Sam
f8ba5346c4
SECURITY: Remove email validation check bypass
...
- Increase size of email column to varchar(513)
- Give error message on signup when email is too large
Overall impact: Low, allows signups from blocked domains. Main risk is increased spam.
2015-07-14 09:46:00 +10:00
Sam Saffron
32b17c628a
SECURITY: Query @usernames in bulk
...
Otherwise you could add many requests at once while composing.
2015-06-11 13:12:01 -04:00
Robin Ward
ccaf525e8d
FIX: Bad page title for categories view by google crawler
2015-06-10 16:41:27 -04:00
Arpit Jalan
ce0830b23f
FIX: send 404 error when unauthorized user tries to download user archive
2015-06-10 16:41:23 -04:00
Sam Saffron
2c883833eb
FEATURE: we need admin login always
2015-06-10 16:38:42 -04:00
Neil Lalonde
3e317b40da
Merge master
2015-06-01 15:27:35 -04:00
Régis Hanol
81a699e2b0
better support for mixed content
2015-06-01 17:49:58 +02:00
Sam Saffron
9787cb07aa
FIX: when missing a static topic we were returning an error
2015-06-01 11:40:52 +10:00
Sam
fc2a08731a
FIX: sso_not_approved_url not working correctly
2015-05-30 13:19:07 +10:00
Régis Hanol
80a108e3cf
FIX: don't break user avatars route
2015-05-29 19:19:41 +02:00
Régis Hanol
acafa491b2
user avatar urls/templates refactor
2015-05-29 18:51:17 +02:00
Régis Hanol
0483f05154
make sure we pass in the user_id when creating avatar thumbnails
2015-05-29 18:11:19 +02:00
Régis Hanol
cb025a65e0
FIX: make sure we also save the user_avatar.custom_upload_id
2015-05-29 10:21:41 +02:00
Régis Hanol
c3227b69fa
FIX: proper support for pixel ratios up to 3
2015-05-29 09:57:54 +02:00
Sam
bddbf70697
FIX: order post_actions by date
2015-05-28 16:16:36 +10:00
Sam
bb3fb37650
FIX: when uploading same file was pasted into multiple composers
2015-05-28 15:08:54 +10:00
Neil Lalonde
ea8cf1a208
FIX: topic auto-close uses the client's time zone
2015-05-27 18:01:46 -04:00
Sam
02fa7448ca
FEATURE: custom url to redirect to on account pending approval for sso
2015-05-27 14:06:45 +10:00
Sam
a988cd5abe
FIX: redirect to CDN avatar for s3 avatars
2015-05-27 12:02:57 +10:00
Sam
918034aa7b
remove less useful error reporting
2015-05-27 11:17:28 +10:00
Régis Hanol
992154533f
remove debugging letfovers
2015-05-26 20:08:19 +02:00
Régis Hanol
7b03c7dbc4
Merge pull request #3504 from techAPJ/patch-4
...
FIX: add missing translation keys
2015-05-26 16:08:39 +02:00
Régis Hanol
85d4d3223c
FIX: crop avatars on the server instead of the client
...
FIX: support for dots in S3 bucket names
2015-05-26 15:54:25 +02:00
Arpit Jalan
d21944a0b6
FIX: add missing translation keys
2015-05-26 19:11:37 +05:30
Sam
147ea002f7
FIX: allow handling for avatars that are not in the set of "resized sizes"
2015-05-26 15:41:50 +10:00
Sam
eeda367e70
FIX: should be able to serve optimized image from local if its ... local...
2015-05-26 12:32:52 +10:00
Neil Lalonde
eaa1afeaf5
remove Google OpenID auth, since Google doesn't support it anymore
2015-05-25 15:13:44 -04:00
Régis Hanol
bb0c2813ac
FEATURE: generate (avatar) thumbnails in a background task
...
FIX: keep the "uploading..." indicator until the server replies via the MessageBus
FIX: text was disapearing when uploading an avatar
PERF: always use a region for S3 (defaults to 'us-east-1')
FEATURE: ApplyCDN middleware when using S3
FIX: use the same pattern to store files on S3 and locally
PERF: keep a local cache of uploads when generating thumbnails
FEATURE: migrate_to_s3 rake task
2015-05-25 17:59:00 +02:00
Sam
bcaed90744
fix missing rtl stylesheets
2015-05-23 15:25:05 +10:00
Sam
fe46d1dd3b
PERF: avoid cookies for all static, public, cached forever assets
2015-05-22 16:15:46 +10:00
Sam
96dbeb8608
fix stylesheet cache to recover if file is on disk
2015-05-22 11:22:12 +10:00
Robin Ward
0ed1c8011c
FIX: About page error when login_required
2015-05-21 14:37:49 -04:00
Sam
a0090a4585
fix incorrect handling of date on "globally enabled" stylesheet.
2015-05-21 17:23:54 +10:00
Sam
44fc8e42dc
nginx is stripping ETags, just use last modified instead
2015-05-21 17:05:22 +10:00
Sam
4fbfc6ddbc
PERF: missing caching on CSS and Site Customizations
2015-05-21 16:09:23 +10:00
Régis Hanol
b7f8680618
fix build (:fired:)
2015-05-20 17:51:33 +02:00
Régis Hanol
bcd98c8f0f
FIX: API can provide a URL to create an upload
2015-05-20 17:38:06 +02:00
Régis Hanol
c91634c09a
FIX: support for async uploads of emojis
2015-05-20 16:45:48 +02:00
Régis Hanol
8d967d9065
FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread
2015-05-20 16:45:48 +02:00
Robin Ward
7d23826cee
FIX: Keep around the page when redirecting
2015-05-20 10:16:17 -04:00
Régis Hanol
7d3b7a5657
fix the build
2015-05-20 15:32:31 +02:00
Régis Hanol
b44488b618
FIX: keep to old attachment route
2015-05-20 14:55:42 +02:00
Sam
e5888cf090
PERF: avoid preloading json in cases where it is not needed
...
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Sam
14ab9c45b6
Merge pull request #3470 from ahuling13/expired-nonce-return-status
...
In the case of an expired nonce, return a 400 status code instead of 500
2015-05-20 12:08:17 +10:00
Sam
d1d703718a
Merge pull request #3476 from paulkaplan/sso-distrust-email
...
Add SSO setting to not trust emails automatically
2015-05-20 12:07:14 +10:00
Andrew Huling
e44ddff9bb
Change the expired nonce return status code from 400 to 419.
2015-05-19 13:13:14 -04:00
Régis Hanol
9ded21e4c6
FIX: consistent and future-proof upload storage pattern
2015-05-19 12:31:12 +02:00
Paul Kaplan
b8a43e153c
Use session controller to prevent inactive SSO users
2015-05-15 12:15:06 -05:00
Régis Hanol
93273cd17a
Merge pull request #3451 from ossobv/sso_login_unapproved_account
...
Stop sso login processing after rendering error
2015-05-15 14:33:19 +02:00
Antonin Hildebrand
11852056a8
Add missing events for discourse-hipchat-plugin
...
https://github.com/binaryage/discourse-hipchat-plugin
2015-05-15 15:52:12 +08:00