Commit Graph

1370 Commits

Author SHA1 Message Date
Blake Erickson
b7b85f9ade
FEATURE: Turn csp on by default (#8665)
* turn csp on by default

* remove csp migration for new sites now that is is on by default

* Ensure CSP is off before starting qunit
2020-01-06 13:42:21 -07:00
Sam Saffron
87a8003691 Revert "FEATURE: Turn CSP on by default"
This reverts commit 3193b0f6e6.

This is a temporary revert, we are seeing some CI failures due to this
change so I am reverting till we sort out all the problems.
2020-01-06 11:37:07 +11:00
Blake Erickson
3193b0f6e6 FEATURE: Turn CSP on by default
Turning on CSP by default is one of the 2.4 release features.

https://meta.discourse.org/t/discourse-version-2-4/108194
2020-01-03 13:40:11 -07:00
Gerhard Schlager
f62215046f FEATURE: Completely remove unsafe-eval from CSP
Plugins can add it via API if they need to use `eval`:
```
extend_content_security_policy(script_src: [:unsafe_eval])
```

See https://meta.discourse.org/t/104243
2019-12-13 12:38:32 +01:00
Martin Brennan
6261339da9
Improving bookmarks part 1 (#8466)
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!

This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:

* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.

This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
2019-12-11 14:04:02 +10:00
Mark VanLandingham
14cb386f1e
FEATURE: Featured topic for user profile & card (#8461) 2019-12-09 11:15:47 -08:00
Vinoth Kannan
f7084a4339 FEATURE: add site setting to remove X-Frame-Options header. 2019-12-06 03:15:09 +05:30
Vinoth Kannan
e6dfcda0bc DEV: handle all notification consolidations in new 'NotificationConsolidator' class.
481c8314f0
2019-12-05 14:36:06 +05:30
Daniel Waterworth
2f5adbe1f4 DEV: Allow the creation of sub-sub-categories
This commits adds a new site setting (max_category_nesting), that
determines whether sub-sub-categories are allowable.
2019-12-04 12:07:05 +00:00
Gerhard Schlager
2cca14d510 FEATURE: Add hidden setting to allow unsafe-eval in CSP
This new setting defaults to `true` for now, until we make sure that all official plugins and theme components work without `unsafe-eval` in the CSP.
2019-12-03 21:09:08 +01:00
Gerhard Schlager
d12f2580de FIX: Serve crawler view to Google PageSpeed 2019-11-27 22:15:34 +01:00
Leo McArdle
2714149fd2 FEATURE: hide posts from incoming email based on dmarc verdict (#8333) 2019-11-26 15:55:22 +01:00
Sam Saffron
d28de23ac8 FEATURE: block screaming frog SEO spider by default
This crawler is not respectful and often can make 1000s of reqs a minute.

Block by default, site operators can amend this default if they want to.
2019-11-18 16:48:07 +11:00
Penar Musaraj
102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Mark VanLandingham
3dd2f2f701
DEV: Remove RSS feed polling in favor of plugin (#8233) 2019-11-12 09:49:02 -06:00
Vinoth Kannan
ba5b78a348
FEATURE: support to mute all categories by default. (#8295)
Instead of enabling `suppress_from_latest` setting on many categories now we can enable `mute_all_categories_by_default` site setting. Then users should opt-in to categories for them to appear in the latest and categories pages.
2019-11-08 08:28:11 +05:30
David Taylor
52c5cf33f8
FEATURE: Overhaul of admin API key system (#8284)
- Allow revoking keys without deleting them
- Auto-revoke keys after a period of no use (default 6 months)
- Allow multiple keys per user
- Allow attaching a description to each key, for easier auditing
- Log changes to keys in the staff action log
- Move all key management to one place, and improve the UI
2019-11-05 14:10:23 +00:00
Vinoth Kannan
72aa26c8c5
FEATURE: New site settings for default tags in user preferences. (#8283) 2019-11-01 12:40:13 +05:30
Krzysztof Kotlarek
c32bd8ae48 FEATURE: Remove attachments and truncate raw field for incoming emails (#8253)
Adds the settings: 

raw_email_max_length, raw_rejected_email_max_length, delete_rejected_email_after_days. 

These settings control retention of the "raw" emails logs.

raw_email_max_length ensures that if we get incoming email that is huge we will truncate it removing uploads from the raw log.

raw_rejected_email_max_length introduces an even more aggressive truncation for rejected incoming mail. 

delete_rejected_email_after_days controls how many days we will keep rejected emails for (default 90)
2019-10-30 16:54:35 +11:00
Mark VanLandingham
4eb54f08b2
FEATURE: Site setting/UI to allow users to set their primary group (#8244)
* FEATURE: Site setting/ui to allow users to set their primary group

* prettier and remove logic from account template

* added 1 to 43 to make web_hook_user_serializer_spec pass
2019-10-28 12:46:27 -05:00
Leo McArdle
e7ff6809a3 FEATURE: add SES spam header to recognised spam headers (#8254) 2019-10-28 12:46:53 -04:00
Neil Lalonde
f061aee818 FEATURE: support SCSS in custom email style
In the CSS tab of Admin > Customize > Email Style, SCSS can now be used.
2019-10-23 15:42:37 -04:00
Blake Erickson
80d8830c17 DEV: Make max_tags_in_filter_list available clientside
This will allow plugins that use this setting to read the value using
javascript.
2019-10-17 15:22:27 -06:00
Sam Saffron
f5d1aff8dd FEATURE: experimental hidden setting for draft backups
Under exceptional situations the automatic draft feature can fail.

This new **hidden, default off** site setting
`backup_drafts_to_pm_length` will automatically backup any draft that is
saved by the system to a dedicated PM (originating from self)

The body of that PM will contain the text of the reply.

We can enable this feature strategically on sites exhibiting issues to
diagnose issues with the draft system and offer a recourse to users who
appear to lose drafts. We automatically checkpoint these drafts every 5
minutes forcing a new revision each 5 minutes so you can revert to old
content.

Longer term we are considering automatically enabling this kind of feature
for extremely long drafts where the risk is really high one could lose
days of writing.
2019-10-17 16:58:21 +11:00
Rafael dos Santos Silva
6e9c8fe854
FIX: More encoded slug fixes (#8191)
* FIX: Do not encode the URL twice

Now that we encode slugs in the server we don't need this anymore.

Reverts fe5na33

* FIX: More places do deal with encoded slugs

* the param is a string now, not a hash

* FIX: Handle the nil slug on /categories

* DEV: Add seeded? method to identity default categories

* DEV: Use SiteSetting to keep track of seeded categories
2019-10-16 17:08:43 -03:00
Roman Rizzi
01bc465db8
DEV: Split max decompressed setting for themes and backups (#8179) 2019-10-11 14:38:10 -03:00
Régis Hanol
349c1cd085 FIX: remove site setting 'shadowed-by-global' option (#8061) 2019-10-08 12:43:26 -04:00
Dan Ungureanu
fdb1d3404c
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
If the setting is turned on, then the user will receive information
about the subject: if it was deleted or requires some special access to
a group (only if the group is public). Otherwise, the user will receive
a generic #404 error message. For now, this change affects only the
topics and categories controller.

This commit also tries to refactor some of the code related to error
handling. To make error pages more consistent (design-wise), the actual
error page will be rendered server-side.
2019-10-08 14:15:08 +03:00
Roman Rizzi
10565e4623
SECURITY: Safely decompress files. (#8124)
* FEATURE: Adds an extra protection layer when decompressing files.

* Rename exporter/importer to zip importer. Update old locale

* Added a new composite class to decompress a file with multiple strategies

* Set max file size inside a site setting

* Ensure that file is deleted after compression

* Sanitize path and files before compressing/decompressing
2019-10-03 10:19:35 -03:00
Roman Rizzi
1576b07a10
FIX: Improve protection against problematic usernames (#8097) 2019-09-13 15:11:27 -03:00
Dannii Willis
d7cfb06fa4 Fix: let mailgun_api_key also support their "HTTP webhook signing key" (#8091) 2019-09-12 10:32:44 -04:00
Robin Ward
1cebe7670a FEATURE: Allow embedding to ignore HTTP REFERER
New site setting: `embed_any_origin` that will send postMessages to
wildcard origins `*` instead of the referer.

Most of the time you won't want to do this, so the setting is default to
`false`. However, there are certain situations where you want to allow
embedding to send post messages when there is no HTTP REFERER.

For example, if you created a native mobile app and you wanted to embed a list
of Discourse topics as HTML. In the code your HTML would be a
static file/string, which would not be able to send a referer. In this
case, the site setting will allow the embed to work.

From a security standpoint we currently only use `postMessage` to send
data about the size of the HTML document and scroll position, so it
should be enable if required with minimal security ramifications.
2019-09-10 12:27:07 -04:00
Rimian Perkins
6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
David Taylor
be96c4478e
FEATURE: Login with Discord (#8053)
This migrates the functionality of discourse-plugin-discord-auth into core. 

The plugin will automatically disable itself when core is updated: fd0867844d

For setup instructions, visit https://meta.discourse.org/t/configuring-discord-login-for-discourse/127129
2019-08-30 10:54:19 +01:00
Jeff Atwood
dbd6c32914 decrease default post edit time limit from 60 days to 30 days 2019-08-29 21:27:18 -07:00
Leo McArdle
120077ebee make SiteSetting.s3_use_iam_profile shadowed by global (#8044) 2019-08-29 12:49:18 +02:00
Penar Musaraj
5e0488f56a DEV: No need to set client:false on site settings 2019-08-27 14:11:59 -04:00
Penar Musaraj
5c02bfb000 FEATURE: Site settings for linking with iOS/Android native apps
- Adds support for iOS Universal Links via an `apple-app-site-association` endpoint

 Adds support for Google Digital Asset Links at the `.well-known/assetlinks.json` endpoint
2019-08-27 14:05:37 -04:00
Roman Rizzi
7c741fa0d6
FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025)
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""

This reverts commit 36425eb9f0.

* Fix: Show who read only if the attribute is enabled

* PERF: Precalculate the last post  readed by a group member

* Use book-reader icon instear of far-eye

* FIX: update topic groups correctly

* DEV: Tidy up read indicator update on write
2019-08-27 09:09:00 -03:00
Sam Saffron
5aa9a567f8 FEATURE: allow themes to upload js files as assets
This helps unlock the ability for themes to defer load larger js payloads.

The change is safe as themes are allowed to include inline js anyway.
2019-08-26 09:16:00 +10:00
romanrizzi
36425eb9f0 Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)"
This reverts commit 5dda5c2f7c.
2019-08-20 13:29:22 -03:00
Roman Rizzi
5dda5c2f7c
FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"

This reverts commit 67f5cc1ce8.

* FIX: Read indicator only appears when the group setting is enabled
2019-08-20 11:57:25 -03:00
romanrizzi
67f5cc1ce8 Revert "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 1630dae2db.
2019-08-20 10:24:34 -03:00
Roman Rizzi
1630dae2db
FEATURE: Publish read state on group messages. (#7989)
* Enable or disable read state based on group attribute

* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post

* The option can be enabled/disabled from the UI

* The read indicator will live-updated using message bus

* Show read indicator on every post

* The read indicator now shows read count and can be expanded to see user avatars

* Read count gets updated everytime someone reads a message

* Simplify topic-list read indicator logic

* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
2019-08-20 09:46:57 -03:00
Blake Erickson
893d30fb92 REVERT: External auth when redeeming invites
Reverting this commit:

87a0a6664e

because I'm extracting all of this logic into a plugin instead.
2019-08-16 12:44:14 -06:00
Robin Ward
23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
Blake Erickson
87a0a6664e FEATURE: External auth when redeeming invites
This feature (when enabled) will allow for invite_only sites to require
external authentication before they can redeem an invite.

- Created hidden site setting to toggle this
- Enables sending invites with local logins disabled
- OAuth button added to invite form
- Requires OAuth email address to match invite email address
- Prevents redeeming invite if OAuth authentication fails
2019-08-11 12:20:02 -06:00
Leo McArdle
6296ae3d31 FEATURE: add setting to show content of forwarded emails in topics (#7935) 2019-08-07 12:32:19 +02:00
Neil Lalonde
4b9d35cd0e FEATURE: add option to always send excerpts in emails
Enable the new setting "post excerpts in emails" to send excerpts
instead of complete posts in notification emails. Control the length of
excerpts with the "post excerpt maxlength" setting.
2019-08-06 12:45:28 -04:00
Rishabh
dcb47d902b
REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications (#7958)
* REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications

- The older name could cause some confusion because the setting does not disable all edit notifications, only system ones.

* FIX: Add frozen_string_literal: true in the migration

* DEV: Deprecate 'disable_edit_notifications'
2019-07-31 20:20:41 +05:30
Neil Lalonde
9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Gerhard Schlager
94607a2f6b FEATURE: Generate new VAPID keys when base_url changes
This is useful when a backup is restored on a staging site or in a development environment. It also deletes all existing push subscriptions because they get invalid when the keys change.
2019-07-30 10:08:24 +02:00
Gerhard Schlager
7e0eeed292 FEATURE: Add attachments to outgoing emails
This feature is off by default and can can be configured with the `email_total_attachment_size_limit_kb` site setting.

Co-authored-by: Maja Komel <maja.komel@gmail.com>
2019-07-25 15:57:45 +02:00
Roman Rizzi
f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
David Taylor
2a10ddd425 UX: Disable system edit notifications by default (#7896)
Enabling this setting prevents notifications when the system downloads hotlinked images. This stops an onslaught of notifications when old posts are rebaked. It does not affect regular edit notifications
2019-07-16 11:28:35 +02:00
Osama Sayegh
6515ff19e5
FEATURE: Allow customization of robots.txt (#7884)
* FEATURE: Allow customization of robots.txt

This allows admins to customize/override the content of the robots.txt
file at /admin/customize/robots. That page is not linked to anywhere in
the UI -- admins have to manually type the URL to access that page.

* use Ember.computed.not

* Jeff feedback

* Feedback

* Remove unused import
2019-07-15 20:47:44 +03:00
Gerhard Schlager
9a11a8b33b FEATURE: Site setting for typographic quotation marks
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
romanrizzi
f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Roman Rizzi
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Gerhard Schlager
f2dc59d61f FEATURE: Add hidden setting to include S3 uploads in backups 2019-07-09 14:04:16 +02:00
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Gerhard Schlager
b26c76e749 FEATURE: Add locale defaults for Unicode username whitelist 2019-06-07 14:39:00 +02:00
Neil Lalonde
ecc9c76692
FEATURE: dynamically update the topic heat settings monthly (#7670)
The site settings beginning with "topic views heat" and "topic post like
heat" are set to defaults when installing Discourse, but there has not
been a process or guidance for updating these values based on
community activity.

This feature will update them once a month. The low, medium, and
high settings will be based on the minimums of the 45th, 25th, and
10th percentile topics respectively, so that 45% of topics will have
some "heat".

Disable automatic changes with the automatic_topic_heat_values setting.
2019-06-04 10:34:07 -04:00
Dan Ungureanu
c1e7a1b292 UX: Merge settings related to muted tags. (#7656) 2019-06-03 12:23:23 +10:00
Jeff Atwood
4dedc23817 increase anon_polling_interval to 30s 2019-05-31 17:05:22 -07:00
Sam Saffron
3b8819f0ab FEATURE: add support for defer topic functionality
This feature allows end users to "defer" topics by marking them unread

The functionality is default disabled. This also introduces the new site
setting default_other_enable_defer: to enable this by default on new user
accounts.
2019-05-31 15:44:35 +10:00
Dan Ungureanu
8728850452 FEATURE: Mute topics tagged with both muted and unmuted tags. 2019-05-30 07:58:17 +08:00
Sam Saffron
6580025af9 FEATURE: add backup directory for mmdb files
This new `DISCOURSE_MAXMIND_BACKUP_PATH` can be used a secondary location
for maxmind db. That way a build machine, for example can cache it on the
host and reuse between builds.

Also per 5bfeef77 added proper error raising for download fails from
dedicated rake task

This also moves "refresh_maxmind_db_during_precompile_days" to a global
setting, it did not make sense in a site setting
2019-05-27 16:51:24 +10:00
Robin Ward
1e72f44c01 Tweak the default sensitivities 2019-05-24 15:49:29 -04:00
Robin Ward
89b84651c3 Migrate score settings to use sensitivities
We hide scores so these settings no longer made sense.
2019-05-24 15:44:24 -04:00
Robin Ward
fad5d9c49b Use an Enum class for the Reviewable Priority Site Setting 2019-05-24 15:44:24 -04:00
Gerhard Schlager
b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Sam Saffron
dafc941a04 FEATURE: allow shadowing all s3 settings
Previously enable s3 uploads and s3 upload bucket were not shadowed.

This caused confusion when people were configuring stuff via env cause most
of s3 settings are shadowed.
2019-05-14 10:24:14 +10:00
David Taylor
2b28abdc21 FIX: Allow underscores in s3_upload_bucket setting
Underscores are not allowed in s3 bucket names, but they should be allowed in the subfolder name
2019-05-13 11:18:24 +01:00
Sam Saffron
4e1f25197d FEATURE: allow overriding download of maxmind db via env 2019-05-13 09:58:56 +10:00
Robin Ward
b380ed5282 FEATURE: Claim Reviewables by Topic
This is a feature that used to be present in discourse-assign but is
much easier to implement in core. It also allows a topic to be assigned
without it claiming for review and vice versa and allows it to work with
category group reviewers.
2019-05-09 13:40:36 -04:00
Robin Ward
b409dab77f Rename flags_default_topics to reviewable_default_topics
This functionality regressed with the reviewable update. I took the
opporunity to rename it when fixing it for clarity.
2019-05-08 10:07:10 -04:00
Penar Musaraj
5bfe051eb9 Mark discourse user-agent as non-crawler 2019-05-08 09:45:25 -04:00
Maja Komel
77af097ce0 FIX: add short description to title on client side 2019-05-08 15:03:33 +02:00
Robin Ward
5af7c90bab FEATURE: Hide Reviewable scores, change score filter to Priority
We found score hard to understand. It is still there behind the scenes
for sorting purposes, but it is no longer shown.

You can now filter by minimum priority (low, med, high) instead of
score.
2019-05-07 14:05:23 -04:00
Robin Ward
31e100530f FEATURE: Flag count in post menu
This change shows a notification number besides the flag icon in the
post menu if there is reviewable content associated with the post.
Additionally, if there is pending stuff to review, the icon has a red
background.

We have also removed the list of links below a post with the flag
status. A reviewer is meant to click the number beside the flag icon to
view the flags. As a consequence of losing those links, we've removed
the ability to undo or ignore flags below a post.
2019-05-06 16:13:31 -04:00
David Taylor
0e303c7f5d
FEATURE: Automatically generate optimized site metadata icons (#7372)
This change automatically resizes icons for various purposes. Admins can now upload `logo` and `logo_small`, and everything else will be auto-generated. Specific icons can still be uploaded separately if required.

## Core

- Adds an SiteIconManager module which manages automatic resizing and fallback

- Icons are looked up in the OptimizedImage table at runtime, and then cached in Redis. If the resized version is missing for some reason, then most icons will fall back to the original files. Some icons (e.g. PWA Manifest) will return `nil` (because an incorrectly sized icon is worse than a missing icon). 

- `SiteSetting.site_large_icon_url` will return the optimized version, including any fallback. `SiteSetting.large_icon` continues to return the upload object. This means that (almost) no changes are required in core/plugins to support this new system.

- Icons are resized whenever a relevant site setting is changed, and during post-deploy migrations

## Wizard

- Allows `requiresRefresh` wizard steps to reload data via AJAX instead of a full page reload

- Add placeholders to the **icons** step of the wizard, which automatically update from the "Square Logo"

- Various copy updates to support the changes

- Remove the "upload-time" resizing for `large_icon`. This is no longer required.

## Site Settings UX

- Move logo/icon settings under a new "Branding" tab

- Various copy changes to support the changes

- Adds placeholder support to the `image-uploader` component

- Automatically reloads site settings after saving. This allows setting placeholders to change based on changes to other settings

- Upload site settings will be assigned a placeholder if SiteIconManager `responds_to?` an icon of the same name

## Dashboard Warnings

- Remove PWA icon and PWA title warnings. Both are now handled automatically.

## Bonus

- Updated the sketch logos to use @awesomerobot's new high-res designs
2019-05-01 14:44:45 +01:00
Robin Ward
404b35bd04 FEATURE: Category Reviewable by Group
Allow a group to review content in a particular category.
2019-04-30 15:23:06 -04:00
Sam Saffron
5d96c5cb84 FIX: set upper limit on clean up invalid users (10 years)
Note... this setting is quite new so I am not adding a migration here to
clean up history. Instead next time users save the setting it will complain.

Also explicitly call out that the value 0 is special and used to disable
the job.
2019-04-29 14:51:15 +10:00
Gerhard Schlager
a7bc1ecbae FEATURE: Add support for Unicode usernames and group names
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-04-23 13:00:27 +02:00
Dan Ungureanu
57d1dea8a2
FEATURE: Let staff add custom post notices. (#7377) 2019-04-19 17:53:58 +03:00
Sam Saffron
7068b58e85 PERF: flush topic timings less frequently
This is a first step of a performance optimisation, more will follow

Previously we did not properly account for previously read topics while
"rushing" marking times on posts.

The new mechanism now avoids "rushing" sending timings to server if all
the posts were read.

Also to alleviate some server load we only "ping" the server with old timings
once a minute (it used to be every 20 seconds)
2019-04-18 17:31:08 +10:00
Penar Musaraj
7cd621778d FEATURE: Native app banner improvements
This commit adds some improvements to native app banners for iOS and Android

- iOS and Android now have separate settings for native app banners

- app banners will now only show for users on TL1 and up

- app ids are now in a hidden site setting to allow sites to switch to their own app, if desired

- iOS only: the site URL is passed to the app arguments
2019-04-17 12:25:13 -04:00
Sam Saffron
0c35b8b420 FEATURE: add suggested_topics_unread_max_days_old
This new site setting determines the maximum age of unread topics in
suggested. By default if you have any unread topics older than 90 days
they will be omitted from suggested.

This change was added for 2 reasons:

1. A performance safeguard, some users tend to collect a huge amount of
read state so it becomes super expensive to find unread

2. People who collect a large amount of unread are much more interested in
recent unread topics vs ancient unread topics, this makes suggested more
relevant

Also, this is a minor speed up for tests cause 3 expensive tests became 1.
2019-04-16 17:52:10 +10:00
Dan Ungureanu
e92cd5318b FEATURE: Add setting to strip whitespaces from incoming emails. (#7375)
Some email clients add leading whitespaces which get are transformed in
code blocks when processed.
2019-04-15 16:26:00 +10:00
David Taylor
24ef4f7b2b Remove support for disable_jump_reply user setting (#7359) 2019-04-12 09:03:06 +10:00
David Taylor
dc703adad7 FEATURE: Add user preference for title counter mode (#7364) 2019-04-12 09:02:18 +10:00
Tarek Khalil
442fb2facb FEATURE: Remove ignore feature SiteSetting and enable ignore by default (#7349) 2019-04-10 12:54:59 +02:00
Bianca Nenciu
4555d0c598 FEATURE: Refresh MaxmindDb during assets:precompile. (#7340) 2019-04-10 11:37:29 +02:00
Vinoth Kannan
914ada1c74 DEV: convert scheduled job EnsurePostUploadsExistence into a rake task 2019-04-09 02:07:35 +05:30
David Taylor
f524f8f811
Remove Yahoo login support from core and deprecate OpenID2.0 (#7310)
- Plugin developers using OpenID2.0 should migrate to OAuth2 or OIDC. OpenID2.0 APIs will be removed in v2.4.0

- For sites requiring Yahoo login, it can be implemented using the OpenID Connect plugin: https://meta.discourse.org/t/103632

For more information, see https://meta.discourse.org/t/113249
2019-04-08 10:38:25 +01:00
Vinoth Kannan
2c7a50860f DEV: disable missing post uploads check by default. 2019-04-05 02:29:10 +05:30
Robin Ward
6ebadaed2c FIX: Do not allow invite_only and enable_sso at the same time
This functionality was never supported but before the new review queue
it didn't have any errors. Now the combination of settings is prevented
and existing sites with sso enabled will be migrated to remove invite
only.
2019-04-02 10:26:27 -04:00
Penar Musaraj
fdf4145d4b
FEATURE: Delegated authentication via user api keys (#7272) 2019-04-01 13:18:53 -04:00
Robin Ward
b58867b6e9 FEATURE: New 'Reviewable' model to make reviewable items generic
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.

Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Guo Xiang Tan
ac661e856a
FEATURE: Allow categories to be prioritized/deprioritized in search. (#7209) 2019-03-25 10:59:55 +08:00
Rishabh
ad6ad3f679 DEV: Remove SiteSetting.s3_force_path_style (#7210)
- s3_force_path_style was added as a Minio specific url scheme but it has never been well supported in our code base.
- Our new migrate_to_s3 rake task does not work reliably with path style urls too
- Minio has also added support for virtual style requests i.e the same scheme as AWS S3/DO Spaces so we can rely on that instead of using path style requests.
- Add migration to drop s3_force_path_style from the site_settings table
2019-03-20 14:58:20 +01:00
Gerhard Schlager
3fd04df781
FEATURE: Locale support for seeded categories and topics (#7110) 2019-03-18 21:09:13 +01:00
Dan Ungureanu
976ea160e9
FEATURE: Post notices become old after 14 days. (#7197) 2019-03-18 18:20:49 +02:00
Bianca Nenciu
2347661a74 FEATURE: Clean up inactive users. (#7172) 2019-03-18 16:25:15 +01:00
Maja Komel
7e9afdace3 FEATURE: custom colors for default letter avatars (#7167) 2019-03-18 16:24:21 +01:00
Arpit Jalan
0c01cb2cf3 UX: add instructions to update email when sso_overrides_email is enabled 2019-03-18 16:52:40 +05:30
Dan Ungureanu
f974bf714e
FIX: Set default returning_users_days to 120. 2019-03-16 14:20:31 +02:00
Penar Musaraj
9334d2f4f7
FEATURE: add more granular user option levels for email notifications (#7143)
Migrates email user options to a new data structure, where `email_always`, `email_direct` and `email_private_messages` are replace by

* `email_messages_level`, with options: `always`, `only_when_away` and `never` (defaults to `always`)
* `email_level`, with options: `always`, `only_when_away` and `never` (defaults to `only_when_away`)
2019-03-15 10:55:11 -04:00
Bianca Nenciu
d352baa1a2
FEATURE: Enforce two-factor authentication. (#6348) 2019-03-15 13:09:37 +02:00
Tarek Khalil
bd6d31c9ec
FEATURE: Add IgnoredUsersSummary daily job (#7144)
* FEATURE: Add `IgnoredUsersSummary` daily job

## Why?

This is part of the [Ability to ignore a user feature](https://meta.discourse.org/t/ability-to-ignore-a-user/110254/8).

We want to:

1. Send an automatic group PM that goes out to moderators
2. When {x} users have Ignored the same user, threshold defined by a site setting, default of 5
3. Only send this message every X days which is defined by another site setting
2019-03-14 22:51:43 +00:00
Robin Ward
fa5a158683 REFACTOR: Move queue_jobs out of SiteSetting
It is not a setting, and only relevant in specs. The new API is:

```
Jobs.run_later!        # jobs will be thrown on the queue
Jobs.run_immediately!  # jobs will run right away, avoid the queue
```
2019-03-14 10:47:38 -04:00
Gerhard Schlager
c34a6ba674 REFACTOR: Rename site settings to make them less confusing 2019-03-14 13:40:14 +01:00
Bianca Nenciu
76a14c47ac FEATURE: Add site contact group. (#7152) 2019-03-13 11:34:47 +01:00
Guo Xiang Tan
b0c8fdd7da FIX: Properly support defaults for upload site settings. 2019-03-13 16:36:57 +08:00
Erick Guan
bd2edbb243 FIX: a temporary fix when CJK user tries to add a long title (#7045)
Discourse doesn't analyze the sentence components. So it counts the whole sentence as a word for CJK.

https://meta.discoursecn.org/t/topic/3033
2019-03-13 17:22:46 +11:00
Dan Ungureanu
7310ee3ef1 FEATURE: Add more control over post notices. (#7148) 2019-03-13 08:06:28 +11:00
Simon Cossar
e5e2fa4064 FEATURE: unhide the embed_whitelist_selector setting (#7137)
* Unhide embed_whitelist_selector Site Setting and move it to Posting section
* Add i18n key for the embed_whitelist_selector setting
2019-03-12 18:08:56 +01:00
Guo Xiang Tan
0663ee5df2 Revert "Revert changes in 7b601ff2f8dca3615fb72591070f5578d886b5d7."
This reverts commit 93a448bcf7.
2019-03-11 14:13:48 +08:00
Guo Xiang Tan
93a448bcf7 Revert changes in 7b601ff2f8.
The site setting names and global setting names are similar and that
prevents global settings from being configured via the ENV.
2019-03-11 13:52:20 +08:00
Tarek Khalil
4f72169e55 REFACTOR: Un-hide SiteSetting 2019-03-08 14:21:43 +00:00
Dan Ungureanu
35942f7c7c
FEATURE: Special call-out for new / returning posters. (#7115) 2019-03-08 10:48:35 +02:00
Jeff Atwood
fcfbdbc9c1 add BLEXbot to blacklisted crawlers 2019-03-05 17:38:12 -08:00
Tarek Khalil
190b19f3c2
FEATURE: Add ignored user list to the User's preference page (#7107)
* FEATURE: Add ignored user list to the User's preference page

## Why?

Part of: https://meta.discourse.org/t/ability-to-ignore-a-user/110254

We want to add list of Ignored users under or along with the muted users preferences section.
This way Users can find and update their list of ignored users.

## UI


![gif](https://user-images.githubusercontent.com/45508821/53746179-8e9b3c00-3e98-11e9-9e90-94b8520896a6.gif)

## Open questions

Two of many options to represent a list of ignored users is that we can:

1. We can represent the ignored user list as a table with the ability to `un-ignore` but NOT to add new ignored users.
2. We can keep it functioning as the `muted user list` where you can `un-ignore` or `ignore` users.
2019-03-05 14:47:51 +00:00
Tarek Khalil
986cc8a0fb FEATURE: Introduce Ignore user (#7072) 2019-02-27 14:49:07 +01:00
David Taylor
f04471e422 REFACTOR: Proxy letter avatars in rails instead of nginx
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>

This gives more control over the request. In particular we can easily
lookup DNS dynamically, instead of only upon NGINX startup.
Previously, NGINX was looking up IP for the letter avatar service and
caching the CDN IP address, this caused issues if CDN changed IP, in
which letter avatars would be broken till a container restarted.

NGINX config has been updated to add caching. This change will require
a container rebuild.

The proxy will now function in development environments, so the patch
for `letter_avatar_proxy` has been removed.
2019-02-18 08:46:56 +11:00
Sam
ba2fb2024f FEATURE: by default exclude thumbnails from backups
This makes backups slimmer out of the box but introduces extra process post
restore to run a full rebake of all posts containing uploads and all avatars

The benefit (slimmer backup) outweighs the cost of running the full rebake
2019-02-14 12:20:55 +11:00
Gerhard Schlager
b087719340 FEATURE: Setting for excluding optimized images from backups 2019-02-13 11:10:51 +01:00
Gerhard Schlager
9eb7dea0f1 FEATURE: Setting for compression level of upload in backups 2019-02-12 15:50:31 +01:00
Gerhard Schlager
cbedb6a1ac FEATURE: Hidden site setting to always include topic excerpt 2019-02-07 22:45:21 +01:00
Gerhard Schlager
ba724d7f25 FIX: S3 endpoint broke bucket creation in non-default region 2019-02-05 18:17:02 +01:00
Vinoth Kannan
3119e88efe Allow 'enable_s3_inventory' site setting to be shadowed. 2019-02-01 14:33:06 +05:30
Vinoth Kannan
b4f713ca52
FEATURE: Use amazon s3 inventory to manage upload stats (#6867) 2019-02-01 10:10:48 +05:30
Jeff Atwood
eb9377afd4 FEATURE: default block ahrefsbot crawler 2019-01-23 00:38:16 -08:00
Jeff Atwood
658cc4d0d0 FEATURE: default block semrushbot crawler 2019-01-23 00:25:01 -08:00
Penar Musaraj
3501533a2b DEV: unpin Prettier version, apply to YAML files
We had Prettier pinned because of https://github.com/prettier/prettier/issues/5529. Since that bug is fixed, unpinning.

Prettier now supports YAML, so this applies Prettier to all .yml except for translations, which should not be edited directly anyway.
2019-01-17 13:05:39 -05:00
Kris
675bf94133 UX: Bump up base font size 1px, add smaller text size option 2019-01-17 10:30:34 -05:00
Guo Xiang Tan
c30f78793a Lower default for SiteSetting.likes_notification_consolidation_threshold. 2019-01-16 17:56:02 +08:00
Guo Xiang Tan
e7b49c42c4 FIX: Allow liked notifications consolidation to be disabled. 2019-01-16 16:17:04 +08:00
Guo Xiang Tan
ebe65577ed
FEATURE: Consolidate likes notifications. (#6879) 2019-01-16 10:40:16 +08:00
Penar Musaraj
1c1fd2051f
FEATURE: enable CSP by default on new sites (#6873)
- adds migration to enable CSP for new sites
- removes "EXPERIMENTAL" labels from setting names
- sets CSP violation report to default off
- adds CSP-related note to GTM setting
2019-01-15 08:58:46 -05:00
David Taylor
1ebd3dbbd0
FEATURE: Allow the base font size to be changed on a per-user basis (#6859) 2019-01-14 13:21:46 +00:00
Zach Whitehead
2748822576 FEATURE: Remove option for Google Plus sharing (#6864)
* Remove option for Google Plus sharing

* remove google+ share translations
2019-01-09 10:17:50 +08:00
Rafael dos Santos Silva
f73fe36772 FEATURE: PWA compatibility checks in the Dashboard (#6850) 2019-01-09 08:46:11 +08:00
Sam
70269c7c97 FEATURE: tighter limits on per cluster post rebakes
We have the periodical job that regularly will rebake old posts. This is
used to trickle in update to cooked markdown. The problem is that each rebake
can issue multiple background jobs (post process and pull hotlinked images)

Previously we had no per-cluster limit so cluster running 100s of sites could
flood the sidekiq queue with rebake related jobs.

New system introduces a hard limit of 300 rebakes per 15 minutes across a
cluster to ensure the sidekiq job is not dominated by this.

We also reduced `rebake_old_posts_count` to 80, which is a safer default.
2019-01-04 09:24:46 +11:00
Joffrey JAFFEUX
0402f0f357
UX: new site setting to define activity metrics displayed on dashboard 2018-12-26 10:29:07 +01:00
Neil Lalonde
a1db15fead FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-12 15:32:38 -05:00
Bianca Nenciu
7cac04e1a8 * FEATURE: Adds site setting to let quotes on direct replies.
* DEV: Added test.
* FIX: Do not bump topic when removing full quotes.
2018-12-12 15:42:53 +01:00
Maja Komel
dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
Jay Pfaffman
cf2e86c763 FEAT: make s3_force_path_style shadowed_by_global
Without this it's impossible to enable S3 backups to Minio (and Digital Ocean Spaces?) using only ENV variables in config.

@tgxworld 

https://meta.discourse.org/t/can-we-make-s3-force-path-style-be-shadowed-by-global/103571
2018-12-07 10:59:15 +11:00
Bianca Nenciu
e9bbdef156 FEATURE: Add support for inline emoji translation. 2018-12-05 21:58:55 +01:00
Gerhard Schlager
e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Gerhard Schlager
a3f8ef89a6 FIX: Setting DISCOURSE_S3_REGION env variable had no effect 2018-11-21 23:15:28 +01:00
Kyle E. Mitchell
15e793fd3b FEATURE: Terms of Service v1.0.0
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Régis Hanol
5852fe7975 FIX: change 'max_consecutive_replies' default to 3 2018-11-14 22:58:05 +01:00
Bianca Nenciu
b6576d9473 FEATURE: Add new setting to force user edit last post. (#6571) 2018-11-14 15:48:16 +01:00
Bianca Nenciu
fce0a0ccc8 FEATURE: Compute distance between logins to generate login alerts. (#6562) 2018-11-14 13:26:47 +01:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Régis Hanol
0bf52d422c FEATURE: new 'simultaneous_uploads' site setting 2018-10-31 10:58:09 +01:00
Rafael dos Santos Silva
2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
David Taylor
37b7afa522 FIX: Sanitize tags before creation 2018-10-22 10:53:42 +01:00
Kyle Zhao
dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
David Taylor
0dd717e641 Revert "FIX: Sanitize tags before creation"
This reverts commit 18ae8de9e5.
2018-10-19 15:49:05 +01:00
David Taylor
18ae8de9e5 FIX: Sanitize tags before creation 2018-10-19 15:43:31 +01:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Maja Komel
c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Neil Lalonde
12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
David Taylor
9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Rafael dos Santos Silva
b8d3fbd08b FEATURE: Enable the notification prompt by default 2018-10-03 19:58:24 -03:00
Sam
0e10b47618 UX: make responsive_post_image_sizes a visible site setting
This is useful for sites that want to cut bandwidth by decreasing
fidelity of thumbnails.
2018-10-03 15:06:37 +10:00
Sam
ad0e768742 FEATURE: add support for responsive images in posts
When creating lightboxes we will attempt to create 1.5x and 2x thumbnails
for retina screens, this can be controlled with a new hidden site setting
called responsice_post_image_sizes, if you wish to create 3x images run

SiteSetting.responsive_post_image_sizes = "1|1.5|2|3"


The default should be good for most of the setups as it balances filesize
with quality. 3x thumbs can get big.
2018-10-03 13:44:53 +10:00
Sam
a6f0436a29 FEATURE: change default to enable login by email out-of-the-box 2018-10-03 10:16:52 +10:00
Bianca Nenciu
e0d7cdac12 UX: Improve error messages for minimum and maximum username lengths. 2018-10-02 13:10:20 +08:00
Arpit Jalan
dc960e1a82 Make enable_mobile_theme a hidden setting
https://meta.discourse.org/t/default-mobile-view-formatting-error/98063/3
2018-09-29 10:33:17 +08:00
Guo Xiang Tan
d4bd04c3a7 Allow purge_deleted_uploads_grace_period_days to be shadowed. 2018-09-19 17:49:00 +08:00
Régis Hanol
4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Rishabh
4f46aa1ba3 FEATURE: Add SiteSetting for s3_configure_tombstone_policy
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-17 10:57:50 +10:00
Bianca Nenciu
aca195e4a7 Remove unused site setting. (#6398) 2018-09-14 07:49:32 +00:00
Gerhard Schlager
e847bb33d5 Better default settings for Japanese 2018-09-11 11:58:36 +02:00
Arpit Jalan
51edb19aa9 FIX: pop3 polling password and mailgun API key should be secret 2018-09-11 06:40:33 +05:30
Sam
6e3f249aea Disable auth token logging
We have a work in progress feature that required the logging,
This feature is not going to be shipped for a while so disabling this
for now.
2018-09-04 17:05:17 +10:00
Jeff Atwood
690908993f reduce default post deletions per day 2018-08-31 13:27:25 -07:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Jay Pfaffman
7b601ff2f8
Add shadows to enable S3 backups to Digital Ocean
With these changes, backups to Digital Ocean spaces can be configured with the following variables:

  DISCOURSE_S3_ACCESS_KEY_ID: 'XXX'
  DISCOURSE_S3_SECRET_ACCESS_KEY: 'YYY'
  DISCOURSE_S3_UPLOAD_BUCKET: 'backups-bucket'
  DISCOURSE_S3_ENDPOINT: 'https://nyc3.digitaloceanspaces.com'
  DISCOURSE_ENABLE_S3_BACKUPS: true
2018-08-29 12:33:05 -07:00
Joffrey JAFFEUX
bf9b7f1f25
UX: reserved_usernames should be a compact list (#6330) 2018-08-29 12:12:35 +02:00
Sam
740308675b FEATURE: erode bounce score every time an email is sent
Introduces a hidden setting (default is 0.1) that erodes bounce score
every time we send an email. This means that erratic failures are less
painful cause system auto corrects
2018-08-28 17:02:12 +10:00
Sam
4205c528d0 FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages
These site settings are very hard to explain and only applicable for very
specific Discourse setups.

If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".

The setting allows you to extend this to TL4 or any trust level.

Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
2018-08-27 11:38:22 +10:00
Kris
faf09bb8c8 Replacing default brown category color 2018-08-24 14:18:14 -04:00
Guo Xiang Tan
36a7028f19 FEATURE: Clean up PostReplyKey records.
* Default retention of 90 days.
2018-08-23 10:40:02 +08:00
Jeff Atwood
8da2d8df3d reduce default post deletions per day 2018-08-22 15:22:28 -07:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Joffrey JAFFEUX
47bed23a5f
FIX: set existing lists to compact when appropriate (#6234) 2018-08-03 18:27:57 -04:00
Joffrey JAFFEUX
066010db7d
FEATURE: introduces list/compact_list components 2018-08-03 16:41:37 -04:00
Sam
b76d17881b FEATURE: bump default max size of uploads from 3072K to 4096K 2018-08-02 15:06:30 +10:00
Régis Hanol
474a01f338
Support new mailgun's API key format 2018-08-01 19:04:49 +02:00
Vinoth Kannan
b89906e194 Enable rich text pasting by default 2018-08-01 16:36:16 +05:30
Arpit Jalan
afe3b00c0f FIX: use hidden setting for max export file size 2018-07-31 11:25:28 +05:30
Vinoth Kannan
ece3cb73df Rename humburger_menu_categories_count site setting to header_dropdown_category_count 2018-07-31 09:12:30 +05:30
Vinoth Kannan
78d91b1daf
UX: Changes in top categories of hamburger menu (#6200) 2018-07-30 14:13:00 +05:30
Arpit Jalan
fc3b904e1f remove "track external right clicks" feature 2018-07-29 15:01:33 +05:30
Dan Ungureanu
f540020d1d Add different trigger for the emoji popup of French users. (#6140) 2018-07-25 16:39:06 +10:00
Vinoth Kannan
f8e9190617 FEATURE: Retry web hook when it is failed 2018-07-23 10:12:04 +08:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Rishabh
a6c589d882 FEATURE: Add custom S3 Endpoint and DigitalOcean Spaces/Minio support for Backups (#6045)
- Add custom S3 Endpoints and DigitalOcean Spaces support
- Add Minio support using 'force_path_style' option and fix uploads to custom endpoint
2018-07-16 14:44:55 +10:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Sam
4f41ccd975 FEATURE: MauiBot is abusive and is now blocked
We have now seen multiple forums where MauiBot uses a large amount of
traffic, due to this bad behavior it is blocked out-of-the-box
2018-07-06 16:46:33 +10:00
Neil Lalonde
eabc8f7fbd
Merge pull request #6023 from misaka4e21/only-staff-can-create-tag
FEATURE: Support disabling tag creation for non-staff users.
2018-07-05 11:12:44 -04:00
Patrick Gansterer
28dd7fb562 FEATURE: Create hidden posts for received spam emails (#6010)
* Add possibility to add hidden posts with PostCreator

* FEATURE: Create hidden posts for received spam emails

Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
2018-07-05 11:07:46 +02:00
Guo Xiang Tan
b59c17d484 Update title site setting defaults for ja locale.
https://meta.discourse.org/t/updating-title-when-using-japanese-characters-does-not-work/88718/7
2018-06-28 23:23:00 +08:00
Arpit Jalan
a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
misaka4e21
47cb46671a FEATURE: Support disabling tag creation for non-staff users. 2018-06-27 07:15:02 +08:00
Ernesto Serrano
f57375a5ce Update site_settings.yml 2018-06-25 16:18:07 +10:00
Jeff Wong
41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Sam
f66efc601d FIX: cubot android devices were detected as crawlers 2018-06-21 10:56:46 +10:00
Sam
591512fcb8 adjust defaults for search log retention 2018-06-20 10:46:07 +10:00
riking
38a8e52ca4 FIX: Add time retention limit to search logs
3 years is a very conservative limit that allows for a very wide buffer
for year-over-year analysis. The max is set to 5 years because that is
the policy listed for logging in hosted Discourse.
2018-06-20 10:44:11 +10:00
Robin Ward
fd54c92a52 FEATURE: New site setting, whitelisted_link_domains
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
2018-06-13 16:11:22 -04:00
Arpit Jalan
f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Arpit Jalan
d069f4ecba Revert "Revert "allow codepen iframe by default""
This reverts commit 174bf98572.
2018-06-06 06:48:08 +05:30
Régis Hanol
dc61eaad37 FEATURE: new 'min ratio to crop' site setting 2018-06-05 17:13:00 +02:00
Arpit Jalan
174bf98572 Revert "allow codepen iframe by default"
This reverts commit dc00089ab2.
2018-06-05 18:21:21 +05:30
Arpit Jalan
dc00089ab2 allow codepen iframe by default 2018-06-05 18:17:23 +05:30
Arpit Jalan
46fc57222f FEATURE: improve handling of site setting secrets 2018-06-04 21:31:34 +05:30
Sam
c677877e4f FIX: Korean needs no word segmentation 2018-05-28 09:37:57 +10:00
Neil Lalonde
30fbf6fe81 Add min and max to digest topic and post settings. Email clients may truncate messages that are too long. 2018-05-24 14:39:28 -04:00
Joffrey JAFFEUX
ba0cec2091
UX: minor fixes to new dashboard UI
- adds a link to search log
- display a text if log search queries is disabled
- adds link to trust level and user types
- adds a description for eeach report when browsing a report directly
2018-05-14 14:23:51 +02:00
Guo Xiang Tan
186623acd0 FEATURE: Keep EmailLogs records without a reply_key for 90 days by default. 2018-05-10 15:33:49 +08:00
Arpit Jalan
83245aa508 FIX: better handling of invite links after they are redeemed
FIX: deprecate invite_passthrough_hours setting
2018-05-08 20:17:57 +05:30
Robin Ward
8262fc5d15
Merge pull request #5807 from discourse/min-flags-by-topic
FEATURE: New site setting `min_flags_staff_visibility`
2018-05-08 09:17:29 -04:00
Robin Ward
ac60a84329 FEATURE: New site setting min_flags_staff_visibility
When set higher than 1, flags won't show up for staff in the admin
section unless the minimum threshold of flags on a post is reached.
2018-05-07 16:05:13 -04:00
Misaka 0x4e21
ff6be3c2e3 FEATURE: add profile_background fields into SSO (#5701)
Add profile_background and card_background fields into Discourse SSO.
2018-05-07 10:03:26 +02:00
Jeff Wong
91b31860a1
Feature: Push notifications for Android (#5792)
* Feature: Push notifications for Android

Notification config for desktop and mobile are merged.

Desktop notifications stay as they are for desktop views.

If mobile mode, push notifications are enabled.

Added push notification subscriptions in their own table, rather than through
custom fields.

Notification banner prompts appear for both mobile and desktop when enabled.
2018-05-04 15:31:48 -07:00
Sam
88f5251415 FIX: disallow invalid top_menu and post_menu and share_links
In the past any text could be entered there causing big potential issues
2018-04-26 17:00:56 +10:00
Sam
c7a0ced656 FIX: remove facebook_request_extra_profile_details
Since this no longer works
2018-04-26 14:14:35 +10:00
Robin Ward
fd14ee4797 FEATURE: Allow safe mode to be disabled 2018-04-24 11:03:33 -04:00
Neil Lalonde
70f2c5d3fd FEATURE: move staff tags setting to tag group settings 2018-04-20 15:34:23 -04:00
Arpit Jalan
91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Guo Xiang Tan
28fbee04df Allow auto close site settings to be shadowed by global. 2018-04-17 14:23:44 +08:00
Sam
6179c0ce51 FEATURE: bingbot heavily throttled till it plays nice 2018-04-13 14:24:22 +10:00
Sam
afaeb20f27 FEATURE: Add option to have sso synchronize group membership
In some cases add_groups and remove_groups is too much work, some sites
may wish to simply synchronize group membership based on a list.

When sso_overrides_groups is on all not automatic group membership is
sourced from SSO. Note if you omit to specify groups, they will be cleared
out.
2018-04-10 13:17:23 +10:00
jose-hms
b87205831b FEATURE: Staged user moderation (#5721) 2018-04-06 11:41:25 +02:00
Sam
cf19982fca ban bingbot 2018-04-06 15:40:03 +10:00
Sam
3a7b696703 FEATURE: allow for setting crawl delay per user agent
Also moved to default crawl delay bing so no more than a req every 5 seconds is allowed

New site settings:

"slow_down_crawler_user_agents" - list of crawlers that will be slowed down
"slow_down_crawler_rate" - how many seconds to wait between requests

Not enforced server side yet
2018-04-06 10:15:23 +10:00
Sam
91a4fee03d FEATURE: block bing from crawling all discourse sites
bing is crawling our properties 10x faster than any other crawler,
until default behavior is improved we are blocking it out-of-the-box

You may enable it by setting the blacklist back to empty
2018-04-05 16:03:02 +10:00
Arpit Jalan
03725c7c8a FIX: add reserved usernames for ‘/u/’ static routes 2018-03-28 11:15:38 +05:30
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
2018-03-20 17:15:26 -04:00
Arpit Jalan
12706c4b29 FEATURE: support markdown rendering for embedded posts 2018-03-11 08:00:48 +05:30
Sam
5b6e49ae1d FEATURE: split out max diff to 2 settings
We trust staff + tl2 and up to perform edits in grace period.
Allow them significantly more edit room in grace period prior to storing
a revision.

editing_grace_period_max_diff_high_trust applies to users with tl2 and up.

So

tl0 / 1 : we store an extra revision if more than 100 chars change
tl2 and up : we store an extra revision if more than 400 chars change

We may tweak these numbers as we go.
2018-03-09 11:58:50 +11:00
Jeff Atwood
4132c37add increase grace period max diff to 100 chars 2018-03-07 01:45:48 -08:00
Sam
e162cd16b6 FEATURE: editing_grace_period_max_diff to force revisions in grace period
If a user performs a substantive edit of 20 chars or more during grace period
we will store a revision to track the change

This allows for better auditing of changes that happen during the grace period
2018-03-07 18:34:34 +11:00
Robin Ward
0f66a99eb2 Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00
Régis Hanol
6a78669ca3 FIX: 'reply by email addresses' site settings should allow email addresses without a 'reply_key' when 'find related post with key' is disabled 2018-03-02 17:53:18 +01:00
Neil Lalonde
3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Guo Xiang Tan
66062ed6d9 Add missing default choice for SiteSetting.google_oauth2_prompt. 2018-02-23 11:23:08 +08:00
Robin Ward
9b704b21b5 Don't include client when false 2018-02-22 21:22:09 -05:00
Robin Ward
69af881f7f New site setting trusted_users_can_edit_others
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
2018-02-22 20:39:24 -05:00
Guo Xiang Tan
24d0a7a4c7 Take 2 on f74d6bb605.
New options are left out by default when not configured so that an
incorrect default configuration doesn't blow up google oauth for
everyone.
2018-02-23 07:53:01 +08:00
Vinoth Kannan
84867c1c07 Rename site setting to allow_staff_to_tag_pms from allow_staff_to_tag_in_pm 2018-02-22 06:48:34 +05:30
Vinoth Kannan
2b509eaa91
Merge branch 'master' into pm-tags 2018-02-21 23:55:59 +05:30
Vinoth Kannan
84ce1acfef FEATURE: Allow staffs to tag PMs 2018-02-21 20:11:46 +05:30
Gerhard Schlager
210939de68 FEATURE: Use HTML instead of text for incoming emails by default 2018-02-21 11:14:36 +01:00
Robin Ward
3ea272f4f1 New setting: minimum trust level to embed images in a post 2018-02-20 20:00:06 -05:00
Arpit Jalan
c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
OsamaSayegh
f3815cd785 FEATURE: New site setting for additional allowed filetypes for staff (#5364)
* FEATURE: New site setting for additional allowed filetypes for staff

* Problematic variable name

* feedback

* small issues

* fix indentation

* failing tests

* Remove message bus and fix minor issues

* Missed this message bus
2018-02-19 10:44:24 +01:00
Leo McArdle
5d9d0fcb4f FEATURE: add setting which adds group name to PM email subject (#5475) 2018-02-19 10:20:17 +01:00
Sam
7af9ed6674 FEATURE: add goanna rendering engine to non crawler list
Goanna the fork of Gecko which is used by Pale Moon browser is not a crawler.
2018-02-16 06:30:47 +11:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward
4dfe659189 Rename allow staff flags to allow flagging staff 2018-02-12 15:27:26 -05:00
Robin Ward
6287631745 FEATURE: New site setting, allow staff flags, false by default
For some large communities, it makes sense to disable flagging of
staff posts.
2018-02-12 14:56:21 -05:00
Robin Ward
1bab15c757 FEATURE: A site setting for a minimum TL to post links 2018-02-06 18:07:58 -05:00
Robin Ward
b2b6dc68a6 FEATURE: a setting to customize the minimum TL to flag a post 2018-02-06 17:12:27 -05:00
Kane York
cd19d546a8
Update default linkify TLDs to top 15
Also kept gov, but moved it to the end because it was in the previous version.
2018-02-02 17:45:42 -08:00
Joshua Rosenfeld
e262939590
Add .org to default linkified TLDs 2018-02-02 16:31:40 -05:00
Robin Ward
96710754d9
Merge pull request #5540 from discourse/mixed-text-direction-support
FEATURE: Mixed text direction support
2018-02-01 07:29:15 -08:00
Arpit Jalan
f88b8a8945 rename 'default_email_private_messages' to 'default_email_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
6be536ca50 rename 'max_private_messages_per_day' to 'max_personal_messages_per_day' 2018-02-01 13:25:29 +05:30
Arpit Jalan
7cda3a37af rename 'private_email_time_window_seconds' to 'personal_email_time_window_seconds' 2018-02-01 13:25:29 +05:30
Arpit Jalan
7e48c47d37 rename 'enable_private_email_messages' to 'enable_personal_email_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
25ec077eca rename 'min_private_message_{post/title}_length' to 'min_personal_message_{post/title}_length' 2018-02-01 13:25:29 +05:30
Sam
ee0d3f15c1 FEATURE: allow better fidelity for auto linkify, disable most tlds based linkify
New site settings:

enable_markdown_linkify: which is default on, auto links https:// and http:// and mail://

markdown_linkify_tlds: which allows control of what tlds get autolinked for cases such as www.site.com, default is com|net|gov
2018-02-01 13:22:38 +11:00
Arpit Jalan
1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
scossar
caa38aaaad Add support for mixed text directions 2018-01-28 18:33:55 -08:00
Robin Ward
44e2038b53 Setting to automatically lock posts when edited by staff 2018-01-26 14:01:30 -05:00
Sam
95ac1655bc revert settings 2018-01-24 13:21:23 +11:00
Sam
3492a91056 FEATURE: allow site operators to disable emoji shortcuts 2018-01-24 12:21:44 +11:00
Sam
7ba06de0d6 FEATURE: disable service worker for all browsers except for android
Service worker is still quite experimental, only enable on android
where it provides many benefits
2018-01-24 12:03:08 +11:00
Robin Ward
782d75069e FIX: UX improvements for system messages when PMs are disabled 2018-01-23 13:12:11 -05:00
Arpit Jalan
1208254961 FIX: validate presence of 'top menu' setting 2018-01-17 01:43:53 +05:30
Sam
7b562d2f46 FEATURE: much improved and simplified crawler detection
- phase one does it match 'trident|webkit|gecko|chrome|safari|msie|opera'
    yes- well it is possibly a browser

- phase two does it match 'rss|bot|spider|crawler|facebook|archive|wayback|ping|monitor'
    probably a crawler then

Based off: https://gist.github.com/SamSaffron/6cfad7ea3e6df321ffb7a84f93720a53
2018-01-16 15:41:45 +11:00
Neil Lalonde
4d50feb6bd FEATURE: add setting to display tags by tag groups 2018-01-12 11:03:02 -05:00
Neil Lalonde
edb3a7f646 FIX: support for watched_words_regular_expressions when censoring words 2018-01-10 14:11:23 -05:00
Régis Hanol
e3f8182125 FIX: Google Calendar oneboxes weren't working 2018-01-07 19:15:11 +01:00
Arpit Jalan
6ce422feab FIX: respect 'topic page title includes category' client side 2017-12-30 09:06:02 +05:30
Arpit Jalan
0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Robin Ward
69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Sam
f18dda2adc FEATURE: full rebake of all old posts
This limits to 100 post per 15 minutes, so it will take a while.

This will pick up CommonMark and a large amount of onebox fixes.
2017-12-15 10:28:25 +11:00
Gerhard Schlager
76e8a28420 Ignore winmail.dat in incoming emails 2017-12-13 22:03:31 +01:00
Arpit Jalan
6acf0693a5 make crawler_user_agents a hidden setting 2017-12-11 11:10:15 +05:30
Sam
68d3c2c74f FEATURE: add global rate limiter for admin api 60 per minute
Also move configuration of admin and user api rate limiting into global
settings. This is not intended to be configurable per site
2017-12-11 11:07:22 +11:00
Vinoth Kannan
b9c0488687 New site setting to enable or disable rich text pasting 2017-12-08 14:09:39 +05:30
Joffrey JAFFEUX
fd99e1ef56 FEATURE: site setting enable_mentions to turn on/off mentions 2017-12-07 16:27:58 -05:00
Arpit Jalan
5003f07b2c FEATURE: new site setting show_inactive_accounts 2017-12-07 19:22:41 +05:30
Guo Xiang Tan
4531563717 Hide new advanced editor and preview sync behind a hidden site settings. 2017-12-06 12:34:58 +08:00
Robin Ward
77f90876d3 REFACTOR: Track manual locked user levels separately from groups 2017-11-27 11:23:44 -05:00
Robin Ward
ad07e6e172 FEATURE: group_removes_trust_level setting
By default in Discourse, if a group grants a user a particular trust
level that is locked even if they are removed from the group.

With this new setting, when a user is removed from a group their
trust level is set to either the next highest trust level based on group
membership, or they are unlocked and promoted based on the default
mechanisms.
2017-11-23 13:03:24 -05:00
Robin Ward
8d98752b57 Allow sites to bootstrap the error page.
This will display working dropdowns and such even if the page is a 404.
2017-11-21 16:13:09 -05:00
Robin Ward
1f14350220 Rename "Blocked" to "Silenced" 2017-11-10 14:10:27 -05:00
Guo Xiang Tan
6090994cdf FEATURE: Retain the latest 30 days of WebHookEvent records by default. 2017-11-08 14:11:01 +08:00
Sam
56412adad5 FEATURE: custom setting for large square site icon
This icon is used for android splash screen
2017-11-03 16:19:31 +11:00
Neil Lalonde
7dc3671490 FEATURE: remove obsolete settings ga_tracking_code and ga_domain_name. Use ga_universal_tracking_code and ga_universal_domain_name instead. 2017-11-01 11:41:51 -04:00
Gordon Mohr
da72ecc3fc add alt 'archive.org_bot' user-agent (#5273)
add `archive.org_bot' – another user-agent used by Internet Archive when crawling for Wayback Machine
2017-10-29 10:30:29 +01:00
Neil Lalonde
bbf48d395e FIX: set minimum values for topic title length settings 2017-10-27 14:08:37 -04:00
Guo Xiang Tan
90d6677d97 EXPERIMENTAL: Allow lograge to be selected as the logging library. 2017-10-27 17:54:45 +08:00
Robin Ward
e9159e49f3 FEATURE: Site Setting to determine whether flags defaults to topics 2017-10-20 12:37:20 -04:00
Neil Lalonde
1faae3c765 rename forgot_password_strict to hide_email_address_taken 2017-10-03 15:28:31 -04:00
Sam
8f7062bd7b FEATURE: reduce API key permission to TL0 2017-10-02 10:59:55 +11:00
Sam
f6fdc1ebe8 FEATURE: flexible crawler detection
You can use the crawler user agents site setting to amend what user agents
are considered crawlers based on a string match in the user agent

Also improves performance of crawler detection slightly
2017-09-29 12:31:50 +10:00
Robin Ward
41c3941c4c FEATURE: Support regular expressions for watched words 2017-09-27 15:48:57 -04:00
Robin Ward
561fa7d0cd FEATURE: Site Setting to hide suspension reason on the public profile 2017-09-25 12:25:14 -04:00
Régis Hanol
8ed318c4fe display 'similar to' earlier when composing a post 2017-09-16 01:03:29 +02:00
Neil Lalonde
16fe7aa307 FEATURE: automatically handle flags and posts that have been waiting in a queue for a long time. Flags will be deferred. Posts waiting for approval will be rejected. Control how old the records need to be with the auto_handle_queued_age site setting. 2017-09-14 12:01:06 -04:00
Sam Saffron
e283e6aea0 FEATURE: allowed_iframes site setting for allowing iframes
This allows you to whitelist custom iframes if needed in posts
2017-09-01 10:15:44 -04:00
Bianca Nenciu
bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Erick Guan
1646bc0031 FIX: fails loud if default setting is not set
Noted:
- `push_api_secret_key` is set in initializer. Shimed with ''
- `default_theme_key` is set in seeding. Shimed with ''
2017-08-15 12:07:25 +02:00
Robin Ward
6ecb7cdff4 UX: Support for none style of category badge 2017-08-07 12:49:19 -04:00
Guo Xiang Tan
3f24ed2b3e Can't revert due to incompatibility of new site setting types.
Revert "Revert "FEATURE: Site settings defaults per locale""

This reverts commit 439fe8ba24.
2017-08-07 10:43:09 +09:00
Guo Xiang Tan
439fe8ba24 Revert "FEATURE: Site settings defaults per locale"
This reverts commit 468a8fcd20.
2017-08-07 10:31:50 +09:00
Robin Ward
a3ef814245 UX: Show proper HTML for category preview in site settings 2017-08-04 13:56:27 -04:00
Neil Lalonde
d1576298ef add shadowed_by_global to allow_restore 2017-08-03 15:10:11 -04:00
Sam
f6bc572fb8 FEATURE: option to enable inline oneboxes for all domains
Also, change to prefer title over open graph which is often way too sparse
2017-08-02 14:27:31 -04:00
Erick Guan
468a8fcd20 FEATURE: Site settings defaults per locale
This change-set allows setting different defaults for different locales. 

It also:

- Adds extensive testing around site setting validation

- raises deprecation error if site setting has the default property based on env

- relocated site settings for dev and tests in the initializer

- deprecated client_setting in the site setting's loading process

- ensure it raises when a enum site setting being set

- default_locale is promoted to `required` category.

- fixes incorrect default setting and validation

- fixes ensure type check for site settings

- creates a benchmark for site setting

- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
Régis Hanol
88ba052446 secure default for the 'find_related_post_with_key' site setting 2017-08-01 00:03:04 +02:00
Neil Lalonde
24cb950432 FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block 2017-07-26 11:01:09 -04:00
Régis Hanol
c7c93e7159 FEATURE: new 'strip image metadata' site setting 2017-07-25 11:48:39 +02:00
Robin Ward
2f8f2aa1dd FEATURE: Whitelists for inline oneboxing 2017-07-21 15:41:47 -04:00
Sam Saffron
d0c5205a52 Feature: Change markdown engine to markdown it
This commit removes the old evilstreak markdownjs engine.

- Adds specs to WhiteLister and changes it to stop using globals
    (Fixes large memory leak)
- Fixes edge cases around bbcode handling
- Removes mdtest which is no longer valid (to be replaced with
    CommonMark)
- Updates MiniRacer to correct minor unmanaged memory leak
- Fixes plugin specs
2017-07-17 11:41:34 -04:00
Robin Ward
6b6ad9391b Clean up job for search logs 2017-07-14 14:30:58 -04:00
Robin Ward
97e211f837 FEATURE: Log Search Queries 2017-07-14 14:30:58 -04:00
Neil Lalonde
3ebd8838af FEATURE: cross-domain tracking for Google universal analytics 2017-07-13 15:21:44 -04:00
Sam
79a084dd58 Revert "remove old markdown engine work-in-progress"
This reverts commit ee470b5317.
2017-07-12 18:10:51 -04:00
Sam Saffron
ee470b5317 remove old markdown engine work-in-progress 2017-07-12 17:44:40 -04:00
Jeff Atwood
5be9bee230 safe to default to read only off during backups 2017-07-12 04:52:17 -07:00
Sam
d29a0eeedf allow global shadow for new markdown engine 2017-07-10 12:22:15 -04:00
Guo Xiang Tan
2255724637 UX: Add validator for SiteSetting#sso_overrides_email. 2017-07-10 10:08:55 +09:00
Arpit Jalan
5b67cd1937 Merge pull request #4956 from techAPJ/pm-recipients
FEATURE: new site setting to limit message recipients
2017-07-06 22:57:33 +05:30
Arpit Jalan
7cffbc8ba8 FEATURE: new site setting to limit message recipients
New site setting `max_allowed_message_recipients` to limit message
recipients

https://meta.discourse.org/t/one-of-my-users-just-group-messaged-100-other-user-with-a-spam-offer/65612/7?u=techapj
2017-07-06 22:52:49 +05:30
Robin Ward
4f66083121 Allow version_checks to be shadowed by global 2017-07-06 10:41:53 -04:00
Sam
fbb5600c8e expose enable_experimental_markdown_it
expose the site setting that enables the CommonMark engine
2017-06-28 16:51:49 -04:00
Sam
4c5109ff5b FEATURE: site setting for Markdown typographer
It ships anyway with markdown.it so we might as well expose it
2017-06-27 16:50:13 -04:00
Sam
e6cc07fc43 FEATURE: twitter is the new default emoji set 2017-06-26 16:51:55 -04:00
Sam
234694b50f Feature: CommonMark support
This adds the markdown.it engine to Discourse.
https://github.com/markdown-it/markdown-it

As the migration is going to take a while the new engine is default
disabled. To enable it you must change the hidden site setting:
enable_experimental_markdown_it.

This commit is a squash of many other commits, it also includes some
improvements to autospec (ability to run plugins), and a dev dependency
on the og gem for html normalization.
2017-06-23 12:01:33 -04:00
Leo McArdle
5e0efb3410 FEATURE: setting to only use the key when finding the related post of an email reply
this fixes email-in threading problems when using a SMTP server which modifies the message_id
header, like Amazon SES
2017-06-19 12:22:44 +01:00
Robin Ward
009f0921dc FEATURE: Whitelist hosts for internal crawling 2017-06-13 12:59:54 -04:00
Guo Xiang Tan
c5caa9cf71 Revert "FIX: Disable request membership button if user does not have sufficient trust level."
This reverts commit 5f441a2614.
2017-06-13 17:49:21 +09:00
Régis Hanol
54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Arpit Jalan
a1ebd67237 Revert "FEATURE: new setting to prioritize open topics in search" 2017-06-03 01:54:35 +05:30
Arpit Jalan
b8a87a0996 FEATURE: new setting to prioritize open topics in search 2017-06-03 00:33:53 +05:30
Guo Xiang Tan
5f441a2614 FIX: Disable request membership button if user does not have sufficient trust level. 2017-06-02 16:06:25 +09:00
Arpit Jalan
796a2967af hide invites_per_page site setting 2017-05-24 11:30:43 +05:30
Robin Ward
93a5fc62bf FEATURE: A site setting to prevent crawling on private IP blocks 2017-05-23 11:56:06 -04:00
Sam
2a5a01af2e improve error on theme upload, add gif to allowed uploads 2017-05-17 16:29:09 -04:00
Sam
47ce674798 PERF: bypass wizard check after 15 topics are created 2017-05-12 10:18:43 -04:00
Régis Hanol
9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Robin Ward
4db76796b9 FEATURE: Setting to poll feeds more frequently 2017-05-10 14:30:12 -04:00
Robin Ward
57a2042ef6 FIX: Quiet server side errors for requesting json for account-created 2017-05-04 12:30:13 -04:00
Régis Hanol
1706036f2b Allow a post_edit_time_limit of up to 1 year 2017-05-03 16:06:55 +02:00
Neil Lalonde
0722ffadf1 Remove site settings enforce_global_nicknames and discourse_org_access_key 2017-05-01 14:53:16 -04:00
Jeff Atwood
a26483bfd6 missed a file again 2017-04-27 16:39:27 -07:00
Jeff Atwood
52007222fc more realistic maximum password values 2017-04-27 16:38:50 -07:00
Régis Hanol
0ec15af970 restore the 'incoming_email_prefer_html' site setting 2017-04-27 14:31:11 +02:00
Robin Ward
bf9c4a7828 FEATURE: secure_email site setting to prevent data going out in email 2017-04-26 13:05:56 -04:00
Régis Hanol
b76674f640 FEATURE: convert incoming emails in HTML to markdown
- remove incoming_email_prefer_html site setting
- remove HtmlCleaner class
2017-04-26 16:49:06 +02:00
Arpit Jalan
6bafb74e67 raise max value for max_image_size_kb to 102400 2017-04-25 15:22:35 +05:30
Arpit Jalan
4e0b18544e FIX: sane max value for max_image_size_kb & max_attachment_size_kb setting 2017-04-25 15:16:33 +05:30
Arpit Jalan
9eff4f0807 FIX: all basic integer settings should have max value validation 2017-04-21 07:09:41 +05:30
Arpit Jalan
c9c7ec799f FIX: add minimum value for invites_per_page setting 2017-04-14 17:58:18 +05:30
Sam
a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Régis Hanol
2d9b31b147 allow 'max_image_megapixels' up to 150MB 2017-04-11 07:44:10 +02:00
Arpit Jalan
ac051d70ef FIX: use enum values for trust level settings 2017-04-03 14:23:48 +05:30
Guo Xiang Tan
ed577fbff8 FEATURE: Pause a topic instead of permanently closing when flag threshold is reached. 2017-03-31 14:35:05 +08:00
Arpit Jalan
8bf12502bd Merge pull request #4780 from techAPJ/send-statistics
FEATURE: Send anonymized usage statistics to Discourse if "Discourse Hub" can't reach the site
2017-03-28 10:02:05 +05:30
Arpit Jalan
f3cd5f61c5 FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site 2017-03-28 09:07:23 +05:30
Erick Guan
e3e3a04cd2 enable_noscript_support is not used anymore 2017-03-27 11:09:50 +02:00
Arpit Jalan
f7e7ca3937 FEATURE: anonymized site statistics 2017-03-10 18:50:26 +05:30
Arpit Jalan
b2cfad5f47 Minimum password length should be 8 2017-03-05 14:38:37 +05:30
Neil Lalonde
262016604d FEATURE: each category can control how many topics to show on categories page 2017-03-01 15:12:57 -05:00
Arpit Jalan
877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Sam
ea1007e954 FEATURE: add support for same site cookies
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Neil Lalonde
a702330ccd FEATURE: make show_subcategory_list a per-category setting 2017-02-22 11:42:36 -05:00
Guo Xiang Tan
9baf89a901 Remove database vacuum task from Discourse. 2017-02-20 09:02:38 +08:00
Jeff Atwood
9b263a0559 increase req min unique pw chars from 5 to 6 2017-02-16 17:06:19 -08:00
Sam
0ab96a7691 FEATURE: add hidden setting for verbose auth token logging
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Neil Lalonde
1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Régis Hanol
f07b4b310a should not have renamed this setting in 460665895c 2017-02-08 18:11:34 +01:00
Jeff Atwood
fcfaa71e85 copyedit on "get a room" 2017-02-04 12:04:15 -08:00
Robin Ward
f1e7bca3c9 FEATURE: Warn a user when they're replying to the same user too much 2017-02-03 17:00:54 -05:00
Arpit Jalan
1d2dceda32 FIX: add max value validation for settings containing days 2017-01-27 17:54:41 +05:30
Arpit Jalan
74a46dce68 FIX: set max value for purge_unactivated_users_grace_period_days setting 2017-01-27 14:22:13 +05:30
Régis Hanol
887e9af84f FEATURE: new 'max_image_megapixels' site setting 2017-01-11 23:37:12 +01:00
Jeff Atwood
0303047446 SECURITY: disallow csv as default upload file type 2017-01-10 13:24:10 -08:00
Rafael dos Santos Silva
d7c8c2d5e3 FEATURE: Opt-in native Discourse app install banner on Android/iOS 2017-01-03 15:50:45 -02:00
Jeff Atwood
aad01a9f27 strengthen TL3 flag-based block of new users 2016-12-31 13:37:31 -08:00
Arpit Jalan
d72cbcb2a4 FEATURE: new setting to validate user website 2016-12-26 21:29:27 +05:30
Guo Xiang Tan
8551d821a0 FEATURE: Add site setting to disable group directory. 2016-12-22 14:14:22 +08:00
Guo Xiang Tan
1df8c7a4b6 Revert "Don't vacuum for a long time until we fix it"
This reverts commit 88712bc548.
2016-12-20 09:10:08 +08:00
Robin Ward
e03d5e2140 Reapply Ember 2.10 for good this time!
This reverts commit ddd299f4aa.
2016-12-19 11:19:10 -05:00
Sam
eb2db23b40 FEATURE: remove email_token_grace_period_hours
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Robin Ward
ddd299f4aa Revert "Revert "Revert Ember 2.10+ for a short while""
This reverts commit 76bbc481cb.
2016-12-16 10:29:30 -05:00
Robin Ward
76bbc481cb Revert "Revert Ember 2.10+ for a short while"
This reverts commit 21682fd60b.
2016-12-16 09:52:29 -05:00
Sam
61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Robin Ward
21682fd60b Revert Ember 2.10+ for a short while 2016-12-15 16:43:38 -05:00
Neil Lalonde
f01f95d62d FEATURE: new settings to customize some colors in emails 2016-12-15 14:43:53 -05:00
Neil Lalonde
24d2973108 enable featured links by default 2016-12-09 16:08:17 -05:00
Neil Lalonde
5da52780e4 Default off for show_topic_featured_link_in_digest 2016-12-09 13:49:47 -05:00
Neil Lalonde
a62b028e16 Remove the open_topic_featured_link_in_external_window setting. Use the user preference. 2016-12-09 13:48:29 -05:00
Neil Lalonde
a4c4f13901 Remove the topic_featured_link_onebox setting. We will always try to onebox a link and add it to the body if topic_featured_link_enabled is enabled. 2016-12-09 13:28:12 -05:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Arpit Jalan
ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Sam
96183dbf6b remove unused site setting, not really needed any more 2016-12-05 13:57:35 +11:00
Neil Lalonde
576a424130 FEATURE: number of new topics at the end of summary email can be controlled by a new setting, digest_other_topics 2016-12-01 14:20:24 -05:00
Régis Hanol
7e5121cbd3 Add 'x-vcard' content-type to default email attachment blacklist 2016-11-30 11:45:02 +01:00
Neil Lalonde
45f368126f FEATURE: New summary/digest email design 2016-11-18 14:03:42 -05:00
Régis Hanol
a69f45d0da FEATURE: new 'always_show_trimmed_content' site setting 2016-11-16 22:06:07 +01:00
Régis Hanol
17f2be9f88 FEATURE: new 'enable_forwarded_email' site setting 2016-11-16 19:42:11 +01:00
Régis Hanol
0dfac2dd24 Merge pull request #4545 from hiveeyes/pop3_polling_openssl_verify
Add “pop3_polling_openssl_verify” setting to turn off TLS server certificate verification
2016-11-15 19:33:44 +01:00
Andreas Motl
43fd3ebd4a Add “pop3_polling_openssl_verify” setting to turn off TLS server certificate verification like “smtp_openssl_verify_mode”. Defaults to “true”, so it does not change current behavior. 2016-11-11 21:59:15 +01:00
Arpit Jalan
9e69798285 FEATURE: watch first post default site setting 2016-11-10 00:09:52 +05:30
Neil Lalonde
86522a52b7 FEATURE: add censored_pattern setting to censor posts using regex 2016-11-08 16:39:26 -05:00
Régis Hanol
3841cd9a7f FEATURE: onebox everything by default
FEATURE: new 'max_oneboxes_per_post' site setting
FEATURE: change onebox whitelist to a blacklist
PERF: debounce the loading of oneboxes
PERF: improve perf of mention links in preview
FIX: sort loading of custom oneboxer
2016-10-24 12:46:22 +02:00
Neil Lalonde
761cc688b4 FEATURE: add a setting to allow url schemes other than http(s) 2016-10-21 12:21:31 -04:00
Sam
f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Sam
6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam
0f0b657182 Merge pull request #4447 from pmusaraj/approve_new_topics_setting
FEATURE: add "Approve new topics unless user level" setting
2016-10-11 10:14:28 +11:00
Sam
ea1f0683c8 Merge pull request #4477 from cpradio/watching-state-on-reply
FEATURE: Add notification level user preference when replying to a topic
2016-10-11 10:05:37 +11:00
cpradio
6f1c31d777 Add notification level user preference when replying to a topic 2016-09-30 14:58:07 -04:00
Sam Saffron
4d8d5613e4 FEATURE: add min_trust_level_to_edit_post
add minimum trust level to edit post (default 0)
2016-10-01 02:12:27 +10:00