Commit Graph

36448 Commits

Author SHA1 Message Date
dependabot-preview[bot]
31f3ed8d36
Build(deps-dev): Bump ruby-prof from 1.2.0 to 1.3.0 (#9023)
Bumps [ruby-prof](https://github.com/ruby-prof/ruby-prof) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/ruby-prof/ruby-prof/releases)
- [Changelog](https://github.com/ruby-prof/ruby-prof/blob/master/CHANGES)
- [Commits](https://github.com/ruby-prof/ruby-prof/compare/1.2.0...1.3.0)

Minor change only impacts development
2020-02-24 13:13:09 +11:00
Sam Saffron
372f6f4f22
FEATURE: limit number of notifications per user to 10,000
Introduces a new site setting `max_notifications_per_user`.

Out-of-the-box this is set to 10,000. If a user exceeds this number of
notifications, we will delete the oldest notifications keeping only 10,000.

To disable this safeguard set the setting to 0.

Enforcement happens weekly.

This is in place to protect the system from pathological states where a
single user has enormous amounts of notifications causing various queries
to time out. In practice nobody looks back more than a few hundred notifications.
2020-02-24 11:42:50 +11:00
Sam Saffron
f93de763b7
DOC: improve documentation of image limit site settings
max_image_megapixels is a hard limit

max_image_size_kb is a soft limit and images are resized to fit
2020-02-24 09:32:07 +11:00
Kris
e5bc649057 modal footer button height fix 2020-02-21 20:13:23 -05:00
Neil Lalonde
f73ed45de9 FIX: blank popular posts in summary emails due to lightbox images
When looking for the first paragraph with content in a post,
it was matching the lightboxed image paragraph as "<p></p>".
Fix that and other potential empty paragraphs with the
p:not(:empty) selector.
Add a new selector to find the image links in lightboxed
images as valid content for emails.
2020-02-21 16:18:38 -05:00
Joffrey JAFFEUX
69a2ad626b
FIX: ensures group automatic membership dropdown works (#9022)
This commit also fixes a deprecation warning as the previous  component was overriding a computed property from the group model.

Finally a test has been added as this is the only place where we use list-setting outside of the settings, this was highly subject to regressions.
2020-02-21 22:14:24 +01:00
Kris
90e701b470 UX: Eliminate double modal scroll on long mobile create account forms 2020-02-21 16:08:19 -05:00
Kris
5b358a2ca7 Follow up padding fix to de559f3 2020-02-21 15:44:34 -05:00
Joffrey JAFFEUX
0b0290cddb
FIX: muted was not working in topic timeline (#9021) 2020-02-21 21:32:58 +01:00
Dan Ungureanu
533495169e
FEATURE: Publish a message when reviewable claimer changes (#9019)
This commit ensures that all users are kept in sync and no user can claim
a topic that has been claimed already.
2020-02-21 19:11:50 +02:00
Dan Ungureanu
cf0c6d5761
FIX: Ensure web hooks are retried at most 5 times 2020-02-21 17:02:40 +02:00
Jarek Radosz
6ba326a9f4
DEV: Deprecate ember module imports (#9011)
Removes remaining `ember` module imports.
2020-02-21 15:56:49 +01:00
Jarek Radosz
c607870f08
DEV: Add more @ember imports (#9012) 2020-02-21 14:27:04 +01:00
Joffrey JAFFEUX
cb69e89d7c
FIX: correctly shows suggested topics label (#9017) 2020-02-21 12:35:49 +01:00
Joffrey JAFFEUX
e807dff6fc
FIX: ensures mini-tag-chooser is respecting max_tags_per_topic (#9018) 2020-02-21 12:16:05 +01:00
Vinoth Kannan
8a031f19dc FIX: use dedicated site attribute in category + tag filtered pages too. 2020-02-21 15:55:17 +05:30
Martin Brennan
3af2670bd5
FIX: Consider webp a supported image format for upload (#9015)
* Also fixes an issue where if webp was a downloaded hotlinked
  image and then secure + sent in an email, it was not being
  redacted because webp was not a supported media format in
  FileHelper
* Webp originally removed as an image format in
  https://github.com/discourse/discourse/pull/6377
  and there was a spec to make sure a .bin webp
  file did not get renamed from its type to webp.

  However we want to support webp images now to make
  sure they are properly redacted if secure media is
  on, so change the example in the spec to use tiff,
  another banned format, instead
2020-02-21 13:08:01 +10:00
Martin Brennan
6a2bde4d48 Fix broken secure media specs 2020-02-21 10:01:32 +10:00
Martin Brennan
04df3bd46d
FIX: Only mark attachments as secure media if SiteSetting.secure_media? (#9009)
* Attachments (non media files) were being marked as secure if just
SiteSetting.prevent_anons_from_downloading_files was enabled. this
was not correct as nothing should be marked as actually "secure" in
the DB without that site setting enabled
* Also add a proper standalone spec file for the upload security class
2020-02-21 09:35:16 +10:00
Robin Ward
a47e0a3fda FIX: TOTP could not be used on sites with colons in their names
This is because the TOTP gem identifies as a colon as an addressable
protocol. The solution for now is to remove the colon in the issuer
name.

Changing the issuer changes the token values, but now it was completely
broken for colons so this should not be breaking anyone new.
2020-02-20 16:35:30 -05:00
Roman Rizzi
c7787464cd
FEATURE: Admins can configure the reflag cooldown window and if posts flagged as spam by TL3+ users get automatically hidden (#9010) 2020-02-20 14:43:33 -03:00
dependabot-preview[bot]
dd4a04e72c
Build(deps-dev): Bump annotate from 3.0.3 to 3.1.0 (#9013)
Bumps [annotate](https://github.com/ctran/annotate_models) from 3.0.3 to 3.1.0.
- [Release notes](https://github.com/ctran/annotate_models/releases)
- [Changelog](https://github.com/ctran/annotate_models/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ctran/annotate_models/compare/v3.0.3...v3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-20 12:18:52 -05:00
Penar Musaraj
7a09e2cce2 DEV: Improve video onebox stripping spec
Followup to 70819080
2020-02-20 11:45:12 -05:00
David Taylor
19dcc6bb7b
FIX: Restore initState() call within discourse-location for subfolder
d7d4612b2d removed the duplicate call to initState(). However, we are relying on a side effect of the duplicate call for subfolder sites to function correctly when accessed without a trailing slash. To avoid a large refactor before the stable release, this commit restores the old behavior.

Long term we should look at migrating to Ember's built-in location library, rather than maintaining our own (very similar) version

https://github.com/emberjs/ember.js/blob/master/packages/%40ember/-internals/routing/lib/location/history_location.ts
2020-02-20 16:41:50 +00:00
Arpit Jalan
7b92280b97 UX: use same styling for username and user-name 2020-02-20 17:51:37 +05:30
Arpit Jalan
f36719c1f5 FIX: respect prioritize_username_in_ux setting in email
UX: only the first attribute should be hyperlinked
UX: add margin based on attribute position
2020-02-20 17:47:16 +05:30
Martin Brennan
b0f4149d6e Suppres task spec output using capture_stdout 2020-02-20 14:47:47 +10:00
Sam Saffron
a3d576534a
FIX: correct upload statistics report for external storage
Follows up #64b35120

This also corrects it so bytes used for internal storage counts all the space
used, previously it was only counting uploads not optimized images.

Additionally we now correctly count storage for optimized images.
2020-02-20 15:15:53 +11:00
Martin Brennan
254b57c812
FIX: When admin changes staff email still enforce old email confirm (#9007)
A follow-up correction to this change https://github.com/discourse/discourse/pull/9001.

When admin changes staff email still enforce old email confirm. Only allow auto-confirm of a new email by admin IF the target user is not also an admin. If an admin gets locked out of their email the site admin can use the rails console to solve the issue in a pinch.
2020-02-20 13:42:57 +10:00
Martin Brennan
5dc6100acc Work around deleted upload.access_control_post scoping issue
* TODO to come back and deal with this in a better way, it
  just needs to be done for the rake task to set secure media
  to work correctly
2020-02-20 10:57:40 +10:00
Martin Brennan
97d8f19387
FIX: When admin changes another user's email auto-confirm the change (#9001)
When admin changes a user's email from the preferences page of that user:

* The user will not be sent an email to confirm that their
  email is changing. They will be sent a reset password email
  so they can set the password for their account at the new
  email address.
* The user will still be sent an email to their old email to inform
  them that it was changed.
* Admin and staff users still need to follow the same old + new
  confirm process, as do users changing their own email.
2020-02-20 09:52:21 +10:00
Dan Ungureanu
20b90afad9
FIX: Remove broken error dismiss button 2020-02-19 23:03:52 +02:00
Robin Ward
345764565f FIX: Respect muted tags for mailing list mode
If a user has a tag muted, don't send them emails about that tag.
We've done this forever for categories so it makes sense to do it
for tags too.
2020-02-19 15:14:42 -05:00
dependabot-preview[bot]
223edd1286
Build(deps-dev): Bump rubocop from 0.79.0 to 0.80.0 (#8997)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.79.0 to 0.80.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.79.0...v0.80.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-02-19 14:36:36 -05:00
Kris
2a7f53065d FEATURE: Add plugin outlet below login/create, add outlet to mobile 2020-02-19 14:08:35 -05:00
Robin Ward
fe6fe324c9 FIX: Minor linting issue for future rubocops 2020-02-19 14:04:56 -05:00
Kris
5b0025c816 Additional padding follow up to de559f3 2020-02-19 13:50:12 -05:00
Robin Ward
812119f673 This rule was removed from Rubocop due to different behavior in Ruby 3.
See: https://github.com/rubocop-hq/rubocop/issues/7641
2020-02-19 13:44:20 -05:00
dependabot-preview[bot]
eaf516a5ad
Build(deps-dev): Bump shoulda-matchers from 4.2.0 to 4.3.0 (#8989)
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases)
- [Changelog](https://github.com/thoughtbot/shoulda-matchers/blob/master/NEWS.md)
- [Commits](https://github.com/thoughtbot/shoulda-matchers/compare/v4.2.0...v4.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-02-19 13:41:38 -05:00
Dan Ungureanu
fd1e04ba0a
UX: Improve small buttons appearance (#8990)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Kris  <kris.aubuchon@discourse.org>
2020-02-19 12:38:46 -05:00
Penar Musaraj
6be685ac67 DEV: Find/replace deprecated decorators 2020-02-19 11:49:56 -05:00
David Taylor
8ec2d8a814
FIX: Disable save button for API key creation when invalid (#9005) 2020-02-19 16:33:09 +00:00
David Taylor
836ab73d59
FIX: Patch ActiveRecord SchemaCache for safe concurrency support
A single SchemaCache instance is maintained by the connection pool, and made available via a schema_cache method on each connection. When the SchemaCache instance is fetched from the pool, its internal connection reference is updated to equal the requesting connection. However, since there is only one instance of SchemaCache, this internal connection reference is updated everywhere, and can ultimately result in multiple threads accessing the same database connection. In Discourse, this could result in Sidekiq jobs getting 'stuck' in database connections.

This patch modifies SchemaCache so that it caches the internal connection on a per-thread basis

Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
Co-authored-by: Matt Palmer <mpalmer@hezmatt.org>
2020-02-19 16:26:02 +00:00
Kris
fdb45f2ba1 Follow-up padding fix for de559f3 2020-02-19 11:24:45 -05:00
Kris
de559f3fe3 FIX: Remove border-box from modal-body to avoid iOS fixed position bug 2020-02-19 11:08:15 -05:00
Robin Ward
c954d083df Link website when reviewing users 2020-02-19 10:18:05 -05:00
Joffrey JAFFEUX
74f2d48018
FIX: makes setting-object capable of defining value/name properties itself (#9003) 2020-02-19 10:01:21 +01:00
Joffrey JAFFEUX
30e2867547
FIX: prevents setting default values on setting component to reload page
This would happen when clicking on "add all themes" for example.
2020-02-19 09:04:57 +01:00
jjaffeux
32b3f55ef6 Revert "FIX: enums should be treated as flat arrays (#8995)"
This reverts commit 05be9beefd.
2020-02-19 07:53:29 +01:00
Matt Palmer
377d2d3fad DEV: Silence spurious rubocop lint warning 2020-02-19 13:10:30 +11:00