David Taylor
62ec0f92ea
FIX: Only serialize group membership domains for administrators ( #6771 )
2018-12-14 15:49:05 +00:00
Sam
d535e1ce6d
SECURITY: do not delete avatars uploads when deleting accounts
...
We rely on the clean up uploads job to do this safely
2018-12-13 16:32:35 +11:00
Sam
1b34a8b48a
FIX: remove slow platform detection from server side
...
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.
This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.
Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.
This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.
I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.
If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
2018-12-13 16:14:37 +11:00
David Taylor
7828c1156c
FIX: Do not serialize user fields unless they are specified for display ( #6736 )
2018-12-07 11:08:59 +00:00
Guo Xiang Tan
cffb3d7976
SECURITY: Require groups to be given when inviting to a restricted category. ( #6715 )
2018-12-07 15:54:53 +08:00
Neil Lalonde
e8b51feceb
Version bump to v2.1.4
2018-11-29 11:16:23 -05:00
Sam
6b9b73236a
SECURITY: enforce hostname to match discourse hostname
...
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
# Conflicts:
# config/application.rb
# spec/requests/application_controller_spec.rb
2018-11-15 16:17:22 +11:00
Sam
05b2c5babf
SECURITY: update rack from 2.0.5 to 2.0.6
...
This release contains security fixes to the underlying rack library
used by Discourse.
Impact is not too high as we do not use request.scheme in our templates
2018-11-07 10:06:24 +11:00
David Taylor
e16c1206e5
Version bump to v2.1.3
2018-11-05 11:08:19 +00:00
David Taylor
43ad60d52c
SECURITY: Add CSRF protections to OpenID callback
2018-11-05 11:07:35 +00:00
Joffrey JAFFEUX
d37e8e17ef
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-11-01 21:29:29 +01:00
Joffrey JAFFEUX
5a114df088
FEATURE: adds latest to user-api-key session scope
2018-11-01 21:29:19 +01:00
Joffrey JAFFEUX
b8aec7777c
FEATURE: adds list#(unread|new) to user api key routes ( #6494 )
2018-11-01 21:29:13 +01:00
Joffrey JAFFEUX
38ad1b96cb
FEATURE: adds header text/background color to site ( #6462 )
2018-11-01 21:29:04 +01:00
Kyle Zhao
5e054e00da
SECURITY: update loofah for CVE-2018-16468
2018-10-30 11:37:35 -04:00
Neil Lalonde
caae57a496
Version bump to v2.1.2
2018-10-12 10:46:12 -04:00
Guo Xiang Tan
40559b3881
Fix UploadRecovery
from S3 fails with bucket name containing sub-folder.
2018-10-01 20:22:15 +08:00
Guo Xiang Tan
05fe5c9188
Fix onceoff job in cfa7173da3
not running.
2018-10-01 18:37:05 +08:00
Guo Xiang Tan
cf60ae32ea
FIX: Onceoff job to fix missing user profile backgrounds.
2018-10-01 18:31:09 +08:00
Sam
b6e7992a3d
FIX: correct readonly timeout
...
So it only applies in readonly mode
2018-09-20 15:19:46 +10:00
Sam
abc39c492a
FIX: in redis readonly raise an exception from DistributedMutex
...
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller
When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb
In redis readonly no thumbnails will be generated
2018-09-19 15:49:18 +10:00
Sam
d7d5db257b
FIX: required rbtrace upgrade
...
trollop gem was renamed to optimist
2018-09-19 15:29:53 +10:00
Sam
7b70a208ba
SECURITY: correct XSS on long topic titles
2018-09-18 08:56:10 +10:00
Sam
c662e0918f
SECURITY: remove admin memory diagnostics routes
2018-09-18 08:36:24 +10:00
Guo Xiang Tan
852026dfae
Backward compatibility for dropping functions in ColumnDropper
.
...
https://meta.discourse.org/t/launcher-rebuild-error-pg-error-schema-discourse-functions-does-not-exist/96209
2018-09-17 14:52:09 +08:00
Neil Lalonde
b5401af2dc
Version bump to v2.1.1
2018-09-14 11:00:12 -04:00
Guo Xiang Tan
8ddcb6564e
FIX: Onceoff job to recover missing post uploads.
...
This fixes the regression due to 1f636c445b
2018-09-14 10:52:33 +08:00
Guo Xiang Tan
9d81a6cc72
DEV: Avoid using send
and make the method public instead.
2018-09-14 10:52:16 +08:00
Guo Xiang Tan
ea522589cf
Accept custom AR relation for UploadRecovery
.
2018-09-14 10:51:55 +08:00
Guo Xiang Tan
1d6597c646
FIX: Do not try to recover invalid Upload#short_url
in UploadRecovery
.
2018-09-14 10:51:36 +08:00
Guo Xiang Tan
692f2aa395
Fix the build.
2018-09-14 10:51:26 +08:00
Guo Xiang Tan
2176605fc4
Add basic test case for UploadRecovery
.
2018-09-14 10:51:20 +08:00
Guo Xiang Tan
50f7e2be64
Rescue errors when running dry run for UploadRecovery
.
2018-09-14 10:51:11 +08:00
Guo Xiang Tan
d257b4a386
Fix s3 recovery from tombstone in UploadRecovery
.
2018-09-14 10:51:04 +08:00
Guo Xiang Tan
c3c42fd056
Add dry run option to UploadRecovery
.
2018-09-14 10:50:53 +08:00
Guo Xiang Tan
f08e7bdbff
Fix incorrect variable.
2018-09-14 10:50:46 +08:00
Guo Xiang Tan
797a259702
New rake task uploads:recover
.
2018-09-14 10:50:32 +08:00
Guo Xiang Tan
0811379ab3
DEV: Print the error class in uploads:list_posts_with_broken_images
.
2018-09-14 10:50:26 +08:00
Guo Xiang Tan
dffd4fa9e6
Add extra protection in Upload#get_from_url
.
...
In case the extension goes missing from the URL.
2018-09-14 10:49:34 +08:00
Régis Hanol
39a2d92417
FIX: don't index urls to local files
2018-09-14 12:31:35 +10:00
Arpit Jalan
74eec1849d
FIX: ignore and log bad json values for custom fields
2018-09-13 17:42:48 +05:30
Guo Xiang Tan
f31758cc70
FIX: Uploads not being linked correctly to posts.
...
Regression due to 1f636c445b
.
2018-09-11 23:54:07 -07:00
Neil Lalonde
8922a91c1c
Version bump to v2.1.0
2018-09-10 19:39:59 -04:00
Neil Lalonde
ea7ee8e9f7
Merge master
2018-09-10 19:39:09 -04:00
Sam
a5ae7ee8e2
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:25:19 +10:00
Sam
e64402cb3b
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:24:02 +10:00
Rishabh
80eace4268
Merge pull request #6383 from discourse/fix_username_suggester
...
FIX: don't raise an error on integer usernames in user_name_suggester
2018-09-11 00:30:29 +05:30
Neil Lalonde
4653627a40
update plugin-translations.rb script to update .tx/config file in plugins when languages are added or removed
2018-09-10 14:22:45 -04:00
Neil Lalonde
6afc86398c
Update translations
2018-09-10 13:29:07 -04:00
Rishabh Nambiar
81c87df18a
FIX: don't raise an error on integer usernames
2018-09-10 22:17:56 +05:30