Commit Graph

4596 Commits

Author SHA1 Message Date
Sam
e7f83358aa SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:53 +11:00
Gerhard Schlager
0ee2c2363b SECURITY: email domain whitelist could be bypassed 2018-01-17 21:49:43 +01:00
Arpit Jalan
f752c22104 FIX: handle invalid password reset token 2018-01-11 14:30:32 -05:00
Vinoth Kannan
8875993ae1 FIX: URI must be ascii only for URI.parse command 2018-01-11 14:30:29 -05:00
Arpit Jalan
bb4eab1267 FIX: do not create duplicate topics
https://meta.discourse.org/t/duplicate-http-https-topics-are-randomly-created/77190
2018-01-11 14:30:19 -05:00
Guo Xiang Tan
7c03b31006 Make rubocop happy. 2018-01-04 09:05:22 +08:00
Neil Lalonde
f83a39f8ba Merge master 2018-01-03 16:49:06 -05:00
Gerhard Schlager
ceb7590bcb FIX: bounced email can contain multiple status codes 2018-01-03 17:59:20 +01:00
Guo Xiang Tan
9644569a28 FIX: Wildcard webhooks could send duplicated events. 2018-01-03 17:00:44 +08:00
Guo Xiang Tan
647cf7545d Fix randomly failing spec. 2018-01-03 14:42:16 +08:00
Gerhard Schlager
38269c416d FIX: return regular notification level for categories when not set by user 2017-12-30 20:36:58 +01:00
Guo Xiang Tan
805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
Sam
a9e2fc59c4 FIX: [constructor] bbcode would cause markdown crash 2017-12-27 16:11:30 +11:00
Arpit Jalan
ef4c6c67ba fix the build 2017-12-23 14:42:40 +05:30
Arpit Jalan
0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Régis Hanol
d6b22e6cc1 FIX: whitelist oneboxed iframes 2017-12-23 01:56:33 +01:00
Robin Ward
69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Gerhard Schlager
7b58afe677 FIX: ProcessPost job failed for posts that have no user 2017-12-21 14:45:59 +01:00
Guo Xiang Tan
4b51871f6a Treat non-ascii URLs in UrlValidator. 2017-12-21 14:22:55 +08:00
Guo Xiang Tan
6ecf37c482 Improve URL validation to check for a valid host.
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:

URI.parse("http://https://google.com")
=> #<URI::HTTP http://https//google.com>
2017-12-21 13:50:15 +08:00
Robin Ward
21e1b05c7e FIX: Don't disable details when below truncate limit 2017-12-20 15:45:00 -05:00
Régis Hanol
7f69362d9d FIX: external links in whisper ended up in a white page
FIX: clicking a link in a onebox wasn't properly extracting the post_id
2017-12-20 17:55:15 +01:00
Guo Xiang Tan
6c4ee9d5b5 FEATURE: Trigger user webhook when a user logs in/out.
https://meta.discourse.org/t/how-do-you-learn-how-to-build-these-plugins/57946/10?u=tgxworld
2017-12-20 17:47:30 +08:00
Philipp Daniels
6a2bce1931 FIX: Data loss on update of single user_field.
https://meta.discourse.org/t/api-data-loss-caused-by-changed-behaviour-of-custom-user-field-update/74990
2017-12-20 16:33:23 +08:00
Sam
7aa56fc9d9 refinement and test for batch mode on feature_topics 2017-12-20 13:58:05 +11:00
Arpit Jalan
eab66065d1 FEATURE: search log term details page (#5445) 2017-12-20 13:41:31 +11:00
Robin Ward
a0aca83c12 FIX: Broken spec 2017-12-19 17:55:41 -05:00
Robin Ward
b3fda0ea86 FIX: details tags broke excerpts 2017-12-19 17:28:55 -05:00
Régis Hanol
24e89b6b38 FIX: validates 'ThemeField' name when used in a SCSS variable 2017-12-19 16:10:44 +01:00
Guo Xiang Tan
fc6cb7bbe3
Merge pull request #5444 from tgxworld/remove_phantomjs
Switch to chrome headless mode instead of phantomjs.
2017-12-19 19:42:40 +08:00
Guo Xiang Tan
6a4f391e38 Switch to chrome headless mode instead of phantomjs. 2017-12-19 16:00:43 +08:00
Sam
57a1190b07 FIX: correct issue with search omitting words with multiple dots
Previously we used to break up words with dots incorrectly leading to
missing search terms
2017-12-19 16:04:24 +11:00
Guo Xiang Tan
30ddc1f222 Don't swallow errors when failing to create message for post action. 2017-12-19 10:58:26 +08:00
Guo Xiang Tan
b39d3a863d FIX: moderators group wasn't being updated to be messagable by everyone.
https://meta.discourse.org/t/custom-flag-not-showing-text/76244
2017-12-19 10:14:56 +08:00
Sam
1abc276451 FIX: properly omit inactive and silenced users from directory 2017-12-19 12:53:59 +11:00
Guo Xiang Tan
c6f5df4caa SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:32:26 +08:00
Guo Xiang Tan
97ceebb570 SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:25:22 +08:00
Sam
5e90abfaea FIX: use hijack for emoji uploads 2017-12-18 10:31:19 +11:00
Sam
81b3a4a3da improve spec 2017-12-15 11:42:51 +11:00
Régis Hanol
b91f83eb7d Ignore auto-quote/reply when counting replies 2017-12-15 00:38:14 +01:00
Régis Hanol
092c976d7c FIX: prevent 💥 when selecting replies to posts quoting themselves 2017-12-15 00:23:51 +01:00
Neil Lalonde
3cbaea81bd
Merge pull request #5428 from discourse/fix-pending-users-count
FIX: incorrect pending_users_reminder user count
2017-12-14 14:05:37 -05:00
Guo Xiang Tan
fcdd8491a1 Fix broken spec. 2017-12-14 15:43:50 +08:00
Guo Xiang Tan
6d475a15a8 SECURITY: Any group can be invited into a PM. 2017-12-14 15:18:27 +08:00
Guo Xiang Tan
f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam
96584403cd SECURITY: prevent staged accounts from changing email 2017-12-14 17:16:49 +11:00
Sam
67aecff59c FEATURE: store twitter supplied email for auditing 2017-12-14 15:54:32 +11:00
scossar
11050e5d10 Don't override count value that has been set by query.count 2017-12-13 18:48:46 -08:00
Régis Hanol
5db3d39b05 FIX: Post.reply_ids should also handle quotes 2017-12-14 00:43:48 +01:00
Régis Hanol
1b4483c942 FEATURE: Added 'select +below' and 'select +all replies' options to selecting posts 2017-12-13 22:12:06 +01:00