When creating a bookmark reminder that deletes the bookmark on reminder, if the user clicked on the notification and got taken to the post in the topic the bookmark icon still showed as blue with the reminder clock indicator. This was because the response JSON for reloading a topic post was not including the bookmark attributes, not even the bookmarked boolean.
We now return the correct attributes in the serializer, and if bookmarked is false we clear all the bookmark related attributes on the post for the notification to make sure nothing of the old bookmark remains in the UI.
This was only a problem if the user did not refresh the app completely inbetween setting the reminder and receiving the notification.
* strip out the href and xlink:href attributes from use element that
are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
uploaded SVGs cannot be opened and executed using the XSS exploit.
svgs embedded using an img tag do not suffer from the same exploit
This reverts commit ecc799ab56a0e64668d347c2426b8501fe17b82c.
This commit does not fix anything because we've always been deleting
records in `Searchable`.
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.
This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
* This is causing issues where sometimes bookmarked is out of sync with what is in the Bookmark table. The BookmarkManager handles updating this column now.
* Add migration to fix bookmarked column that is incorrectly marked false when a Bookmark record exists.
Before this change:
- first full page load would get category defaults defined un cateory settings
- a navigation to a topic and then back to categories list would reset defaut to the ones defined in discovery/topics
* add composer:saved, composer:created-post, and composer:edited-post
appEvents inside the composer controller, to make it easier to detect
these events in plugins
* FIX: Fix race condition when resolving tag and category hashtags
If the category hashtags were resolved first and then tag hashtags, then
the tags would overwrite the categories. Similarly, if the category
hashtags were resolved last it would overwrite even hashtags which ended
with '::tag'.
* DEV: Add test
* DEV: Fix test
* FIX: Improve category hashtag lookup
This commit improves support for sub-sub-categories and does not include
the ID of the category in the slug, which fixes the composer preview.
* FIX: Sub-sub-categories can be mentioned using only two levels
* FIX: Remove support for three-level hashtags
* DEV: Simplify code
If any value, including nil, is passed in as an argument the default
won't be set, so we need to handle when a non-Array value is passed in
to the `generate_thumbnails!` method.
Because of how the dropdown was structured, as long it was in the DOM, all clicks outside the widget would rerender it.
This commit introduces `widget-dropdown-body` that handles the `clickOutside` callback and is rendered conditionally, so it won't get called when the dropdown is closed.
* FIX: CookText may be gone before promise resolves
Bug introduced in 293467a37ae33c5fd8fd40bbfc05bffa578b90ed.
* DEV: Drop the window.requireModule in cook-text
It was introduced in 2017 in 232311aa8c8e879c98dc061ac1755ee4d0dd9b0f but doesn't seem to be necessary anymore.
`OptimizedImage#filesize` calls `Discourse.store.download` with an OptimizedImage as an argument. It would in turn attempt to call `#original_filename` and `#secure?` on that object. Both would fail as these methods do not exist on OptimizedImage, only on Upload. We didn't know about these issues because:
1. `#calculate_filesize` is not called often, because the filesize is saved on OptimizedImage creation, so it's used mostly for manual filesize recalculation
2. we were using `rescue nil` which swallows all errors
Newer versions of Normalize remove the `border-collapse: collapse;` property and fallback to browser defaults. This commit restores that property because we're using it in quite a few places.
