Commit Graph

37650 Commits

Author SHA1 Message Date
Sam Saffron
5bfb6830c9
SECURITY: missing security check prior to redirect
In some rare cases, if a user knows the exact title of a topic
they could possibly determine that it really exists in the system
2020-05-27 10:58:22 +10:00
Martin Brennan
2d534bf2e0
FIX: Pass current_user to TopicQuery in for categories_and_top_topics (#9885) 2020-05-27 10:05:06 +10:00
Krzysztof Kotlarek
34e5f0a9a3
Revert "FEATURE: notify admins about old credentials (#9854)" (#9886)
This reverts commit 349a67bee6.
2020-05-27 09:52:53 +10:00
Kris
66ec634cb3 Composer whisper icon missing margin when editing replies 2020-05-26 19:17:09 -04:00
Jordan Vidrine
5f61deff80
FIX: updates variables for HTML to use em instead of px in font-size (#9883) 2020-05-26 17:48:35 -05:00
Krzysztof Kotlarek
349a67bee6
FEATURE: notify admins about old credentials (#9854)
* FEATURE: notify admins about old credentials

Security and API keys should be renewed periodically.
This additional notification should help admins keep their Discourse safe and secure.
2020-05-27 08:13:47 +10:00
Neil Lalonde
2c880b9bf9
FIX: wizard fails to start when default_theme_id is -1 2020-05-26 16:08:35 -04:00
Penar Musaraj
b1c726be0d
Remove support for FontAwesome 4.7 icon names (#9871) 2020-05-26 14:53:32 -04:00
Mark VanLandingham
7820686f73
FIX: Wizard previews if color step is excluded (#9881) 2020-05-26 12:56:36 -05:00
Arpit Jalan
a6189c5070 Bump onebox version
- use oEmbed for Instagram onebox
2020-05-26 22:03:51 +05:30
dependabot-preview[bot]
d38e571cba
Build(deps): Bump excon from 0.72.0 to 0.73.0 (#9228)
Bumps [excon](https://github.com/excon/excon) from 0.72.0 to 0.73.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.72.0...v0.73.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-26 12:28:28 -04:00
Gerhard Schlager
69ee94b526 FIX: XML files could be detected as SVG files 2020-05-26 18:18:20 +02:00
Jeff Wong
4dc6504234 DEV: Mark fontawesome-pro plugin as official 2020-05-26 08:50:55 -07:00
Neil Lalonde
788b8becde
Version bump to v2.5.0.beta5 2020-05-26 11:13:05 -04:00
Joffrey JAFFEUX
675e9b81c6
FIX: document.activeElement can be null on IE11 (#9880) 2020-05-26 16:51:55 +02:00
Guo Xiang Tan
26c7fa2c29
FIX: rescue_from doesn't bubble up.
See a47e0c19e6/actionpack/lib/action_controller/metal/rescue.rb (L25)
2020-05-26 22:43:29 +08:00
Joffrey JAFFEUX
253a185769
FIX: makes focust text area after complete more resilient (#9879) 2020-05-26 16:27:02 +02:00
Neil Lalonde
3d20a1143b
Update translations 2020-05-26 10:06:07 -04:00
Jarek Radosz
eb462bfb3d
FIX: Improve image downsizing script (#9549)
Correctly handles more upload formats in posts, updates post custom fields, fixes more edge cases, adds debugging capabilities. (VERBOSE=1 and INTERACTIVE=1 flags)

Includes these commits and some more:

* DEV: Show the fixed image dimensions
* FIX: Support more upload url formats
* DEV: Remove the old upload after updating posts
* FIX: Use the `process_post_#{id}` mutex
* FIX: Avoid rebaking twice
* DEV: Print out the link to the post
* DEV: Process posts chronologically
* DEV: Do a dry-run before saving, pause on any issue
* FIX: Also process deleted posts
* DEV: Make matchers case-insensitive
* DEV: Pause on "detached" uploads, add more debug info
* DEV: Print out time when finished
* DEV: Add support for WORKER_ID/WORKER_COUNT
* DEV: Fix the onebox in cooked text heuristic
* DEV: Don't report already processed posts
* DEV: Beep when done!
* DEV: Ignore issues with deleted posts
* DEV: Ignore issues with deleted topics
* DEV: Multiline SQL
* DEV: Use the bulk attribute assignment
* DEV: Add ENV["INTERACTIVE"] mode
* DEV: Handle post custom fields
* DEV: Bail on non-S3 sites
* DEV: Allow sizes smaller than 1 mpix
2020-05-26 15:38:23 +02:00
Roman Rizzi
b61a291cf3
FIX: returns false if the upload url is an invalid mailto link (#9877) 2020-05-26 10:32:48 -03:00
Bianca Nenciu
f47400475e
FEATURE: Send a private message when a group membership is accepted (#9822)
* FEATURE: Send a private message when a group membership is accepted

* DEV: Small code improvements

* FIX: Send PM as group owner

* Copy edits
2020-05-26 16:28:03 +03:00
Joshua Rosenfeld
41f742c2f9
FIX: Copyedit for the dominating topic warning 2020-05-26 07:18:36 -04:00
Sam Saffron
76c4bc925d
DEV: followup to prev commit
337bd9a0f7 did not account for optimized image being nil
2020-05-26 16:19:05 +10:00
Sam Saffron
337bd9a0f7
FIX: concurrency bug when creating topic thumbnails
We were failing erratically when backfilling topic thumbnails.

This ensures that racing threads/processes will not conflict.
2020-05-26 16:10:22 +10:00
Osama Sayegh
2211581a85
FIX: Don't responde with error 500 if domain is invalid when adding automatic membership domain (#9655) 2020-05-26 15:40:09 +10:00
Arpit Jalan
5462fe9462
FIX: do not allow tag with name 'none' (#9867)
https://meta.discourse.org/t/none-tag-is-uneditable/152003
2020-05-26 08:15:45 +05:30
Guo Xiang Tan
878f06f1fe DEV: Remove custom connection reaper.
Rails 6 fixed the reaper to use one thread to reap all the connection pools.
2020-05-26 09:09:46 +08:00
Sam Saffron
fc97f7e0e7
FIX: properly ban non human users from draft system
Previously we had a partial fix in place where non human users
were not allowed draft sequences, this left edges around where non
human users asked for drafts yet had none.

For example system could already have a few drafts in place.

This also removes and extensibility point we added that is not in use
2020-05-26 10:07:09 +10:00
Kane York
979093787f
FIX: Include lazyYT-container in cooked post HTML (#9870)
This applies the new styles without waiting for the JS to run.
2020-05-25 14:24:40 -07:00
Rafael dos Santos Silva
b48299f81c
FEATURE: Add setting to disable automatic CORS rule install in S3 buckets (#9872) 2020-05-25 17:09:34 -03:00
Joffrey JAFFEUX
d9f915b195
FIX: documentation was using incorrect function (#9876) 2020-05-25 21:55:30 +02:00
Joffrey JAFFEUX
be16205118
DEV: plugin api should have been bumped for #8825395 (#9874) 2020-05-25 21:44:15 +02:00
Vinoth Kannan
5fb9271878
DEV: ignore flair_url column in group model. (#9873) 2020-05-26 00:43:50 +05:30
Joffrey JAFFEUX
8825395bdc
DEV: allows to decorate username selector (#9869)
Usage:

```
api.addUsernameSelectorDecorator(username => {
  return iconHTML("calendar-alt");
});
```
2020-05-25 19:09:55 +02:00
Robin Ward
fd2d7ca992 FIX: Email Styles were evaluated out of order
`yield` puts the content in the template right away unless explicitly
`capture`'d.
2020-05-25 12:47:23 -04:00
Arpit Jalan
e8fb9d4066 FIX: when creating new PM username/groupname should be case-insensitive
(take 2)

https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 21:34:05 +05:30
Arpit Jalan
302b37c805 Revert "FIX: when creating new PM username/groupname should be case-insensitive"
This reverts commit 2be79d94f5.

This is affecting multiple code path. Investigating.
2020-05-25 20:10:14 +05:30
Arpit Jalan
30849c8b37 FIX: no need for downcasing second time 2020-05-25 19:20:15 +05:30
Arpit Jalan
2be79d94f5 FIX: when creating new PM username/groupname should be case-insensitive
https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 19:04:59 +05:30
Gerhard Schlager
631024ae5d FEATURE: Permalinks for tags 2020-05-25 14:51:01 +02:00
Sam Saffron
48fb354bce
PERF: avoid traversing DOM in loadScript
Once a script is loaded operation should be very fast.

This optimisation avoids a DOM traverse and call to getURL on
every invocation.
2020-05-25 18:19:59 +10:00
Vinoth Kannan
505122bb45 FIX: skip onceoff job for groups with invalid flair URL. 2020-05-25 13:11:00 +05:30
Sam Saffron
c011b817b2
FIX: do not fallback to flair_url column
flair_url is not loaded by our query anymore so avoid falling back
to the old value
2020-05-25 16:25:42 +10:00
Vinoth Kannan
47c6fe9bfa Merge branch 'master' of github.com:discourse/discourse 2020-05-25 11:36:18 +05:30
dependabot-preview[bot]
098c9e5950
Build(deps-dev): Bump rspec-rails from 4.0.0 to 4.0.1 (#9804)
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases)
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md)
- [Commits](https://github.com/rspec/rspec-rails/compare/v4.0.0...v4.0.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-25 15:50:56 +10:00
Bianca Nenciu
e31adef32d
FIX: Keep composer title and reply when switching to PM (#9851) 2020-05-25 15:46:02 +10:00
dependabot-preview[bot]
32d13ab97f
DEV: Bump rack-mini-profiler from 2.0.1 to 2.0.2 (#9865)
Bumps [rack-mini-profiler](https://github.com/MiniProfiler/rack-mini-profiler) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/MiniProfiler/rack-mini-profiler/releases)
- [Changelog](https://github.com/MiniProfiler/rack-mini-profiler/blob/master/CHANGELOG.md)
- [Commits](https://github.com/MiniProfiler/rack-mini-profiler/compare/v2.0.1...v2.0.2)

This is a simple fix to restore client timings in the UI
2020-05-25 15:43:55 +10:00
Vinoth Kannan
8e56197728
UX: use "icon-picker" & "image-uploader" fields to set group flair. (#9779) 2020-05-25 11:08:47 +05:30
Gerhard Schlager
13d5ccedf5 FIX: Destroying a user failed when it had title
...because updating the user caused a validation of the primary email and the UserEmail records are already deleted at that time.
2020-05-24 22:14:50 +02:00
Vinoth Kannan
6f03d14c23 FEATURE: category setting for default list filter. 2020-05-25 00:04:06 +05:30