Sam Saffron
5bfb6830c9
SECURITY: missing security check prior to redirect
...
In some rare cases, if a user knows the exact title of a topic
they could possibly determine that it really exists in the system
2020-05-27 10:58:22 +10:00
Martin Brennan
2d534bf2e0
FIX: Pass current_user to TopicQuery in for categories_and_top_topics ( #9885 )
2020-05-27 10:05:06 +10:00
Krzysztof Kotlarek
34e5f0a9a3
Revert "FEATURE: notify admins about old credentials ( #9854 )" ( #9886 )
...
This reverts commit 349a67bee6
.
2020-05-27 09:52:53 +10:00
Kris
66ec634cb3
Composer whisper icon missing margin when editing replies
2020-05-26 19:17:09 -04:00
Jordan Vidrine
5f61deff80
FIX: updates variables for HTML to use em
instead of px
in font-size ( #9883 )
2020-05-26 17:48:35 -05:00
Krzysztof Kotlarek
349a67bee6
FEATURE: notify admins about old credentials ( #9854 )
...
* FEATURE: notify admins about old credentials
Security and API keys should be renewed periodically.
This additional notification should help admins keep their Discourse safe and secure.
2020-05-27 08:13:47 +10:00
Neil Lalonde
2c880b9bf9
FIX: wizard fails to start when default_theme_id is -1
2020-05-26 16:08:35 -04:00
Penar Musaraj
b1c726be0d
Remove support for FontAwesome 4.7 icon names ( #9871 )
2020-05-26 14:53:32 -04:00
Mark VanLandingham
7820686f73
FIX: Wizard previews if color step is excluded ( #9881 )
2020-05-26 12:56:36 -05:00
Arpit Jalan
a6189c5070
Bump onebox version
...
- use oEmbed for Instagram onebox
2020-05-26 22:03:51 +05:30
dependabot-preview[bot]
d38e571cba
Build(deps): Bump excon from 0.72.0 to 0.73.0 ( #9228 )
...
Bumps [excon](https://github.com/excon/excon ) from 0.72.0 to 0.73.0.
- [Release notes](https://github.com/excon/excon/releases )
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt )
- [Commits](https://github.com/excon/excon/compare/v0.72.0...v0.73.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-26 12:28:28 -04:00
Gerhard Schlager
69ee94b526
FIX: XML files could be detected as SVG files
2020-05-26 18:18:20 +02:00
Jeff Wong
4dc6504234
DEV: Mark fontawesome-pro plugin as official
2020-05-26 08:50:55 -07:00
Neil Lalonde
788b8becde
Version bump to v2.5.0.beta5
2020-05-26 11:13:05 -04:00
Joffrey JAFFEUX
675e9b81c6
FIX: document.activeElement can be null on IE11 ( #9880 )
2020-05-26 16:51:55 +02:00
Guo Xiang Tan
26c7fa2c29
FIX: rescue_from
doesn't bubble up.
...
See a47e0c19e6/actionpack/lib/action_controller/metal/rescue.rb (L25)
2020-05-26 22:43:29 +08:00
Joffrey JAFFEUX
253a185769
FIX: makes focust text area after complete more resilient ( #9879 )
2020-05-26 16:27:02 +02:00
Neil Lalonde
3d20a1143b
Update translations
2020-05-26 10:06:07 -04:00
Jarek Radosz
eb462bfb3d
FIX: Improve image downsizing script ( #9549 )
...
Correctly handles more upload formats in posts, updates post custom fields, fixes more edge cases, adds debugging capabilities. (VERBOSE=1 and INTERACTIVE=1 flags)
Includes these commits and some more:
* DEV: Show the fixed image dimensions
* FIX: Support more upload url formats
* DEV: Remove the old upload after updating posts
* FIX: Use the `process_post_#{id}` mutex
* FIX: Avoid rebaking twice
* DEV: Print out the link to the post
* DEV: Process posts chronologically
* DEV: Do a dry-run before saving, pause on any issue
* FIX: Also process deleted posts
* DEV: Make matchers case-insensitive
* DEV: Pause on "detached" uploads, add more debug info
* DEV: Print out time when finished
* DEV: Add support for WORKER_ID/WORKER_COUNT
* DEV: Fix the onebox in cooked text heuristic
* DEV: Don't report already processed posts
* DEV: Beep when done!
* DEV: Ignore issues with deleted posts
* DEV: Ignore issues with deleted topics
* DEV: Multiline SQL
* DEV: Use the bulk attribute assignment
* DEV: Add ENV["INTERACTIVE"] mode
* DEV: Handle post custom fields
* DEV: Bail on non-S3 sites
* DEV: Allow sizes smaller than 1 mpix
2020-05-26 15:38:23 +02:00
Roman Rizzi
b61a291cf3
FIX: returns false if the upload url is an invalid mailto link ( #9877 )
2020-05-26 10:32:48 -03:00
Bianca Nenciu
f47400475e
FEATURE: Send a private message when a group membership is accepted ( #9822 )
...
* FEATURE: Send a private message when a group membership is accepted
* DEV: Small code improvements
* FIX: Send PM as group owner
* Copy edits
2020-05-26 16:28:03 +03:00
Joshua Rosenfeld
41f742c2f9
FIX: Copyedit for the dominating topic warning
2020-05-26 07:18:36 -04:00
Sam Saffron
76c4bc925d
DEV: followup to prev commit
...
337bd9a0f7
did not account for optimized image being nil
2020-05-26 16:19:05 +10:00
Sam Saffron
337bd9a0f7
FIX: concurrency bug when creating topic thumbnails
...
We were failing erratically when backfilling topic thumbnails.
This ensures that racing threads/processes will not conflict.
2020-05-26 16:10:22 +10:00
Osama Sayegh
2211581a85
FIX: Don't responde with error 500 if domain is invalid when adding automatic membership domain ( #9655 )
2020-05-26 15:40:09 +10:00
Arpit Jalan
5462fe9462
FIX: do not allow tag with name 'none' ( #9867 )
...
https://meta.discourse.org/t/none-tag-is-uneditable/152003
2020-05-26 08:15:45 +05:30
Guo Xiang Tan
878f06f1fe
DEV: Remove custom connection reaper.
...
Rails 6 fixed the reaper to use one thread to reap all the connection pools.
2020-05-26 09:09:46 +08:00
Sam Saffron
fc97f7e0e7
FIX: properly ban non human users from draft system
...
Previously we had a partial fix in place where non human users
were not allowed draft sequences, this left edges around where non
human users asked for drafts yet had none.
For example system could already have a few drafts in place.
This also removes and extensibility point we added that is not in use
2020-05-26 10:07:09 +10:00
Kane York
979093787f
FIX: Include lazyYT-container in cooked post HTML ( #9870 )
...
This applies the new styles without waiting for the JS to run.
2020-05-25 14:24:40 -07:00
Rafael dos Santos Silva
b48299f81c
FEATURE: Add setting to disable automatic CORS rule install in S3 buckets ( #9872 )
2020-05-25 17:09:34 -03:00
Joffrey JAFFEUX
d9f915b195
FIX: documentation was using incorrect function ( #9876 )
2020-05-25 21:55:30 +02:00
Joffrey JAFFEUX
be16205118
DEV: plugin api should have been bumped for #8825395 ( #9874 )
2020-05-25 21:44:15 +02:00
Vinoth Kannan
5fb9271878
DEV: ignore flair_url
column in group model. ( #9873 )
2020-05-26 00:43:50 +05:30
Joffrey JAFFEUX
8825395bdc
DEV: allows to decorate username selector ( #9869 )
...
Usage:
```
api.addUsernameSelectorDecorator(username => {
return iconHTML("calendar-alt");
});
```
2020-05-25 19:09:55 +02:00
Robin Ward
fd2d7ca992
FIX: Email Styles were evaluated out of order
...
`yield` puts the content in the template right away unless explicitly
`capture`'d.
2020-05-25 12:47:23 -04:00
Arpit Jalan
e8fb9d4066
FIX: when creating new PM username/groupname should be case-insensitive
...
(take 2)
https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 21:34:05 +05:30
Arpit Jalan
302b37c805
Revert "FIX: when creating new PM username/groupname should be case-insensitive"
...
This reverts commit 2be79d94f5
.
This is affecting multiple code path. Investigating.
2020-05-25 20:10:14 +05:30
Arpit Jalan
30849c8b37
FIX: no need for downcasing second time
2020-05-25 19:20:15 +05:30
Arpit Jalan
2be79d94f5
FIX: when creating new PM username/groupname should be case-insensitive
...
https://meta.discourse.org/t/case-sensitivity-in-links-to-groupname/147596
https://meta.discourse.org/t/remove-case-sensitive-in-adding-users-to-a-message/151275
2020-05-25 19:04:59 +05:30
Gerhard Schlager
631024ae5d
FEATURE: Permalinks for tags
2020-05-25 14:51:01 +02:00
Sam Saffron
48fb354bce
PERF: avoid traversing DOM in loadScript
...
Once a script is loaded operation should be very fast.
This optimisation avoids a DOM traverse and call to getURL on
every invocation.
2020-05-25 18:19:59 +10:00
Vinoth Kannan
505122bb45
FIX: skip onceoff job for groups with invalid flair URL.
2020-05-25 13:11:00 +05:30
Sam Saffron
c011b817b2
FIX: do not fallback to flair_url column
...
flair_url is not loaded by our query anymore so avoid falling back
to the old value
2020-05-25 16:25:42 +10:00
Vinoth Kannan
47c6fe9bfa
Merge branch 'master' of github.com:discourse/discourse
2020-05-25 11:36:18 +05:30
dependabot-preview[bot]
098c9e5950
Build(deps-dev): Bump rspec-rails from 4.0.0 to 4.0.1 ( #9804 )
...
Bumps [rspec-rails](https://github.com/rspec/rspec-rails ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/rspec/rspec-rails/releases )
- [Changelog](https://github.com/rspec/rspec-rails/blob/master/Changelog.md )
- [Commits](https://github.com/rspec/rspec-rails/compare/v4.0.0...v4.0.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-25 15:50:56 +10:00
Bianca Nenciu
e31adef32d
FIX: Keep composer title and reply when switching to PM ( #9851 )
2020-05-25 15:46:02 +10:00
dependabot-preview[bot]
32d13ab97f
DEV: Bump rack-mini-profiler from 2.0.1 to 2.0.2 ( #9865 )
...
Bumps [rack-mini-profiler](https://github.com/MiniProfiler/rack-mini-profiler ) from 2.0.1 to 2.0.2.
- [Release notes](https://github.com/MiniProfiler/rack-mini-profiler/releases )
- [Changelog](https://github.com/MiniProfiler/rack-mini-profiler/blob/master/CHANGELOG.md )
- [Commits](https://github.com/MiniProfiler/rack-mini-profiler/compare/v2.0.1...v2.0.2 )
This is a simple fix to restore client timings in the UI
2020-05-25 15:43:55 +10:00
Vinoth Kannan
8e56197728
UX: use "icon-picker" & "image-uploader" fields to set group flair. ( #9779 )
2020-05-25 11:08:47 +05:30
Gerhard Schlager
13d5ccedf5
FIX: Destroying a user failed when it had title
...
...because updating the user caused a validation of the primary email and the UserEmail records are already deleted at that time.
2020-05-24 22:14:50 +02:00
Vinoth Kannan
6f03d14c23
FEATURE: category setting for default list filter.
2020-05-25 00:04:06 +05:30