Commit Graph

21834 Commits

Author SHA1 Message Date
Martin Brennan
f0072dd897
FIX: Stop infinite lookup-urls issue for video/audio on page (#9096)
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119

* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
2020-03-05 11:47:14 -05:00
Joffrey JAFFEUX
d5ab4776cd
FIX: prevents click on sk header to bubble (#9084) 2020-03-05 11:46:55 -05:00
Dan Ungureanu
5f88b86ac9
FIX: Sync preload key format for category topic lists
The server and client used two different formats for preload keys. The
server was using 'topic_list_c/SLUG/l/latest', but the client was using
'topic_list_c/SLUG/ID/l/latest'.

This commit is an addition to 374534f00e.
2020-03-05 11:46:02 -05:00
Joffrey JAFFEUX
2cc533e26e
FIX: prevents loading to show during debouncing (#9060)
This will also fix a bug in IE11 where click event would not be triggered on row
2020-03-05 11:45:19 -05:00
Joffrey JAFFEUX
751708ba0c
FIX: prevents row click event to be caught by filter input event (#9059)
This was causing some dropdowns to not work under IE11
2020-03-05 11:44:54 -05:00
Robin Ward
c7634d56f6 SECURITY: Add more restrictions on invite emails
They could be filtered and returned in some circumstances where they
shouldn't have been.
2020-03-05 09:55:54 -05:00
Robin Ward
20a8a2f396 SECURITY: Ensure the invite JSON API matches the UX
Anonymous users could query the invite json and see counts and
summaries which is not allowed in the UX of Discourse.

This commit has those endpoints return a 403 unless the user is
allowed to invite.
2020-03-05 09:55:45 -05:00
Joffrey JAFFEUX
2246fe8015 FIX: allows to select the action when agreeing with penalty (#9099)
Note this commit also fixes an issue where the edit post actions was trying to focus the edit textarea, but was using jquery functions on a DOM node.

scrollTo is not available on IE11 but that shouldn't cause much trouble.
2020-03-04 10:32:20 -05:00
Mark VanLandingham
737e8bdb2c FIX: Prettier on iframed-html component (#9062) 2020-02-27 11:57:18 -06:00
Mark VanLandingham
df70b9118e Merge pull request from GHSA-vw39-6w7q-gfx5
Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-02-27 11:57:10 -06:00
Neil Lalonde
4d611dcaed Merge diffs from master 2020-02-25 17:23:37 -05:00
Neil Lalonde
52c10848bc Merge master 2020-02-25 17:21:37 -05:00
Joffrey JAFFEUX
baba1cc02e
FIX: ensures destroying a user with security keys doesn't fail (#9042) 2020-02-25 14:07:57 -05:00
David Taylor
96ac4fc072
FIX: Include .json suffix for email login route (#9041)
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. Adding the `.json` suffix ensures that the cache is not shared. Same root cause as b0211772
2020-02-25 18:01:33 +00:00
Dan Ungureanu
514c22e64b
FIX: Make reviewable claiming work with deleted topics (#9040)
This fixes the case when the reviewed topic is deleted (for example, in
discourse-akismet).
2020-02-25 15:49:23 +02:00
Dan Ungureanu
5905930c32
FIX: Sync Ember and non-Ember layouts (#9028) 2020-02-25 15:31:04 +02:00
Joffrey JAFFEUX
a5c7f0c98d
UX: hides emoji picker from edit category tab topic template (#9036) 2020-02-25 00:49:41 +01:00
Joffrey JAFFEUX
e303b4d181
UX: hides local-date picker when used outside of main composer 2020-02-25 00:17:43 +01:00
Joffrey JAFFEUX
bd49368942
FIX: ensures topic count is correctly showing in box category badges (#9034) 2020-02-24 23:41:36 +01:00
Penar Musaraj
d6a603cc50
FIX: Translate none-tag and all-tags labels in tag filter (#9030)
* FIX: Translate none-tag and all-tags labels in tag filter
* Add test
2020-02-25 07:57:24 +11:00
Joffrey JAFFEUX
f336aeee6f
FIX: ensures scoped search category is searching in all categories (#9031) 2020-02-24 19:19:53 +01:00
Kris
832a0e410a UX: Restrict icon height in btn-small to prevent height inconsistency 2020-02-24 13:18:46 -05:00
Joffrey JAFFEUX
0ea11a9d49
FIX: ensures we don't attempt to create a new PM on an existing topic (#9029)
This fix attempts to both fix it at UI level and server side. A previous attempt related to this behavior has been made in commit: 49c750ca78
2020-02-24 08:55:12 -06:00
Sam Saffron
372f6f4f22
FEATURE: limit number of notifications per user to 10,000
Introduces a new site setting `max_notifications_per_user`.

Out-of-the-box this is set to 10,000. If a user exceeds this number of
notifications, we will delete the oldest notifications keeping only 10,000.

To disable this safeguard set the setting to 0.

Enforcement happens weekly.

This is in place to protect the system from pathological states where a
single user has enormous amounts of notifications causing various queries
to time out. In practice nobody looks back more than a few hundred notifications.
2020-02-24 11:42:50 +11:00
Kris
e5bc649057 modal footer button height fix 2020-02-21 20:13:23 -05:00
Neil Lalonde
f73ed45de9 FIX: blank popular posts in summary emails due to lightbox images
When looking for the first paragraph with content in a post,
it was matching the lightboxed image paragraph as "<p></p>".
Fix that and other potential empty paragraphs with the
p:not(:empty) selector.
Add a new selector to find the image links in lightboxed
images as valid content for emails.
2020-02-21 16:18:38 -05:00
Joffrey JAFFEUX
69a2ad626b
FIX: ensures group automatic membership dropdown works (#9022)
This commit also fixes a deprecation warning as the previous  component was overriding a computed property from the group model.

Finally a test has been added as this is the only place where we use list-setting outside of the settings, this was highly subject to regressions.
2020-02-21 22:14:24 +01:00
Kris
90e701b470 UX: Eliminate double modal scroll on long mobile create account forms 2020-02-21 16:08:19 -05:00
Kris
5b358a2ca7 Follow up padding fix to de559f3 2020-02-21 15:44:34 -05:00
Joffrey JAFFEUX
0b0290cddb
FIX: muted was not working in topic timeline (#9021) 2020-02-21 21:32:58 +01:00
Dan Ungureanu
533495169e
FEATURE: Publish a message when reviewable claimer changes (#9019)
This commit ensures that all users are kept in sync and no user can claim
a topic that has been claimed already.
2020-02-21 19:11:50 +02:00
Dan Ungureanu
cf0c6d5761
FIX: Ensure web hooks are retried at most 5 times 2020-02-21 17:02:40 +02:00
Jarek Radosz
6ba326a9f4
DEV: Deprecate ember module imports (#9011)
Removes remaining `ember` module imports.
2020-02-21 15:56:49 +01:00
Jarek Radosz
c607870f08
DEV: Add more @ember imports (#9012) 2020-02-21 14:27:04 +01:00
Joffrey JAFFEUX
cb69e89d7c
FIX: correctly shows suggested topics label (#9017) 2020-02-21 12:35:49 +01:00
Joffrey JAFFEUX
e807dff6fc
FIX: ensures mini-tag-chooser is respecting max_tags_per_topic (#9018) 2020-02-21 12:16:05 +01:00
Vinoth Kannan
8a031f19dc FIX: use dedicated site attribute in category + tag filtered pages too. 2020-02-21 15:55:17 +05:30
Martin Brennan
3af2670bd5
FIX: Consider webp a supported image format for upload (#9015)
* Also fixes an issue where if webp was a downloaded hotlinked
  image and then secure + sent in an email, it was not being
  redacted because webp was not a supported media format in
  FileHelper
* Webp originally removed as an image format in
  https://github.com/discourse/discourse/pull/6377
  and there was a spec to make sure a .bin webp
  file did not get renamed from its type to webp.

  However we want to support webp images now to make
  sure they are properly redacted if secure media is
  on, so change the example in the spec to use tiff,
  another banned format, instead
2020-02-21 13:08:01 +10:00
Robin Ward
a47e0a3fda FIX: TOTP could not be used on sites with colons in their names
This is because the TOTP gem identifies as a colon as an addressable
protocol. The solution for now is to remove the colon in the issuer
name.

Changing the issuer changes the token values, but now it was completely
broken for colons so this should not be breaking anyone new.
2020-02-20 16:35:30 -05:00
David Taylor
19dcc6bb7b
FIX: Restore initState() call within discourse-location for subfolder
d7d4612b2d removed the duplicate call to initState(). However, we are relying on a side effect of the duplicate call for subfolder sites to function correctly when accessed without a trailing slash. To avoid a large refactor before the stable release, this commit restores the old behavior.

Long term we should look at migrating to Ember's built-in location library, rather than maintaining our own (very similar) version

https://github.com/emberjs/ember.js/blob/master/packages/%40ember/-internals/routing/lib/location/history_location.ts
2020-02-20 16:41:50 +00:00
Arpit Jalan
7b92280b97 UX: use same styling for username and user-name 2020-02-20 17:51:37 +05:30
Arpit Jalan
f36719c1f5 FIX: respect prioritize_username_in_ux setting in email
UX: only the first attribute should be hyperlinked
UX: add margin based on attribute position
2020-02-20 17:47:16 +05:30
Martin Brennan
97d8f19387
FIX: When admin changes another user's email auto-confirm the change (#9001)
When admin changes a user's email from the preferences page of that user:

* The user will not be sent an email to confirm that their
  email is changing. They will be sent a reset password email
  so they can set the password for their account at the new
  email address.
* The user will still be sent an email to their old email to inform
  them that it was changed.
* Admin and staff users still need to follow the same old + new
  confirm process, as do users changing their own email.
2020-02-20 09:52:21 +10:00
Dan Ungureanu
20b90afad9
FIX: Remove broken error dismiss button 2020-02-19 23:03:52 +02:00
Robin Ward
345764565f FIX: Respect muted tags for mailing list mode
If a user has a tag muted, don't send them emails about that tag.
We've done this forever for categories so it makes sense to do it
for tags too.
2020-02-19 15:14:42 -05:00
Kris
2a7f53065d FEATURE: Add plugin outlet below login/create, add outlet to mobile 2020-02-19 14:08:35 -05:00
Kris
5b0025c816 Additional padding follow up to de559f3 2020-02-19 13:50:12 -05:00
Dan Ungureanu
fd1e04ba0a
UX: Improve small buttons appearance (#8990)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Kris  <kris.aubuchon@discourse.org>
2020-02-19 12:38:46 -05:00
David Taylor
8ec2d8a814
FIX: Disable save button for API key creation when invalid (#9005) 2020-02-19 16:33:09 +00:00
Kris
fdb45f2ba1 Follow-up padding fix for de559f3 2020-02-19 11:24:45 -05:00