Commit Graph

39728 Commits

Author SHA1 Message Date
Joffrey JAFFEUX
02495510e8
FIX: workaround constructor name not available after transpilation (#10623)
This is only reproducible en production build. In this case, constructor.name could be any value like "i" for example.
2020-09-08 10:14:41 +02:00
Guo Xiang Tan
a1d135f12a
DEV: Correct use of sanitize_sql_array in TopicQuery. 2020-09-08 12:30:09 +08:00
Guo Xiang Tan
d3ebaa41ce
DEV: Address review comments for 5ed84d9885. 2020-09-08 11:17:35 +08:00
Guo Xiang Tan
b0f22f2523
SECURITY: Remove indication that a group exists if user can't see it.
Minor security fix but we should not leak any hints that a group exists
even if a user does not have access to the group.
2020-09-08 10:53:48 +08:00
Guo Xiang Tan
5ed84d9885
SECURITY: Don't allow moderators to list PMs of all groups.
* Also return 404 when a user is trying to list PMs of a group that
cannot be accessed by the user.
2020-09-08 10:37:00 +08:00
Guo Xiang Tan
0d3239bf21
Revert "SECURITY: Don't allow moderators to view the admins inbox"
Superseeded by d9a5280f5665d12bf46efd8cdcc6200da2cdedd8

This reverts commit 18d35bf64a.
2020-09-08 10:36:49 +08:00
Daniel Waterworth
18d35bf64a SECURITY: Don't allow moderators to view the admins inbox 2020-09-07 18:02:41 +01:00
Joffrey JAFFEUX
0b8e7d88fe
FIX: wraps popper call in afterRender and uses createPopper (#10621)
Before this fix, popper was sometimes not applied.
2020-09-07 13:33:52 +02:00
dependabot[bot]
27751ca69f
Build(deps): Bump websocket-extensions (#10617)
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:38 +02:00
dependabot[bot]
b191ea4f59
Build(deps): Bump websocket-extensions (#10615)
Bumps [websocket-extensions](https://github.com/faye/websocket-extensions-node) from 0.1.3 to 0.1.4.
- [Release notes](https://github.com/faye/websocket-extensions-node/releases)
- [Changelog](https://github.com/faye/websocket-extensions-node/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faye/websocket-extensions-node/compare/0.1.3...0.1.4)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:27 +02:00
dependabot[bot]
2cb0f013cc
Build(deps): Bump elliptic in /app/assets/javascripts/pretty-text (#10611)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:02:09 +02:00
dependabot[bot]
6bff8636e2
Build(deps): Bump elliptic in /app/assets/javascripts/discourse-common (#10612)
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:01:37 +02:00
dependabot[bot]
9b187b7e11
Build(deps): Bump http-proxy in /app/assets/javascripts/discourse-common (#10613)
Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/http-party/node-http-proxy/releases)
- [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:00:25 +02:00
dependabot[bot]
c119c07fa4
Build(deps): Bump http-proxy in /app/assets/javascripts/pretty-text (#10614)
Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.18.0 to 1.18.1.
- [Release notes](https://github.com/http-party/node-http-proxy/releases)
- [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md)
- [Commits](https://github.com/http-party/node-http-proxy/compare/1.18.0...1.18.1)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-09-07 12:00:10 +02:00
dependabot-preview[bot]
7b889c6201
Build(deps): Bump nio4r from 2.5.2 to 2.5.3 (#10620)
Bumps [nio4r](https://github.com/socketry/nio4r) from 2.5.2 to 2.5.3.
- [Release notes](https://github.com/socketry/nio4r/releases)
- [Changelog](https://github.com/socketry/nio4r/blob/master/CHANGES.md)
- [Commits](https://github.com/socketry/nio4r/compare/v2.5.2...v2.5.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-09-07 11:59:25 +02:00
Martin Brennan
431bd84dec
FIX: Make deleted topic post bookmarks more resilient (#10619)
This PR ensures that new bookmarks cannot be created for deleted posts and topics, and also makes sure that if a bookmark was created and then the topic deleted that the show topic page does not error from trying to retrieve the bookmark reminder at.
2020-09-07 14:52:14 +10:00
Daniel Waterworth
f2842490d3 PERF: Don't load all poll_votes for a poll 2020-09-05 18:42:11 +01:00
awesomerobot
13c9d7e704 UX: Add missing labels to mobile composer buttons 2020-09-04 22:18:29 -04:00
Blake Erickson
a14c9078d3 DEV: Document /u/{username}.json API endpoint
Added some more specs that will be used to auto generate the api docs.
2020-09-04 16:24:43 -06:00
Blake Erickson
b16915d166 DEV: Switch over to a fork of ember-rails
We are switching over to a fork because we are currently on a pinned
version of ember-rails 0.18.5 which is pretty old. Upgrading to the
latest version causes many things to break which isn't really worth the
time to debug while we plan to completely switch over to ember-cli
somewhat soonish. Our fork contains a single cherry-pick commit

https://github.com/emberjs/ember-rails/pull/534

which will fix an issue when running the `rails g migration` command and
it spits out a bunch of deprecation warnings.
2020-09-04 14:47:56 -06:00
Jordan Vidrine
e73ff68f75
FEATURE: Add css classes to stylesheet link elements (#10598)
Adding these classes to the stylesheet link elements in order to toggle dark/light schemes via this theme-component. Eventually this theme-component could possible be merged into core.
2020-09-04 15:40:40 -05:00
Roman Rizzi
726bae8f0c
DEV: Pass the for_export flag to the before_upload_creation event (#10599) 2020-09-04 17:24:40 -03:00
Robin Ward
da918ac43e FIX: Allow us to call script_asset_url in controllers
Without this patch fingerprinting was not applied in production.
2020-09-04 15:23:01 -04:00
Robin Ward
0f9a58e06f FEATURE: Add stylesheets to bootstrap.json endpoint
This allows API consumers (such as Ember CLI) to dynamically get a list
of styles to embed.
2020-09-04 14:12:49 -04:00
Joffrey JAFFEUX
110f6ec6dd
DEV: fixes eslint/prettier on github actions (#10601) 2020-09-04 20:01:14 +02:00
Joffrey JAFFEUX
c5b8a47901
FIX: ensures we don't attempt to concat an empty list (#10600) 2020-09-04 19:08:07 +02:00
Joffrey JAFFEUX
34c2dfccb7
DEV: specific ext and remove I18n global 2020-09-04 18:59:53 +02:00
Bianca Nenciu
d4471e0316
FIX: Preload bold fonts in wizard
The bold fonts are used in previews for topic title.
2020-09-04 19:23:46 +03:00
Joffrey JAFFEUX
ed05839dfc
FIX: prevents error when opening a composer from a tag page (#10596) 2020-09-04 15:47:22 +02:00
Bianca Nenciu
58b97ace23
DEV: Use a special import to declare font faces (#10583)
Update discourse-fonts to v0.0.3.

Follow-up to 7b7357147e.
2020-09-04 16:25:50 +03:00
Joffrey JAFFEUX
647cdca99b
DEV: ignore coding standards applied to plugins (#10595) 2020-09-04 13:53:26 +02:00
Joffrey JAFFEUX
bf88410126
DEV: apply coding standards to plugins (#10594) 2020-09-04 13:51:53 +02:00
Joffrey JAFFEUX
034a59a69d
DEV: ignore coding standards commit (#10593) 2020-09-04 13:44:58 +02:00
Joffrey JAFFEUX
52672b9eab
DEV: apply new coding standards (#10592) 2020-09-04 13:42:47 +02:00
Joffrey JAFFEUX
80dfaeb0d2
DEV: upgrades dev config (#10588) 2020-09-04 13:33:03 +02:00
awesomerobot
e4ebc303bb FEATURE: Add below-static plugin outlet 2020-09-03 22:58:58 -04:00
Vinoth Kannan
ea423b471a FIX: make crawler linkback list compatible with google schema guidelines. 2020-09-04 04:35:32 +05:30
Penar Musaraj
7a0d1cadc5
DEV: Add option to precompile default multisite stylesheets 2020-09-03 13:00:09 -04:00
Jarek Radosz
4f48304a44 DEV: Remove an unused i18n string
The related code was removed in 86cb5803ba
2020-09-03 16:32:46 +02:00
Robin Ward
8c0f18794e FEATURE: Deprecate lodash so we can remove it.
It's currently 240k of Javascript we don't need anymore. It's been
replaced by ES6 and a couple helper functions.
2020-09-03 10:03:33 -04:00
Robin Ward
3a46e44ed8 Rename merge to deepMerge so it's more clear what it's doing 2020-09-03 10:03:33 -04:00
Robin Ward
f365d4639a REFACTOR: Remove _.isEqual 2020-09-03 10:03:33 -04:00
Robin Ward
c4079780be REFACTOR: Remove _.merge 2020-09-03 10:03:33 -04:00
Robin Ward
720cd57fb5 FIX: Convert jQuery array to JS array 2020-09-03 10:03:33 -04:00
Robin Ward
5e5d5b4f35 REFACTOR: Remove _.last 2020-09-03 10:03:33 -04:00
Robin Ward
0da953b40e REFACTOR: Remove _.compact 2020-09-03 10:03:33 -04:00
Robin Ward
2d56663fc4 REFACTOR: Remove _.clone which is not deep 2020-09-03 10:03:33 -04:00
Robin Ward
c2cfa62000 REFACTOR: Remove _.intersection 2020-09-03 10:03:33 -04:00
Robin Ward
0b098566ff REFACTOR: Remove _.union 2020-09-03 10:03:33 -04:00
Robin Ward
e60d06d880 REFACTOR: Remove _.isString 2020-09-03 10:03:33 -04:00