discourse

mirror of https://github.com/discourse/discourse.git synced 2024-12-15 20:53:40 +08:00

Author	SHA1	Message	Date
Robin Ward	9adfccfad1	FIX: Regression with escaping on badge page In this branch (stable) we can't run the sanitizer because the bundle is not loaded. The long badge description is not sanitized, but it has to be created by an admin so it's extremely low risk. In the beta / tests-passed branches the text is sanitized.	2016-07-28 16:11:41 -04:00
Robin Ward	efc6408b1d	FIX: Regression with escaping on badge page	2016-07-28 15:57:06 -04:00
Robin Ward	5d062206db	SECURITY: Make sure uploaded_urls have corresponding upload records	2016-07-28 15:41:03 -04:00
Robin Ward	f416634ea0	SECURITY: Cross-Site Scripting in Category and Group Settings	2016-07-28 15:30:53 -04:00
Robin Ward	80834df757	SECURITY: SQL Injection in Admin List Active Users	2016-07-28 15:29:16 -04:00
Robin Ward	90a3cc7f18	SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions	2016-07-28 15:29:05 -04:00
Jeff Atwood	d9289b6da9	Merge pull request #4352 from tgxworld/full_width_for_polls UX: Polls should take up full width of post's container.	2016-07-28 11:59:08 -07:00
Robin Ward	2891f230d1	SECURITY: Make sure uploaded_urls have corresponding upload records	2016-07-28 13:54:17 -04:00
Robin Ward	cf5b756b1a	SECURITY: Cross-Site Scripting in Category and Group Settings	2016-07-28 11:57:59 -04:00
Neil Lalonde	77847f0d46	FIX: meta description tags for tags	2016-07-28 11:49:23 -04:00
Robin Ward	dc1a830d3d	SECURITY: SQL Injection in Admin List Active Users	2016-07-28 11:42:06 -04:00
Robin Ward	2f8ab8cd30	SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions	2016-07-28 11:38:12 -04:00
Erick Guan	bc81c8b2a0	Explicit on site settings and fixing minor parts	2016-07-28 23:35:24 +08:00
Guo Xiang Tan	bb3f4a10f3	UX: Polls should take up full width of post's container.	2016-07-28 23:06:25 +08:00
Guo Xiang Tan	85a91c8b81	Remove unused property.	2016-07-28 21:28:49 +08:00
Guo Xiang Tan	0128fdfc46	FIX: `Discourse.ajax` is deprecated.	2016-07-28 18:20:24 +08:00
Guo Xiang Tan	c449bbe882	Merge pull request #4347 from tgxworld/unlist_topic_creation FEATURE: Add toggle topic visibility button in popup menu.	2016-07-28 17:18:34 +08:00
Guo Xiang Tan	36ddb1787e	FEATURE: Add toggle topic visibility button in popup menu.	2016-07-28 16:57:04 +08:00
Sam	16a383ea1e	SECURITY: limit bad cookie auth attempts - Also cleans up the _t cookie if it is invalid	2016-07-28 12:58:49 +10:00
Sam	0ba8da9658	reduce amount of cache setting	2016-07-28 10:20:29 +10:00
Sam	83f80341b3	FIX: topic id cache should be a multi process cache	2016-07-28 10:20:14 +10:00
Sam	ab68e0c9db	FEATURE: allow "developer" account flagging via developers table This mechanism for flagging developer accounts will eventually replace DISCOURSE_DEVELOPER_EMAILS	2016-07-28 10:14:06 +10:00
Sam	f319923753	SECURITY: limit route access when using external avatars	2016-07-28 09:04:32 +10:00
Sam	c6dbaca0dc	SECURITY: disable user entered badge SQL by default - Hidden site settings now must be change via rails console	2016-07-28 09:03:00 +10:00
Sam	cb3afd11b4	SECURITY: limit route access when using external avatars	2016-07-28 09:00:43 +10:00
Neil Lalonde	437ad5b05a	Remove extra characters returned from Transifex	2016-07-27 17:55:29 -04:00
Neil Lalonde	6a8f57d602	Update translations	2016-07-27 17:55:28 -04:00
Neil Lalonde	7109442ef0	Stop using Transifex workaround, but keep the code just in case	2016-07-27 17:55:28 -04:00
Gerhard Schlager	37a78752e9	phpBB3 importer: fixes for internal links and guest users (#4350 ) * phpBB3 importer: ignore query parameters in internal links * phpBB3 importer: Don't fail if guest usernames differ only by case * phpBB3 importer: Import username as name for guest users	2016-07-27 22:57:33 +02:00
Gerhard Schlager	fccc0c93c5	Store the original username during import (#4349 )	2016-07-27 22:30:15 +02:00
Régis Hanol	e848c336bb	FIX: only prevent clicks on links in the preview	2016-07-27 20:53:45 +02:00
Régis Hanol	c4b52b1a19	GET is a more RESTy verb for '/users/:username/emails'	2016-07-27 20:15:28 +02:00
Régis Hanol	6dac9075dc	new 'convert_pasted_images_quality' site setting	2016-07-27 19:59:44 +02:00
Régis Hanol	be099bb637	only convert pasted images to HQ jpg when it's at least 5% smaller	2016-07-27 19:55:13 +02:00
Neil Lalonde	a3f39866ab	Update translations using temporary workaround for Transifex bugs	2016-07-27 13:29:13 -04:00
Régis Hanol	ea59283c1e	FIX: PM automatic groups via URL	2016-07-27 19:16:31 +02:00
Régis Hanol	11172b7c2d	FIX: cropping GIF wasn't working	2016-07-27 18:48:02 +02:00
Régis Hanol	56d2626187	support 'read_restricted' categories in importers	2016-07-27 18:38:23 +02:00
Neil Lalonde	0fa8fb1774	Merge pull request #4348 from gschlager/transifex Workaround for Transifex YML issues	2016-07-27 12:34:42 -04:00
Gerhard Schlager	3d76ad623c	Workaround for Transifex YML issues	2016-07-27 18:02:57 +02:00
Jeff Atwood	f8144f07fd	purge 2x the unactivated old users	2016-07-27 03:29:00 -07:00
Guo Xiang Tan	c58123b421	Merge pull request #4346 from tgxworld/adrapereira-ap_merge_multiple_responses FEATURE: Allow staff users to merge posts.	2016-07-27 12:48:09 +08:00
Andre Pereira	8cbd585e20	FEATURE: Allow staff users to merge posts.	2016-07-27 12:04:14 +08:00
Neil Lalonde	3af27a6d83	FIX: category settings should not limit number of tags	2016-07-26 16:04:11 -04:00
Neil Lalonde	3c0df3510a	FIX: tags index should show all tags belonging to a category even if they have never been used	2016-07-26 16:04:11 -04:00
Robin Ward	5ba8612fa8	UX: Button had wrong margin on iOS	2016-07-26 15:10:14 -04:00
Robin Ward	424bb143db	FIX: Jump to post on iOS was broken - replace with prompt	2016-07-26 15:08:04 -04:00
Robin Ward	2a4006fe0c	Add `YandexBot` to our list of crawlers	2016-07-26 13:21:37 -04:00
Neil Lalonde	de99853dee	FIX: routes for tag nav items	2016-07-26 12:39:36 -04:00
Robin Ward	930f2e1b68	Update one of the win10 emoji	2016-07-26 12:07:41 -04:00

1 2 3 4 5 ...

20117 Commits