github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-15 22:52:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
28,482 Commits 214 Branches 500 Tags 960 MiB
52ca0893e1
Commit Graph

17033 Commits

Author SHA1 Message Date
Guo Xiang Tan
5778c33ee7 FIX: Compatibility with ImageMagick 7. 
http://www.imagemagick.org/Usage/misc/

"The "-interpolate" setting of 'Catrom' (generally imprecisely known as 'BiCubic' interpolation)"
 2018-08-16 09:49:52 +08:00
Neil Lalonde
37a01975e9 SECURITY: prevent use of X-Forwarded-Host to perform XSS 2018-08-13 17:10:06 -04:00
Régis Hanol
aeaf6b5a7c SECURITY: force IM decoder based on file extension - part 3 2018-07-25 23:55:41 +02:00
Régis Hanol
01714e40f4 SECURITY: force IM decoder based on file extension - part 2 2018-07-25 23:08:38 +02:00
Régis Hanol
b04b7c366c SECURITY: force IM decoder based on file extension 2018-07-25 22:01:08 +02:00
David Taylor
6520697b5c FIX: Remove plugin.enabled? checks at initialization time (#6166) 
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
 2018-07-25 16:51:45 +01:00
Vinoth Kannan
b7ebb0268f FIX: returns provider_not_enabled error even if enabled 2018-07-16 11:08:48 +01:00
David Taylor
6f25421a06 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071) 
Do not allow authentication with disabled plugin-supplied auth providers
 2018-07-09 14:26:44 +10:00
Sam
849b4b5685 SECURITY: category badges should HTML escape names 2018-06-28 18:16:12 +10:00
Joffrey JAFFEUX
aafd883466 SECURITY: prevents XSS when showing tooltip 2018-06-27 14:53:31 +02:00
Joffrey JAFFEUX
5e4a1e812a UX: reworks dashboard problems section to be in line with new style 2018-06-12 11:48:53 -04:00
Arpit Jalan
57f5f7d755 FIX: do not show SSO external_email to moderators 2018-06-12 11:48:10 -04:00
Joe
7c9aa82625 FIX: adjust 2FA input width in mobile login form 2018-06-12 11:48:08 -04:00
Joe
1612c28718 FIX: adjust max-width of social login buttons for non-English locals 2018-06-12 11:48:07 -04:00
Joffrey JAFFEUX
2b3faa8d0b FIX: do not use number helper for charts Y value 2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
940c0f569f FIX: incorrect backup and update times on dashboard 2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
e66d5425e4 FIX: slightly safer rounding 2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
2f84d43bb2 FIX: makes format number round the value before using parseInt 2018-06-12 11:48:05 -04:00
Joe
134300001c FIX: user-fields layout in desktop create account form 2018-06-12 11:48:05 -04:00
Joe
cb9753267a FIX: user-fields layout in mobile create account form 2018-06-12 11:48:04 -04:00
Vinoth Kannan
17e7d3b526 FIX: avatar_url includes upload_path twice when local storage used 2018-06-12 11:48:04 -04:00
Joffrey JAFFEUX
9334d36a23 FIX: sharing popup not showing on macos/chrome 
Despite `navigator.share` being defined the call was failing with this error:

```
sharing DOMException: Internal error: could not connect to Web Share interface.
```
 2018-06-12 11:48:03 -04:00
Robin Ward
e37af71f2e FIX: Protection against dangling category group records 2018-06-12 11:48:02 -04:00
Robin Ward
abbb0ece4f FIX: Keyboard shortcuts didn't work on subfolders 2018-06-12 11:48:02 -04:00
Joe
08aca35b37 FIX: alignment for instructions on change email and 2FA fields 2018-06-12 11:48:02 -04:00
Kris
0aa8d75be1 safety so pre blocks can't break modal width 2018-05-31 18:23:32 -04:00
Kris
12ebcc325b envelope missing on invite page, long pre lines making modals wide 2018-05-31 18:19:59 -04:00
Neil Lalonde
b675f5fa6b Merge master 2018-05-31 18:19:36 -04:00
Guo Xiang Tan
95f9b72351 FIX: Update activation email route was returning a generic json error. 2018-05-31 14:19:43 +08:00
Kris
3e9f1d5cf6 Few small modal fixes 2018-05-30 23:24:43 -04:00
Kris
57cef06192 incoming email modal width too narrow 2018-05-30 15:28:29 -04:00
Joffrey JAFFEUX
8128cbd7db
UX: adds subtitle support for modals 2018-05-30 17:14:00 +02:00
Joffrey JAFFEUX
43b1768987
UX: ceil dahsboard values 2018-05-30 16:32:43 +02:00
Arpit Jalan
704cca3de2 FIX: add proper search context for personal messages 2018-05-30 14:47:46 +05:30
Guo Xiang Tan
21e9315416 FIX: Use user account email instead of auth email when totp is enabled. 
https://meta.discourse.org/t/github-2fa-flow-broken/88674
 2018-05-30 12:15:12 +08:00
Gerhard Schlager
864ada835b FEATURE: Add Bulgarian language 2018-05-29 21:07:17 +02:00
Kris
7483805f0c Increasing min-width of modals for larger screens 2018-05-29 13:13:35 -04:00
Neil Lalonde
e26a14dc29 FIX: error when flagging to notify moderators because message title is too long 2018-05-29 12:21:47 -04:00
Joffrey JAFFEUX
ee8cda691d
FIX: simplifies and corrects new collection header tag/drop behaviour 2018-05-29 17:34:34 +02:00
Gerhard Schlager
ce687f334b UX: The "enable 2FA" string was hard to translate 2018-05-29 16:25:43 +02:00
Joffrey JAFFEUX
a8079ab679
FIX: show none/all on cat/tag drop only when needed 2018-05-29 16:08:31 +02:00
Joffrey JAFFEUX
597095f56f
UX: adds visual feedback when hovering info 2018-05-29 13:31:57 +02:00
Joffrey JAFFEUX
87edde3113
UX: improves dashboard UI for RTL locales 2018-05-29 10:22:31 +02:00
Arpit Jalan
277e216d25 FIX: link to pm tags when searching in personal messages 2018-05-29 12:32:20 +05:30
Sam
df815d6c0e DEV: prefer using ordering in relation over default scope 2018-05-29 09:34:12 +10:00
Joffrey JAFFEUX
16d0ab5654 Revert "UX: localizes titles in dashboard table reports" 
This reverts commit 409c0ddf85.
 2018-05-28 20:35:22 +02:00
Joffrey JAFFEUX
409c0ddf85
UX: localizes titles in dashboard table reports 2018-05-28 20:03:05 +02:00
Joffrey JAFFEUX
4b9c713581
FIX: avoids hidding mobile keyboard on each keystroke 2018-05-28 16:18:25 +02:00
Joffrey JAFFEUX
a585c19f2e
FIX: prevents collection header from going under rows 2018-05-28 15:47:07 +02:00
Arpit Jalan
8d9c77e113 optimize group invitation code 2018-05-28 17:59:14 +05:30