Commit Graph

43732 Commits

Author SHA1 Message Date
David Taylor
6e9bb84d12
FIX: Ensure theme names are escaped in HTML attributes (#15272)
If a theme name contained a double-quote, this problem could lead to invalid/unexpected HTML in the `<head>`

Note that this is not considered a security issue because themes can only be installed/named by administrators, and themes/administrators already have the ability to run arbitrary javascript.
2021-12-13 10:50:09 +00:00
David Taylor
bc6bff0e5a
DEV: Switch from puppeteer to puppeteer-core for smoke test (#15262)
`puppeteer` includes a full chromium binary, which adds more than 300mb to our node_modules directory in development/test mode (and therefore the `discourse_dev` and `discourse_test` docker images). We already reach out to the system copy of Chrome for our qunit tests, and already have chrome installed in our `discourse_dev`/`discourse_test` docker images, so it's much more efficient to switch to `puppeteer-core` which doesn't include the chromium binary.
2021-12-13 09:31:49 +00:00
Sam
5fc42bf769
DEV: allow nulls in email_tokens token column (#15271)
This column was dropped in a previous commit, in post migrations.
Unfortunatly that causes smoke tests to fail as there is a period between
migration and post migrations where records can not be inserted into the
table.
2021-12-13 17:38:06 +11:00
Dan Ungureanu
adb6202c94
FIX: Check if invite domain is valid (#15238)
* FIX: Check if invite domain is valid

Previous regex checked for generic hostname, which is too generic for
this case.
2021-12-13 16:39:14 +11:00
Dan Ungureanu
3d4aee1487
DEV: Drop unused column email_tokens.token (#15203) 2021-12-13 16:29:47 +11:00
Dax74
f8b3fe65d7
FEATURE: Add Apple plugin to the official list (#15261) 2021-12-13 16:29:02 +11:00
dependabot[bot]
8a37ab9f87
Build(deps): Bump rubocop-ast from 1.14.0 to 1.15.0 (#15265)
Bumps [rubocop-ast](https://github.com/rubocop/rubocop-ast) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/rubocop/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-ast/compare/v1.14.0...v1.15.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-13 16:28:02 +11:00
Martin Brennan
40d13ce662
DEV: Only support multipart for backup S3 uploads with Uppy (#15270)
In the composer, we already only allow for S3 multipart uploads
if enable_direct_s3_uploads is true, so in the backups uploader
that is based on Uppy we want to do the same thing. In future
if self-hosters need some way to not use S3 multipart in these
scenarios for whatever reason we can revisit this then (which
should be as simple as adding a enable_multipart_s3_uploads site
setting).
2021-12-13 15:24:00 +10:00
Martin Brennan
18a209bd0d
DEV: Use Uppy in wizard-field-image uploads (#15269)
We cannot use any of the uppy mixins or core code, because
the code there is not shared with the wizard, and to move
it all to discourse-common would be a task almost equal
difficulty to taking the ring to Mordor.

Therefore, we can just use the uppy vendor libraries in the
wizard, and do a quick-n-dirty version of the uppy upload
code for the wizard-field-image uploader.
2021-12-13 15:23:44 +10:00
Martin Brennan
1c97a7fe43
DEV: Move isInside to private function (#15268)
This text manipulation library can be used by plugins
as well, so better to have this defined as a function
instead of floating above the class.
2021-12-13 12:26:33 +10:00
Martin Brennan
fc01619bcb
FEATURE: Use Tab for indenting text in composer (#15208)
This commit allows for using Tab and Shift+Tab to indent
and de-indent selected text in the composer. The selected
text is searched for the most occurrences of either tabs (\t)
or spaces at the start of each line, and that character is
used for indentation of all lines.
2021-12-13 09:31:49 +10:00
dependabot[bot]
bfe47038bb
Build(deps): Bump loofah from 2.12.0 to 2.13.0 (#15267)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.12.0 to 2.13.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.12.0...v2.13.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-12 22:30:53 +01:00
dependabot[bot]
783b38d180
Build(deps): Bump sprockets-rails from 3.4.1 to 3.4.2 (#15266)
Bumps [sprockets-rails](https://github.com/rails/sprockets-rails) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/rails/sprockets-rails/releases)
- [Commits](https://github.com/rails/sprockets-rails/compare/v3.4.1...v3.4.2)

---
updated-dependencies:
- dependency-name: sprockets-rails
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-12 22:29:58 +01:00
Mark VanLandingham
5e534e5897
DEV: Allow emoji picker to disable popper for itself (#15256) 2021-12-10 14:45:22 -06:00
Daniel Waterworth
02245ce41f
PERF: Redis snapshotting during tests (#15260)
We can fake redis transactions so that `fab!` works for redis and PG
data, but it's too slow to be used indiscriminately. Instead, you can
opt into it with the `use_redis_snapshotting` helper.

Insofar as snapshotting allows us to `fab!` more things, it provides a
speedup.
2021-12-10 14:25:26 -06:00
David Taylor
e42f33b6ba
FIX: Allow OAuth2Authenticator to handle existing associations (#15259)
OAuth2Authenticator is considered deprecated, and isn't used in core. However, some plugins still depend on it, and this was breaking the signup of previously-staged users. There is no easy way to make an end-end test of this in core, but I will be adding an integration test in the SAML plugin.
2021-12-10 19:53:14 +00:00
Blake Erickson
b93b6c4299
FIX: Blurry onebox favicon images (#15258)
This is a fix to address blurry onebox favicon images if the site you
are linking to happens to have a favicon.ico file that contains multiple
images.

This fix detects of we are trying to create an upload for a favicon.ico
file. We then convert it to a png and not a jpeg like we were doing. We
want a png because it will preserve transparency, otherwise if we
convert it to a jpeg we lose that and it looks bad on dark themed sites.

This fix also addresses the fact that .ico files can include multiple
images. The blurry images we were producing was caused by the
ImageMagick `-flatten` option when the .ico file had multiple images
which then squishes them all together. So for .ico files we are no
longer flattening them and instead we are grabbing the last image in the
.ico bundle and converting that single image to a png.
2021-12-10 12:25:50 -07:00
Joe
726649fd46
adds missing id (#15255) 2021-12-10 14:33:55 +01:00
Roman Rizzi
b7b61d4b56
FEATURE: A notification consolidation plan for keeping the latest one. (#15249)
We previously used ConsolidateNotifications with a threshold of 1 to re-use an existing notification and bump it to the top instead of creating a new one. It produces some jumpiness in the user notification list, and it relies on updating the `created_at` attribute, which is a bit hacky.

As a better alternative, we're introducing a new plan that deletes all the previous versions of the notification, then creates a new one.
2021-12-10 10:32:15 -03:00
Roman Rizzi
3602f83cf4
FEATURE: Delete previous reviewable reminders. (#15250)
We send the reminder using the GroupMessage class, which supports removing previous messages. We can't match them by raw because they could mention different moderators. Also, I had to change the subject to remove dynamically generated values, which is necessary for finding them.
2021-12-10 10:17:39 -03:00
Joffrey JAFFEUX
ac31c2bbb2
FIX: only consider it handled by composer when a composer (#15254) 2021-12-10 13:07:54 +01:00
Daniel Waterworth
ec36cddd2f
FIX: Defer topic/post created events until emails have been added (#15252) 2021-12-09 14:45:07 -06:00
Penar Musaraj
f24027b453
UX: Fix topic status icon size in mobile search results (#15251) 2021-12-09 14:32:12 -05:00
Kerry Liu
c8af3e7bc1
UX: only apply link formats on paste to selections that do not contain bbcode-like tags (#15204) 2021-12-09 16:41:44 +00:00
Joffrey JAFFEUX
e0ea16f05d
DEV: removes jquery usage from admin-watched-words (#15246) 2021-12-09 17:06:54 +01:00
Joffrey JAFFEUX
3052eb6ae6
DEV: fixes test as bodyClass is sometimes "foo bar" (#15248) 2021-12-09 15:34:50 +01:00
Joffrey JAFFEUX
adb23636e6
DEV: minor full page search refactoring (#15242)
- drops jquery usage
- shows clear all/ select all only when appropriate
- removes ~ char apparently un-needed
2021-12-09 13:48:08 +01:00
Joffrey JAFFEUX
f889ec2fcd
DEV: refactors admin-plugins/admin-site-settings (#15244)
- drops jQuery usage
- removes apparently useless clearfix
- uses @action
- drops unused clearFilter function in admin-plugins
2021-12-09 13:47:56 +01:00
Joffrey JAFFEUX
5d44adb9b9
DEV: refactors d-section (#15245)
- go tagless
- properly declares properties
- deprecates "false" in favour of false
- drops jquery
2021-12-09 13:47:47 +01:00
Joffrey JAFFEUX
76dff7fd9e
DEV: drops jquery usage from discovery-categories (#15243) 2021-12-09 13:47:13 +01:00
Angus McLeod
df3886d6e5
FEATURE: Experimental support for group membership via google auth (#14835)
This commit introduces a new site setting "google_oauth2_hd_groups". If enabled, group information will be fetched from Google during authentication, and stored in the Discourse database. These 'associated groups' can be connected to a Discourse group via the "Membership" tab of the group preferences UI. 

The majority of the implementation is generic, so we will be able to add support to more authentication methods in the near future.

https://meta.discourse.org/t/managing-group-membership-via-authentication/175950
2021-12-09 12:30:27 +00:00
Jeff Wong
347669ef04
DEV: Add keyboard:move selection event (#15241)
allows plugin event hook for keyboard:move-selection. Passes raw selected and all articles through named params.
2021-12-08 23:38:25 -08:00
Joffrey JAFFEUX
828e75c2f3
DEV: minor choose topic refactoring (#15233)
* DEV: minor choose topic refactoring

- prevents category to be clickable to make clicking topics easier
- drops jQuery
- uses @action
- uses ? operator where possible
- drops un-needed next/schedule usage

* uses topic-status component and prevents pinned icon to be focusable

* Update app/assets/javascripts/discourse/app/templates/components/choose-topic.hbs

Co-authored-by: Jarek Radosz <jradosz@gmail.com>

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-09 14:08:21 +11:00
Alan Guo Xiang Tan
4d1c84f15f
UX: Make toggling to filtered replies mode less jumpy. (#15240)
Previously we would jump to the first two replies but it made the
transition very jumpy depending on how long the post being selected is.
2021-12-09 10:03:22 +08:00
Alan Guo Xiang Tan
e668b3dc71
DEV: Remove unnecessary element. (#15225)
This was added 6 years ago in d1e85bdd8b
and I can't see how this is useful for any customizations at all.
2021-12-09 08:40:23 +08:00
Alan Guo Xiang Tan
ae88b52370
DEV: Fix position of avatar flair to be based on the actual avatar. (#15226)
Previously, it was based on the container of the avatar. However, the
container of the avatar can be extended to contain more than just the
avatar itself. This resulted in the positioning of the avatar flair to
be off.
2021-12-09 08:38:39 +08:00
dependabot[bot]
dea56ed953
Build(deps): Bump parser from 3.0.3.1 to 3.0.3.2 (#15239)
Bumps [parser](https://github.com/whitequark/parser) from 3.0.3.1 to 3.0.3.2.
- [Release notes](https://github.com/whitequark/parser/releases)
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whitequark/parser/compare/v3.0.3.1...v3.0.3.2)

---
updated-dependencies:
- dependency-name: parser
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-09 08:37:42 +08:00
Jeff Wong
51abcd7524
DEV: add app event for user-card:after-show (#15227)
Adds user-card:after-show event for when a usercard is fully loaded and shown.
2021-12-08 15:23:39 -08:00
Daniel Waterworth
3b0d46c659
FIX: make tests work with higher starting upload id (#15237) 2021-12-08 13:13:59 -06:00
Osama Sayegh
aec9ce9819
A11Y: Move focus to highlighted post when visiting a topic (#15236)
Meta topic: https://meta.discourse.org/t/discourse-with-a-screen-reader/178105/87?u=osama.
2021-12-08 21:33:15 +03:00
Andrei Prigorshnev
4e8983036a
DEV: do not return no_result_help from the server (#15220)
We don't need it anymore. Actually, I removed using of it on the client side a long time ago, when I was working on improving blank page syndrome on user activity pages (see https://github.com/discourse/discourse/pull/14311).

This PR also removes some old resource strings that we don't use anymore. We have new strings for blank pages.
2021-12-08 21:46:54 +04:00
David Taylor
a6230b8138
UX: Improve composer presence-display positioning (#15235)
Previously the discourse-presence plugin was using a `position: absolute` hack to display the 'replying...' users in the top right of the composer. This commit adds a more suitable plugin outlet, and updates the discourse-presence styling so it slots into the flex-box layout at the top of the composer
2021-12-08 16:18:49 +00:00
Dan Ungureanu
d8fe0f4199
FEATURE: Restrict link invites to email domain (#15211)
Allow multiple emails to redeem a link invite only if the email domain
name matches the one specified in the link invite.
2021-12-08 17:06:57 +02:00
Joffrey JAFFEUX
e1b4e2e034
DEV: removes jquery usage from add-category-tag-classes (#15232)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2021-12-08 14:32:27 +01:00
Bianca Nenciu
b1c11d5787
FIX: Select correct topic draft for user (#15234)
The old query could return multiple rows.
2021-12-08 15:23:44 +02:00
Bianca Nenciu
049bc33838
FIX: Update has_topic_draft when draft is updated (#15219)
Current user state regarding the new topic draft was not updated when
the draft was created or destroyed.
2021-12-08 14:40:35 +02:00
Joffrey JAFFEUX
a144f49ec2
UX: scroll row to top of container in select-kit (#15230) 2021-12-08 12:22:18 +01:00
David Taylor
f799b8bfb1
FIX: Ensure MessageIdService can handle hostname changes and multisite (#15231) 2021-12-08 11:17:20 +00:00
Loïc Guitaut
74387e83b6 DEV: Stop polluting all Ruby classes
The `ReviewableScore` model was defining class methods on `self.class`
from a singleton context so instead of defining methods on
`ReviewableScore` it was defining them on `Class`, so basically on every
existing class.

This patch resolves this issue. Using `enum` from `ActiveRecord` in the
future will avoid this kind of problems.
2021-12-08 11:32:25 +01:00
dependabot[bot]
3c5b1faab4
Build(deps): Bump raindrops from 0.19.2 to 0.20.0 (#15222)
Bumps [raindrops](https://yhbt.net/raindrops/) from 0.19.2 to 0.20.0.

---
updated-dependencies:
- dependency-name: raindrops
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-12-08 01:42:57 +01:00