Commit Graph

17822 Commits

Author SHA1 Message Date
Neil Lalonde
ea7ee8e9f7 Merge master 2018-09-10 19:39:09 -04:00
Sam
a5ae7ee8e2 SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:25:19 +10:00
Sam
e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Blake Erickson
1d41f3c3fb
Merge pull request #6380 from discourse/rake-destroy-sub-category
FIX: Allow `rake destroy:topics` to delete topics in sub-categories
2018-09-10 10:26:04 -06:00
Kris
2b7e50cab8 Prevent fade-out from overlapping button in admin nav 2018-09-10 11:25:41 -04:00
David Taylor
84fc7abb73 FIX: Allow rake destroy:topics to delete topics in sub-categories 2018-09-10 12:52:14 +01:00
Joffrey JAFFEUX
d4080c020f
FIX: sets trends to 7 days instead of 3 (#6379) 2018-09-10 10:40:19 +02:00
Guo Xiang Tan
04d26c65e2 Refactor Upload.get_from_url to check length of sha1. 2018-09-10 10:10:39 +08:00
Joffrey JAFFEUX
2ad882113e
FIX: corrects top-referred and trending-search dates (#6372) 2018-09-07 16:49:44 +02:00
Neil Lalonde
9e77fd8fc3 FIX: wrong category links on subfolder install in rss feed for a category topic list 2018-09-07 10:03:30 -04:00
Guo Xiang Tan
d788555994 DEV: Manage pretender with yarn. 2018-09-07 16:01:49 +08:00
Guo Xiang Tan
039afe0d2c Apply prettier. 2018-09-07 15:19:34 +08:00
Sam
879067d000 FIX: check admin theme cookie against user selectable
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
Joffrey JAFFEUX
6c1e70d554
FIX: do no reset tags selection on category selection (#6369)
We will instead implement a server side solution to this in the future.
2018-09-06 10:35:07 +02:00
Sam
56b6a4779d FIX: make route to tag more robust
There are some edge cases where code would fail here, so adding protection
2018-09-06 17:24:32 +10:00
Guo Xiang Tan
1f636c445b PERF: Add fast path to find uploads before resorting to LIKE query.
For a normal upload url

Before

```
Warming up --------------------------------------
                       264.000  i/100ms
Calculating -------------------------------------
                          2.754k (± 8.4%) i/s -     13.728k in   5.022066s
```

After

```
Warming up --------------------------------------
                       341.000  i/100ms
Calculating -------------------------------------
                          3.435k (±11.6%) i/s -     17.050k in   5.045676s
```
2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5 Always link post to uploads in post process.
The operation is cheap anyway so no point skipping.
2018-09-06 14:08:03 +08:00
Guo Xiang Tan
b6a139b581 Fix broken spec. 2018-09-06 12:41:43 +08:00
Guo Xiang Tan
434035f167 FIX: Link post to uploads in PostCreator.
* This ensures that uploads are linked to their post on creation
  instead of a background job which may be delayed if Sidekiq
  is facing difficulties.
2018-09-06 11:18:11 +08:00
Sam
5bdc00c3be FIX: do not automatically route all actions to hovered posts
This feature (hitting d when a post is hovered with mouse deletes) causes a lot of confusion and is very risky.
2018-09-06 10:34:58 +10:00
Kris
8cff3c9bbc UX: Prevent long names from overflowing post 2018-09-05 17:48:31 -04:00
Joffrey JAFFEUX
e59622f2ba
FIX: deactivate chart trends for now (#6364) 2018-09-05 23:33:29 +02:00
Kris
1c65969bb4 post read-state icon alignment 2018-09-05 13:19:36 -04:00
Joffrey JAFFEUX
17087eff2a
FIX: Reset tags on category change (#6363) 2018-09-05 17:18:52 +02:00
Gerhard Schlager
3134dd4763 FIX: Wizard didn't change locale when Enter key was used in drop-down 2018-09-05 15:14:09 +02:00
Gerhard Schlager
2801376df5 FIX: Wizard didn't load translations correctly
* Translations from the js.* namespace were not found, because the i18n-patches were not loaded.
* The extra-locales didn't use a hash in the URL.
2018-09-05 15:14:09 +02:00
Gerhard Schlager
2c5d9269a0 FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled 2018-09-05 11:44:28 +02:00
Sam
d9c0dc8687 correct prev commit
s3. did not exists it is s3-
2018-09-05 16:11:44 +10:00
Sam
83e1315e42 FIX: correct urls in uploads table to point at dualstack
Last week we added support for dual stack urls but did not remap the
the old records in the uploads and optimized images table

This caused a few minor edge cases worst was that if you rebaked old
images S3 CDN was not repopulated.
2018-09-05 15:58:04 +10:00
Gerhard Schlager
9d35240620 Revert "FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled"
This reverts commit c788737eed.
2018-09-05 01:53:22 +02:00
Gerhard Schlager
c788737eed FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled 2018-09-05 00:47:39 +02:00
Vinoth Kannan
8a952a2cc2 Make prettier happy 2018-09-05 02:00:13 +05:30
Kris
5cf1a9a23a UX: primary & danger buttons should lighten on hover in dark themes 2018-09-04 16:18:10 -04:00
Vinoth Kannan
d8b543bb67 FIX: redirect to original URL after social signup 2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Sam
e4498d2a8a FIX: keep db and job correctly in multisite logs
This ensures we report job and db correctly, previously we were
only reporting this on default
2018-09-04 16:05:44 +10:00
Sam
ad70502ab8 FIX: ignore invalid usernames in incoming link tracker
If an incoming link username has NULL in it simply ignore it
2018-09-04 12:28:32 +10:00
Guo Xiang Tan
8dc1463ab3 Enable Lint/ShadowingOuterLocalVariable for Rubocop. 2018-09-04 10:16:42 +08:00
Sam
2f5c21e28c FIX: return a 400 error instead of 500 for null injections
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500

We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Sam
3748d3e281 UX: hide associate accounts if second factor is enabled
Once second factor is enabled all login via associated accounts is banned
showing this section just leads to confusion
2018-09-04 10:42:39 +10:00
Sam
155eb02c7e UX: remove auth token log from user page
This feature is not quite ready so we are deferring on it for a few more weeks
2018-09-04 10:28:33 +10:00
Vinoth Kannan
fe6c3b7d2e Make prettier happy 2018-09-04 00:31:41 +05:30
Vinoth Kannan
24a14af15a FIX: Respect invalidate_oneboxes option for inline oneboxes 2018-09-03 22:33:43 +05:30
Gerhard Schlager
f33433bf9e Validation of params should restrict to max int (#6331)
* FIX: Validation of params should restrict to max int

* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan
59c9051a2e REFACTOR: Rescue error at the specific spot that is raising the error. 2018-09-03 11:04:58 +08:00
Guo Xiang Tan
7256b3bf68 REFACTOR: Use UserAuthTokenLogSerializer instead of conditionals. 2018-09-03 10:44:22 +08:00
Jeff Atwood
c3a898795a
Merge pull request #6351 from gschlager/btn_primary
UX: Primary button didn't have hover effect anymore
2018-09-02 14:26:40 -07:00
Bianca Nenciu
f5e0356fb2 correct miscellaneous issues with user login history 2018-09-02 17:24:54 +10:00
Osama Sayegh
8e70b82baa FIX: maintain theme preview when refreshing (#6356) 2018-09-02 17:23:46 +10:00