Commit Graph

30021 Commits

Author SHA1 Message Date
David Taylor
62ec0f92ea FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:49:05 +00:00
Sam
d535e1ce6d SECURITY: do not delete avatars uploads when deleting accounts
We rely on the clean up uploads job to do this safely
2018-12-13 16:32:35 +11:00
Sam
1b34a8b48a FIX: remove slow platform detection from server side
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.

This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.

Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.

This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.

I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.

If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
2018-12-13 16:14:37 +11:00
David Taylor
7828c1156c FIX: Do not serialize user fields unless they are specified for display (#6736) 2018-12-07 11:08:59 +00:00
Guo Xiang Tan
cffb3d7976 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-07 15:54:53 +08:00
Neil Lalonde
e8b51feceb Version bump to v2.1.4 2018-11-29 11:16:23 -05:00
Sam
6b9b73236a SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

# Conflicts:
#	config/application.rb
#	spec/requests/application_controller_spec.rb
2018-11-15 16:17:22 +11:00
Sam
05b2c5babf SECURITY: update rack from 2.0.5 to 2.0.6
This release contains security fixes to the underlying rack library
used by Discourse.

Impact is not too high as we do not use request.scheme in our templates
2018-11-07 10:06:24 +11:00
David Taylor
e16c1206e5 Version bump to v2.1.3 2018-11-05 11:08:19 +00:00
David Taylor
43ad60d52c SECURITY: Add CSRF protections to OpenID callback 2018-11-05 11:07:35 +00:00
Joffrey JAFFEUX
d37e8e17ef UX: bumps the user-api-key version to 3 (#6526)
* UX: bumps the user-api-key version to 3

* fix spec
2018-11-01 21:29:29 +01:00
Joffrey JAFFEUX
5a114df088 FEATURE: adds latest to user-api-key session scope 2018-11-01 21:29:19 +01:00
Joffrey JAFFEUX
b8aec7777c FEATURE: adds list#(unread|new) to user api key routes (#6494) 2018-11-01 21:29:13 +01:00
Joffrey JAFFEUX
38ad1b96cb FEATURE: adds header text/background color to site (#6462) 2018-11-01 21:29:04 +01:00
Kyle Zhao
5e054e00da SECURITY: update loofah for CVE-2018-16468 2018-10-30 11:37:35 -04:00
Neil Lalonde
caae57a496 Version bump to v2.1.2 2018-10-12 10:46:12 -04:00
Guo Xiang Tan
40559b3881 Fix UploadRecovery from S3 fails with bucket name containing sub-folder. 2018-10-01 20:22:15 +08:00
Guo Xiang Tan
05fe5c9188 Fix onceoff job in cfa7173da3 not running. 2018-10-01 18:37:05 +08:00
Guo Xiang Tan
cf60ae32ea FIX: Onceoff job to fix missing user profile backgrounds. 2018-10-01 18:31:09 +08:00
Sam
b6e7992a3d FIX: correct readonly timeout
So it only applies in readonly mode
2018-09-20 15:19:46 +10:00
Sam
abc39c492a FIX: in redis readonly raise an exception from DistributedMutex
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
2018-09-19 15:49:18 +10:00
Sam
d7d5db257b FIX: required rbtrace upgrade
trollop gem was renamed to optimist
2018-09-19 15:29:53 +10:00
Sam
7b70a208ba SECURITY: correct XSS on long topic titles 2018-09-18 08:56:10 +10:00
Sam
c662e0918f SECURITY: remove admin memory diagnostics routes 2018-09-18 08:36:24 +10:00
Guo Xiang Tan
852026dfae Backward compatibility for dropping functions in ColumnDropper.
https://meta.discourse.org/t/launcher-rebuild-error-pg-error-schema-discourse-functions-does-not-exist/96209
2018-09-17 14:52:09 +08:00
Neil Lalonde
b5401af2dc Version bump to v2.1.1 2018-09-14 11:00:12 -04:00
Guo Xiang Tan
8ddcb6564e FIX: Onceoff job to recover missing post uploads.
This fixes the regression due to 1f636c445b
2018-09-14 10:52:33 +08:00
Guo Xiang Tan
9d81a6cc72 DEV: Avoid using send and make the method public instead. 2018-09-14 10:52:16 +08:00
Guo Xiang Tan
ea522589cf Accept custom AR relation for UploadRecovery. 2018-09-14 10:51:55 +08:00
Guo Xiang Tan
1d6597c646 FIX: Do not try to recover invalid Upload#short_url in UploadRecovery. 2018-09-14 10:51:36 +08:00
Guo Xiang Tan
692f2aa395 Fix the build. 2018-09-14 10:51:26 +08:00
Guo Xiang Tan
2176605fc4 Add basic test case for UploadRecovery. 2018-09-14 10:51:20 +08:00
Guo Xiang Tan
50f7e2be64 Rescue errors when running dry run for UploadRecovery. 2018-09-14 10:51:11 +08:00
Guo Xiang Tan
d257b4a386 Fix s3 recovery from tombstone in UploadRecovery. 2018-09-14 10:51:04 +08:00
Guo Xiang Tan
c3c42fd056 Add dry run option to UploadRecovery. 2018-09-14 10:50:53 +08:00
Guo Xiang Tan
f08e7bdbff Fix incorrect variable. 2018-09-14 10:50:46 +08:00
Guo Xiang Tan
797a259702 New rake task uploads:recover. 2018-09-14 10:50:32 +08:00
Guo Xiang Tan
0811379ab3 DEV: Print the error class in uploads:list_posts_with_broken_images. 2018-09-14 10:50:26 +08:00
Guo Xiang Tan
dffd4fa9e6 Add extra protection in Upload#get_from_url.
In case the extension goes missing from the URL.
2018-09-14 10:49:34 +08:00
Régis Hanol
39a2d92417 FIX: don't index urls to local files 2018-09-14 12:31:35 +10:00
Arpit Jalan
74eec1849d FIX: ignore and log bad json values for custom fields 2018-09-13 17:42:48 +05:30
Guo Xiang Tan
f31758cc70 FIX: Uploads not being linked correctly to posts.
Regression due to 1f636c445b.
2018-09-11 23:54:07 -07:00
Neil Lalonde
8922a91c1c Version bump to v2.1.0 2018-09-10 19:39:59 -04:00
Neil Lalonde
ea7ee8e9f7 Merge master 2018-09-10 19:39:09 -04:00
Sam
a5ae7ee8e2 SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:25:19 +10:00
Sam
e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Rishabh
80eace4268
Merge pull request #6383 from discourse/fix_username_suggester
FIX: don't raise an error on integer usernames in user_name_suggester
2018-09-11 00:30:29 +05:30
Neil Lalonde
4653627a40 update plugin-translations.rb script to update .tx/config file in plugins when languages are added or removed 2018-09-10 14:22:45 -04:00
Neil Lalonde
6afc86398c Update translations 2018-09-10 13:29:07 -04:00
Rishabh Nambiar
81c87df18a FIX: don't raise an error on integer usernames 2018-09-10 22:17:56 +05:30