Neil Lalonde
65cffedc33
Version bump to v2.0.5
2018-08-30 10:49:38 -04:00
David Taylor
825dee5598
SECURITY: Prevent users from modifying custom fields
2018-08-30 13:00:51 +01:00
Vinoth Kannan
3eff6a0e9b
DEV: Export Tag class to modify methods in plugin
2018-08-30 16:53:02 +08:00
Guo Xiang Tan
c4de36624f
Skip imagemagick tests on Travis.
2018-08-30 16:07:00 +08:00
Guo Xiang Tan
90802053a0
Fix linting on Travis for stable.
2018-08-30 16:04:56 +08:00
Guo Xiang Tan
032f860c86
Fix brittle spec.
2018-08-28 14:29:38 +08:00
Robin Ward
52ca0893e1
FIX: Broken specs
2018-08-28 14:29:38 +08:00
Neil Lalonde
911044f8a0
Version bump to v2.0.4
2018-08-21 11:53:29 -04:00
Guo Xiang Tan
5778c33ee7
FIX: Compatibility with ImageMagick 7.
...
http://www.imagemagick.org/Usage/misc/
"The "-interpolate" setting of 'Catrom' (generally imprecisely known as 'BiCubic' interpolation)"
2018-08-16 09:49:52 +08:00
Neil Lalonde
37a01975e9
SECURITY: prevent use of X-Forwarded-Host to perform XSS
2018-08-13 17:10:06 -04:00
Neil Lalonde
49681b762a
Version bump to v2.0.3
2018-07-26 14:14:22 -04:00
David Taylor
6f5b8f61df
FIX: Remove return statement from inside block
2018-07-26 16:00:45 +01:00
Régis Hanol
aeaf6b5a7c
SECURITY: force IM decoder based on file extension - part 3
2018-07-25 23:55:41 +02:00
Régis Hanol
01714e40f4
SECURITY: force IM decoder based on file extension - part 2
2018-07-25 23:08:38 +02:00
Régis Hanol
b04b7c366c
SECURITY: force IM decoder based on file extension
2018-07-25 22:01:08 +02:00
David Taylor
6520697b5c
FIX: Remove plugin.enabled?
checks at initialization time ( #6166 )
...
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.
Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.
I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
2018-07-25 16:51:45 +01:00
Robin Ward
878aee965b
SECURITY: Consider 0.0.0.0
a private IP
2018-07-24 11:17:13 -04:00
Sam
cf9b4a789b
FIX: update mini_racer in stable
...
This is required due to a bundler/build bug that means it is picking the wrong
version of libv8 when compiling mini_racer
2018-07-24 12:25:45 +10:00
Vinoth Kannan
b7ebb0268f
FIX: returns provider_not_enabled error even if enabled
2018-07-16 11:08:48 +01:00
Sam
297b899c68
SECURITY: extra CORS headers should be set on correct host
2018-07-11 09:29:45 +10:00
David Taylor
6f25421a06
SECURITY: Do not allow authentication with disabled plugin-supplied a… ( #6071 )
...
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:26:44 +10:00
Sam
849b4b5685
SECURITY: category badges should HTML escape names
2018-06-28 18:16:12 +10:00
Joffrey JAFFEUX
aafd883466
SECURITY: prevents XSS when showing tooltip
2018-06-27 14:53:31 +02:00
Dax74
612bc4f95b
Link updated
...
See https://meta.discourse.org/t/wrong-link-on-manual-admin-creation/90849
2018-06-27 11:41:03 +02:00
Neil Lalonde
34ad6749db
FIX: missing translations for mobile flag modal
2018-06-25 20:21:47 -04:00
Neil Lalonde
365c99cf3f
Version bump to v2.0.2
2018-06-21 10:39:00 -04:00
Sam
f2cb89b0d2
SECURITY: update sprockets for CVE-2018-3760
2018-06-20 09:50:28 +10:00
Guo Xiang Tan
a90364ac6c
Monkey patch in 7830a950ef
2018-06-19 10:36:20 +08:00
Neil Lalonde
8c3380791b
Version bump to v2.0.1
2018-06-12 12:13:47 -04:00
Joffrey JAFFEUX
5e4a1e812a
UX: reworks dashboard problems section to be in line with new style
2018-06-12 11:48:53 -04:00
Arpit Jalan
57f5f7d755
FIX: do not show SSO external_email to moderators
2018-06-12 11:48:10 -04:00
Guo Xiang Tan
ff7cbf6935
FIX: Ensure we have proper timeout for MiniRacer.
2018-06-12 11:48:08 -04:00
Joe
7c9aa82625
FIX: adjust 2FA input width in mobile login form
2018-06-12 11:48:08 -04:00
Joe
1612c28718
FIX: adjust max-width of social login buttons for non-English locals
2018-06-12 11:48:07 -04:00
Neil Lalonde
a8d2d24a49
fix indent
2018-06-12 11:48:07 -04:00
Neil Lalonde
a279e43025
FIX: broken mailto href's in emails
2018-06-12 11:48:07 -04:00
Joffrey JAFFEUX
2b3faa8d0b
FIX: do not use number helper for charts Y value
2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
940c0f569f
FIX: incorrect backup and update times on dashboard
2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
e66d5425e4
FIX: slightly safer rounding
2018-06-12 11:48:06 -04:00
Joffrey JAFFEUX
2f84d43bb2
FIX: makes format number round the value before using parseInt
2018-06-12 11:48:05 -04:00
Joe
134300001c
FIX: user-fields layout in desktop create account form
2018-06-12 11:48:05 -04:00
Joffrey JAFFEUX
7c57cd6897
FIX: removes buggy/unnecessary local-dates margin
2018-06-12 11:48:05 -04:00
Joe
cb9753267a
FIX: user-fields layout in mobile create account form
2018-06-12 11:48:04 -04:00
Vinoth Kannan
17e7d3b526
FIX: avatar_url includes upload_path twice when local storage used
2018-06-12 11:48:04 -04:00
Guo Xiang Tan
b7865bac27
FIX: Permalink route matcher should always be last.
2018-06-12 11:48:04 -04:00
Guo Xiang Tan
a74d62d618
FIX: Disconnects all connections in the pool before forking.
...
* We were leaking connections as a result. Connections opened
before the fork were never closed.
2018-06-12 11:48:03 -04:00
Régis Hanol
db3f31a841
FIX: unable to add new poll to post with a public poll
2018-06-12 11:48:03 -04:00
Joffrey JAFFEUX
9334d36a23
FIX: sharing popup not showing on macos/chrome
...
Despite `navigator.share` being defined the call was failing with this error:
```
sharing DOMException: Internal error: could not connect to Web Share interface.
```
2018-06-12 11:48:03 -04:00
Robin Ward
e37af71f2e
FIX: Protection against dangling category group records
2018-06-12 11:48:02 -04:00
Robin Ward
abbb0ece4f
FIX: Keyboard shortcuts didn't work on subfolders
2018-06-12 11:48:02 -04:00