Commit Graph

22182 Commits

Author SHA1 Message Date
Robin Ward
0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
cpradio
e476614b6a FIX: Populate Category when query/search term is updated 2017-02-27 12:41:49 -05:00
cpradio
70cf36700b FIX: Collapsing/Expanding Advanced Search doesn't wipe out Advanced Search Terms from search query. 2017-02-27 12:29:54 -05:00
Robin Ward
bf9626d031 FIX: Embedding was broken with non-english URLs and ports 2017-02-27 12:17:52 -05:00
Arpit Jalan
877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
cpradio
59922a7899 Extract autocomplete initialization to a function
Create a REGEXP_TAGS_REPLACE regex to remove a chained .replace call

Fix autocomplete positioning
2017-02-27 07:48:14 -05:00
Arpit Jalan
cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Guo Xiang Tan
0e8c849572 UX: "See more" on not found page should redirect to /top. 2017-02-27 13:33:19 +08:00
Guo Xiang Tan
0675f9f838 Merge pull request #4684 from tgxworld/fix_reset_context_when_context_type_changes
Fix reset context when context type changes
2017-02-27 12:24:44 +08:00
Guo Xiang Tan
ac37bd3dbc FIX: Search menu results does not refresh when search context is changed. 2017-02-27 12:23:41 +08:00
Guo Xiang Tan
d2b83a9682 Merge pull request #4720 from rizka10/patch-3
Fix a minor typo on a mailer template
2017-02-27 11:51:38 +08:00
Guo Xiang Tan
2fc0b35765 Merge pull request #4722 from oblakeerickson/typo_routes_file
FIX: typo in a routes.rb comment
2017-02-27 11:51:13 +08:00
Guo Xiang Tan
82595bc1ab Merge pull request #4725 from jomaxro/patch-2
Remove references to elder
2017-02-27 11:50:48 +08:00
Guo Xiang Tan
758e3e52f7 FIX: Mobile topic timeline broken on Chrome 56.
* See https://developers.google.com/web/updates/2017/01/scrolling-intervention.
  From Chrome 56 onwards, `touchstart` event listeners are treated as passive
  by default which does not call `preventDefault` resulting in the page
  scrolling when topic timeline handle is being dragged.
2017-02-27 11:39:57 +08:00
jomaxro
f5673fbd47 Remove references to elder
The use of the TL4 name Elder was changed in 2014 to Leader.  The spec function was changed to `:trust_level_4`, but the it statement was not changed.
2017-02-26 17:40:42 -07:00
Sam Saffron
7e8f0dc967 FIX: attempt to handle ios edge case where token is seen but unsaved
This relaxes our security in the following way

- prev auth token is always accepted as long as rotation
date is within our window of SiteSetting.maximum_session_age.hours
(previously old token expired within a minute of new one being seen)

- new auth token is marked unseen if we are presented with an old token
after we already saw new one

This attempts to fix an issue where ios webkit is not committing new cookies
2017-02-26 17:09:57 -05:00
Blake Erickson
0e6cb752da Clean up valid order names
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.

Example: 'created' => 'created_at'

Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
David McClure
b188c30925 FIX: Import scripts were failing to load onebox sanitize config 2017-02-25 09:27:42 -08:00
Blake Erickson
5ba8f8d1a6 FIX: typo in a routes.rb comment
sidekiq was spelled wrong
2017-02-25 10:03:19 -07:00
Blake Erickson
e9d5c3265c Change param asc to ascending
For consistency, change param asc to ascending:

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson
0a41da6bad FEATURE: Add order logic to admin users controller
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649

Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.

Example:

`/admin/users/list/active.json?&order=post_count` which defaults to desc

and

`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
rizka10
e651faa397 Fix a minor typo on a mailer template
"with" is supposed to be "wish" on 'unsubscribe_mailer.text_body_template'
2017-02-24 16:13:47 +02:00
Régis Hanol
fdf749770b remove unecessary '.limit(1)' 2017-02-24 12:56:13 +01:00
Régis Hanol
ecdae9f863 FIX: i18n integrity specs
FIX: check all .yml files in the project for integrity
FIX: ensure localized yamls are compatible with english
2017-02-24 11:35:33 +01:00
Régis Hanol
a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan
1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan
889ab85431 Merge pull request #4719 from rimian/patch-3
fix malformed qunit url
2017-02-24 11:32:01 +08:00
Guo Xiang Tan
fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Sam Saffron
3754b038e8 fix brotli origin 2017-02-23 18:26:40 -05:00
Rimian Perkins
db9840b672 fix malformed qunit url
this removes the space between the query string and the URL

```
$MODULE='Acceptance: Search' rake qunit:test\[20000\]
....
Running: {"module":"Acceptance: Search"}
... http://localhost:60099/qunit?module=Acceptance%3A%20Search 20000
```

The timeout value seems to work fine.
2017-02-24 10:19:34 +11:00
Sam Saffron
ef08462b33 spaces matter 2017-02-23 17:37:53 -05:00
Rafael dos Santos Silva
f68540b022 Increase QUnit timeouts to allow on slower envs 2017-02-23 19:21:06 -03:00
Sam
f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Sam
eee22bf037 FEATURE: Add immutable cache for assets that do not update
This will eliminate revalidation of avatars, css, js and uploads on reloads on supporting browsers (at the moment firefox)
2017-02-23 12:24:47 -05:00
Sam
ea1007e954 FEATURE: add support for same site cookies
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Sam
ad435da377 fix typo 2017-02-23 10:58:53 -05:00
Jeff Atwood
ad6cb3c638 force all iOS editors to minimum height for compat 2017-02-22 16:56:19 -08:00
Jeff Atwood
22fc761cc3 tweak iOS composer heights a bit 2017-02-22 15:48:39 -08:00
Neil Lalonde
c00ffabac3 search scope checkbox is default checked for your messages too 2017-02-22 17:45:12 -05:00
Neil Lalonde
0551b3f5ee FEATURE: replace emoji with unicode in title and description meta tags 2017-02-22 16:24:13 -05:00
Sam Saffron
0fc2b64f65 attempt 2 at adjusting class definition so its more easily extensible 2017-02-22 14:18:43 -05:00
Sam Saffron
08d56952df revert change, it is required 2017-02-22 14:10:55 -05:00
Sam Saffron
d0d60ffa89 make is slightly easier to extend 2017-02-22 14:06:18 -05:00
Neil Lalonde
57784ddf2b remove unused setting import 2017-02-22 13:05:57 -05:00
Rafael dos Santos Silva
5296f00c28 FEATURE: Allow checking the raw response of a bounced email 2017-02-22 14:51:33 -03:00
Sam Saffron
b7d2edc7dc FIX: allow some auth token misses prior to clearing cookie
It appears that in some cases ios queues up requests up front
and "releases" them when tab gets focus, this allows for a certain
number of cookie misses for this case. Otherwise you get logged off.
2017-02-22 12:37:11 -05:00
Sam Saffron
3532957ce1 index should have always been unique 2017-02-22 12:37:11 -05:00
Neil Lalonde
00700da6b8 remove null class 2017-02-22 12:23:45 -05:00
Neil Lalonde
53ec4c44f4 FIX: N+1 in topic_list 2017-02-22 12:20:50 -05:00