Robin Ward
d27575176a
Enforce a minimum amount of posters in a topic for get_a_room
2017-02-28 16:47:16 -05:00
Sam
122fb8025d
FIX: last seen date erroneously updated when browser in background
...
In some cases user may be "last seen" even though browser tab is in
the background or computer is locked
2017-02-28 12:35:10 -05:00
Neil Lalonde
292dd8623c
Merge pull request #4622 from dmacjam/master
...
FEATURE: Append tags bulk action for topics
2017-02-28 11:36:58 -05:00
Guo Xiang Tan
e6d75f6844
Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
...
This reverts commit 0e3def7d2b
.
2017-02-28 11:27:14 +08:00
Sam
1e980ad4e6
Merge pull request #4721 from oblakeerickson/sort_admin_users_api
...
FEATURE: Add order logic to admin users controller
2017-02-27 16:13:42 -05:00
Neil Lalonde
e634b37f9a
FIX: from field of emails should be including email_site_title or site title settings
2017-02-27 14:23:07 -05:00
Robin Ward
0e3def7d2b
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
.
2017-02-27 13:19:26 -05:00
jomaxro
f5673fbd47
Remove references to elder
...
The use of the TL4 name Elder was changed in 2014 to Leader. The spec function was changed to `:trust_level_4`, but the it statement was not changed.
2017-02-26 17:40:42 -07:00
Blake Erickson
0e6cb752da
Clean up valid order names
...
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.
Example: 'created' => 'created_at'
Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
Blake Erickson
e9d5c3265c
Change param asc to ascending
...
For consistency, change param asc to ascending:
https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson
0a41da6bad
FEATURE: Add order logic to admin users controller
...
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.
https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649
Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.
Example:
`/admin/users/list/active.json?&order=post_count` which defaults to desc
and
`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
Régis Hanol
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan
1060239e2d
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 13:13:10 +08:00
Guo Xiang Tan
0847b4258a
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit fbe51d68a7
.
Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan
fbe51d68a7
SECURITY: Ensure that user has been authenticated.
2017-02-24 10:47:48 +08:00
Sam
ea1007e954
FEATURE: add support for same site cookies
...
Defaults to Lax, can be disabled or set to Strict.
Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Sam Saffron
b7d2edc7dc
FIX: allow some auth token misses prior to clearing cookie
...
It appears that in some cases ios queues up requests up front
and "releases" them when tab gets focus, this allows for a certain
number of cookie misses for this case. Otherwise you get logged off.
2017-02-22 12:37:11 -05:00
Arpit Jalan
213a496203
FIX: show all staff events related to the target user
2017-02-22 13:31:40 +05:30
Arpit Jalan
b32f33b3f0
FIX: allow staff members to send PMs when enable_private_messages is disabled
2017-02-22 11:32:09 +05:30
Arpit Jalan
046cbad10b
FEATURE: add a button on admin user page that links to action log
2017-02-21 21:38:37 +05:30
Jakub Macina
4a2f13348a
ADD: Append tags bulk action for topics
2017-02-20 18:14:32 +01:00
Sam
7a85469c4c
SECURITY: inactive/suspended accounts should be banned from api
...
Also fixes edge cases around users presenting multiple credentials
2017-02-17 11:03:09 -05:00
Jeff Atwood
9b263a0559
increase req min unique pw chars from 5 to 6
2017-02-16 17:06:19 -08:00
Sam
74d4209d24
FEATURE: allow plugins to register custom topic list filters
2017-02-15 15:25:43 -05:00
Sam
8feb94e13f
FIX: password validator was being too strict
2017-02-14 09:18:04 -05:00
Neil Lalonde
94e1105af7
fix unique char counting in password validator
2017-02-10 10:38:17 -05:00
Neil Lalonde
1bcb835446
FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting
2017-02-09 15:00:22 -05:00
Robin Ward
9fe4427071
Clean up get_a_room
following review
2017-02-08 12:24:26 -05:00
Neil Lalonde
5a8bbe663a
FEATURE: include most popular tag in page title for webcrawlers of tagged uncategorized topics
2017-02-07 16:55:42 -05:00
Sam Saffron
df8f365d99
FEATURE: improve search so it searches sub categories by default
...
If you want an exact category match use `category:=howto` or `#=howto"
2017-02-07 15:53:37 -05:00
Régis Hanol
02bb7beaaf
FIX: don't put attachments on the CDN when 'prevent anons from downloading files' is enabled
2017-02-07 18:06:44 +01:00
Sam
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Régis Hanol
ba115480ba
FIX: wasn't extracting links to quoted posts
2017-02-06 14:45:04 +01:00
Robin Ward
f1e7bca3c9
FEATURE: Warn a user when they're replying to the same user too much
2017-02-03 17:00:54 -05:00
Arpit Jalan
dc2171960b
FIX: allow existing users to be invited to topic/message when must_approve_users is enabled
2017-02-03 13:01:23 +05:30
Régis Hanol
82555ca761
FIX: mail threading wasn't working properly in Mac Mail
2017-02-01 23:02:41 +01:00
Régis Hanol
8fc7420f83
FIX: prevent huge custom emojis in emails
2017-01-30 18:06:48 +01:00
Arpit Jalan
19f7beaa2c
FIX: topic links were getting dropped when post is rebaked
2017-01-30 14:55:53 +05:30
Leo McArdle
c76f6856ea
FEATURE: reply as new message to the same recipients
2017-01-27 12:24:31 +08:00
Jeff Atwood
521ced38c5
fix spec for default email title
2017-01-19 14:01:51 -08:00
Régis Hanol
07660ecedb
bump onebox
2017-01-19 00:28:37 +01:00
Robin Ward
adb73180f7
FEATURE: Let plugins register themes easily
2017-01-13 11:50:52 -05:00
Régis Hanol
499a83270a
FIX: don't onebox to IP addresses
2017-01-12 22:35:33 +01:00
Guo Xiang Tan
1758af9a1d
FIX: Perform emoji unescape for topic titles in quotes.
2017-01-11 17:23:13 +08:00
Guo Xiang Tan
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
Régis Hanol
185dcb2ca1
handle emails with localized headers 😠
2017-01-09 22:59:30 +01:00
Guo Xiang Tan
58f3a2e9a9
Fix randomly failing spec.
2017-01-06 15:25:49 +08:00
Guo Xiang Tan
f473a119ff
Remove unnecessary stub.
2017-01-06 08:53:30 +08:00
Guo Xiang Tan
a89f60b85b
Merge pull request #4631 from tgxworld/prevent_users_from_changing_permissions_of_non_real_users
...
FIX: Do not allow admins to meddle with admin and moderation access o…
2017-01-04 09:10:27 +08:00
Robin Ward
cf7774bdd9
FEATURE: Block muted users from sending you PMs
2017-01-03 14:51:53 -05:00
Arpit Jalan
495a511862
simplify quote markup in emails
2017-01-02 21:37:01 +05:30
Guo Xiang Tan
f1beef43a8
Merge pull request #4618 from tgxworld/fix_invalid_emails
...
FIX: Don't allow invalid email to be saved.
2016-12-30 07:11:48 +08:00
Guo Xiang Tan
c7b151683d
FIX: Do not allow admins to meddle with admin and moderation access of non real users.
2016-12-29 11:11:33 +08:00
Sam
c531f4ded5
remove rails-observers
...
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.
For example: if we want to upgrade to rails 5 there is no published gem
Internally the usage of observers had quite a few problem.
The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam
2f6a4cc6de
remove UserActionObserver, replace with after_save and service
...
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam
0a78ae739d
Remove SearchObserver, aim is to remove all observers
...
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan
13c6191e89
FIX: Don't allow invalid email to be saved.
2016-12-21 17:47:11 +08:00
Guo Xiang Tan
5d7f3223f0
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:01:26 +08:00
Neil Lalonde
c75bebdea2
FIX: uncategorized setting to control whether topic featured links are allowed
2016-12-20 15:55:30 -05:00
Sam
2b808ad9da
Merge pull request #4609 from joebuhlig/category-topics-wiki
...
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
923cf73c6e
Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox.
2016-12-19 14:54:07 -05:00
Joe Buhlig
87251fded7
FEATURE: Category setting to make all topics wikis
...
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Régis Hanol
197517d55e
FIX: locally uploaded audio & video files should onebox even when the extension is uppercase
2016-12-15 23:21:44 +01:00
Guo Xiang Tan
18f400e652
Remove RSpec given.
2016-12-14 10:29:22 +08:00
Neil Lalonde
fb2633366a
FIX: featured link topics shouldn't require the same min post length
2016-12-09 15:46:26 -05:00
Neil Lalonde
a4c4f13901
Remove the topic_featured_link_onebox setting. We will always try to onebox a link and add it to the body if topic_featured_link_enabled is enabled.
2016-12-09 13:28:12 -05:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
Sam
39a524aac8
FEATURE: brotli cdn bypass for assets
...
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam
9b885c039a
Merge branch 'master' into fix_whisper
2016-12-02 17:44:05 +11:00
Sam
c04d4171ff
FIX: whisper no longer experimental
...
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Régis Hanol
eb453d0f82
the note in a FWed email should be a whisper only in PM and when the author is member of the group
2016-12-01 18:43:56 +01:00
Régis Hanol
62763f025c
FIX: wasn't able to parse FROM email in the embedded email
2016-12-01 18:34:47 +01:00
Guo Xiang Tan
b8441fba27
Merge pull request #4546 from tgxworld/fix_postgresql_failover
...
Fix postgresql failover
2016-11-30 09:36:52 +01:00
Sam
0631a84ca0
Merge pull request #4576 from cpradio/min-posts-search
...
FEATURE: Add min_post_count search filter
2016-11-29 10:19:33 +11:00
cpradio
66ca6d622e
FEATURE: Add min_post_count search filter
2016-11-28 11:43:12 -05:00
Régis Hanol
a03287f2ee
FIX: 'In-Reply-To' header should default to topic_message_id
2016-11-28 14:18:02 +01:00
Régis Hanol
74b6fe8739
FIX: respect RFCs when setting 'In-Reply-To' and 'References' email headers
2016-11-25 23:25:39 +01:00
Guo Xiang Tan
02025207d5
FIX: Make sure Redis fallback don't fall into a permanent readonly state.
2016-11-23 11:31:20 +08:00
Guo Xiang Tan
3909f342f6
FEATURE: Allow options to be set when adding model callbacks.
2016-11-21 10:20:31 +08:00
Arpit Jalan
2d0c99636a
do not add rel noreferrer
2016-11-20 18:19:14 +05:30
Arpit Jalan
7cb76f7333
FIX: add rel noopener and noreferrer in addition to nofollow
2016-11-20 17:07:27 +05:30
Guo Xiang Tan
e8a3043129
Spawn a single thread that checks for PostgreSQL fallback.
2016-11-17 13:52:08 +08:00
Guo Xiang Tan
95c6e97587
Ensure we don't run $redis.keys
in production.
2016-11-15 23:23:41 +08:00
Sam
f4c754b389
FEATURE: split JavaScript application bundle, so plugins live in own file
...
This adds plugin.js and plugin_third_party.js files
2016-11-15 11:43:13 +11:00
Guo Xiang Tan
2d2998f5e0
Fix specs.
2016-11-09 11:31:53 +08:00
Neil Lalonde
86522a52b7
FEATURE: add censored_pattern setting to censor posts using regex
2016-11-08 16:39:26 -05:00
Sam
a1a7094604
Merge pull request #4539 from tgxworld/use_a_time_task_for_redis_failover
...
PERF: Spawn a seperate timer task to check if Redis master is up.
2016-11-08 11:18:54 +11:00
Régis Hanol
9ef724a065
FIX: self-onebox in read protected categories
2016-11-07 18:14:28 +01:00
Guo Xiang Tan
fbbcde1230
FIX: Don't treat master as up if it is still loading data.
2016-11-07 15:28:10 +08:00
Guo Xiang Tan
9375dcb6fe
PERF: Spawn a seperate timer task to check if Redis master is up.
2016-11-07 15:04:28 +08:00
Sam
2ddabc3928
FIX: protect against future regressions of google omniauth
2016-11-07 12:48:00 +11:00
Guo Xiang Tan
9fd317306c
FIX: Do not show educational message for PMs.
2016-11-04 17:06:53 +08:00
Régis Hanol
a655e4b092
ensure we allow self oneboxing of login required sites
2016-11-03 22:48:32 +01:00
Neil Lalonde
9ef1688a76
FEATURE: per-category default topic list sort order
2016-11-01 12:18:41 -04:00
Arpit Jalan
382803cb05
FEATURE: include post image in OpenGraph image tag
2016-10-31 15:11:33 +05:30
Régis Hanol
f8caae0be7
FIX: don't overwrite custom email headers when using mandrill/sparkpost
2016-10-30 11:38:55 +01:00
Guo Xiang Tan
49c27d9a88
FEATURE: Add interface in Plugin::Instance
to register a seedfu fixture.
2016-10-25 14:57:31 +08:00
Régis Hanol
01001b167e
fix the build
2016-10-25 01:55:47 +02:00
Régis Hanol
3841cd9a7f
FEATURE: onebox everything by default
...
FEATURE: new 'max_oneboxes_per_post' site setting
FEATURE: change onebox whitelist to a blacklist
PERF: debounce the loading of oneboxes
PERF: improve perf of mention links in preview
FIX: sort loading of custom oneboxer
2016-10-24 12:46:22 +02:00
Régis Hanol
2a61cc8c88
FIX: email styling with blacklisted iframes
2016-10-21 12:37:03 +02:00
Sam
674264726d
FIX: should not be allowed to see users list of people who started a PM
2016-10-19 17:36:35 +11:00
Guo Xiang Tan
7db33cc512
FIX: Videos and audio files were not associated to the post.
2016-10-18 16:13:39 +08:00
Régis Hanol
bd1328c189
FIX: show the wizard to developers too
2016-10-14 11:09:55 +02:00
Sam
f4f5524190
FEATURE: user API now contains scopes so permission is granular
...
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Sam
89daa43754
FEATURE: remap emojis back for push notifications and desktop alerts
2016-10-11 13:03:48 +11:00
Sam
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
Sam
0f0b657182
Merge pull request #4447 from pmusaraj/approve_new_topics_setting
...
FEATURE: add "Approve new topics unless user level" setting
2016-10-11 10:14:28 +11:00
Sam
ea1f0683c8
Merge pull request #4477 from cpradio/watching-state-on-reply
...
FEATURE: Add notification level user preference when replying to a topic
2016-10-11 10:05:37 +11:00
Régis Hanol
8f68a95e56
FIX: trim leading & trailing whitespaces in admin user search
2016-10-10 16:18:57 +02:00
Sam Saffron
647ee46edf
FIX: don't stem the search term
...
Search for "canned" not working correctly and "butted", "ands" and many more :)
2016-10-07 12:40:57 +11:00
cpradio
6f1c31d777
Add notification level user preference when replying to a topic
2016-09-30 14:58:07 -04:00
Sam Saffron
4d8d5613e4
FEATURE: add min_trust_level_to_edit_post
...
add minimum trust level to edit post (default 0)
2016-10-01 02:12:27 +10:00
Guo Xiang Tan
40b83ebb47
Reset I18n.locale
in tests.
2016-09-29 13:42:56 +08:00
Rafael dos Santos Silva
f96fffeb34
Add tests
2016-09-26 20:46:55 -03:00
Sam
df751ed6ec
Merge pull request #4457 from JaredReisinger/github-auth-with-email-whitelist
...
Add support for email whitelist/blacklist to GitHub auth
2016-09-23 09:49:14 +10:00
Robin Ward
3c12dd6549
FIX: Consider lazyYT divs as links when extracting
2016-09-22 16:50:24 -04:00
pmusaraj
0344388924
added tests and enabled queue when new setting is > 0
2016-09-22 14:51:36 -04:00
Jared Reisinger
2ae7c47a3c
Add support for email whitelist/blacklist to GitHub auth
...
If a site is configured for GitHub logins, _**and**_ has an email domain
whitelist, it's possible to get in a state where a new user is locked to
a non-whitelist email (their GitHub primary) even though they have an
alternate email that's on the whitelist. In all cases, the GitHub
primary email is attempted first so that previously existing behavior
will be the default.
- Add whitelist/blacklist support to GithubAuthenticator (via
EmailValidator)
- Add multiple email support GithubAuthenticator
- Add test specs for GithubAuthenticator
- Add authenticator-agnostic "none of your email addresses are allowed"
error message.
2016-09-22 11:31:10 -07:00
Robin Ward
14bee641aa
Can choose categories or latest as homepage style
2016-09-22 09:52:19 -04:00
Robin Ward
2a0443445b
New step to choose emoji set
2016-09-22 09:52:19 -04:00
Robin Ward
2545c2ffa6
Add new welcome message step
2016-09-22 09:52:19 -04:00
Robin Ward
b0ee7930e8
Server side support for inviting as a moderator via the wizard
2016-09-22 09:52:19 -04:00
Robin Ward
28cd49f02b
Split Logos and Icons into separate steps
2016-09-22 09:52:19 -04:00
Robin Ward
4f9a7aa769
FIX: Prompt for the wizard for the first admin who logs in
2016-09-22 09:52:19 -04:00
Robin Ward
644bcbc253
Make the site contact a drop down of admin users
2016-09-22 09:52:19 -04:00
Robin Ward
74ed2e82ac
UX: Wiggle invalid form elements. Don't allow a site title of Discourse
2016-09-22 09:52:19 -04:00
Robin Ward
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
Robin Ward
ef84981e38
Invite Users step
2016-09-22 09:52:19 -04:00
Robin Ward
35b767f6af
Company Name Step which updates the TOS
2016-09-22 09:52:19 -04:00
Robin Ward
28b6c300a0
Clean up wizard updater API for better plugin use
2016-09-22 09:52:19 -04:00
Robin Ward
e3640ee5f6
Privacy Step
2016-09-22 09:52:19 -04:00
Robin Ward
af83c8dc14
Upload Logos Step
2016-09-22 09:52:19 -04:00
Robin Ward
c94e6f1b96
Add locale step
2016-09-22 09:52:19 -04:00
Robin Ward
3f6e3b9aff
Wizard - Color Scheme Step
2016-09-22 09:52:19 -04:00
Robin Ward
9f12b571ef
Wizard: Server Side Validation + Finished Step
2016-09-22 09:52:19 -04:00
Robin Ward
3a4615c205
Wizard: Step 1
2016-09-22 09:48:58 -04:00
Sam
8dc4329094
FEATURE: optionally get extra profile info from facebook
...
This feature requires the application be approved by facebook, so it is
default off
2016-09-19 16:14:11 +10:00
Erick Guan
c463cf63d4
FEATURE: Webhook for user creation and approval
2016-09-19 10:12:55 +08:00
Arpit Jalan
e46204d195
FIX: allow long words if they contain periods
2016-09-13 09:15:05 +05:30
Robin Ward
e78b7a243e
FIX: Don't enqueue posts if the user can't create them (ex: closed)
2016-09-09 12:15:56 -04:00
Guo Xiang Tan
35bc0c943f
More randomly failing specs fixes.
2016-09-05 19:33:03 +08:00
Guo Xiang Tan
1f70fc9e11
Make sure we reset global in specs.
2016-09-05 18:18:14 +08:00
Guo Xiang Tan
31d900f7e7
Fix build.
2016-09-05 17:03:41 +08:00
Guo Xiang Tan
aa1f306894
Properly clean up plugin event in specs..
2016-09-05 16:10:03 +08:00
Guo Xiang Tan
aabb7a8592
FIX: DiscourseEvent should not be triggered from within the controller.
2016-09-05 15:58:04 +08:00
Guo Xiang Tan
ec90655c41
FIX: Clean up specs properly.
2016-09-05 15:48:59 +08:00
Guo Xiang Tan
aa9decf6fd
Remove DiscourseEvent.clear
.
2016-09-05 15:17:49 +08:00
Sam
59640bae3b
FIX: absolute URL for CDN should always be rooted with a protocol
2016-09-05 15:57:46 +10:00
Guo Xiang Tan
2f39293867
FIX: User enabled readonly mode was not working.
2016-08-25 23:31:59 +08:00
Neil Lalonde
7a81669c18
SECURITY: don't allow re-using the current password during password reset
2016-08-24 12:27:21 -04:00
Régis Hanol
038eb6f645
FIX: translations with a symbol as key should also be overridable
2016-08-24 11:53:03 +02:00
Robin Ward
c3a3aff120
FEATURE: Support for a whitelist for embeddable host paths
2016-08-23 14:56:12 -04:00
Arpit Jalan
4a2f0e772c
add specs for post ownership change without revision
2016-08-20 01:27:48 +05:30
Robin Ward
4061725a95
FIX: Don't ever grant badges when they're disabled
2016-08-19 15:16:37 -04:00
Guo Xiang Tan
3141c179f7
REFACTOR: Get bucket name from S3Helper.
2016-08-19 14:08:37 +08:00
Sam
3ea68f8f6c
tweak headers so they can be consumed
2016-08-18 14:38:33 +10:00
Guo Xiang Tan
7ff1f6cb9d
Allow custom bucket name for FileStore::S3Store
.
2016-08-16 15:25:42 +08:00
Neil Lalonde
3b792054f2
Merge pull request #4387 from gdpelican/feature/tags-intersection
...
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel
554d15fdd4
Add extra spec for topic_query
2016-08-15 15:42:06 -04:00
Guo Xiang Tan
0433163866
FEATURE: Support subfolders in SiteSetting.s3_backup_bucket
.
2016-08-15 16:14:51 +08:00
Sam
fc095acaaa
Feature: User API key support (server side implementation)
...
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
Guo Xiang Tan
aa5de3c40a
FEATURE: Support subfolders in S3 bucket name.
...
This commit also fixes a bug where s3 uploads are not
moved to a tombstone folder when removed.
2016-08-15 13:07:41 +08:00
Guo Xiang Tan
3378ee223f
FIX: Incorrect path being passed to S3Store#remove_file
.
2016-08-15 11:35:30 +08:00
Robin Ward
aef954784a
FIX: nofollow
was being added during post processing when it shouldn't
2016-08-12 15:35:13 -04:00
James Kiesel
7e73b933c7
First pass
2016-08-12 15:28:46 -04:00
Robin Ward
7e165d031b
FIX: Short terms will be searched for if at least one is long enough
2016-08-11 11:53:14 -04:00
Guo Xiang Tan
6075debc90
Add specs to hidding settings when shadowed by a global.
2016-08-11 16:04:45 +08:00
Guo Xiang Tan
11afb20772
SECURITY: Escape HTML in filename.
2016-08-11 11:27:12 +08:00
Guo Xiang Tan
6288d4c995
FIX: Revised post not updated correctly when merging posts.
2016-08-11 09:01:54 +08:00
Robin Ward
fc311dbe3b
FEATURE: An option to search more recent posts for very large sites.
...
On very large forums searching posts can be slow, so this commit
introduces the ability to try and search only the most recent posts
first, and then going for a larger breadth search if there aren't
enough results.
Enable `search_prefer_recent_posts` and you can customize how many
recent posts to filter with `search_recent_posts_size`
2016-08-10 15:43:42 -04:00
Régis Hanol
e55e2aff94
FIX: FirstReplyByEmail badge wasn't granted
...
DEPRECATED: PostProcess badge trigger
2016-08-10 19:24:01 +02:00
Robin Ward
cc366d5a60
FIX: Search in non-english should have a smaller minimum
2016-08-09 15:20:28 -04:00
Robin Ward
28436a604a
FIX: Prevent tricking the search from ignoring minimum lengths
2016-08-09 14:49:46 -04:00
Sam
5cc8bb535b
SECURITY: do cookie auth rate limiting earlier
2016-08-09 10:02:18 +10:00
Régis Hanol
51322a46b3
FEATURE: retry processing incoming emails on rate limit
2016-08-08 22:28:27 +02:00
Neil Lalonde
f10c4682cd
FIX: muted tags showing in latest topic list
2016-08-04 11:54:48 -04:00
Régis Hanol
b08ab829b8
added 'X-Auto-Response-Suppress' email header (props to elijah)
2016-08-03 11:02:07 +02:00
Robin Ward
2891f230d1
SECURITY: Make sure uploaded_urls have corresponding upload records
2016-07-28 13:54:17 -04:00
Robin Ward
dc1a830d3d
SECURITY: SQL Injection in Admin List Active Users
2016-07-28 11:42:06 -04:00
Sam
16a383ea1e
SECURITY: limit bad cookie auth attempts
...
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Robin Ward
2a4006fe0c
Add YandexBot
to our list of crawlers
2016-07-26 13:21:37 -04:00
Sam
b5fbff947b
FIX: don't expire old sessions when logging in
2016-07-26 11:37:41 +10:00
Jeff Atwood
1379bd5053
fix all v=2 spec / test errors for emoji
2016-07-25 15:53:48 -07:00
Sam
12ecf8624a
FIX: tokenize words with dots correctly
...
hello.world is now tokenized as "hello.world" and "world" that way the word
"world" will find the post with "hello.world"
2016-07-25 16:26:33 +10:00
Sam
e01802a13b
FIX: strip quote from search term when searching within topic
2016-07-25 15:06:25 +10:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Sam
12dc511fea
PERF: make score calculator cheaper when site has long topics
2016-07-22 09:48:44 +10:00
Neil Lalonde
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
Robin Ward
12cfc8cedd
FIX: Email cooker should support links within blockquotes
2016-07-18 14:38:40 -04:00
Robin Ward
6db50b820d
FIX: Email cooker should link links that don't begin a line
2016-07-18 13:46:13 -04:00
Sam Saffron
46b34e3c62
FEATURE: remove user option for edit history public
...
Users can no longer opt-in for "public" edit history
if site owner disables it.
This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Régis Hanol
caa1aea995
FIX: ensure emojis have absolute URLs and uses CDN
2016-07-15 18:37:51 +02:00
Guo Xiang Tan
5fe4837e28
Add PostCreator#create!
.
2016-07-15 11:36:06 +08:00
Hu Ming
f8a12d4940
Add support for AWS cn ( #4327 )
2016-07-14 16:56:09 +02:00
Guo Xiang Tan
41cbdb5dfa
Fix the build.
2016-07-13 19:14:40 +08:00
Robin Ward
bb90129731
Improvements to email cook text rendering
2016-07-12 13:49:03 -04:00
Robin Ward
0c3b049176
FIX: Autolinking in email formatter was broken
2016-07-12 13:33:13 -04:00