Commit Graph

38983 Commits

Author SHA1 Message Date
Martin Brennan
e8a842ab8c
FIX: Stop category logo + background being marked secure (#10513)
Meta topic: https://meta.discourse.org/t/secure-media-uploads-breaks-category-logos/161693

Category backgrounds and logos are public uploads and should not be marked as secure.

I also discovered that a lot of the UploadSecurity specs for public types were returning false positives; this has been fixed.
2020-08-24 17:12:28 +10:00
Guo Xiang Tan
05174df5c0
FIX: Restrict personal_messages: advanced search filter to admin.
The filter noops if an incorrect username is passed. This filter is not
exposed as part of the UI but is only used when an admin transitions
from a search within a user's personal messages to the full page search.

Follow-up to 4b30799054.
2020-08-24 13:53:48 +08:00
Guo Xiang Tan
c6ceda8c4e
PERF: Avoid extra subquery when searching within PMs for normal user.
Note the following query being generated where the filter for a user's
private messages is executed twice.

```sql
SELECT "posts"."id", "posts"."user_id", "posts"."topic_id", "posts"."post_number", "posts"."raw", "posts"."cooked", "posts"."created_at", "posts"."updated_at", "posts"."reply_to_post_number", "posts"."reply_count", "posts"."quote_count", "posts"."deleted_at", "posts"."off_topic_count", "posts"."like_count", "posts"."incoming_link_count", "posts"."bookmark_count", "posts"."score", "posts"."reads", "posts"."post_type", "posts"."sort_order", "posts"."last_editor_id", "posts"."hidden", "posts"."hidden_reason_id", "posts"."notify_moderators_count", "posts"."spam_count", "posts"."illegal_count", "posts"."inappropriate_count", "posts"."last_version_at", "posts"."user_deleted", "posts"."reply_to_user_id", "posts"."percent_rank", "posts"."notify_user_count", "posts"."like_score", "posts"."deleted_by_id", "posts"."edit_reason", "posts"."word_count", "posts"."version", "posts"."cook_method", "posts"."wiki", "posts"."baked_at", "posts"."baked_version", "posts"."hidden_at", "posts"."self_edits", "posts"."reply_quoted", "posts"."via_email", "posts"."raw_email", "posts"."public_version", "posts"."action_code", "posts"."locked_by_id", "posts"."image_upload_id", (TS_RANK_CD(
  post_search_data.search_data,
  TO_TSQUERY('english', '''test'':*ABCD'),
  0|32
)
 * (
  CASE categories.search_priority
  WHEN 2
  THEN 0.6
  WHEN 3
  THEN 0.8
  WHEN 4
  THEN 1.2
  WHEN 5
  THEN 1.4
  ELSE
    CASE WHEN topics.closed
    THEN 0.9
    ELSE 1
    END
  END
)
) rank, topics.bumped_at topic_bumped_at FROM "posts" INNER JOIN "post_search_data" ON "post_search_data"."post_id" = "posts"."id" INNER JOIN "topics" ON "topics"."id" = "posts"."topic_id" AND ("topics"."deleted_at" IS NULL) LEFT JOIN categories ON categories.id = topics.category_id WHERE ("posts"."deleted_at" IS NULL) AND "posts"."post_type" IN (1, 2, 3) AND (topics.visible) AND (topics.archetype = 'private_message' AND post_search_data.private_message) AND (posts.topic_id IN (SELECT topic_id
FROM topic_allowed_users
WHERE user_id = 99999
UNION ALL
SELECT tg.topic_id
FROM topic_allowed_groups tg
JOIN group_users gu ON gu.user_id = 99999 AND gu.group_id = tg.group_id
)) AND (post_search_data.search_data @@ TO_TSQUERY('english', '''test'':*ABCD')) AND (posts.topic_id IN (SELECT topic_id
FROM topic_allowed_users
WHERE user_id = 99999
UNION ALL
SELECT tg.topic_id
FROM topic_allowed_groups tg
JOIN group_users gu ON gu.user_id = 99999 AND gu.group_id = tg.group_id
)) AND ((categories.id IS NULL) OR (NOT categories.read_restricted) OR (categories.id IN (999999))) ORDER BY rank DESC, topic_bumped_at DESC
```
2020-08-24 13:49:43 +08:00
Guo Xiang Tan
2f043dc89a
Fix lint. 2020-08-24 12:38:46 +08:00
Guo Xiang Tan
4b30799054
FIX: Correct personal_messages:<username> advanced search filter.
Renamed from `private_messages` to `personal_messages` without
deprecation because the `private_messages` advanced search filter never
worked in the first place when it was implemented.
2020-08-24 11:54:30 +08:00
Martin Brennan
9022e4516f
FIX: Remove unnecessary audio/video parent element load (#10511)
Meta report: https://meta.discourse.org/t/sending-many-requests-for-video-audio-upload-while-editing-post/161487

When typing in the composer we are sending a lot of unnecessary load() requests for the video/audio elements. This line was added months ago before we improved previewing/video thumbnails, which have improved things, so it is no longer required. After removing this line everything still works and no more additional requests are sent.
2020-08-24 13:18:38 +10:00
Vinoth Kannan
62f4fc728d UX: lowercase tag name before checking it with topic title.
Tag names can contain uppercase letters if `force_lowercase_tags` site setting disabled.
2020-08-23 21:09:51 +05:30
Vinoth Kannan
66976baefa DEV: skip using br tag in header widget rendering.
562180dd9a
2020-08-22 13:38:37 +05:30
Vinoth Kannan
0b58fee424 minor copyedit on site setting and user option descriptions 2020-08-22 13:11:57 +05:30
jbrw
aa815e41e7
FIX - make Discobot new user tutorial a little more robust (#10497)
* FIX - make Discobot new user tutorial a little more robust

Plugin allows reply, regardless of other SiteSettings

Skip image upload step if user can’t upload images, calls new ‘likes’ step instead

* Test that the images step is skipped

* Slight optimization
2020-08-21 13:13:13 -04:00
romanrizzi
0f63a61fa4
Revert "DEV: upgrades sassc to 2.4.0 (#10447)"
We suspect it could be the cause of some issues with themes.

This reverts commit 2fac77cc48.
2020-08-21 13:23:01 -03:00
Joffrey JAFFEUX
4f7a9802e7
FIX: prefer timezones over timezone for previews (#10506)
eg:

timezone="America/Detroit"
timezones="US/Eastern"

Before this commit we would show America/Detroit in previews and not US/Eastern, given US/Eastern and America/Detroit are equivalent.

After this commit, we will display the date with America/Detroit but show US/Eastern in the previews.
2020-08-21 16:31:50 +02:00
Penar Musaraj
1acb2f752b
DEV: Add DISABLE_MINI_PROFILER development ENV variable 2020-08-21 09:33:22 -04:00
Penar Musaraj
8b2c4b07a4
UX: Tweaks to admin color palette dropdown (#10502) 2020-08-21 09:30:11 -04:00
Gerhard Schlager
f51ccea028
FIX: Backups should use relative paths for local uploads
This also ensures that restoring a backup works when it was created with the wrong upload paths in the time between ab4c0a4970 (shortly after v2.6.0.beta1) and this fix.
2020-08-21 15:22:28 +02:00
Joffrey JAFFEUX
2fac77cc48
DEV: upgrades sassc to 2.4.0 (#10447)
We were stuck on 2.0.1 but multiple reports on the original issue shows that the issue has been fixed since 2.3 and 2.4:

https://github.com/sass/sassc-ruby/issues/146#issuecomment-654522157
https://github.com/sass/sassc-ruby/issues/146#issuecomment-654522157

There's one report show it was not fixed in 2.3.0, but that's the only one, it's probably worth trying: https://github.com/sass/sassc-ruby/issues/146#issuecomment-639073736
2020-08-21 13:46:46 +02:00
Guo Xiang Tan
106a2f58a2
DEV: Drop support for deprecated in:private search filter. 2020-08-21 17:18:39 +08:00
Guo Xiang Tan
ab5d738231
DEV: Improve search spec to test for actual posts.
Testing for count is a pitfall since a wrong post can be returned and
the tests will still pass.
2020-08-21 15:49:26 +08:00
Guo Xiang Tan
0684118008
DEV: Remove array_agg from search orders that does not need it. 2020-08-21 14:39:07 +08:00
Krzysztof Kotlarek
7833853cf1
FIX: display warning only if all users already added to the group (#10500)
If at least one user can be added to the group, proceed with that action
2020-08-21 13:38:09 +10:00
Guo Xiang Tan
daddad7fd6
DEV: Update annotations. 2020-08-21 11:36:53 +08:00
Guo Xiang Tan
d12d8fb7fd
DEV: Include more information when reporting search indexing failures. 2020-08-21 11:02:00 +08:00
Guo Xiang Tan
aae9e6e5fd
FIX: Topic.similar_to results in error if cooked raw is blank. 2020-08-21 10:54:08 +08:00
Martin Brennan
2aa1482421
FIX: Bookmark list showing wrong no content message (#10501)
Meta report: https://meta.discourse.org/t/spurious-permissions-error-after-deleting-last-bookmark/161289

When deleting all bookmarks in their list, users were seeing an "access denied" message instead of the regular no content message. This is because when we were calling loadMore and no further results were returned, we were presuming the null response from the resolved promise meant that there was a permissions error. Fixed this and moved the message into a computed property to show the correct message.
2020-08-21 11:01:12 +10:00
Kane York
ab0b034404
FIX: Wizard could not send custom color schemes to the client correctly (#10484)
This was likely introduced with the refactor to make ColorSchemeColor a database object. Add a test so this doesn't happen again.

Also test other basics of the WizardSerializer.

For some reason, the .as_json left Ruby objects in; I solved this with a round trip through JSON during the test.
2020-08-20 17:10:33 -07:00
Guo Xiang Tan
337f062f0f
PERF: Defer indexing post for search when saving a post.
Indexing a post for search is slow and there is no reason for us to have
to block saving a post due to search indexing.
2020-08-21 07:52:43 +08:00
Guo Xiang Tan
f4a0d200ee
DEV: Drop search index on non-pm posts take 2.
Follow-up to 87de8948c0
2020-08-21 07:27:37 +08:00
Guo Xiang Tan
87de8948c0
DEV: Drop search index on non-pm posts.
The problem with this index is that on sites with a high non-pm to pm
posts ratio, the index is esstentially duplicating the existing index on
`PostSearchData#search_data`. If the site is huge, the index ends up
taking up more diskspace.
2020-08-21 07:21:34 +08:00
dependabot-preview[bot]
c8faad62ad Build(deps): Bump logster from 2.9.2 to 2.9.3
Bumps [logster](https://github.com/discourse/logster) from 2.9.2 to 2.9.3.
- [Release notes](https://github.com/discourse/logster/releases)
- [Changelog](https://github.com/discourse/logster/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.9.2...v2.9.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-08-21 06:49:54 +08:00
Neil Lalonde
713e6f1bb6
Version bump to v2.6.0.beta2 2020-08-20 16:36:25 -04:00
Penar Musaraj
3c06dd9b99
FIX: Detect dark scheme server-side for better dark logo support (#10490)
* FIX: Use dark logo when dark scheme is default

* Small refactor
2020-08-20 14:23:18 -04:00
Vinoth Kannan
f495fca7e8
FIX: user_option option can be nil for new users. 2020-08-20 22:50:58 +05:30
Gerhard Schlager
208d85aaff DEV: Ensure prettier uses the same patterns everywhere 2020-08-20 16:27:32 +02:00
Gerhard Schlager
0bd27cd10b Make prettier happy 2020-08-20 16:27:32 +02:00
Gerhard Schlager
cff68ef0dd FIX: User titles from translated badge names were automatically revoked
It also cleans up the denormalized data about badge titles in the user_profiles table.
2020-08-20 11:15:53 +02:00
Gerhard Schlager
11647b79f7 FIX: SiteSettings::LocalProcessProvider didn't work on multisite
It always used "test" as current site.
2020-08-20 11:15:20 +02:00
Guo Xiang Tan
0967ce478d
DEV: Remove migration that is no longer required.
Avoid creating the index twice.

Follow-up to 628319aad3
2020-08-20 14:25:20 +08:00
Vinoth Kannan
89fcb75af2 FIX: default_tags_muted setting should work for anonymous users too. 2020-08-20 10:40:03 +05:30
Sam Saffron
54cf3c6766
PERF: Drop index idx_regular_post_search_data concurrently
This can slightly help with the drop command.

That said if a giant vacuum is running we may still time out.
2020-08-20 13:39:46 +10:00
Sam Saffron
628319aad3
PERF: drop idx_regular_post_search_data during migration
Rebuilding this index while amending the boolean is very expensive.

Avoid this work
2020-08-20 12:48:48 +10:00
Blake Erickson
4395e4d165 FIX: Sending a PM through a flag on a deleted post
Because we allow all the other flag types on a deleted post we should be
able to send a pm to the user letting them know why we deleted their
post.

Bug report:

https://meta.discourse.org/t/-/161156
2020-08-19 17:36:52 -06:00
Sam Saffron
d2c504ea86
PERF: Improve performance of post_search_data migration
Very large batches can take an enormous amount of time due to churn

Limiting to 200k changes at a time gives us a far larger chance of finishing
the job without timing out or deadlocking.
2020-08-20 08:45:04 +10:00
Vinoth Kannan
8348a41124
FEATURE: add regular_categories field in site setting & user option. (#10477)
Like "default watching" and "default tracking" categories option now the "regular" categories support is added. It will be useful for sites that are muted by default. The user option will be displayed only if `mute_all_categories_by_default` site setting is enabled.
2020-08-20 00:35:04 +05:30
Mark VanLandingham
a3c0d4a8b5
FIX: Error message when setting enforce 2fa with social logins (#10479) 2020-08-19 13:16:31 -05:00
Neil Lalonde
298ed5d021
FIX: delete unused tags shouldn't delete tags belonging to tag groups 2020-08-19 12:17:49 -04:00
Neil Lalonde
96511e4548
UX: better wording when there are no unused tags to delete 2020-08-19 12:17:48 -04:00
Blake Erickson
367de2594d
FIX: Unlike own posts on ownership transfer (#10446)
* FIX: Unlike own posts on ownership transfer

If a user has liked a post that has passed the
`post_undo_action_window_mins` system setting window and you transfer ownership
of that post to that user you will be the owner of a post that you have
liked, but cannot unlike resulting in a weird UI behavior. This commit
fixes this issue.

The existing tests didn't check for the timeout window for unliking
posts so I added that in.

I couldn't find a good way to do this logic inside of the guardian class
so rather than duplicating behavior of the `PostActionDestroyer` class
inside of the `PostOwnerChanger` I decided to pass in a "bypass"
variable that could be used to check if the calling class is the
'post_owner_changer' and bypass the guardian instead. I went this route
because the guardian `can_delete_post_action` method has no way of
distinguishing how to allow a user to be able to unlike their own posts
after the timeout window but only on a post owner change.

* use an options hash instead
2020-08-19 09:21:02 -06:00
Blake Erickson
ea2e58e622
DEV: Bump rotp gem to latest version (#10472)
The rotp gem is currently pinned to version 5.1.0 and this will bump it
up to version 6.0.1.

Follow up to: 85d4370f79

because this issue we were waiting on is now closed:

https://github.com/mdp/rotp/issues/98

Because version 6 is now encoding the params I needed to update the
tests as well.
2020-08-19 09:16:33 -06:00
Blake Erickson
c767fb1ed3
DEV: Upgrade highline gem to latest (#10471)
Currently we have pinned highline to version 1.7.0. This is the gem that
we use to have an interactive command line for tasks like `rake
admin:create`.

Upgrading to the latest version 2.0.3 will remove ruby 2.7 deprecation
warnings.

I'm not sure why *this* gem was pinned. I manually executed a couple of
our rake tasks that use this and everything seems fine.
2020-08-19 09:15:23 -06:00
Bianca Nenciu
a27b6770fd
FIX: Polls can be quoted and loaded (#10456)
Variable 'post' was used to hold the current post and the post where
the poll appeared, which can be different when polls are quoted.
2020-08-19 18:13:56 +03:00