github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-05 08:30:12 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
28,480 Commits 214 Branches 500 Tags 960 MiB
5778c33ee7
Commit Graph

28480 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Guo Xiang Tan
5778c33ee7 FIX: Compatibility with ImageMagick 7. 
http://www.imagemagick.org/Usage/misc/

"The "-interpolate" setting of 'Catrom' (generally imprecisely known as 'BiCubic' interpolation)"
 2018-08-16 09:49:52 +08:00
Neil Lalonde
37a01975e9 SECURITY: prevent use of X-Forwarded-Host to perform XSS 2018-08-13 17:10:06 -04:00
Neil Lalonde
49681b762a Version bump to v2.0.3 2018-07-26 14:14:22 -04:00
David Taylor
6f5b8f61df FIX: Remove return statement from inside block 2018-07-26 16:00:45 +01:00
Régis Hanol
aeaf6b5a7c SECURITY: force IM decoder based on file extension - part 3 2018-07-25 23:55:41 +02:00
Régis Hanol
01714e40f4 SECURITY: force IM decoder based on file extension - part 2 2018-07-25 23:08:38 +02:00
Régis Hanol
b04b7c366c SECURITY: force IM decoder based on file extension 2018-07-25 22:01:08 +02:00
David Taylor
6520697b5c FIX: Remove plugin.enabled? checks at initialization time (#6166) 
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
 2018-07-25 16:51:45 +01:00
Robin Ward
878aee965b SECURITY: Consider 0.0.0.0 a private IP 2018-07-24 11:17:13 -04:00
Sam
cf9b4a789b FIX: update mini_racer in stable 
This is required due to a bundler/build bug that means it is picking the wrong
version of libv8 when compiling mini_racer
 2018-07-24 12:25:45 +10:00
Vinoth Kannan
b7ebb0268f FIX: returns provider_not_enabled error even if enabled 2018-07-16 11:08:48 +01:00
Sam
297b899c68 SECURITY: extra CORS headers should be set on correct host 2018-07-11 09:29:45 +10:00
David Taylor
6f25421a06 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071) 
Do not allow authentication with disabled plugin-supplied auth providers
 2018-07-09 14:26:44 +10:00
Sam
849b4b5685 SECURITY: category badges should HTML escape names 2018-06-28 18:16:12 +10:00
Joffrey JAFFEUX
aafd883466 SECURITY: prevents XSS when showing tooltip 2018-06-27 14:53:31 +02:00
Dax74
612bc4f95b
Link updated 
See https://meta.discourse.org/t/wrong-link-on-manual-admin-creation/90849
 2018-06-27 11:41:03 +02:00
Neil Lalonde
34ad6749db FIX: missing translations for mobile flag modal 2018-06-25 20:21:47 -04:00
Neil Lalonde
365c99cf3f Version bump to v2.0.2 2018-06-21 10:39:00 -04:00
Sam
f2cb89b0d2 SECURITY: update sprockets for CVE-2018-3760 2018-06-20 09:50:28 +10:00
Guo Xiang Tan
a90364ac6c Monkey patch in 7830a950ef 2018-06-19 10:36:20 +08:00
Neil Lalonde
8c3380791b Version bump to v2.0.1 2018-06-12 12:13:47 -04:00
Joffrey JAFFEUX
5e4a1e812a UX: reworks dashboard problems section to be in line with new style 2018-06-12 11:48:53 -04:00
Arpit Jalan
57f5f7d755 FIX: do not show SSO external_email to moderators 2018-06-12 11:48:10 -04:00
Guo Xiang Tan
ff7cbf6935 FIX: Ensure we have proper timeout for MiniRacer. 2018-06-12 11:48:08 -04:00
Joe
7c9aa82625 FIX: adjust 2FA input width in mobile login form 2018-06-12 11:48:08 -04:00
Joe
1612c28718 FIX: adjust max-width of social login buttons for non-English locals 2018-06-12 11:48:07 -04:00
Neil Lalonde
a8d2d24a49 fix indent 2018-06-12 11:48:07 -04:00
Neil Lalonde
a279e43025 FIX: broken mailto href's in emails 2018-06-12 11:48:07 -04:00
Joffrey JAFFEUX
2b3faa8d0b FIX: do not use number helper for charts Y value 2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
940c0f569f FIX: incorrect backup and update times on dashboard 2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
e66d5425e4 FIX: slightly safer rounding 2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
2f84d43bb2 FIX: makes format number round the value before using parseInt 2018-06-12 11:48:05 -04:00
Joe
134300001c FIX: user-fields layout in desktop create account form 2018-06-12 11:48:05 -04:00
Joffrey JAFFEUX
7c57cd6897 FIX: removes buggy/unnecessary local-dates margin 2018-06-12 11:48:05 -04:00
Joe
cb9753267a FIX: user-fields layout in mobile create account form 2018-06-12 11:48:04 -04:00
Vinoth Kannan
17e7d3b526 FIX: avatar_url includes upload_path twice when local storage used 2018-06-12 11:48:04 -04:00
Guo Xiang Tan
b7865bac27 FIX: Permalink route matcher should always be last. 2018-06-12 11:48:04 -04:00
Guo Xiang Tan
a74d62d618 FIX: Disconnects all connections in the pool before forking. 
* We were leaking connections as a result. Connections opened
  before the fork were never closed.
 2018-06-12 11:48:03 -04:00
Régis Hanol
db3f31a841 FIX: unable to add new poll to post with a public poll 2018-06-12 11:48:03 -04:00
Joffrey JAFFEUX
9334d36a23 FIX: sharing popup not showing on macos/chrome 
Despite `navigator.share` being defined the call was failing with this error:

```
sharing DOMException: Internal error: could not connect to Web Share interface.
```
 2018-06-12 11:48:03 -04:00
Robin Ward
e37af71f2e FIX: Protection against dangling category group records 2018-06-12 11:48:02 -04:00
Robin Ward
abbb0ece4f FIX: Keyboard shortcuts didn't work on subfolders 2018-06-12 11:48:02 -04:00
Joe
08aca35b37 FIX: alignment for instructions on change email and 2FA fields 2018-06-12 11:48:02 -04:00
Blake Erickson
afbbdfc05f FIX: Allow a user to remove their title 
Somewhere there was a regression and a user couldn't remove their own
title. If they selected '(none)' in the UI it would say it was saved,
but it would not actually be updated in the db.
 2018-06-12 11:48:01 -04:00
Neil Lalonde
e90f80e788 Update translations 2018-06-08 10:45:46 -04:00
Neil Lalonde
894d287a7f Version bump to v2.0.0 2018-05-31 18:24:41 -04:00
Kris
0aa8d75be1 safety so pre blocks can't break modal width 2018-05-31 18:23:32 -04:00
Kris
12ebcc325b envelope missing on invite page, long pre lines making modals wide 2018-05-31 18:19:59 -04:00
Neil Lalonde
b675f5fa6b Merge master 2018-05-31 18:19:36 -04:00
Neil Lalonde
dee9af2877 Update translations 2018-05-31 17:03:38 -04:00