Guo Xiang Tan
989280a222
FIX: Don't rotate session in reaodnly mode.
2017-10-20 17:15:28 +08:00
Guo Xiang Tan
25c25ae423
FEATURE: Allow user to leave a PM.
2017-10-19 12:32:55 +08:00
Arpit Jalan
f50d447881
FIX: render secure category topics in RSS if the user can view the topics
2017-10-18 14:23:30 +05:30
Neil Lalonde
2db66072d7
SECURITY: signup without verified email using Google auth
2017-10-16 13:51:41 -04:00
Arpit Jalan
a2183c3f1d
SECURITY: verify that inviter can invite new user to a topic
2017-10-09 15:59:41 +05:30
Guo Xiang Tan
a6f2533d38
SECURITY: Fix XSS on unsubscribed page.
2017-10-09 09:04:46 +08:00
Guo Xiang Tan
6fe604b93e
Revert "SECURITY: Fix XSS on unsubscribed page."
...
This reverts commit 190558db9d
.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan
190558db9d
SECURITY: Fix XSS on unsubscribed page.
2017-10-09 08:59:03 +08:00
Guo Xiang Tan
3efde2618d
UX: Do not display non-human users on group page.
...
https://meta.discourse.org/t/members-of-groups-staff/71437
2017-10-06 10:35:40 +08:00
Régis Hanol
4771b0a99f
FIX: user fields in invite signups were broken
2017-10-04 23:04:24 +02:00
Neil Lalonde
1faae3c765
rename forgot_password_strict to hide_email_address_taken
2017-10-03 15:28:31 -04:00
Neil Lalonde
e47f5cedd2
FEATURE: forgot_password_strict setting also prevents reporting that an email address is taken during signup
2017-10-03 15:28:30 -04:00
Régis Hanol
daf1dda700
FIX: username autocomplete in assign modal wasn't working
2017-10-03 12:49:45 +02:00
Guo Xiang Tan
a966f2134c
Merge pull request #5215 from gschlager/email_templates
...
Add specs for EmailTemplatesController
2017-10-03 14:30:19 +08:00
Arpit Jalan
469c6776c6
FIX: exporting admin dashboard reports were broken
...
http://eileencodes.com/posts/actioncontroller-parameters-now-returns-an-object-instead-of-a-hash/
2017-10-02 19:30:23 +05:30
Gerhard Schlager
5bb326a452
Add specs for EmailTemplatesController
2017-10-02 14:53:27 +02:00
Guo Xiang Tan
8140e54675
FIX: More fixes for Group#mentionable
and Group#messageable
feature.
2017-10-02 17:45:58 +08:00
Guo Xiang Tan
4e07bbfbbf
FIX: Only allow intergers for page params.
2017-10-02 10:45:54 +08:00
Eleanor Demis
ac04f5e0cc
update response error when deleting tags ( #5213 )
2017-09-30 16:31:32 +02:00
Régis Hanol
f6c484881b
FIX: wasn't able to save watched/tracked/muted categories/tags
2017-09-29 13:09:48 +02:00
Guo Xiang Tan
6baea9948b
Revert "fix the build"
...
This reverts commit 8b74c7d325
.
2017-09-29 08:57:06 +08:00
Régis Hanol
8b74c7d325
fix the build
2017-09-28 15:50:01 +02:00
Régis Hanol
cd6dff58dd
FIX: add user option/profile fields that were not permitted
2017-09-28 14:59:53 +02:00
Guo Xiang Tan
5d53eefcab
Fix broken test.
2017-09-28 16:09:58 +08:00
Guo Xiang Tan
5f1c29e424
FIX: Display json response when Discourse::InvalidAccess
is raised for
...
non json requests.
2017-09-28 15:31:16 +08:00
Guo Xiang Tan
373fd8990e
PERF: N+1 when generating not found page.
2017-09-28 15:31:16 +08:00
Guo Xiang Tan
4319d8a142
FIX: Missing template error when rendering topics#show
error message.
2017-09-28 11:06:44 +08:00
Régis Hanol
6a7920ad75
FIX: wasn't able to change default theme
2017-09-27 20:05:31 +02:00
Gerhard Schlager
1a37812625
FIX: show error message when keys are missing in email template
...
FIX: log email template changes in the Staff Log
2017-09-27 13:50:04 +02:00
Guo Xiang Tan
2568312475
FIX: Use exact patht to ensure we always redirect with the right format.
2017-09-27 11:55:06 +08:00
Régis Hanol
af01e62b14
FIX: wasn't allowed to set a user's title anymore
2017-09-26 20:13:24 +02:00
Régis Hanol
28c54b42c5
FIX: wasn't able to update user options anymore
2017-09-26 20:00:10 +02:00
Robin Ward
460ed3c8cf
Revert "Allow NotFound
to specify an optional Location
for the resource"
...
This reverts commit 4ae66c9e01
.
2017-09-26 12:58:24 -04:00
Robin Ward
4ae66c9e01
Allow NotFound
to specify an optional Location
for the resource
2017-09-26 09:10:18 -04:00
Guo Xiang Tan
6f5051861c
Remove unused option.
2017-09-26 14:47:38 +08:00
Guo Xiang Tan
5d37f8673b
PERF: Only send down suggested payload when loading last chunk.
2017-09-26 14:42:27 +08:00
Robin Ward
d1ebc62065
The ability to display errors on flagging actions.
2017-09-25 12:28:01 -04:00
Robin Ward
09ed2ed749
Add Suspend User to flags page
2017-09-25 12:28:00 -04:00
Robin Ward
6bce3004d9
UX: Nicer selection of suspend duration
2017-09-25 12:28:00 -04:00
Robin Ward
677b016387
Send a suspension message via email to a user
2017-09-25 12:26:41 -04:00
Robin Ward
2a56cf8bb6
Tests + Refactoring for Suspension Modal
2017-09-25 12:26:06 -04:00
Robin Ward
d7c37d9369
Add front end service for staff controls
2017-09-25 12:25:14 -04:00
Robin Ward
5cf50f0034
Adjust flagged posts to use the store
2017-09-25 12:25:14 -04:00
Robin Ward
5e69217793
Add filtering support to flags
2017-09-25 12:25:14 -04:00
Robin Ward
40eba8cd93
FEATURE: View flags grouped by topic
2017-09-25 12:25:14 -04:00
Guo Xiang Tan
77d4c4d8dc
Fix all the errors to get our tests green on Rails 5.1.
2017-09-25 13:48:58 +08:00
Régis Hanol
8ed318c4fe
display 'similar to' earlier when composing a post
2017-09-16 01:03:29 +02:00
Régis Hanol
797936d2c5
FIX: don't leak whisper count in user card
2017-09-14 20:08:16 +02:00
Arpit Jalan
4e49b3b140
FIX: do not create new email token if there already exists a confirmed one
2017-09-14 10:52:29 +05:30
Leo McArdle
104d97695d
FIX: don't activate un-confirmed email on omniauth authentication ( #5176 )
2017-09-12 17:36:17 +02:00
Robin Ward
171d9e5aed
SECURITY: Prevent users from updating to blacklisted email domains
2017-09-12 10:11:08 -04:00
Neil Lalonde
d7d9923b8e
FIX: display email validation error messages
2017-09-11 13:22:14 -04:00
Guo Xiang Tan
5d4221fbe1
PERF: Avoid calling expensive PostGuardian#can_see_post?
multiple times.
...
Before
```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
50: 19
75: 19
90: 21
99: 27
topic:
50: 56
75: 62
90: 64
99: 99
timings:
load_rails: 1262
ruby-version: 2.4.1-p111
rss_kb: 198432
pss_kb: 136612
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_9877: 327892
pss_kb_9877: 263671
rss_kb_9946: 325468
pss_kb_9946: 261671
rss_kb_10153: 326456
pss_kb_10153: 262657
```
After
```
Your Results: (note for timings- percentile is first, duration is second
in millisecs)
---
topic_admin:
50: 18
75: 18
90: 20
99: 28
topic:
50: 41
75: 42
90: 46
99: 49
timings:
load_rails: 1201
ruby-version: 2.4.1-p111
rss_kb: 187936
pss_kb: 123596
virtual: physical
architecture: amd64
operatingsystem: Ubuntu
memorysize: 15.59 GB
kernelversion: 4.10.0
physicalprocessorcount: 1
processor0: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
rss_kb_26478: 342360
pss_kb_26478: 276696
rss_kb_26547: 340368
pss_kb_26547: 275930
rss_kb_26747: 338964
pss_kb_26747: 274466
```
2017-09-08 14:07:24 +08:00
Guo Xiang Tan
4d840d10db
PERF: Reduce number of Redis hits per requests.
2017-09-07 13:34:27 +08:00
Guo Xiang Tan
8463b676df
Revert "Activate mini-profiler when in profiling env."
...
This reverts commit d61109388c
.
2017-09-06 11:26:03 +08:00
Guo Xiang Tan
d61109388c
Activate mini-profiler when in profiling env.
2017-09-06 11:19:20 +08:00
Guo Xiang Tan
5c1143cd55
Add missing test case for PostController#timings
.
2017-09-04 16:36:02 +08:00
Sam
9f0f086b3e
FEATURE: allow API to mark accounts as approved on creation
2017-08-28 15:36:46 -04:00
Bianca Nenciu
6bc74ceb50
Split alias levels in mentionable and messageable levels. ( #5065 )
...
* Split alias levels in mentionable and messageable levels.
* Fixed some tests.
* Set messageable level to everyone by default.
* By defaults, groups are not mentionable or messageable.
* Made staff groups messageable by the system.
2017-08-28 12:32:08 -04:00
Bianca Nenciu
bb3a5910d7
Support for sending PMs to email addresses ( #4988 )
...
* Added support for sending PMs to email addresses.
* Made changes after review.
* Added settings validator.
* Fixed tests.
2017-08-28 12:07:30 -04:00
Guo Xiang Tan
4b4169c8fd
Merge pull request #5053 from fantasticfears/session-controller
...
Spec for local auth check
2017-08-24 09:42:54 +09:00
Guo Xiang Tan
91d3929f52
Merge pull request #5078 from lelelelemon/master
...
change count>0 to exists
2017-08-24 09:24:42 +09:00
junwen yang
8124f26a6e
change count>0 to exists
2017-08-23 22:54:51 +00:00
Sam
8dfb1be4d1
FEATURE: unlisted *only* means not listed in topic lists
...
Remove security by obscurity feature that tries for exact slug match
If you need to hide a topic from users either move to a secure category
or convert to a PM
2017-08-22 17:53:54 -04:00
Sam
d7a2584c6e
FEATURE: image uploads now have short urls
...
Shorten all image uploads to use short urls, this is the client
side implementation.
2017-08-22 16:40:08 -04:00
Sam
2f0c6c99e0
FIX: ip lookup not working
...
Also add a powered by line so it is clear this makes an external service call
2017-08-21 14:18:49 -04:00
Mudasir Raza
84c83afd35
Allow optional import_mode param for posts in api ( #4952 )
2017-08-17 07:53:04 -04:00
Erick Guan
c7a101476e
Spec for local auth check
2017-08-16 11:01:00 +02:00
Guo Xiang Tan
b77aa29e71
Merge pull request #5013 from LeoMcA/alternate-emails-phase-1.5
...
FIX: add additional email to tests and clean up resulting mess
2017-08-16 16:19:28 +09:00
Kyle Zhao
c3249f6e93
FEATURE: add full editing access to queued posts ( #5047 )
...
For pending new topics: the body of the post, title, categories
and the tags are editable.
For pending new replies: only the body is applicable and thus
editable
DISCUSSION: https://meta.discourse.org/t/66754
2017-08-15 12:44:05 -04:00
Régis Hanol
4f09a5a7a5
Add 'Post.permitted_create_params' to allow plugins to add new params when creating a post
2017-08-12 04:10:45 +02:00
Arpit Jalan
bf2c35aa99
FEATURE: add RSS feed for badge pages
2017-08-09 13:43:49 +05:30
Guo Xiang Tan
898c6ba037
Merge pull request #5033 from tgxworld/reason_when_requesting_to_join_a_group
...
FEATURE: Force user to enter reason when requesting for group members…
2017-08-09 15:54:21 +09:00
Guo Xiang Tan
a9613163b5
FEATURE: Force user to enter reason when requesting for group membership.
2017-08-09 15:45:28 +09:00
Arpit Jalan
e36a20660d
FIX: handle topics without excerpt for meta description tag
2017-08-08 22:17:05 +05:30
Régis Hanol
d182f0f2d1
Add support for preloaded custom_fields on Group
2017-08-08 15:45:27 +02:00
Robin Ward
2e4b3e9b06
Don't include all html builders on client and server side
2017-08-07 11:29:35 -04:00
Guo Xiang Tan
3f24ed2b3e
Can't revert due to incompatibility of new site setting types.
...
Revert "Revert "FEATURE: Site settings defaults per locale""
This reverts commit 439fe8ba24
.
2017-08-07 10:43:09 +09:00
Guo Xiang Tan
439fe8ba24
Revert "FEATURE: Site settings defaults per locale"
...
This reverts commit 468a8fcd20
.
2017-08-07 10:31:50 +09:00
Régis Hanol
3c0de22bf0
FIX: wasn't able to remove a user's primary group
2017-08-04 18:13:20 +02:00
Erick Guan
468a8fcd20
FEATURE: Site settings defaults per locale
...
This change-set allows setting different defaults for different locales.
It also:
- Adds extensive testing around site setting validation
- raises deprecation error if site setting has the default property based on env
- relocated site settings for dev and tests in the initializer
- deprecated client_setting in the site setting's loading process
- ensure it raises when a enum site setting being set
- default_locale is promoted to `required` category.
- fixes incorrect default setting and validation
- fixes ensure type check for site settings
- creates a benchmark for site setting
- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
Guo Xiang Tan
33e22cf598
Add back Admin::GroupsController#index
route for now.
...
* The endpoint is being used by discourse_api.
2017-08-03 00:24:23 +09:00
Matt Palmer
67882ec37d
Hunt-and-kill a few more mis-encoded params
...
https://meta.discourse.org/t/tags-does-not-work-with-cyrillic/67217/6?u=mpalmer
2017-08-01 18:03:44 +10:00
Matt Palmer
7ee861f457
FIX: Return a UTF-8 string in tag notifications
...
https://meta.discourse.org/t/tags-does-not-work-with-cyrillic/67217
2017-08-01 16:27:52 +10:00
Neil Lalonde
fa3c240e8b
Merge pull request #4981 from dmacjam/fix_limited_search_results
...
FIX: limited search results
2017-07-31 20:23:57 -04:00
Leo McArdle
836dee1120
FIX: add additional email to tests and clean up resulting mess
2017-07-31 22:27:29 +00:00
Neil Lalonde
7c1d7fb423
Merge branch 'master' into fix_limited_search_results
2017-07-31 15:55:31 -04:00
Arpit Jalan
6c997b65d9
optimize enqueuing activation email code
2017-07-31 22:57:39 +05:30
Arpit Jalan
0b01d0e95d
FIX: staff cannot manually activate accounts after 48 hours has elapsed
...
https://meta.discourse.org/t/staff-cannot-manually-activate-invited-accounts-after-48-hours-has-elapsed/66292/14?u=techapj
2017-07-31 22:24:09 +05:30
Arpit Jalan
2e2b5e28aa
FIX: add slight delay when enqueuing activation email
2017-07-31 16:52:07 +05:30
Guo Xiang Tan
4620dfe92d
FEATURE: Add group settngs to allow users to leave a group freely.
...
https://meta.discourse.org/t/split-join-leave-freely-setting-on-groups/65565
2017-07-28 15:00:25 +09:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Robin Ward
5cfc2d8972
Run wizard specs in docker:test
2017-07-27 11:29:18 -04:00
Guo Xiang Tan
2442bba131
UX: Better group creation workflow.
...
* Owners and users can now be added to a group during creation.
https://meta.discourse.org/t/you-cannot-allow-membership-requests-without-any-owners/64760/3
2017-07-27 16:12:42 +09:00
Neil Lalonde
24cb950432
FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block
2017-07-26 11:01:09 -04:00
Guo Xiang Tan
b59dfb86f4
UX: Include group name in email when group is invited to a PM.
...
https://meta.discourse.org/t/xyz-invited-you-to-a-message-but-really-invited-a-group-im-in/65996
2017-07-26 15:51:44 +09:00
Guo Xiang Tan
e3ac6585bd
FIX: Search by topic_id should not be restricted by SiteSetting.min_search_term_length
.
2017-07-26 09:52:39 +09:00
Guo Xiang Tan
6c0a29698b
Fix JS tests failing when running in RAILS_ENV=test
.
...
Fixes the following error:
```
phantomjs /home/tgxworld/work/discourse/vendor/assets/javascripts/run-qunit.js http://localhost:60099/qunit
2017-07-25 16:27:41 +0900: Rack app error handling request { GET /stylesheets/desktop.css }
<Errno::ENOENT: No such file or directory @ rb_sysopen - /home/tgxworld/work/discourse/tmp/stylesheet-cache/desktop.css>
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:65:in `write'
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:65:in `show_resource'
/home/tgxworld/work/discourse/app/controllers/stylesheets_controller.rb:9:in `show'
```
2017-07-25 16:31:31 +09:00
Guo Xiang Tan
1b0750d7ef
Merge pull request #4983 from tgxworld/group_owners_can_invite_users_to_groups
...
Group owners can invite users to groups
2017-07-24 16:21:19 +09:00
Leo McArdle
407a23663d
FEATURE: send rejection email for unrecognized errors
2017-07-21 18:26:52 +01:00
Guo Xiang Tan
2a17f1ccd7
FIX: Group owners should be able to invite users to their groups.
...
https://meta.discourse.org/t/group-owner-cannot-send-an-invite-to-a-group/60617/12
2017-07-21 23:48:25 +09:00
Robin Ward
3882722195
FEATURE: Inline (Mini) Oneboxing
...
see:
https://meta.discourse.org/t/mini-inline-onebox-support-rfc/66400?source_topic_id=66066
2017-07-20 15:38:04 -04:00
Jakub Macina
e5ee4ccc48
Add pagination and checking for more results to search.
2017-07-20 18:12:34 +02:00
Régis Hanol
bf6c3b7017
FIX: don't error out when an unsubscribe key isn't associated to a user anymore
2017-07-20 12:24:24 +02:00
Leo McArdle
d0b027d88d
FEATURE: phase 1 of supporting multiple email addresses
2017-07-20 11:22:27 +09:00
Robin Ward
cdb3706025
Track clicks on topics in search results
2017-07-17 15:42:32 -04:00
Robin Ward
97e211f837
FEATURE: Log Search Queries
2017-07-14 14:30:58 -04:00
Robin Ward
f1a6449e4b
SECURITY: Remove disposable invite feature
2017-07-07 20:24:39 -04:00
Sam
340a3ee5cb
correct spec to handle not null visibility_level
2017-07-03 16:03:26 -04:00
Sam
845170bd6b
FEATURE: add support for group visibility level
...
There are 4 visibility levels
- public (default)
- members only
- staff
- owners
Note, admins and group owners ALWAYS have visibility to groups
Migration treated old "non public" as "members only"
2017-07-03 15:26:57 -04:00
Arpit Jalan
72c92b0f4e
FIX: include canonical meta tag on category pages
2017-07-03 13:25:22 +05:30
Arpit Jalan
e7b9b1312e
FEATURE: remove all invites
...
https://meta.discourse.org/t/remove-all-invitations-button-for-the-admin-panel/65207
2017-06-29 22:30:10 +05:30
Guo Xiang Tan
7b35c55a1e
FIX: Display Google search form when 404 page is rendered by Ember.
2017-06-29 14:37:24 +09:00
Régis Hanol
a9c0df0b58
FIX: always try to convert PNG to JPG when pasting an image
2017-06-23 12:13:48 +02:00
Robin Ward
ae7734707e
REFACTOR: Merge different templates from rendering user stream items
2017-06-20 15:45:41 -04:00
Guo Xiang Tan
b5ec241716
FIX: Validate interpolation keys used in translation overrides.
...
https://meta.discourse.org/t/discobot-translation-missing-error/64429/6?u=tgxworld
2017-06-16 08:54:48 +09:00
Guo Xiang Tan
b5249fb4ca
FIX: Send request membership PM to last 5 active group owner.
2017-06-15 11:37:09 +08:00
Arpit Jalan
34996b4eff
FIX: show invite validation error message in response
2017-06-13 22:41:53 +05:30
Régis Hanol
5d63a7f4a6
FIX: pull hotlinked images even when they have no extension
2017-06-13 13:27:05 +02:00
Guo Xiang Tan
a5d3abc9b6
FIX: Create group membership request on behalf of user.
2017-06-13 17:49:21 +09:00
Régis Hanol
54e8fb0d89
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 22:41:29 +02:00
Robin Ward
2ff850d446
FIX: If forcing a refresh, don't return a onebox preview
2017-06-12 14:05:59 -04:00
Neil Lalonde
0b41046238
don't force SiteSetting.title into meta title tag
2017-06-12 13:50:50 -04:00
Arpit Jalan
b9c94aa234
FEATURE: add required user fields to invite accept form
...
UX: make "accept invitation" page consistent with sign up modal
2017-06-12 20:43:07 +05:30
Guo Xiang Tan
5994c85ea9
FIX: Raise the right error when email params is missing.
2017-06-12 17:48:32 +09:00
Arpit Jalan
6e37f09b19
UX: add email to '/email/unsubscribed' page
2017-06-10 09:51:12 +05:30
Régis Hanol
038454bde2
FIX: always confirm emails when SSO says so
2017-06-08 01:05:33 +02:00
Robin Ward
54bb2a6bc2
FIX: Don't redirect to wizard when resetting password
2017-06-07 12:36:52 -04:00
Guo Xiang Tan
2cad739262
FIX: Better error message when username change fails.
...
https://meta.discourse.org/t/500-error-on-username-edit/64064
2017-06-07 10:45:53 +09:00
Sam
b4060778d9
FIX: you should always be allowed to see actions you created
2017-06-02 14:24:06 -04:00
Guo Xiang Tan
2ee144c27f
FEATURE: Add DiscourseEvent trigger when a user logs in.
...
* Also adds a event trigger when user logs in for the first time.
2017-06-01 17:44:49 +09:00
Sam
607998af33
FEATURE: dropdown to filter staff action logs
2017-05-30 11:25:42 -04:00
Arpit Jalan
d2c2139da8
FEATURE: require name when accepting invite if 'full name required' setting is enabled
2017-05-29 21:46:43 +05:30
Robin Ward
b584264d82
FIX: Don't show "resend email" option when user approval is on
2017-05-25 15:29:05 -04:00
Sam
29fac1ac18
PERF: improve performance of unread queries
...
Figuring out what unread topics a user has is a very expensive
operation over time.
Users can easily accumulate 10s of thousands of tracking state rows
(1 for every topic they ever visit)
When figuring out what a user has that is unread we need to join
the tracking state records to the topic table. This can very quickly
lead to cases where you need to scan through the entire topic table.
This commit optimises it so we always keep track of the "first" date
a user has unread topics. Then we can easily filter out all earlier
topics from the join.
We use pg functions, instead of nested queries here to assist the
planner.
2017-05-25 15:07:30 -04:00
Robin Ward
6eb6c25816
FIX: Keep the flash when redirecting for login_required
2017-05-25 14:10:15 -04:00
Robin Ward
ca965f83c3
Revert "FIX: If login is required, redirect to the /login
route instead of root"
...
This reverts commit 8a8dec550b
.
2017-05-25 14:04:28 -04:00
Robin Ward
8a8dec550b
FIX: If login is required, redirect to the /login
route instead of root
2017-05-25 13:35:15 -04:00
Robin Ward
cdbe027c1c
Refactor FileHelper
to use keyword arguments.
2017-05-24 13:54:26 -04:00
Sam
d0f84aa14e
FIX: missing to_i which breaks selector component for anon
2017-05-24 11:39:10 -04:00
Guo Xiang Tan
238a156300
FIX: TopicTimestampChanger
should not allow timestamps in the future.
2017-05-22 16:03:49 +08:00
Guo Xiang Tan
4382a0bb07
Rename PostTimestampChanger
-> TopicTimestampChanger
.
2017-05-22 15:01:33 +08:00
Robin Ward
908433a7a0
SECURITY: Validate the entity
when downloading a CSV
2017-05-19 16:00:51 -04:00
Guo Xiang Tan
8ab9f30bbd
FIX: User can't remove bookmark from a deleted post.
2017-05-19 12:25:12 +08:00
Arpit Jalan
1fd8e426f2
FIX: better uploads error page
2017-05-18 23:29:37 +05:30
Régis Hanol
13e489b4ca
replace the upload type whitelist with a sanitizer
2017-05-18 12:13:13 +02:00
Sam
2a5a01af2e
improve error on theme upload, add gif to allowed uploads
2017-05-17 16:29:09 -04:00
Neil Lalonde
a0f03936ff
FIX: saving invisible primary group field that you don't belong to
2017-05-17 12:46:50 -04:00
Sam
e1dd543a93
FEATURE: allow users to select theme on single device
2017-05-15 12:48:16 -04:00
Sam
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
Neil Lalonde
55b61e9bea
rename topic_status_update to topic_timer
2017-05-11 18:27:53 -04:00
Pat David
18de62b015
Add get_embeddable_css_class to assist multi-site embed styling
...
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
Pat David
4bf8548dc5
Add embed class name setup for embeddable hosts
2017-05-11 15:16:16 -04:00
Régis Hanol
9641d2413d
REFACTOR: upload workflow creation into UploadCreator
...
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
04b5516bf2
improve upload functionality
2017-05-10 15:47:11 -04:00
Sam
bc0b9af576
FEATURE: support uploads for themes
...
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Sam Saffron
c2829dce22
FIX: base sql vanishes after badge creation
2017-05-09 09:25:57 -04:00
Robin Ward
afe04b8bbb
FIX: Possible 500 error if category saved incorrectly
2017-05-08 15:17:58 -04:00
Arpit Jalan
e89d0a6b20
FIX: importing a theme via file was broken
2017-05-08 12:03:24 +05:30
Robin Ward
777f1f0f47
FIX: Return a 404 if the auth session is not present
2017-05-04 15:35:24 -04:00
Robin Ward
1768c45a33
FIX: If we can't proxy to a CDN due to HTTP error, render blank
2017-05-04 12:42:46 -04:00
Robin Ward
57a2042ef6
FIX: Quiet server side errors for requesting json for account-created
2017-05-04 12:30:13 -04:00
Guo Xiang Tan
3eb920e2b0
Merge pull request #4841 from fantasticfears/webhook-ping
...
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
Robin Ward
81190f5d66
FIX: Redirect away from account-created
if you're logged in
2017-05-03 11:18:01 -04:00
Robin Ward
12fb20fe1b
FEATURE: Allow users to resend/update email from confirmation page
2017-05-03 11:18:01 -04:00
Robin Ward
b381372184
Use Ember.js for the /u/account-created
path so we can add controls
2017-05-03 11:18:01 -04:00
Sam
946f25098f
Refactor theme fields so they support custom theme defined vars
...
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
Arpit Jalan
77a8cae094
FIX: rescue specific errors on invite failure
2017-05-02 15:13:33 +05:30
Erick Guan
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
Neil Lalonde
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
Guo Xiang Tan
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
Guo Xiang Tan
e4b9f72f9e
FIX: Force the right encoding when handling email.
2017-04-27 16:51:54 +08:00
Arpit Jalan
b755279cf0
remove unneeded code
2017-04-27 08:47:47 +05:30
Arpit Jalan
e3f82140d8
more readable code for filtering username/email when bulk adding to group
2017-04-27 08:43:28 +05:30
Arpit Jalan
b41d96fac1
FIX: properly initialize hashes
2017-04-27 02:56:14 +05:30
Arpit Jalan
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
Guo Xiang Tan
6f7c6b0fd0
FIX: Incorrect error raised.
2017-04-25 09:59:01 +08:00
Guo Xiang Tan
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
Sam
7a9eee1b71
FEATURE: default notification level for group messages
...
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
Arpit Jalan
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
Robin Ward
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
Arpit Jalan
1c23aedccf
FIX: always send password reset email when accepting invite if password is not set
2017-04-18 14:37:06 +05:30
Robin Ward
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
Sam
86904e9cd6
FIX: better error handling for theme import
2017-04-17 16:55:53 -04:00
Arpit Jalan
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
Guo Xiang Tan
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
Sam
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
Sam
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Arpit Jalan
ef093b1610
Merge pull request #4807 from techAPJ/email-token-social
...
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
Guo Xiang Tan
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
Arpit Jalan
7fb17b83c4
FIX: confirm email token for user created via social login
2017-04-13 14:15:32 +05:30
Guo Xiang Tan
ee449b0dd5
Improve SSO verbose log when user record is invalid.
2017-04-13 11:39:26 +08:00
Guo Xiang Tan
57788200ec
REFACTOR: Add User.reserved_username?
.
2017-04-13 10:44:26 +08:00
Sam
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Sam Saffron
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
Guo Xiang Tan
9663a74445
FIX: Ensure username
param is valid in NotificationsController
.
2017-04-07 17:32:52 +08:00
Régis Hanol
93556bb950
Merge pull request #4793 from rcgordon/smtp-fast-rejection
...
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
Neil Lalonde
708f65f740
FIX: web crawlers getting 404 on category pages
2017-04-06 14:52:06 -04:00
Ryan C. Gordon
888d1512ec
Corrected indentation.
2017-04-06 01:49:34 -04:00
Aashaka Shah
402eaaa773
FEATURE: add og tags to metadata in individual badges page
2017-04-06 09:32:53 +05:30
Guo Xiang Tan
5943543ec3
FIX: Improve checks for non-human users.
2017-04-06 11:29:34 +08:00
Ryan C. Gordon
c51af13338
smtp_should_reject API: use better approach to find user email.
2017-04-05 23:10:36 -04:00
Ryan C. Gordon
a51c191a66
Make Email::Receiver.check_address() into a class method.
2017-04-05 23:10:36 -04:00
Ryan C. Gordon
e15d11df18
Added an API to ask if an incoming email should be dropped at the SMTP level.
...
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.
This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
Robin Ward
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
Robin Ward
3839206317
FIX: Return JSON errors for by-external
if JSON requested
2017-04-04 16:22:14 -04:00
Robin Ward
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
Guo Xiang Tan
406d721f11
Fix NilClass
error in UsersController
.
2017-04-04 14:17:45 +08:00
Guo Xiang Tan
f4758a4c4d
FEATURE: Allow admins to schedule a topic to be published in the future.
2017-04-04 11:16:05 +08:00
Guo Xiang Tan
0bbad5040a
topic-status-info
component wasn't updated when topic is closed/opened.
2017-03-31 15:58:26 +08:00
Guo Xiang Tan
b6e9871b4b
Update Topic#closed
client side when closing/opening a topic temporarily.
2017-03-31 15:05:00 +08:00
Guo Xiang Tan
34b7bee568
FEATURE: Allow admin to auto reopen at topic.
...
* This commit also introduces a `TopicStatusUpdate`
model to support other forms of deferred topic
status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward
14410b71fb
Convert server side paths to use /u/
2017-03-30 10:23:24 -04:00
Guo Xiang Tan
a818fa9831
FIX: Show stats of the last 30 days be default for admin reports.
...
* `1.month.ago + 1.month` uses the calendar month for calculations
such that `1.month.ago` from the 30th of March 2017 will give
us the 28th of February 2017. Adding one month ahead from
28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
Arpit Jalan
f3cd5f61c5
FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site
2017-03-28 09:07:23 +05:30
Neil Lalonde
11ce73b8ed
FEATURE: category setting for default top period
2017-03-22 16:54:18 -04:00
Sam
8e5e3b5af8
FIX: sso provider require return_sso_url
2017-03-22 09:08:38 -04:00
Robin Ward
874e8900af
Display email address in SSO error message.
2017-03-21 15:37:46 -04:00
Robin Ward
aeaf5075bf
Custom errors for when Email is invalid via SSO
2017-03-21 15:23:38 -04:00
Robin Ward
52d78294cc
Render a layout when there's an SSO error
2017-03-21 15:23:38 -04:00
Arpit Jalan
82c0f5f587
Merge pull request #4767 from techAPJ/activate-account
...
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
Arpit Jalan
7c3ae50dcd
FIX: send activation email if user have unconfirmed email
2017-03-21 09:41:50 +05:30
Sam Saffron
b94c7b4902
missing disposition
2017-03-20 17:07:32 -04:00
Sam
652b2d7199
remove redundent header setting
2017-03-20 16:08:18 -04:00
Sam
c106ca6778
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:17 -04:00
Guo Xiang Tan
1d4993a185
FIX: Sync user's notification channel before preloaded current user data.
...
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
Robin Ward
f5f54c1b77
Merge pull request #4764 from tgxworld/nuke_backticks
...
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
Guo Xiang Tan
e7c972ac89
FIX: Don't use backticks that take in inputs.
2017-03-17 15:33:51 +08:00
Victor van Poppelen
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
Guo Xiang Tan
bbc85e1e29
Merge pull request #4750 from discourse/group_login_registration_flow
...
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
Guo Xiang Tan
ca965bb455
FEATURE: Redirect to groups page after login/registration flow.
2017-03-16 09:48:51 +08:00
Guo Xiang Tan
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
Neil Lalonde
6d7e968e30
FEATURE: box-style rendering of sub-categories
2017-03-13 15:25:52 -04:00
Sam
a690121805
SECURITY: always allow staff to resend activation mails
2017-03-13 10:32:24 -04:00
Sam
1a745ca16a
else @user makes no sense :)
2017-03-13 10:22:23 -04:00
Guo Xiang Tan
9364d8ce71
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:24:55 +08:00
Guo Xiang Tan
7ebfa3c901
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
Arpit Jalan
848120c098
FEATURE: RSS feed for top page period filters
2017-03-13 15:23:46 +05:30
Sam
f13367cecd
FIX: latest + category not respecting homepage category suppression
2017-03-10 15:17:51 -05:00
Sam
bc1a6ccb90
Merge pull request #4741 from tgxworld/allow_bookmark_removal
...
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
Arpit Jalan
f7e7ca3937
FEATURE: anonymized site statistics
2017-03-10 18:50:26 +05:30
Régis Hanol
00380d84c5
UX: display text & html parts alongside raw email in incoming email modal
2017-03-08 23:15:42 +01:00
Arpit Jalan
801b5838e1
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 16:00:49 +05:30
Arpit Jalan
090236b15b
FIX: do not show about page to anonymous users for private forums
2017-03-08 13:15:44 +05:30
Guo Xiang Tan
689dd16be0
FIX: Allow user to remove bookmark from posts as long as bookmark is present.
...
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
Neil Lalonde
d95e4102c1
FIX: tags created in secured categories should not be forbidden outside those categories
2017-03-07 11:46:46 -05:00
Rafael dos Santos Silva
c3477cd40d
Merge pull request #4716 from discourse/bounced_emails_details
...
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
Guo Xiang Tan
477eb0591e
FIX: Posts in a deleted topic couldn't be moved.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
Sam
c99f4260c0
Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
...
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Neil Lalonde
6aab8cb331
FEATURE: new category setting for whether to show latest topics or top topics by default
2017-03-03 11:30:44 -05:00
Rafael dos Santos Silva
aac4a4ed94
Handle invalid parameters and missing bounced emails
2017-03-02 20:37:28 -03:00
Neil Lalonde
ca20cb9941
FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list
2017-03-02 15:06:56 -05:00
Guo Xiang Tan
3d347fb9c4
FIX: Don't mark user as active
if verified email is different.
2017-03-02 14:24:30 +08:00
Sam
dbfea9b5b0
correct refactor
2017-03-01 18:26:26 -05:00
Sam
c79b146283
FEATURE: make list controller a bit more extensible
2017-03-01 16:41:09 -05:00
Neil Lalonde
262016604d
FEATURE: each category can control how many topics to show on categories page
2017-03-01 15:12:57 -05:00
Blake Erickson
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Arpit Jalan
877957ae88
Merge pull request #4715 from techAPJ/login-per-ip
...
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
Arpit Jalan
cba51e1c38
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 16:58:03 +05:30
Régis Hanol
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
Régis Hanol
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Sam Saffron
3754b038e8
fix brotli origin
2017-02-23 18:26:40 -05:00
Sam
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
Rafael dos Santos Silva
5296f00c28
FEATURE: Allow checking the raw response of a bounced email
2017-02-22 14:51:33 -03:00
Neil Lalonde
a702330ccd
FEATURE: make show_subcategory_list a per-category setting
2017-02-22 11:42:36 -05:00
Régis Hanol
3ce3abef8f
FIX: add Content-Disposition and Content-Type headers when downloading attachments
2017-02-20 15:59:01 +01:00
Régis Hanol
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
Régis Hanol
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
Sam
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam Saffron
040e10a627
reduce duplication
2017-02-15 17:27:10 -05:00
Neil Lalonde
d0fbb27f3e
FEATURE: new invite acceptance page, where username can be chosen and password can be set
2017-02-15 16:51:57 -05:00
Sam
3818c196e0
remove disallowed params
2017-02-15 16:47:14 -05:00
Sam
74d4209d24
FEATURE: allow plugins to register custom topic list filters
2017-02-15 15:25:43 -05:00
Nicolas
1deec95ccb
Use natural
orientation for web app manifest.
...
The `any` orientation forces the rotation even when the device's screen
rotation is disabled. Using `natural` respects that and restores the
expected behaviour.
2017-02-12 18:04:06 +00:00
Jeff Atwood
3ee7a9266c
Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
...
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
Sam Saffron
4332f0dde1
FEATURE: allow user search API to restrict to group
2017-02-09 18:45:39 -05:00
Sam
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Sam
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
Régis Hanol
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
Neil Lalonde
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
Arpit Jalan
5523d0dbf9
fix the build
2017-02-03 15:35:33 +05:30
Arpit Jalan
26ccf61ab1
FIX: sane error message when inviting an existing user
2017-02-03 14:27:27 +05:30
Guo Xiang Tan
61111a3f9b
FIX: Show groups that user is owner of on groups page.
2017-02-03 16:51:32 +08:00
Guo Xiang Tan
18007ed34b
FIX: Can't use an internal name here if SiteSetting.convert_pasted_images_to_hq_jpg
is false
.
2017-02-01 14:51:56 +08:00
Guo Xiang Tan
f6d9745c5f
Bye bye byebug.
2017-02-01 14:50:14 +08:00
Guo Xiang Tan
6c8c91dca4
UX: Change default filename for images that have been pasted.
2017-02-01 14:44:41 +08:00
Arpit Jalan
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
Guo Xiang Tan
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
Guo Xiang Tan
0a25df67bc
Revert "FIX: Incorrect parameter being passed to component."
...
This reverts commit d354a6f7a4
.
2017-01-25 13:12:24 +08:00
Guo Xiang Tan
d354a6f7a4
FIX: Incorrect parameter being passed to component.
2017-01-25 13:09:08 +08:00
Guo Xiang Tan
32846aad2a
FIX: Toggling post's wiki status should not create a new version.
2017-01-20 15:42:33 +08:00
Régis Hanol
fbf9172db8
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:53:31 +01:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Arpit Jalan
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
Guo Xiang Tan
d6bf5b0e78
Use any
orientation for web app manifest.
2017-01-11 17:32:24 +08:00
Guo Xiang Tan
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
Neil Lalonde
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
Guo Xiang Tan
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
Neil Lalonde
685e6bdbab
FIX: tags canonical url can raise error or be wrong
2017-01-05 15:17:23 -05:00
Claas Augner
bec10ada2a
Remove unused email templates from controller
2017-01-05 15:31:14 +01:00
Guo Xiang Tan
5098baee2f
FIX: Undefined variable.
2017-01-04 17:37:23 +08:00
Guo Xiang Tan
43671b1fda
UX: Display group fullname in mention autocomplete.
2017-01-04 11:40:14 +08:00
Rafael dos Santos Silva
d3fb724578
Merge pull request #4632 from xfalcox/native-app-banner
...
FEATURE: Opt-in native Discourse app install banner
2017-01-03 16:32:24 -02:00
Rafael dos Santos Silva
d7c8c2d5e3
FEATURE: Opt-in native Discourse app install banner on Android/iOS
2017-01-03 15:50:45 -02:00
Guo Xiang Tan
ad4a96d387
FIX: Only send membership request to the last 5 active group owners.
2017-01-03 15:33:57 +08:00
Guo Xiang Tan
5aee2673c7
FIX: Push null fields to last when sorting group members.
2016-12-22 14:55:24 +08:00
Guo Xiang Tan
5605700fa9
UX: Sort groups by name.
2016-12-22 14:46:20 +08:00
Guo Xiang Tan
8551d821a0
FEATURE: Add site setting to disable group directory.
2016-12-22 14:14:22 +08:00
Guo Xiang Tan
5e75d5c1bf
PERF: N+1 query on groups page.
2016-12-21 20:59:09 +08:00
Guo Xiang Tan
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
Guo Xiang Tan
9db5d5b6a7
FIX: Incorrect serializer for groups page.
2016-12-20 15:44:22 +08:00
Guo Xiang Tan
7c7c233c1c
FIX: Can't update Groups#allow_membership_requests
in admin.
2016-12-20 15:14:35 +08:00
Guo Xiang Tan
502e114c60
FIX: Incorrect count when loading more groups.
2016-12-20 14:39:44 +08:00
Guo Xiang Tan
193f8301a4
FIX: Do not show automatic groups to normal users.
2016-12-20 14:26:49 +08:00
Régis Hanol
52cd9972bb
FIX: prevent DDoS with lots of _oneboxable_ links
...
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Joe Buhlig
87251fded7
FEATURE: Category setting to make all topics wikis
...
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
18c8323987
FIX: Incorrect path for redirect.
2016-12-19 18:12:15 +08:00
Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
dd383300b1
FEATURE: rate limit by login on password reset
2016-12-19 11:03:07 +11:00
Sam
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
Sam
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
Guo Xiang Tan
4b940dc8bd
FEATURE: Add groups page.
2016-12-14 17:27:47 +08:00
Robin Ward
03bc6f70f9
Better error messages when embedding fails
2016-12-13 14:38:05 -05:00
Guo Xiang Tan
2686ee5ab2
FIX: Admin can't add/remove public group users.
2016-12-13 16:39:44 +08:00
Guo Xiang Tan
43ee9f884e
FEATURE: Add Group#full_name
.
2016-12-13 16:16:26 +08:00
Guo Xiang Tan
7bfabb029b
UX: Move editing group from into an individual tab.
2016-12-13 15:15:20 +08:00
Guo Xiang Tan
da7009a968
FEATURE: Add request membership button for allowed groups.
2016-12-12 22:48:08 +08:00
Guo Xiang Tan
9a800107cb
FIX: Associate category logo and background to uploads record.
2016-12-12 17:37:28 +08:00
Guo Xiang Tan
05f55dbc10
FEATURE: Group logs.
2016-12-12 17:29:54 +08:00
Guo Xiang Tan
790f1ef9f3
FIX: Permit missing params.
2016-12-12 17:00:30 +08:00
Guo Xiang Tan
be5b5f6bea
FEATURE: Public groups.
2016-12-12 17:00:30 +08:00
Guo Xiang Tan
b9b4b0c175
FIX: Members should be ordered by username.
2016-12-08 14:27:38 +08:00
Guo Xiang Tan
a2da2971af
FEATURE: Allow columns on group members page to be sortable.
2016-12-08 10:49:12 +08:00
Robin Ward
d379f57c58
FIX: Show an error page if finish-installation
can't run
2016-12-07 11:10:08 -05:00
Guo Xiang Tan
81d333289e
FIX: Return 503 when in readonly mode.
2016-12-07 14:04:42 +08:00
Guo Xiang Tan
545dfa7191
FEATURE: Allow group owners to edit title.
2016-12-07 10:26:28 +08:00
Sam
1135e00c83
FIX: regression unable to dismiss unread
2016-12-06 08:49:40 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
Arpit Jalan
431aa79bb3
Merge pull request #4587 from techAPJ/invite-upload
...
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Guo Xiang Tan
adb7fcb6b3
FEATURE: Add bio to group page.
2016-12-05 16:58:04 +08:00
Arpit Jalan
ce974da9e5
FIX: simplify CSV file upload
2016-12-05 14:09:08 +05:30
Guo Xiang Tan
31acd311e5
FEATURE: Allow group owners to edit group name and avatar flair.
2016-12-05 14:27:46 +08:00
Sam
dc66f6681a
add spec for brotli controller, ensure cached correctly
2016-12-05 16:08:36 +11:00
Sam
8a98d617df
correct headers and add better caching
2016-12-05 15:11:07 +11:00
Sam
39a524aac8
FEATURE: brotli cdn bypass for assets
...
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam
1db9d17756
Make removal of topic columns more resilient to deploys
2016-12-05 12:11:46 +11:00
Sam
33d0a23d84
Merge branch 'fix_whisper'
2016-12-05 10:01:03 +11:00
Neil Lalonde
dafd1453d6
FIX: topic list filters for bookmarked, posted, and read now work with tag filter
2016-12-02 15:58:14 -05:00
Guo Xiang Tan
bc0a8142fe
PERF: Only show members count on group page.
2016-12-02 16:28:54 +08:00
Sam
c04d4171ff
FIX: whisper no longer experimental
...
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Sam
b8dc58be90
got to be careful with integrity specs
2016-11-29 18:01:09 +11:00
Sam
266322ce2e
FEATURE: add help text for no bookmarks in user page
2016-11-29 17:56:00 +11:00
Guo Xiang Tan
d95fbd89d0
Enable miniprofiler in development automatically.
2016-11-29 10:59:10 +08:00
Joe Buhlig
0390deba40
FIX: Add tags to list options from params
2016-11-26 08:24:52 -06:00
Guo Xiang Tan
559918c6c6
PERF: Add endpoint to check if a group can be mentioned by user.
2016-11-26 02:20:46 +08:00
Guo Xiang Tan
5794f1619d
PERF: Fix N+1 queries when loading groups.
2016-11-26 02:20:26 +08:00
Guo Xiang Tan
712ff01f38
PERF: Remove eager load.
2016-11-25 11:21:08 +08:00
Guo Xiang Tan
63a88ee6e7
Merge pull request #4566 from tgxworld/fix_perf_redirect_to_top
...
Fix perf redirect to top
2016-11-25 03:39:56 +01:00
Sam
88a46be051
FEATURE: display text excerpts when scrolling on mobile
2016-11-25 11:35:29 +11:00
Neil Lalonde
f885e5b5e6
fix success response handling of sending digest preview email
2016-11-24 15:05:33 -05:00
Guo Xiang Tan
84914c5e1f
PERF: Fix N+1 query.
2016-11-24 17:47:14 +08:00
Guo Xiang Tan
b889bfefbb
PERF: Don't calculate the same query twice.
2016-11-24 14:05:26 +08:00
Neil Lalonde
47aa3d94aa
FEATURE: send digest preview to an email address
2016-11-23 17:51:57 -05:00
Sam
e2c87da42a
FEATURE: Add basic support for Safe Mode
...
In Safe Mode all JS extensions and site customizations are disabled.
To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Guo Xiang Tan
f824afb4d3
FEATURE: Allow date_of_field column to be updated.
2016-11-17 15:16:58 +08:00
cpradio
c3d4c949f1
Add comments to relevant sections denoting "create new topic" scenario is not supported for cannot-see-mention (per @coding-horror instruction)
2016-11-16 06:26:36 -05:00
Robin Ward
32a8d5ed1f
Merge pull request #4550 from cpradio/cannot-see-mention
...
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Sam
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
cpradio
824c235760
FEATURE: Notify user when mention can't see the reply they were mentioned in
...
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Kiffin Gish
3aa22715af
A new guard for changing post timestamps called can_change_post_timestamps?
2016-11-06 20:14:09 +01:00
Neil Lalonde
764a572070
FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory
2016-11-02 15:29:33 -04:00
Neil Lalonde
29edbafac7
FIX: post short link on subfolder installs
2016-11-01 15:20:04 -04:00
Neil Lalonde
9ef1688a76
FEATURE: per-category default topic list sort order
2016-11-01 12:18:41 -04:00
Neil Lalonde
8c9d390cac
FIX: Tags used only on deleted topics could not be used again
2016-10-28 15:11:50 -04:00
Régis Hanol
71f940d478
FIX: use metadata to hold the message_id with sparkpost
2016-10-27 19:35:50 +02:00
Dmitry Demenchuk
fb25485bb1
Delete useless home_redirect method from ForumsController.
2016-10-27 15:45:22 +01:00
Régis Hanol
41f19641d1
FIX: don't error out when we receive a bounce associated to a deleted user
2016-10-26 10:13:05 +02:00
Régis Hanol
81e2a0099f
FIX: ensure the group 'everyone' is never shown when using a different locale
2016-10-24 10:53:31 +02:00
Guo Xiang Tan
ee9946388c
Merge pull request #4507 from ming-relax/feat-delete-by-email
...
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Sam
9a94d1b212
FIX: everyone is not a visible group
2016-10-24 13:03:22 +11:00
Robin Ward
19e2eec219
Allow step 0 to resend the confirmation email
2016-10-21 11:34:19 -04:00
Sam
bfa33f2518
Merge pull request #4500 from tgxworld/performance_on_users_page
...
PERF: Remove ordering by username.
2016-10-21 10:40:58 +11:00
Robin Ward
c03d25f170
FEATURE: Configure Admin Account
...
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.
Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Ming HU
dffd8baa91
Remove user from a group by user email
2016-10-18 17:10:47 +08:00
Régis Hanol
3949c24f80
FIX: sparkpost webhooks support
2016-10-17 11:26:49 +02:00
Guo Xiang Tan
18d032ad91
PERF: Remove ordering by username.
...
* Ordering by username results in a very expensive query
for very little upside UX wise.
2016-10-15 01:13:58 +08:00
Sam
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde
0328141e05
FIX: prevent creation of tags with invalid characters
2016-10-12 15:44:36 -04:00
Régis Hanol
ddcc084d22
Revert "FEATURE: Use the top period default for users who have been inactive or are new"
2016-10-11 17:56:46 +02:00
cpradio
2de50a616d
FEATURE: Use the top period default for users who have been inactive or are new
2016-10-11 09:55:15 -04:00
Sam
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
Sam
f6ac914376
Merge pull request #4467 from cpradio/advanced-search-ui
...
FEATURE: Advanced Search UI
2016-10-11 10:02:35 +11:00
Sam
3e513f5c05
Merge pull request #4459 from vibol/master
...
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Neil Lalonde
600b23c0a4
FIX: permalink redirects should work on tag paths
2016-10-04 12:01:42 -04:00
cpradio
4b71fd253b
Advanced Search UI
...
Properly support Categories so it updates the search box correctly
Use category id, as it is more consistent with search results than using the slugs, especially for parent/subcategory
Added Status
Improve AutoComplete so it can receive updates
Added the ability for AutoComplete to receive updates to badge-selector and group-selector
Respect null, which is set via web-hooks
Support both # and category: for category detection.
Only update the searchedTerms if they differ from its current value (this helps the Category Selector receive updates)
Opt in receive updates (#3 )
* Make the selectors opt-in for receiving updates
* Opt-in to receive updates
* Fix category detection for search-advanced-options
Fix eslint error
Update user-selector so it can receive updates live too
Make the canReceiveUpdates check validate against 'true'
Converted to use template literals
Refactor the regex involved with this feature
Split apart the init to make it a bit more manageable/testable
Switch the category selector to category-chooser, so it is a dropdown of categories instead of auto-complete
Reduce RegEx to make this happier with unicode languages and reduce some of the complexity
2016-10-04 11:18:01 -04:00
Robin Ward
f62d01ff1b
FIX: Clear the session after a reset token was used
2016-09-30 12:20:23 -04:00
Guo Xiang Tan
1c3992e575
FIX: Ensure that translations bundle exists before merging plugin bundle.
2016-09-30 14:29:30 +08:00
Vibol Hou
c3d60d5d1d
Merge remote-tracking branch 'upstream/master'
2016-09-29 02:12:05 -07:00
Guo Xiang Tan
72ccb4e11d
FIX: Plugin "admin_js" translations bundle was not fetched.
2016-09-29 04:42:26 +08:00
Vibol Hou
34af73c7cb
FEATURE: sparkpost webhook
2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva
0229df4c73
Second review fixes
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
2a5a0bebb3
Adjusts from review
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
acc70cc3de
SiteSetting, admin passtrough, CSS, hide on mobile
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
6faedfa716
Rate limit printing
2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
c12e533273
Feature: Adds a button to print a topic
2016-09-26 20:44:50 -03:00
Guo Xiang Tan
4e663998af
PERF: N+1 query on user summary page.
2016-09-23 12:44:08 +08:00
Robin Ward
7f66cf618c
FIX: You should be an admin to do the wizard
2016-09-22 11:12:51 -04:00
Robin Ward
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
Robin Ward
35b767f6af
Company Name Step which updates the TOS
2016-09-22 09:52:19 -04:00
Robin Ward
28b6c300a0
Clean up wizard updater API for better plugin use
2016-09-22 09:52:19 -04:00
Robin Ward
af83c8dc14
Upload Logos Step
2016-09-22 09:52:19 -04:00
Robin Ward
c94e6f1b96
Add locale step
2016-09-22 09:52:19 -04:00
Robin Ward
9f12b571ef
Wizard: Server Side Validation + Finished Step
2016-09-22 09:52:19 -04:00
Robin Ward
3a4615c205
Wizard: Step 1
2016-09-22 09:48:58 -04:00
Robin Ward
0471ad393c
Scaffold for new Wizard - Rails / Ember / Tests
2016-09-22 09:48:58 -04:00
Robin Ward
6070939daa
Support for other i18n bundles
2016-09-22 09:48:58 -04:00
Guo Xiang Tan
9374e5d42d
Revert "FIX: don't overwrite category's logo & background URLs"
...
This reverts commit 641b95f655
.
2016-09-22 11:30:19 +08:00
Régis Hanol
641b95f655
FIX: don't overwrite category's logo & background URLs
2016-09-21 22:11:31 +02:00
Guo Xiang Tan
547750e9dd
Unify API keys and web hooks into a single admin nav header.
2016-09-20 05:22:03 +08:00
Robin Ward
2766b2edc3
FIX: Allow redirection for slugs that start with digits
2016-09-19 13:31:19 -04:00
Erick Guan
00d5facf36
FEATURE: prompts new webhook events
2016-09-19 12:07:17 +08:00
cpradio
2eddeab66b
Escape the hyphen
2016-09-16 19:07:46 -04:00
cpradio
0d2d8797b6
FIX: Backup validation wasn't escaping hyphens
2016-09-16 15:20:42 -04:00
Sam
75f3f7fcbd
FEATURE: clean API method for reading a single notification
2016-09-16 16:14:15 +10:00
Guo Xiang Tan
512922d776
SECURITY: Add filename validation for backup uploads.
2016-09-16 11:58:14 +08:00
Sam
e6fcaadd45
FIX: redirects back to origin for SSO and omniauth login
2016-09-16 13:48:50 +10:00
Sam
25a82e7d22
PERF: only publish notification state if we changed it
...
also publish seen_notification_id so we can tell what is new and what is old
cleanup controller so it correctly checks user
fix bug around clearing notification when people click mark read
2016-09-16 12:02:19 +10:00
Guo Xiang Tan
b0752b1f91
FIX: Don't bypass validations.
2016-09-15 10:15:17 +08:00
Sam
2d859ba0ed
FIX: user api should always be available to staff
2016-09-12 15:42:06 +10:00
Arpit Jalan
19ddf95efa
FIX: add custom invite email templates
2016-09-08 00:54:48 +05:30
Erick Guan
9ce61b4586
FEATURE: Webhooks.
2016-09-05 18:44:00 +08:00
Guo Xiang Tan
aabb7a8592
FIX: DiscourseEvent should not be triggered from within the controller.
2016-09-05 15:58:04 +08:00
Sam
1d281e02c7
id is optional if already specified in header
2016-09-02 17:08:46 +10:00
Sam
be0fd5b4cc
FEATURE: allow user api key revocation for read only keys
2016-09-02 17:04:00 +10:00
Régis Hanol
e064e6f7a3
FEATURE: new 'categories_and_latest' endpoint
2016-08-29 22:47:44 +02:00
Sam
0303080586
we do not define auth providers for builtins
2016-08-29 11:12:24 +10:00
Sam
22b8c0d44e
FIX: fullscreen login set from client needs to be respected
2016-08-29 10:13:51 +10:00
Neil Lalonde
2251104e32
FEATURE: avatar flair can be font awesome icons
2016-08-26 17:15:37 -04:00
Sam
ca79c4b276
stop eating up push_urls
2016-08-26 13:23:06 +10:00
Sam
2b15919aee
missing spot where old api was used
2016-08-26 10:58:34 +10:00
Sam
eaf87f0770
FIX: correctly handle api key so it uses current user provider
2016-08-26 10:39:13 +10:00
Arpit Jalan
bfefda06f6
FIX: handle embed count when topic not found
2016-08-25 07:12:20 +05:30
Neil Lalonde
50a8eb1810
Merge pull request #4405 from gdpelican/fix/intersection-pagination
...
FIX: Don't join on tags unnecessarily when matching all tags
2016-08-24 14:45:15 -04:00
Robin Ward
c3a3aff120
FEATURE: Support for a whitelist for embeddable host paths
2016-08-23 14:56:12 -04:00
Sam
691f739f11
better error handling
...
push notifications imply read access, no need for a special permission
2016-08-23 16:48:00 +10:00
Régis Hanol
2690ef7050
prefix setting with 'desktop_' since it's only used for desktop
2016-08-22 23:43:42 +02:00
Régis Hanol
d06e2793aa
fix logic for when to include topics in category list
2016-08-22 23:11:08 +02:00
Régis Hanol
4d6028ea2d
UX: new 'category_page_style' site setting
2016-08-22 23:01:43 +02:00
James Kiesel
386b8b8498
Don't join on tags unnecessarily when matching all tags
2016-08-19 10:37:32 -05:00
Régis Hanol
eb953c0904
FIX: /categories page on mobile
2016-08-19 01:47:00 +02:00
Neil Lalonde
a644602612
FIX: infinite scrolling of topic list when filtered to one tag
2016-08-18 16:36:30 -04:00
Régis Hanol
6d1d7b7c8f
UX: new /categories layout
2016-08-17 23:23:16 +02:00
Neil Lalonde
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
Sam
79c1d3459b
line was there twice
2016-08-17 17:03:48 +10:00
Sam
91b72936c4
Normalize away a requested push if for some reason we can not push there
2016-08-17 16:44:38 +10:00
Sam
b4dfb84f37
PERF: stop doing work for HEAD requests on topics
2016-08-17 10:04:23 +10:00
Sam
a25a8115e8
FEATURE: support HEAD request to /user-api-key/new
...
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Sam
416e7e0d1e
FEATURE: basic UI to view user api keys
2016-08-16 17:06:52 +10:00
Sam
b7cea24d76
FEATURE: more user API flow, support key creation
2016-08-16 17:06:52 +10:00
Sam
0b334cdf74
FIX: stop removing query params from destination url in sso
2016-08-16 17:06:52 +10:00
Neil Lalonde
3b792054f2
Merge pull request #4387 from gdpelican/feature/tags-intersection
...
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel
037e9bb7b8
Support any number of tag intersections
2016-08-15 15:30:17 -04:00
Sam
fc095acaaa
Feature: User API key support (server side implementation)
...
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel
7e73b933c7
First pass
2016-08-12 15:28:46 -04:00
Sam
7e4503dd99
FEATURE: basic info route for all sites, even ones that require login
...
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam
afaba56de3
FEATURE: missing API endpoint for topic tracking states
2016-08-12 17:10:35 +10:00
Robin Ward
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
Neil Lalonde
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
Guo Xiang Tan
bf683178a8
FIX: Remove tag plugin code from tag hashtag check.
2016-08-02 10:59:12 +08:00
Régis Hanol
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
Neil Lalonde
1f12e41029
FIX: query for tag with no sub-categories
2016-07-28 16:59:00 -04:00
Neil Lalonde
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
Neil Lalonde
77847f0d46
FIX: meta description tags for tags
2016-07-28 11:49:23 -04:00
Robin Ward
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
Guo Xiang Tan
36ddb1787e
FEATURE: Add toggle topic visibility button in popup menu.
2016-07-28 16:57:04 +08:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
Régis Hanol
6dac9075dc
new 'convert_pasted_images_quality' site setting
2016-07-27 19:59:44 +02:00
Régis Hanol
be099bb637
only convert pasted images to HQ jpg when it's at least 5% smaller
2016-07-27 19:55:13 +02:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Neil Lalonde
3c0df3510a
FIX: tags index should show all tags belonging to a category even if they have never been used
2016-07-26 16:04:11 -04:00
Régis Hanol
749b981759
FEATURE: new 'convert_pasted_images_to_hq_jpg' site setting
2016-07-25 23:01:28 +02:00
Neil Lalonde
ece4fa82c9
FIX: add canonical link to tags topic lists
2016-07-25 16:16:19 -04:00
Neil Lalonde
11b3b5e30a
FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter
2016-07-25 16:16:18 -04:00
Régis Hanol
d2e22ab215
extract bounce scores into site settings
2016-07-25 17:27:28 +02:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Neil Lalonde
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
Neil Lalonde
a74606c87c
PERF: tag groups index query
2016-07-15 17:16:26 -04:00
Régis Hanol
7b6d946613
FIX: searching received emails for TO was broken
2016-07-13 22:43:25 +02:00
Guo Xiang Tan
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
Sam
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Robin Ward
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
Régis Hanol
c104e4c022
allow avatars up to 1000px
2016-07-05 18:49:33 +02:00
Guo Xiang Tan
f256e3afb6
Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
...
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
Sam
0c6d8e155c
Merge pull request #4300 from NuckChorris/patch-2
...
Log RecordInvalid when verbose_sso_logging enabled
2016-07-01 14:12:06 +10:00