Commit Graph

8626 Commits

Author SHA1 Message Date
Discourse Translator Bot
51c53e6007
Update translations (#22538) 2023-07-11 16:20:58 +02:00
Discourse Translator Bot
37066e2b39
Update translations (#22301) 2023-06-27 16:39:51 +02:00
Discourse Translator Bot
412060ad3e
Update translations (#22205) 2023-06-20 17:27:41 +02:00
Discourse Translator Bot
8189ea6858
Update translations (#22082) 2023-06-13 15:18:50 +02:00
Discourse Translator Bot
bff0dfcf07
Update translations (#21951) 2023-06-06 15:36:57 +02:00
Discourse Translator Bot
3000f4566c
Update translations (#21828) 2023-05-31 09:15:22 +02:00
Discourse Translator Bot
45f740ba86
Update translations (#21703) 2023-05-23 21:23:49 +02:00
Discourse Translator Bot
292ca384b9
Update translations (#21584) 2023-05-16 19:40:07 +02:00
Discourse Translator Bot
99371c3e99
Update translations (#21456) 2023-05-10 00:48:15 +02:00
Discourse Translator Bot
0bbbb9edc8
Update translations (#21335) 2023-05-02 17:39:38 +02:00
Discourse Translator Bot
845000a6ce
Update translations (#21146) 2023-04-25 17:23:28 +02:00
Ted Johansson
bbc7746cef
SECURITY: Ensure site setting being updated is a configurable site setting (#21132) 2023-04-18 14:32:21 +08:00
Discourse Translator Bot
dc3aaf852b
Update translations (#21056) 2023-04-11 15:44:29 +02:00
Discourse Translator Bot
b2c7e65f38
Update translations (#20862) 2023-04-05 09:12:44 +02:00
Discourse Translator Bot
8464573baa
Update translations (#20761) 2023-03-22 12:13:48 +01:00
Discourse Translator Bot
b5bee9d331
Update translations (#20672) 2023-03-14 15:29:08 +01:00
Discourse Translator Bot
05b03ca562
Update translations (#20560) 2023-03-07 14:58:27 +01:00
Discourse Translator Bot
a73ca7acaa
Update translations (#20479) 2023-02-28 14:53:04 +01:00
Discourse Translator Bot
563fa14a89
Update translations (#20390) 2023-02-21 17:10:42 +01:00
Discourse Translator Bot
f58bca13d8
Update translations (#20284) 2023-02-15 11:24:44 +01:00
Discourse Translator Bot
f000f9c6ae
Update translations (#20194) 2023-02-07 14:37:15 +01:00
Discourse Translator Bot
4395efc188
Update translations (#20184) 2023-02-06 16:50:11 +01:00
Sam
1856ea83ec FEATURE: rate limit anon searches per second (#19708) 2023-02-01 19:05:58 -08:00
Alan Guo Xiang Tan
42d2cb2d4e
SECURITY: Hide PM count for tags by default (#20061) (#20090)
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-02-01 06:43:58 +08:00
Discourse Translator Bot
a9f762550d
Update translations (#20102) 2023-01-31 15:21:19 +01:00
Loïc Guitaut
3dcd0bc544 SECURITY: Limit the length of drafts 2023-01-25 13:52:58 +02:00
Vinoth Kannan
01b903dc83 FIX: skip email if blank while syncing SSO attributes. (#19939)
Also, return email blank error in `EmailValidator`  when the email is blank.
2023-01-25 13:48:49 +02:00
Selase Krakani
743d3ea4f3 FIX: Switch email domain site settings type to host_list (#19922)
Specifying wildcard characters which also happen to be regex
meta characters for `auto_approve_email_domains`, `allowed_email_domains`
and `blocked_email_domains` site settings currently breaks email
validation.

This change prevents these characters from being specified for these
site settings. It does this by switching the site setting type
from `list` to `host_list`. The `host_list` validator checks for these
characters.

In addition, this change also improves the site setting descriptions and
introduces a migration to  fix existing records.
2023-01-25 13:48:49 +02:00
Discourse Translator Bot
b77160e10f
Update translations (#19975) 2023-01-24 16:32:59 +01:00
Alan Guo Xiang Tan
0e69aeb276
SECURITY: Default tags to show count of topics in unrestricted categories (#19929)
Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information.
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope.
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.
2023-01-20 11:59:37 +08:00
Discourse Translator Bot
c84f189011
Update translations (#19898) 2023-01-18 11:42:57 +01:00
Discourse Translator Bot
9b321b98a5
Update translations (#19813) 2023-01-10 20:53:34 +01:00
Andrei Prigorshnev
baccf7e5c9
UX: Change language from "Do Not Disturb" to "Pause Notifications" (#19800)
We renamed "Do Not Disturb" to "Pause Notifications" in UI in 2d628c8. This renames one more instance that I forgot to address.
2023-01-09 21:51:04 +04:00
David Taylor
7c77cc6a58
DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
Martin Brennan
c31772879b
FIX: Disable image optimization in iOS Safari (#19790)
There are various performance issues with the Canvas in iOS Safari
that are causing crashes when processing images with spikes of over 100%
CPU usage. The cause of this is unknown, but profiling points to
CanvasRenderingContext2D.getImageData() and
CanvasRenderingContext2D.drawImage().

Until Safari makes some progress with OffscreenCanvas or other
alternatives we cannot support this workflow. We will revisit in 6
months.

This is gated behind the hidden `composer_ios_media_optimisation_image_enabled`
site setting for people who really still want to try using this.
2023-01-09 12:16:02 +10:00
Keegan George
12f843068d DEV: Remove unused locale 2023-01-06 07:35:03 +08:00
Keegan George
80164322e0
DEV: Remove unused locale (#19764) 2023-01-05 13:35:10 -08:00
Alan Guo Xiang Tan
cf862e7365
SECURITY: Convert send_digest to a post request (#19746)
Co-authored-by: Isaac Janzen <isaac.janzen@discourse.org>
2023-01-05 06:57:12 +08:00
Martin Brennan
c2013865d7
FEATURE: Make experimental hashtag autocomplete default for new sites (#19681)
This feature is stable enough now to make it the default going forward
for new sites. Existing sites that have not yet set enable_experimental_hashtag_autocomplete
to `true` will have it set to `false` for their site settings, which was the old default.

c.f https://meta.discourse.org/t/hashtags-are-getting-a-makeover/248866
2023-01-05 08:44:58 +10:00
Kris
dedf19803b
UX: more descriptive sidebar titles, casing (#19717) 2023-01-04 13:40:35 -05:00
Gerhard Schlager
8dfe7a68e6
UX: Remove unused strings (#19701)
* Remove unused strings
* Remove trailing quote from string
* Remove even more unused strings (they were removed in c4e10f2a9d)
* Don't use translations in tests which are only available on server
* Use more specific translation (and fix missing translation)
2023-01-04 10:32:53 +01:00
Discourse Translator Bot
8a0bac7bec
Update translations (#19692) 2023-01-03 14:46:19 +01:00
Roman Rizzi
2f61d26e3d
PERF: Make chat mention notifications async. (#19666)
This PR removes the limit added to max_users_notified_per_group_mention during #19034 and improve the performance when expanding mentions for large channel or groups by removing some N+1 queries and making the whole process async.

* Fully async chat message notifications

* Remove mention setting limit and get rid of N+1 queries
2023-01-02 11:54:52 -03:00
Discourse Translator Bot
6f570752ab
Update translations (#19663) 2022-12-30 17:49:48 +01:00
David Taylor
584a6e3552
FIX: Update nginx config for v1.23 (#19651)
NGINX v1.23 concatenates duplicate headers into a single comma-separated string. We were doing an equality check on `x-forwarded-proto`. If the request includes multiple `x-forwarded-proto` headers then this check would fail under NGINX v1.23, and our config assumed an `http` connection.

This commit updates the config to check for `https` at the end of the header, thereby restoring the old behavior when multiple `x-forwarded-proto` request headers are sent.
2022-12-30 12:35:26 +00:00
Gerhard Schlager
7e33cb3665
FIX: Add missing email template for user_watching_category_or_tag (#19653)
Adds a spec to hopefully prevent this in the future.

Follow-up to aa3a9b6fea
2022-12-29 15:36:53 +01:00
Discourse Translator Bot
ebe8b868bf
Update translations (#19633) 2022-12-28 13:32:29 +01:00
David Taylor
d24dfe8f96
DEV: Update minimum and recommended ruby versions (#19615)
Minimum: 2.7.0
Recommended: 3.1.3
2022-12-28 10:09:15 +00:00
Rafael dos Santos Silva
7b53973bd8
DEV: Use WebPush fork for OpenSSL 3 compat (#19627)
* DEV: Use WebPush fork for OpenSSL 3 compat

* add some context on gemfile changes
2022-12-27 15:28:13 -03:00
Vinoth Kannan
598233456d
FEATURE: Warn admins about private group name's exposure to anonymous users. (#19557)
Group names will be used as CSS classes in some components while rendering the public HTML output. It will happen when a group is set as the default primary for users. Or when a group has either a flair icon or flair upload. So we should warn the admins when they restrict the group's visibility level.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-12-27 13:17:13 +05:30