 2017-04-17 11:52:43 -04:00
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam
30e0154e5d SECURITY: fix reflected XSS with safe_mode param
(only applies to beta and master)
2016-12-19 10:11:51 +11:00
Sam
e2c87da42a FEATURE: Add basic support for Safe Mode
In Safe Mode all JS extensions and site customizations are disabled.

To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Neil Lalonde
d38727efb7 FIX: Google Universal Analytics was tracking two page views on first page view 2016-08-02 12:55:02 -04:00
Neil Lalonde
ba637e40b6 FEATURE: Google Tag Manager Universal Analytics support 2016-07-14 16:35:20 -04:00
Robin Ward
bba0fd0654 REFACTOR: PreloadStore to ES6 2016-07-11 12:57:05 -04:00
Robin Ward
25d6915cac Migrate discourse.js to ES6 2016-07-11 12:57:05 -04:00
Robin Ward
a546395397 REFACTOR: Migrate markdown functionality in ES6 2016-07-11 12:57:05 -04:00
Jeff Atwood
36e3e53798 is it really necessary to specify 'normal' font? 2016-04-11 02:30:11 -07:00
Jeff Atwood
e45243924e oops 2016-04-11 02:00:16 -07:00
Jeff Atwood
fff03fb7c3 woff and woff2 are all we need for webfonts
on any browser that is remotely modern
2016-04-11 01:37:17 -07:00
Sam Saffron
38983bc977 oops 2016-02-08 09:53:47 +11:00
Sam Saffron
b032c63773 FIX: properly defer authentication complete 2016-02-08 08:44:12 +11:00
Robin Ward
6c2dee29a8 UX: Upgrade Font Awesome to 4.5.0 2015-12-10 17:19:23 -05:00
Robin Ward
8ba7c06b7d Merge pull request #3735 from riking/patch-4
FIX: Discourse.BaseUri should not default to /
2015-11-06 14:52:19 -05:00
Sam
b6c2aa13e6 clean up implementation of non frame login / registration 2015-10-13 14:49:09 +11:00
Sam
45ab42dea9 UX: upgrade font awesome to 4.4 2015-09-21 12:46:58 +10:00
Kane York
aca70805f1 FIX: Discourse.BaseUri should not default to / 2015-09-10 17:34:08 -07:00
Robin Ward
707c493e3c FIX: When changing colors, refresh the admin stylesheet 2015-08-18 14:13:40 -04:00
Robin Ward
22844b9e46 Ember 1.12 support 2015-08-13 11:14:16 -04:00
Robin Ward
59cdde330f Raise errors in development mode on deprecation
We've had quite some time to find the deprecation errors in Ember and
most should be fixed. It is time to turn up the difficulty, which will
raise exceptions in development/test mode if a deprecation is present.
This will force developers to fix them as they encounter them.
2015-08-04 13:23:42 -04:00
Robin Ward
9911e92e24 Merge pull request #3609 from riking/patch-7
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
Sam
6d9674278e UX: remove zocial and use font awesome instead
UX: use github logo for github login
2015-07-21 15:47:58 +10:00
Kane York
728845d008 FEATURE: Localization fallbacks (client)
This patch sets I18n.defaultLocale in the Discourse.start() script block (it
was formerly always 'en') to SiteSetting.default_locale, and patches
translate() to perform fallback to defaultLocale followed by english.
Additionally, when enable_verbose_localization() is called, no fallbacks will
be performed.

It also memoizes the file loading operations in JsLocaleHelper and strips out
translations from the fallbacks that are also present in a prefered language,
to minimize file size.
2015-07-15 10:17:28 -07:00
Sam
24102f2636 FIX: apply s3 cdn to client side assets 2015-05-27 12:59:51 +10:00
Sam
45bdd23689 FEATURE: support user local switching to RTL correctly
FEATURE: support RTL in multisite
2015-05-20 15:56:54 +10:00
Robin Ward
8294205f7c Ember 1.11 broken WIP 2015-05-11 11:18:37 -04:00
Robin Ward
65bfa574ce Add userId to GA tracking 2015-04-07 13:10:33 -04:00
Sam
5d31290dbc FIX: cleanup old letter avatars if needed
FEATURE: use image magick version as a key for letter avatars
2015-04-07 13:03:43 +10:00
Régis Hanol
9633cfeae1 bump font cache 2015-03-27 16:33:15 +01:00
Régis Hanol
4d58db2b09 also remove zocial svg font 2015-03-27 15:33:03 +01:00
Régis Hanol
8bbc742247 remove svg version of font-awesome 2015-03-27 13:42:30 +01:00
Régis Hanol
d9606bef9d update font-awesome to 4.3.0 2015-03-27 13:08:58 +01:00
Sam
a82530012a FEATURE: Allow selection of highlight js languages
PERF: stop loading highlight js on load

To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Robin Ward
de4e4f2b98 Replace $LAB with path aware loadScript that uses jQuery 2015-03-09 14:39:39 -04:00
Régis Hanol
1b2381d5a0 FIX: only remove custom CSS in admin on first load 2015-03-02 23:31:04 +01:00
Régis Hanol
521d3de10d revert: ⬆️ update font-awesome 2015-02-05 17:26:18 +01:00
Régis Hanol
4ac82f45bf FIX: force font-awesome update 2015-02-05 14:25:27 +01:00
Sam
f23eb475a4 FEATURE: remove override stylesheet option, too confusing 2014-12-23 13:03:48 +11:00
Régis Hanol
45dbdb6896 FEATURE: custom emojis 2014-12-23 01:12:26 +01:00
lidlanca
33e1790408 stripping port information from Discourse.BaseUrl
Port information if presented in Discourse.BaseUrl may break user avatar URL in the template generation.

https://github.com/discourse/discourse/edit/master/app/assets/javascripts/discourse/models/user.js
avatarTemplate()

In the future there should be a way to reference baseUrl with or without port information
2014-09-12 16:29:17 -04:00
Robin Ward
39c7101c4b TWEAK: Remove TransitionAborted exceptions from logging. They are
apparently normal when you abort a router transition and can be ignored.
2014-08-07 16:52:31 -04:00
M Smart
0d9e2b5df5 Move the scripts helper into a better place. 2014-07-22 20:14:57 -04:00
M Smart
ec280913b2 Enumerate deferred scripts with a sprockets helper 2014-07-22 19:46:43 -04:00
Sam
5477325376 FIX: should use "script" to allow cdn 2014-07-14 08:47:06 +10:00
Sam
9157f51618 FEATURE: upgrade font awesome to head 2014-07-03 17:58:12 +10:00
Sam
fa6f22dd39 Move letter avatars out of upload system
FIX: S3 issues around system avatars
FIX: reduced backup file size
2014-05-30 14:45:55 +10:00
Sam
7fbf162666 Logster update
cleans up a bunch of messed up context stuff with multisite
improves backtraces
adds request params
2014-05-25 13:54:52 +10:00
Robin Ward
5e07d18069 FIX: Don't track pageView on initial load. Let the router signal that. 2014-05-21 14:04:08 -04:00
Neil Lalonde
c4d3aa3d47 Theming: a UI to choose some base colors that are applied to all the site css. CSS compiled outside of asset pipeline. 2014-05-14 10:18:12 -04:00
Régis Hanol
978fb7ff96 Merge pull request #2328 from ligthyear/better-debugging-of-promises-in-dev
Log the actual promise object instead of a useless name
2014-05-09 11:25:44 +02:00
Benjamin Kampmann
41f1c70fe4 Log the actual promise object instead of a useless name
- console.log has support for objects including introspection, use this
 - instead of logging useless names
2014-05-09 11:16:56 +02:00
Robin Ward
f50039b48b Support 404 routes in the Ember App 2014-04-29 15:29:13 -04:00
Robin Ward
fc65bc28be FIX: Use the container to register Discourse's custom location handler 2014-04-17 10:45:06 -04:00
Vikhyat Korrapati
33307a50b3 Get rid of plugins.css, inject it using DiscourseSassImporter. 2014-04-09 19:42:43 +05:30
Benjamin Kampmann
d22df7731d Allow plugins to ship custom styles only for mobile
- adds another :mobile-flag to register_assets
- adds test for plugin registering of assets
- load plugins when on desktop and plugins_mobile when on mobile
2014-04-07 16:33:35 +02:00
Vikhyat Korrapati
ef99ab59a5 Allow importing Discourse styles in custom stylesheets to modify vars. 2014-04-01 23:04:50 +05:30
Régis Hanol
77a8a4083a Revert "Merge pull request #2125 from vikhyat/css-variables"
This reverts commit b537de3ca5, reversing
changes made to b925827e5b.
2014-04-01 16:24:29 +02:00
Vikhyat Korrapati
ddd1dfe896 Allow importing Discourse styles in custom stylesheets to modify vars. 2014-04-01 15:25:43 +05:30
Robin Ward
14f075e812 Missing semicolon; 2014-02-11 14:57:14 -05:00
Robin Ward
fc36a87e72 FIX: Invalid ruby code for universal google analytics 2014-01-30 15:45:24 -05:00
Eric Carlson
bc033283c6 Google Universal Analytics 2014-01-25 17:42:25 -07:00
Sam
a247389d4e FEATURE: automatically update site to latest version of assets
if a user neglects to move around the site it will prompt to do so 2 hours in
2014-01-15 12:08:35 +11:00
Sam
fd95dbe75a FEATURE: Automatically force a full refresh between pages if assets change 2014-01-15 12:08:35 +11:00
Neil Lalonde
1f0a59584b Revert "Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations." 2013-12-18 14:47:22 -05:00
Neil Lalonde
58e5d532c5 Revert "Got rid of buggy yepnope spaghetti, however mobile detection really should be driven from the server." 2013-12-18 14:47:12 -05:00
Sam
8ccab6d140 Got rid of buggy yepnope spaghetti, however mobile detection really should be driven from the server. 2013-12-13 15:17:05 +11:00
Neil Lalonde
5171a23a9c Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations. 2013-12-11 11:19:22 -05:00
Neil Lalonde
ed3d3ae1e1 Upgrade font-awesome to version 4 2013-12-11 10:31:09 -05:00
Neil Lalonde
2596f7dec2 Revert "Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations." 2013-12-09 16:28:11 -05:00
Neil Lalonde
ca5d4d5e54 Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations. 2013-12-09 13:28:42 -05:00
Neil Lalonde
e3660e59b4 Strip http(s) from SiteSetting.ga_domain_name 2013-12-06 11:46:52 -05:00
Neil Lalonde
7bbb32bac2 Fix javascript_include_tag for browser-update so it includes MD5. Needed to add .js extension for some reason. 2013-12-02 15:57:23 -05:00
Robin Ward
48bfcfadd9 Upgrade Ember.js, fix swallowing of template errors, report unresolved promises in development mode. 2013-12-02 13:15:58 -05:00