Commit Graph

44899 Commits

Author SHA1 Message Date
Jarek Radosz
5a8e6de42c
FIX: Don't publish polls on message bus when there are no polls (#15041)
`poll` plugin was publishing on `/polls/[topic_id]` every time a non-first post was created. I can't imagine this being needed. It regressed 3 years ago in https://github.com/discourse/discourse/pull/6359
2021-11-22 12:31:53 +01:00
Martin Brennan
8a3ab1cc43
DEV: Fix spec (#15036)
Broken by 9f8ee8f137
2021-11-22 15:59:10 +11:00
Martin Brennan
9f8ee8f137
FIX: Don't publish notifications to MessageBus for inactive users (#15035)
We are pushing /notification-alert/#{user_id} and /notification/#{user_id}
messages to MessageBus from both PostAlerter and User#publish_notification_state.
This can cause memory issues on large sites with many users. This commit
stems the bleeding by only sending these alert messages if the user
in question has been seen in the last 30 days, which eliminates a large
chunk of users on some sites.
2021-11-22 14:38:49 +11:00
Natalie Tay
9015183942
Always show input when editing text by removing hover (#15034) 2021-11-22 10:23:42 +08:00
Martin Brennan
df6003aef5
DEV: Lint SCSS with prettier in pre-commit (#15033)
We are linting SCSS on the GitHub actions CI but not
on pre-commit, which can lead to lint failures in CI.
Better to warn developers about this locally like
our other lints.
2021-11-22 11:30:12 +10:00
Natalie Tay
d46e450733
Refine dismiss notification confirmation (#15017) 2021-11-22 09:11:24 +08:00
Martin Brennan
715d4de981
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:46:07 +10:00
Martin Brennan
fa6b87a1bf
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032)
When rendering the markdown code blocks we replace the
offending characters in the output string with spans highlighting a textual
representation of the character, along with a title attribute with
information about why the character was highlighted.

The list of characters stripped by this fix, which are the bidirectional
characters considered relevant, are:

U+202A
U+202B
U+202C
U+202D
U+202E
U+2066
U+2067
U+2068
U+2069
2021-11-22 10:43:03 +10:00
Penar Musaraj
10a57825c8
UX: Fix fast edit save button color in dark schemes (#15027) 2021-11-19 16:15:10 -05:00
Mark VanLandingham
a9d5921901
FIX: Allow poll feature to be disabled in discourse-markdown (#15025) 2021-11-19 15:10:47 -06:00
jbrw
97b27a7426
FIX: Remove 'Open Draft' label after topic draft deleted (#14997)
* FIX: Remove 'Open Draft' label after topic draft deleted
2021-11-19 11:00:11 -05:00
David Taylor
e906596942
FIX: Ensure mobile topic-list links are treated as Ember transitions (#15022)
In the topic lists, it's important that we apply `pointer-events: none;` to the links. 0e371d4 updated the selector used for this css.

In `templates/list/topic-list-item.hbs`, `.main-link` is applied to the same element as `.topic-list-data`, so the new selector applied correctly.

In `templates/mobile/list/topic-list-item.hbr`, `.main-link` is nested within `.topic-list-data`, so the new selector did not apply correctly.

This commit switches the selector back to simply `.main-link`, so that it works for both mobile and desktop.
2021-11-19 13:47:53 +00:00
Andrei Prigorshnev
b0d8d9e73d
FIX: infinite recursion when calling a refresh() action on routes (#14624) 2021-11-19 16:23:46 +04:00
David Taylor
2153011cdb
PERF: Use more efficient text-direction check in select-kit init (#15015)
Calling `window.getComputedStyle` during initialization causes the browser to pause and 'Recalculate Style'. On my machine, this adds about 7ms to boot time. Instead, we can check for the `rtl` class on the html element, which is added by the server, and doesn't require computing styles.
2021-11-19 10:17:23 +00:00
Alan Guo Xiang Tan
1566cd2048
DEV: Return promise for toggleFilteredRepliesView widget action. (#15020)
This allows plugin to wait on the promise when the widget action is
called.
2021-11-19 15:40:35 +08:00
Alan Guo Xiang Tan
4b4973ee0d
PERF: Reduce records queried in UserStat.update_first_unread_pm. (#15016)
The inefficiency here is that we were previously fetching all the
records from `TopicAllowedUser` before filtering against a limited subset of
users based on `User#last_seen_at`.
2021-11-19 15:30:39 +11:00
Natalie Tay
da9a9a8e65
FIX: Add a confirm and cancel button when editing alt text (#15003) 2021-11-19 10:57:09 +08:00
Alan Guo Xiang Tan
1d0faedfbc
FIX: Validate number of votes allowed per poll per user. (#15001)
* DEV: Remove spec that we no longer need.

As far as we know, the migration has been successful for a number of
years.

* FIX: Validate number of votes allowed per poll per user.
2021-11-19 09:50:08 +08:00
David Taylor
254689b1fb
DEV: Remove JQuery from discourse/lib/text-direction (#15014) 2021-11-19 01:09:36 +00:00
jbrw
9955f1774d
UX: Move share topic warning to modal flash alert (#15012) 2021-11-18 19:24:15 -05:00
Jarek Radosz
e6670393df
DEV: Refactor logs-notice/global-notice (#15000) 2021-11-18 21:49:58 +01:00
Robin Ward
2c045c6368 FIX: Don't overwrite computed property for loading spinner fix
This fixes an issue CvX found on PR #14666 where a previous fix
overwrote a computed property.

The better fix (as is often the case with Ember) is to remove an
observer and call methods when things change ourselves.
2021-11-18 15:04:11 -05:00
Jordan Vidrine
9ebfcbb867
FIX: Topic list separator fix (#15011) 2021-11-18 13:32:44 -06:00
Dan Ungureanu
6ae065f9cd
Improved create invite modal (#14151)
* FEATURE: Always show advanced invite options

The UI is more simple and more efficient than how it was when the
advanced options toggle was introduced. It does not make sense to keep
it anymore.

* UX: Minor copy edits

* UX: Merge expire invite controls

There were two controls in the create invite modal. One was a static
text that displayed how much time is left until the invite expires. The
other one was a datetime selector that set the time the invite expires.

This commit merges the two controls in a single one: staff users will
continue to see the datetime selector without the static text and
regular users will only see the static text because they cannot set
when the invite expires.

* UX: Remove invite link

It should only be visible after the invite was created.
2021-11-18 20:19:02 +02:00
David Taylor
ed2c3ebd71
PERF: Move preload hints to the <head> (#15008)
We have two JS assets which are included in the `<body>` of responses. We were including the `<link rel='preload'` hint alongside the script tag in the body. Instead, we can move the preload hint to the `<head>` so that the browser discovers it earlier, and can start preloading the assets while the body is loading.
2021-11-18 18:02:16 +00:00
Daniel Waterworth
510219a0da
DEV: Hide message bus site settings (#15009)
Admins don't need to be changing these.
2021-11-18 11:36:34 -06:00
David Taylor
135fdd59ed
PERF: Improve JS app boot speed by optimizing customResolve() (#14990)
Time spent in the 'find module with suffix' portion of our `customResolve` function were adding up to around 100ms-150ms when booting the app. This time is spread over 150+ calls, so it's not immediately obvious in flamegraphs.

This commit implements a (reversed) [Trie](https://en.wikipedia.org/wiki/Trie) which enables fast suffix-based lookups on a list of strings.

In my tests, this requires < 5ms to initialize, and brings the cumulative 'find module with suffix' time down to `< 5ms`. This corresponds to a ~100ms improvement in LCP metrics in my browser.

The only behavior change is to remove support for module filenames which are **not** dasherized. I haven't found any core/theme/plugin modules which are not dasherized in their filenames.
2021-11-18 16:38:00 +00:00
Jarek Radosz
a102673522
DEV: Avoid unnecessary site-settings:main lookups (#15006) 2021-11-18 17:11:59 +01:00
Jarek Radosz
8dc9e0f4bd
DEV: Use class syntax in key-value-store (#15005) 2021-11-18 16:54:47 +01:00
Jarek Radosz
82c72a46d1
DEV: Fix castInteger deprecations (#15004) 2021-11-18 16:52:14 +01:00
Jarek Radosz
4021842628
DEV: Make search an actual service (#14998) 2021-11-18 16:52:03 +01:00
Jarek Radosz
42fff92d9f
DEV: Make store an actual service (#14996)
`store:main` was unofficially deprecated 4 years ago in fbd5f1e411 (diff-b19dd1d6a5c7938fda9ae317136bbbb82339946ab457c9b95af936a47276c3ddR22)
2021-11-18 16:51:20 +01:00
Kris
19627eca4b
DEV: add outlet for extra categories column (#15002) 2021-11-18 09:46:59 -05:00
Vinoth Kannan
fc1c76cfcc
FIX: exclude moderator_action post for reply count in user summary. (#14991)
Previously, incorrect reply counts are displayed in the "top categories" section of the user summary page since we included the `moderator_action` and `small_action` post types.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-11-18 13:42:03 +05:30
Penar Musaraj
20f5474be9
FEATURE: Log only topic/post search queries in search log (#14994) 2021-11-18 09:21:12 +08:00
Alan Guo Xiang Tan
db24c9b94e
FIX: Incorrect title and chevron when filtering by post number. (#14985)
The widget's state did not reflect the state of the controller.
2021-11-18 09:19:00 +08:00
Krzysztof Kotlarek
eb82849ccb
FIX: none and all categories filter (#14999)
parentCategory is passed to drop-category componen: https://github.com/discourse/discourse/blob/main/app/assets/javascripts/discourse/app/templates/components/bread-crumbs.hbs#L11

However, it is not available if it is not explicitly allow listed in selectKitOptions
2021-11-18 10:21:34 +11:00
Martin Brennan
b96c10a903
DEV: Extract shared external upload routes into controller helper (#14984)
This commit refactors the direct external upload routes (get presigned
put, complete external, create/abort/complete multipart) into a
helper which is then included in both BackupController and the
UploadController. This is done so UploadController doesn't need
strange backup logic added to it, and so each controller implementing
this helper can do their own validation/error handling nicely.

This is a follow up to e4350bb966
2021-11-18 09:17:23 +10:00
Osama Sayegh
b86127ad12
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
Currently, Discourse rate limits all incoming requests by the IP address they
originate from regardless of the user making the request. This can be
frustrating if there are multiple users using Discourse simultaneously while
sharing the same IP address (e.g. employees in an office).

This commit implements a new feature to make Discourse apply rate limits by
user id rather than IP address for users at or higher than the configured trust
level (1 is the default).

For example, let's say a Discourse instance is configured to allow 200 requests
per minute per IP address, and we have 10 users at trust level 4 using
Discourse simultaneously from the same IP address. Before this feature, the 10
users could only make a total of 200 requests per minute before they got rate
limited. But with the new feature, each user is allowed to make 200 requests
per minute because the rate limits are applied on user id rather than the IP
address.

The minimum trust level for applying user-id-based rate limits can be
configured by the `skip_per_ip_rate_limit_trust_level` global setting. The
default is 1, but it can be changed by either adding the
`DISCOURSE_SKIP_PER_IP_RATE_LIMIT_TRUST_LEVEL` environment variable with the
desired value to your `app.yml`, or changing the setting's value in the
`discourse.conf` file.

Requests made with API keys are still rate limited by IP address and the
relevant global settings that control API keys rate limits.

Before this commit, Discourse's auth cookie (`_t`) was simply a 32 characters
string that Discourse used to lookup the current user from the database and the
cookie contained no additional information about the user. However, we had to
change the cookie content in this commit so we could identify the user from the
cookie without making a database query before the rate limits logic and avoid
introducing a bottleneck on busy sites.

Besides the 32 characters auth token, the cookie now includes the user id,
trust level and the cookie's generation date, and we encrypt/sign the cookie to
prevent tampering.

Internal ticket number: t54739.
2021-11-17 23:27:30 +03:00
Jarek Radosz
9be69b603c
DEV: Make screen-track a regular service (#14983) 2021-11-17 20:56:06 +01:00
Jarek Radosz
05423e9dfd
DEV: I18n global is no longer supported (#14993)
Don't allow it when linting.
2021-11-17 20:52:22 +01:00
Bianca Nenciu
186379adac
FIX: Cache all watched words (#14992)
It used to cache up to 1000 words, but the maximum number of watched
word is 2000.
2021-11-17 18:59:44 +02:00
Jarek Radosz
bf34d3524b
DEV: Fix a userFields computed property override (#14988)
in `preferences/profile` controller

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2021-11-17 15:02:15 +01:00
Joffrey JAFFEUX
439cd68e0d
DEV: updates popper to 2.10.2 (#14986) 2021-11-17 13:47:55 +01:00
Joffrey JAFFEUX
113ecab7a6
FIX: clear previous errors on second factor form display (#14987) 2021-11-17 13:47:38 +01:00
Vinoth Kannan
a3a4f16e88
UX: add more search aliases for emojis. (#14768) 2021-11-17 11:54:43 +01:00
Krzysztof Kotlarek
9ce29ad013
FIX: register customOptions as select kit filter (#14933)
* FIX: register customOptions as select kit filter

We are allowing plugins to define custom filters which are added to CUSTOM_USER_SEARCH_OPTIONS const. However, we need to have static placeholder for custom filters, so those props will be passed, and we can use it later.

* fix
2021-11-17 17:12:19 +11:00
Bianca Nenciu
cc1b45f58b
FIX: Convert URLs embedded topics to absolute form (#14975)
Sometimes the expanded post contained broken relative URLs because they
were not converted to their absolute form.
2021-11-17 16:39:49 +11:00
Penar Musaraj
2ff7f105d9
UX: launch full page search on second Enter hit (#14978) 2021-11-17 16:35:17 +11:00
Natalie Tay
c61d47e6f4
FEATURE: Show a confirmation modal when "Dismiss all" would dismiss an important notification (#14935)
* Show a confirmation when dismiss all will dismiss an important notification
2021-11-17 09:44:30 +08:00