Commit Graph

21384 Commits

Author SHA1 Message Date
Régis Hanol
52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
6965079108 Merge pull request #4606 from mabras/fix_arabic_pluralization
Fix Arabic Pluralization Rules for Client
2016-12-20 09:17:59 +11:00
Robin Ward
8757ae3b92 FIX: The docked back button didn't work so well on iPad / short topics 2016-12-19 17:16:42 -05:00
Sam
2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
a65281d5ea FIX: better support for featured link topics in summary emails 2016-12-19 17:05:49 -05:00
Neil Lalonde
3256620d5d FIX: some blank topics and posts in summary email because they're images 2016-12-19 16:21:31 -05:00
Neil Lalonde
74956694e5 If summary email finds no topics, show topics more than 1 day old from new users 2016-12-19 14:54:08 -05:00
Neil Lalonde
923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Arpit Jalan
a2096a01fb add test case for handling uploads without extension 2016-12-20 00:46:47 +05:30
Robin Ward
4dcb29acbf UX: Show Back button above mobile progress widget 2016-12-19 14:06:19 -05:00
Robin Ward
36449aa2f2 UX: Docking back button on topic timeline 2016-12-19 13:33:55 -05:00
Robin Ward
05e99a68ce FIX: Refresh header if topic details are updated 2016-12-19 12:25:28 -05:00
Robin Ward
e03d5e2140 Reapply Ember 2.10 for good this time!
This reverts commit ddd299f4aa.
2016-12-19 11:19:10 -05:00
Joe Buhlig
87251fded7 FEATURE: Category setting to make all topics wikis
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
5058911a7b Merge pull request #4616 from tgxworld/fix_safe_mode_redirect
FIX: Incorrect path for redirect.
2016-12-19 19:02:39 +08:00
Arpit Jalan
b7a23eba06 Merge pull request #4615 from techAPJ/master
FIX: make upload extension optional in route
2016-12-19 15:46:39 +05:30
Guo Xiang Tan
18c8323987 FIX: Incorrect path for redirect. 2016-12-19 18:12:15 +08:00
Arpit Jalan
563bcfb705 FIX: make upload extension optional in route 2016-12-19 15:06:03 +05:30
Régis Hanol
c7289f423f fix letter_avatar spec 2016-12-19 10:00:28 +01:00
Sam
e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam
eb2db23b40 FEATURE: remove email_token_grace_period_hours
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.

Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam
7918d99a2e SECURITY: update onebox gem 2016-12-19 13:17:51 +11:00
Sam
dd383300b1 FEATURE: rate limit by login on password reset 2016-12-19 11:03:07 +11:00
Sam
0599bd0154 FEATURE: add referrer never tag to password reset page 2016-12-19 11:01:58 +11:00
Sam
15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam
30e0154e5d SECURITY: fix reflected XSS with safe_mode param
(only applies to beta and master)
2016-12-19 10:11:51 +11:00
Mohamad Abras
e20e765afe Fix Arabic Pluralization Rules for Client 2016-12-17 17:50:35 +02:00
Jeff Atwood
81956cb1d6 Merge pull request #4590 from xfalcox/css-highligth
Use CSS animations for post and topic highlights
2016-12-16 14:22:25 -08:00
Rafael dos Santos Silva
e9fa936389 Uses CSS animation for highlight on mobile too 2016-12-16 19:26:49 -02:00
Arpit Jalan
ab6843dcde FIX: username route was broken 2016-12-16 23:56:22 +05:30
Guo Xiang Tan
51679ef6b2 Fix JS tests. 2016-12-17 00:51:40 +08:00
Guo Xiang Tan
d8541c589a FIX: Incorrect route for updating username. 2016-12-17 00:23:12 +08:00
Robin Ward
ddd299f4aa Revert "Revert "Revert Ember 2.10+ for a short while""
This reverts commit 76bbc481cb.
2016-12-16 10:29:30 -05:00
Robin Ward
76bbc481cb Revert "Revert Ember 2.10+ for a short while"
This reverts commit 21682fd60b.
2016-12-16 09:52:29 -05:00
Jeff Atwood
2600aca80b add back in missing para in new user PM 2016-12-16 00:49:54 -08:00
Jeff Atwood
e26d6227a4 Merge branch 'master' of https://github.com/discourse/discourse 2016-12-16 00:39:00 -08:00
Jeff Atwood
a2feef0847 UX: switch to new user tips blog post PM 2016-12-16 00:38:56 -08:00
Guo Xiang Tan
e3213f127d FIX: Regression with request membership button after migrating to component. 2016-12-16 16:07:11 +08:00
Sam
d4a0508744 FEATURE: outlet prior to Reply button at the bottom of topics 2016-12-16 17:10:32 +11:00
Sam
61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Régis Hanol
197517d55e FIX: locally uploaded audio & video files should onebox even when the extension is uppercase 2016-12-15 23:21:44 +01:00
Robin Ward
21682fd60b Revert Ember 2.10+ for a short while 2016-12-15 16:43:38 -05:00
Neil Lalonde
f01f95d62d FEATURE: new settings to customize some colors in emails 2016-12-15 14:43:53 -05:00
Neil Lalonde
62ba5ea33f Name before username in summary email 2016-12-15 14:43:52 -05:00
Robin Ward
d0ddceb4e4 UX: Try improving the back button on the timeline 2016-12-15 14:24:58 -05:00
Robin Ward
ba8c6fd840 FIX: PhantomJS was crashing 2016-12-15 12:30:20 -05:00
Robin Ward
250ca11416 Add PluginAPI for registering a connector class 2016-12-15 11:54:37 -05:00
Robin Ward
0348f23f6d FIX: Register a test waiter rather than using hidden properties 2016-12-15 11:36:21 -05:00
Robin Ward
40c944cb36 FIX: Was showing two rows for the title always 2016-12-15 10:47:43 -05:00