Commit Graph

77 Commits

Author SHA1 Message Date
Daniel Waterworth
27386ba714
FIX: Kernel.open is deprecated (#12387) 2021-03-12 12:42:32 -06:00
Simon Cossar
3d9eb3e085
Rename options passed to Readability::Document back to whitelist and blacklist (#10340) 2020-07-30 12:56:48 -07:00
Krzysztof Kotlarek
e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Roman Rizzi
a41476800b
FIX: Don't raise an exception if a topic cannot be retrieved (#9906) 2020-05-28 11:59:20 -03:00
Blake Erickson
da839e6d26 SECURITY: Use FinalDestination for topic embeds 2020-05-27 09:26:09 -06:00
Michael Brown
d9a02d1336
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
This reverts commit 20780a1eee.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
2020-05-23 00:56:13 -04:00
Jeff Atwood
20780a1eee Revert "Merge branch 'master' of https://github.com/discourse/discourse"
This reverts commit e62a85cf6f, reversing
changes made to 2660c2e21d.
2020-05-22 20:25:56 -07:00
Blake Erickson
03d26cd6f0 SECURITY: ensure embed_url contains valid http(s) uri 2020-05-22 14:54:56 -06:00
Krzysztof Kotlarek
9bff0882c3
FEATURE: Nokogumbo (#9577)
* FEATURE: Nokogumbo

Use Nokogumbo HTML parser.
2020-05-05 13:46:57 +10:00
Robin Ward
98729c8e6e FIX: Allow embed updates of just the title 2020-04-20 14:31:24 -04:00
Robin Ward
56a23c68f1 FIX: Embedded topics couldn't update their titles 2020-04-20 14:27:43 -04:00
Robin Ward
b6b92a562c
FEATURE: New site setting embed_unlisted (#9391)
If enabled, posts imported to discourse via embeddings will default to
unlisted until they receive a reply.
2020-04-13 15:17:02 -04:00
romanrizzi
55b8620b43 FIX: TopicEmbed#absolutize_urls was trying to modify a frozen string 2020-03-25 12:57:54 -03:00
Penar Musaraj
99fd65328c FIX: Skip absolutizing URLs when source URI is invalid 2020-02-07 10:54:24 -05:00
Sam Saffron
0fb497eb23 DEV: use Discourse.cache over Rails.cache
Discourse.cache is a more consistent method to use and offers clean fallback
if you are skipping redis

This is part of a larger change that both optimizes Discoruse.cache and omits
use of setex on $redis in favor of consistently using discourse cache

Bench does reveal that use of Rails.cache and Discourse.cache is 1.25x slower
than redis.setex / get so a re-implementation will follow prior to porting
2019-11-27 12:36:19 +11:00
Daniel Waterworth
55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
romanrizzi
d01c938e1a Revert "FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element."
This reverts commit 50afe59306.
2019-08-09 11:35:22 -03:00
romanrizzi
50afe59306 FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element. 2019-08-09 11:13:09 -03:00
Sam Saffron
2408d55551 FIX: embedding topics would fail with some HTML
When truncating content we try to search for first paragraph, if HTML had
no P it would fallback to first div which may have nested elements.
2019-08-07 12:45:55 +10:00
Kyle Zhao
0e1d6151b9 FIX: Frozen string error in TopicEmbed.import (#7938)
When `SiteSetting.embed_truncate` is enabled (by default), the truncated
string is mutatable and does not raise an error.

However, when the setting is disabled, the `contents` string is frozen
and immutable, and will raise a `FrozenError`.
2019-07-25 09:21:01 -04:00
Guo Xiang Tan
d369b84ced Fix modifying frozen strings error. 2019-05-13 14:31:20 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Maja Komel
6c8069c65a FIX: properly escape embed url 2019-01-07 18:11:43 +01:00
Kyle Zhao
e25a6e085e FIX: drop title updates through RSS feeds
can create an update loop
2018-08-28 16:25:04 +10:00
Guo Xiang Tan
932195d828 DEV: Update test case for TopicEmbed. 2018-08-24 09:42:12 +08:00
Kyle Zhao
baf413d527 FIX: update TopicEmbed's title and user correctly 2018-08-21 18:31:01 +08:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Kyle Zhao
0cc4b42180 FIX: TopicEmbed.import should update title and author 2018-05-02 17:12:31 +10:00
Arpit Jalan
12706c4b29 FEATURE: support markdown rendering for embedded posts 2018-03-11 08:00:48 +05:30
Gerhard Schlager
5a56746610 FIX: Embedded topic was not found when URL contained query string 2018-02-14 00:28:30 +01:00
Arpit Jalan
9030d3ef63 FIX: do not create duplicate topics
https://meta.discourse.org/t/duplicate-http-https-topics-are-randomly-created/77190
2018-01-04 23:53:52 +05:30
Gerhard Schlager
e30851e45a Move escape_uri method to a more suitable place 2017-12-12 20:17:46 +01:00
Guo Xiang Tan
367fb1c524 FIX: Onebox fails on encoded URL.
https://meta.discourse.org/t/onebox-breaks-if-theres-chinese-text-in-url/67364
2017-09-26 18:34:54 +08:00
Gerhard Schlager
6f6b47f096 FIX: do not escape already escaped chars in URL 2017-09-22 17:36:44 +02:00
Gerhard Schlager
1a435414d5 FIX: handle URL encoded email addresses 2017-09-22 14:26:06 +02:00
Guo Xiang Tan
b84e87dedd FIX: Don't raise an error if URL timesout. 2017-08-10 12:58:56 +09:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward
39e1948174 FIX: If the error is 401 unauthorized or such, just do nothing 2017-05-25 15:42:05 -04:00
Arpit Jalan
aeead60036 FIX: make TopicEmbed trashable 2017-04-25 18:40:39 +05:30
Robin Ward
dad57fa033 FIX: More errors with non-ascii URLs 2017-03-07 11:21:41 -05:00
Robin Ward
cd571b26ba FIX: Allow Safe Redirections in Topic Embedding 2016-09-15 13:56:59 -04:00
Robin Ward
7da44e3bf0 FEATURE: Support author meta tags for embedding 2016-08-30 12:01:04 -04:00
Robin Ward
c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Robin Ward
884bdf7240 FEATURE: Ability to scrub titles when importing embeddable content 2016-08-22 12:43:02 -04:00
Robin Ward
e2b5919579 FIX: Don't normalize URLs before fetching them, only for saving them 2015-11-06 16:25:11 -05:00
kerryliu
b7803fc68e FIX: allow emoji class when crawling embedded content, add rspc-html-matchers 2015-11-05 18:51:26 -08:00
Sam
c1ecd6f4ce update annotations 2015-09-18 10:41:10 +10:00
Robin Ward
d1c69189f3 FEATURE: Can edit category/host relationships for embedding 2015-08-20 15:56:04 -04:00
Robin Ward
fb8ba5e137 FIX: PG::UniqueViolation when trying to use the same embed code
Previously providing an embed code already in use would result in
a logged server error. After this commit the error is gracefully
bubbled up from the `PostCreator`
2015-06-15 12:09:59 -04:00