Commit Graph

1709 Commits

Author SHA1 Message Date
cpradio
ef440a4381 Escape the hyphen 2016-09-19 08:54:21 +08:00
cpradio
69691fa7a6 FIX: Backup validation wasn't escaping hyphens
Conflicts:
	spec/controllers/admin/backups_controller_spec.rb
2016-09-19 08:53:54 +08:00
Guo Xiang Tan
82fe884a7f SECURITY: Add filename validation for backup uploads. 2016-09-16 12:50:59 +08:00
Robin Ward
429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Neil Lalonde
5f67cd7b45 FIX: tag input detects when a tag is not allowed and won't offer to create it anyway 2016-08-03 13:18:56 -04:00
Guo Xiang Tan
bf683178a8 FIX: Remove tag plugin code from tag hashtag check. 2016-08-02 10:59:12 +08:00
Régis Hanol
681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Neil Lalonde
1f12e41029 FIX: query for tag with no sub-categories 2016-07-28 16:59:00 -04:00
Neil Lalonde
82e170d6a6 FIX: 404 when filtering by category, no sub-category, and a tag 2016-07-28 16:19:03 -04:00
Neil Lalonde
77847f0d46 FIX: meta description tags for tags 2016-07-28 11:49:23 -04:00
Robin Ward
2f8ab8cd30 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 11:38:12 -04:00
Guo Xiang Tan
36ddb1787e FEATURE: Add toggle topic visibility button in popup menu. 2016-07-28 16:57:04 +08:00
Sam
c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4 SECURITY: limit route access when using external avatars 2016-07-28 09:00:43 +10:00
Régis Hanol
6dac9075dc new 'convert_pasted_images_quality' site setting 2016-07-27 19:59:44 +02:00
Régis Hanol
be099bb637 only convert pasted images to HQ jpg when it's at least 5% smaller 2016-07-27 19:55:13 +02:00
Andre Pereira
8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Neil Lalonde
3c0df3510a FIX: tags index should show all tags belonging to a category even if they have never been used 2016-07-26 16:04:11 -04:00
Régis Hanol
749b981759 FEATURE: new 'convert_pasted_images_to_hq_jpg' site setting 2016-07-25 23:01:28 +02:00
Neil Lalonde
ece4fa82c9 FIX: add canonical link to tags topic lists 2016-07-25 16:16:19 -04:00
Neil Lalonde
11b3b5e30a FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter 2016-07-25 16:16:18 -04:00
Régis Hanol
d2e22ab215 extract bounce scores into site settings 2016-07-25 17:27:28 +02:00
Sam
df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Neil Lalonde
7c092b0fe0 FEATURE: add filter to show topics that have not been tagged 2016-07-20 16:21:51 -04:00
Neil Lalonde
a74606c87c PERF: tag groups index query 2016-07-15 17:16:26 -04:00
Régis Hanol
7b6d946613 FIX: searching received emails for TO was broken 2016-07-13 22:43:25 +02:00
Guo Xiang Tan
5fed886c8f FIX: Update post replies when we move posts. (#4324) 2016-07-13 17:34:21 +02:00
Sam
4161ee210a FEATURE: improved tag and category watching and tracking
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status

New watching and tracking logic takes care of handling old topics
(either with or without read state)

When you watch a topic you now watch historically

Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Robin Ward
1eb64151f6 User interface for watching first post 2016-07-07 11:21:50 -04:00
Régis Hanol
c104e4c022 allow avatars up to 1000px 2016-07-05 18:49:33 +02:00
Guo Xiang Tan
f256e3afb6 Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Sam
0c6d8e155c Merge pull request #4300 from NuckChorris/patch-2
Log RecordInvalid when verbose_sso_logging enabled
2016-07-01 14:12:06 +10:00
Guo Xiang Tan
904d9735ab
Refactor desktop notifications to be more modular. 2016-07-01 00:11:32 +08:00
Peter Lejeck
e265b7b090 Log RecordInvalid when verbose_sso_logging enabled 2016-06-29 22:12:25 -07:00
Neil Lalonde
99e88ce39f FIX: n+1 query when fetching tag groups 2016-06-29 18:41:22 -04:00
Guo Xiang Tan
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode. 2016-06-29 15:10:01 +08:00
Guo Xiang Tan
20359788dc
Rename SiteSetting#use_https to force_https. 2016-06-29 15:02:43 +08:00
Guo Xiang Tan
e221414935
PERF: Remove N+1 queries on user messages page. 2016-06-29 09:30:54 +08:00
Sam
1411eedad3 FEATURE: offer to unwatch categories when unwatching category 2016-06-28 18:34:20 +10:00
Robin Ward
ccf9b70671 When restoring a backup, disable emails.
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Arpit Jalan
3232ce8265 FIX: better error message when trying to approve post for closed/deleted topic 2016-06-24 15:11:45 +05:30
Régis Hanol
5bfc9cf69e Allow API to create staged users 2016-06-23 12:27:05 +02:00
Régis Hanol
2ecd0da59f REFACTOR: use same code path for handling emails via API and POP 2016-06-22 15:50:49 +02:00
Sam
2d425892c4 FIX: update list of invited users after inviting 2016-06-21 16:01:29 +10:00
Régis Hanol
7fca6f502f fix and improve image downsizing algorithm 2016-06-20 12:35:07 +02:00
Sam
8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00
Sam
7edf7b590f SECURITY: restrict constantize classes in search controller 2016-06-17 13:47:34 +10:00
Sam
dd1a184955 Correct mailing list mode unsubscribe 2016-06-17 11:57:23 +10:00
Sam
852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00