Commit Graph

4626 Commits

Author SHA1 Message Date
Sam
7174b100f9 SECURITY: correct local onebox category checks 2018-02-14 10:44:06 +11:00
Neil Lalonde
670450bcfc Version bump to v1.9.2 2018-01-23 16:50:09 -05:00
Gerhard Schlager
0ee2c2363b SECURITY: email domain whitelist could be bypassed 2018-01-17 21:49:43 +01:00
Neil Lalonde
b9bc27e539 Version bump to v1.9.1 2018-01-11 15:09:48 -05:00
Arpit Jalan
a13b8182e9 FIX: rescue login required / broken images 2018-01-11 14:30:34 -05:00
Joffrey JAFFEUX
253711c233 FIX: correct shushing_face name 2018-01-11 14:30:22 -05:00
Neil Lalonde
eaf083f9f0 Version bump to v1.9.0 2018-01-03 16:49:31 -05:00
Neil Lalonde
f83a39f8ba Merge master 2018-01-03 16:49:06 -05:00
Gerhard Schlager
ceb7590bcb FIX: bounced email can contain multiple status codes 2018-01-03 17:59:20 +01:00
Guo Xiang Tan
ad02437358 FIX: Missing post/topic created web hooks due to race condition. 2018-01-03 17:24:01 +08:00
Gerhard Schlager
81427e26ea Ignore errors when remapping posts 2017-12-28 15:13:01 +01:00
Régis Hanol
f5e170c6b5 FIX: catch all server-side error when uploading a file
UX: always show a message to the user whenever an error happens on the server when uploading a file
2017-12-27 16:33:25 +01:00
Guo Xiang Tan
805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
Arpit Jalan
0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Régis Hanol
d6b22e6cc1 FIX: whitelist oneboxed iframes 2017-12-23 01:56:33 +01:00
blokovi
364e6fdd53 FIX: pluralization rules for Serbian language (#5453)
Updated SR pluralization to use 3 keys: one, few, other (as by Transifex)
2017-12-22 12:20:19 +01:00
Jeff Atwood
cedfd6b68c
Merge pull request #5449 from Supermathie/google_fix
FIX: google oauth flow should automatically update the google account used for login when appropriate
2017-12-21 17:46:43 -08:00
Guo Xiang Tan
6f89db4c24 Re-enable check for yarn when running qunit:test rake task. 2017-12-22 09:11:49 +08:00
Robin Ward
aed37770e3 FIX: Load the route format before discourse 2017-12-21 16:29:11 -05:00
Robin Ward
063e449ce5 FIX: RouteFormat is a better class name than RouteFormats 2017-12-21 15:30:32 -05:00
Robin Ward
2908aab0da Allow extensibility on username route format (non-english usernames) 2017-12-21 14:32:51 -05:00
Guo Xiang Tan
4b51871f6a Treat non-ascii URLs in UrlValidator. 2017-12-21 14:22:55 +08:00
Guo Xiang Tan
6ecf37c482 Improve URL validation to check for a valid host.
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:

URI.parse("http://https://google.com")
=> #<URI::HTTP http://https//google.com>
2017-12-21 13:50:15 +08:00
Sam
081959227d FIX: unicode titles missing when visiting topic from topic list 2017-12-21 15:20:47 +11:00
Guo Xiang Tan
aabac55edd Better ENV name for QUnit's seed. 2017-12-21 09:47:32 +08:00
Neil Lalonde
e17ce65aab Version bump to v1.9.0.beta17 2017-12-20 18:50:35 -05:00
Neil Lalonde
c45964bbfd Version bump to v1.8.11 2017-12-20 18:49:18 -05:00
Michael Brown
105cf61ed9 Implements https://meta.discourse.org/t/issue-user-changed-google-account-and-cant-connect-thru-his-profile/35028/18?u=supermathie 2017-12-20 17:59:36 -05:00
Sam
88a4ec5f1b FIX: stop forking regular backup jobs 2017-12-21 09:00:48 +11:00
Robin Ward
21e1b05c7e FIX: Don't disable details when below truncate limit 2017-12-20 15:45:00 -05:00
Guo Xiang Tan
4986132e1b Fix missing variable in smoke test rake task. 2017-12-20 14:49:41 +08:00
Sam
bbc606988f improve message 2017-12-20 10:12:33 +11:00
Robin Ward
b3fda0ea86 FIX: details tags broke excerpts 2017-12-19 17:28:55 -05:00
Guo Xiang Tan
ca8e4dfb43 Allow seed to be passed via ENV. 2017-12-19 21:35:51 +08:00
Guo Xiang Tan
141a4a059d QUnit tests should be run in random order. 2017-12-19 21:33:31 +08:00
Guo Xiang Tan
349dc8da29 Disable check for yarn in qunit tests first. 2017-12-19 20:09:36 +08:00
Guo Xiang Tan
fc6cb7bbe3
Merge pull request #5444 from tgxworld/remove_phantomjs
Switch to chrome headless mode instead of phantomjs.
2017-12-19 19:42:40 +08:00
Gerhard Schlager
b47b378cb6 Retry PNG to JPG conversion with debug enabled on failure 2017-12-19 11:49:04 +01:00
Guo Xiang Tan
6a4f391e38 Switch to chrome headless mode instead of phantomjs. 2017-12-19 16:00:43 +08:00
Matt Palmer
f315c142b1 BUG: Load the appropriate file for AlternativeReplyByEmailAddressesValidator
Autoloading only works when the class names are namespaced appropriately.
2017-12-19 09:43:41 +11:00
Régis Hanol
8e55400392 FIX: add 'SiteSetting.port' to 'Onebox.allowed_ports' in development mode 2017-12-18 18:31:41 +01:00
Guo Xiang Tan
8d44642b97 Add smoke test script that runs in chrome headless. 2017-12-18 16:39:01 +08:00
Guo Xiang Tan
6d475a15a8 SECURITY: Any group can be invited into a PM. 2017-12-14 15:18:27 +08:00
Guo Xiang Tan
f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam
67aecff59c FEATURE: store twitter supplied email for auditing 2017-12-14 15:54:32 +11:00
Gerhard Schlager
b15059418b FIX: rake task for updating posts received by email should not crash 2017-12-13 22:03:31 +01:00
Gerhard Schlager
f525d83b53 FIX: empty uploads and blank filenames caused errors during validation 2017-12-13 22:03:31 +01:00
Sam
dee498a281 correct regression 2017-12-13 17:36:36 +11:00
Sam
9d925f6b26 FIX: correctly count participants when more than 24
Also cuts out one query for the normal case
2017-12-13 17:19:42 +11:00
Gerhard Schlager
e30851e45a Move escape_uri method to a more suitable place 2017-12-12 20:17:46 +01:00