Régis Hanol
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
6965079108
Merge pull request #4606 from mabras/fix_arabic_pluralization
...
Fix Arabic Pluralization Rules for Client
2016-12-20 09:17:59 +11:00
Robin Ward
8757ae3b92
FIX: The docked back button didn't work so well on iPad / short topics
2016-12-19 17:16:42 -05:00
Sam
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
a65281d5ea
FIX: better support for featured link topics in summary emails
2016-12-19 17:05:49 -05:00
Neil Lalonde
3256620d5d
FIX: some blank topics and posts in summary email because they're images
2016-12-19 16:21:31 -05:00
Neil Lalonde
74956694e5
If summary email finds no topics, show topics more than 1 day old from new users
2016-12-19 14:54:08 -05:00
Neil Lalonde
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Arpit Jalan
a2096a01fb
add test case for handling uploads without extension
2016-12-20 00:46:47 +05:30
Robin Ward
4dcb29acbf
UX: Show Back button above mobile progress widget
2016-12-19 14:06:19 -05:00
Robin Ward
36449aa2f2
UX: Docking back button on topic timeline
2016-12-19 13:33:55 -05:00
Robin Ward
05e99a68ce
FIX: Refresh header if topic details are updated
2016-12-19 12:25:28 -05:00
Robin Ward
e03d5e2140
Reapply Ember 2.10 for good this time!
...
This reverts commit ddd299f4aa
.
2016-12-19 11:19:10 -05:00
Joe Buhlig
87251fded7
FEATURE: Category setting to make all topics wikis
...
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
5058911a7b
Merge pull request #4616 from tgxworld/fix_safe_mode_redirect
...
FIX: Incorrect path for redirect.
2016-12-19 19:02:39 +08:00
Arpit Jalan
b7a23eba06
Merge pull request #4615 from techAPJ/master
...
FIX: make upload extension optional in route
2016-12-19 15:46:39 +05:30
Guo Xiang Tan
18c8323987
FIX: Incorrect path for redirect.
2016-12-19 18:12:15 +08:00
Arpit Jalan
563bcfb705
FIX: make upload extension optional in route
2016-12-19 15:06:03 +05:30
Régis Hanol
c7289f423f
fix letter_avatar spec
2016-12-19 10:00:28 +01:00
Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
eb2db23b40
FEATURE: remove email_token_grace_period_hours
...
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.
Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam
7918d99a2e
SECURITY: update onebox gem
2016-12-19 13:17:51 +11:00
Sam
dd383300b1
FEATURE: rate limit by login on password reset
2016-12-19 11:03:07 +11:00
Sam
0599bd0154
FEATURE: add referrer never tag to password reset page
2016-12-19 11:01:58 +11:00
Sam
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
Sam
30e0154e5d
SECURITY: fix reflected XSS with safe_mode param
...
(only applies to beta and master)
2016-12-19 10:11:51 +11:00
Mohamad Abras
e20e765afe
Fix Arabic Pluralization Rules for Client
2016-12-17 17:50:35 +02:00
Jeff Atwood
81956cb1d6
Merge pull request #4590 from xfalcox/css-highligth
...
Use CSS animations for post and topic highlights
2016-12-16 14:22:25 -08:00
Rafael dos Santos Silva
e9fa936389
Uses CSS animation for highlight on mobile too
2016-12-16 19:26:49 -02:00
Arpit Jalan
ab6843dcde
FIX: username route was broken
2016-12-16 23:56:22 +05:30
Guo Xiang Tan
51679ef6b2
Fix JS tests.
2016-12-17 00:51:40 +08:00
Guo Xiang Tan
d8541c589a
FIX: Incorrect route for updating username.
2016-12-17 00:23:12 +08:00
Robin Ward
ddd299f4aa
Revert "Revert "Revert Ember 2.10+ for a short while""
...
This reverts commit 76bbc481cb
.
2016-12-16 10:29:30 -05:00
Robin Ward
76bbc481cb
Revert "Revert Ember 2.10+ for a short while"
...
This reverts commit 21682fd60b
.
2016-12-16 09:52:29 -05:00
Jeff Atwood
2600aca80b
add back in missing para in new user PM
2016-12-16 00:49:54 -08:00
Jeff Atwood
e26d6227a4
Merge branch 'master' of https://github.com/discourse/discourse
2016-12-16 00:39:00 -08:00
Jeff Atwood
a2feef0847
UX: switch to new user tips blog post PM
2016-12-16 00:38:56 -08:00
Guo Xiang Tan
e3213f127d
FIX: Regression with request membership button after migrating to component.
2016-12-16 16:07:11 +08:00
Sam
d4a0508744
FEATURE: outlet prior to Reply button at the bottom of topics
2016-12-16 17:10:32 +11:00
Sam
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Régis Hanol
197517d55e
FIX: locally uploaded audio & video files should onebox even when the extension is uppercase
2016-12-15 23:21:44 +01:00
Robin Ward
21682fd60b
Revert Ember 2.10+ for a short while
2016-12-15 16:43:38 -05:00
Neil Lalonde
f01f95d62d
FEATURE: new settings to customize some colors in emails
2016-12-15 14:43:53 -05:00
Neil Lalonde
62ba5ea33f
Name before username in summary email
2016-12-15 14:43:52 -05:00
Robin Ward
d0ddceb4e4
UX: Try improving the back button on the timeline
2016-12-15 14:24:58 -05:00
Robin Ward
ba8c6fd840
FIX: PhantomJS was crashing
2016-12-15 12:30:20 -05:00
Robin Ward
250ca11416
Add PluginAPI for registering a connector class
2016-12-15 11:54:37 -05:00
Robin Ward
0348f23f6d
FIX: Register a test waiter rather than using hidden properties
2016-12-15 11:36:21 -05:00
Robin Ward
40c944cb36
FIX: Was showing two rows for the title always
2016-12-15 10:47:43 -05:00