Commit Graph

2122 Commits

Author SHA1 Message Date
Guo Xiang Tan
ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Guo Xiang Tan
5aee2673c7 FIX: Push null fields to last when sorting group members. 2016-12-22 14:55:24 +08:00
Guo Xiang Tan
5605700fa9 UX: Sort groups by name. 2016-12-22 14:46:20 +08:00
Guo Xiang Tan
8551d821a0 FEATURE: Add site setting to disable group directory. 2016-12-22 14:14:22 +08:00
Guo Xiang Tan
5e75d5c1bf PERF: N+1 query on groups page. 2016-12-21 20:59:09 +08:00
Guo Xiang Tan
5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Guo Xiang Tan
9db5d5b6a7 FIX: Incorrect serializer for groups page. 2016-12-20 15:44:22 +08:00
Guo Xiang Tan
7c7c233c1c FIX: Can't update Groups#allow_membership_requests in admin. 2016-12-20 15:14:35 +08:00
Guo Xiang Tan
502e114c60 FIX: Incorrect count when loading more groups. 2016-12-20 14:39:44 +08:00
Guo Xiang Tan
193f8301a4 FIX: Do not show automatic groups to normal users. 2016-12-20 14:26:49 +08:00
Régis Hanol
52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam
2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde
923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Joe Buhlig
87251fded7 FEATURE: Category setting to make all topics wikis
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Guo Xiang Tan
18c8323987 FIX: Incorrect path for redirect. 2016-12-19 18:12:15 +08:00
Sam
e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam
dd383300b1 FEATURE: rate limit by login on password reset 2016-12-19 11:03:07 +11:00
Sam
15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam
61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Sam
98f4a2adcb FIX: on 404 from brotli asset path return a correctly encoded doc
old implementation would cache the 404 for 1 year with incorrect encoding

hilarity would ensue
2016-12-15 16:05:20 +11:00
Guo Xiang Tan
4b940dc8bd FEATURE: Add groups page. 2016-12-14 17:27:47 +08:00
Robin Ward
03bc6f70f9 Better error messages when embedding fails 2016-12-13 14:38:05 -05:00
Guo Xiang Tan
2686ee5ab2 FIX: Admin can't add/remove public group users. 2016-12-13 16:39:44 +08:00
Guo Xiang Tan
43ee9f884e FEATURE: Add Group#full_name. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan
7bfabb029b UX: Move editing group from into an individual tab. 2016-12-13 15:15:20 +08:00
Guo Xiang Tan
da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan
9a800107cb FIX: Associate category logo and background to uploads record. 2016-12-12 17:37:28 +08:00
Guo Xiang Tan
05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan
790f1ef9f3 FIX: Permit missing params. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
be5b5f6bea FEATURE: Public groups. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
b9b4b0c175 FIX: Members should be ordered by username. 2016-12-08 14:27:38 +08:00
Guo Xiang Tan
a2da2971af FEATURE: Allow columns on group members page to be sortable. 2016-12-08 10:49:12 +08:00
Robin Ward
d379f57c58 FIX: Show an error page if finish-installation can't run 2016-12-07 11:10:08 -05:00
Guo Xiang Tan
81d333289e FIX: Return 503 when in readonly mode. 2016-12-07 14:04:42 +08:00
Guo Xiang Tan
545dfa7191 FEATURE: Allow group owners to edit title. 2016-12-07 10:26:28 +08:00
Sam
1135e00c83 FIX: regression unable to dismiss unread 2016-12-06 08:49:40 +11:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Arpit Jalan
431aa79bb3 Merge pull request #4587 from techAPJ/invite-upload
FIX: simplify CSV file upload
2016-12-05 14:30:13 +05:30
Guo Xiang Tan
adb7fcb6b3 FEATURE: Add bio to group page. 2016-12-05 16:58:04 +08:00
Arpit Jalan
ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Guo Xiang Tan
31acd311e5 FEATURE: Allow group owners to edit group name and avatar flair. 2016-12-05 14:27:46 +08:00
Sam
dc66f6681a add spec for brotli controller, ensure cached correctly 2016-12-05 16:08:36 +11:00
Sam
8a98d617df correct headers and add better caching 2016-12-05 15:11:07 +11:00
Sam
39a524aac8 FEATURE: brotli cdn bypass for assets
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam
1db9d17756 Make removal of topic columns more resilient to deploys 2016-12-05 12:11:46 +11:00
Sam
33d0a23d84 Merge branch 'fix_whisper' 2016-12-05 10:01:03 +11:00
Neil Lalonde
dafd1453d6 FIX: topic list filters for bookmarked, posted, and read now work with tag filter 2016-12-02 15:58:14 -05:00
Guo Xiang Tan
bc0a8142fe PERF: Only show members count on group page. 2016-12-02 16:28:54 +08:00
Sam
c04d4171ff FIX: whisper no longer experimental
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Sam
b8dc58be90 got to be careful with integrity specs 2016-11-29 18:01:09 +11:00
Sam
266322ce2e FEATURE: add help text for no bookmarks in user page 2016-11-29 17:56:00 +11:00
Guo Xiang Tan
d95fbd89d0 Enable miniprofiler in development automatically. 2016-11-29 10:59:10 +08:00
Joe Buhlig
0390deba40 FIX: Add tags to list options from params 2016-11-26 08:24:52 -06:00
Guo Xiang Tan
559918c6c6 PERF: Add endpoint to check if a group can be mentioned by user. 2016-11-26 02:20:46 +08:00
Guo Xiang Tan
5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Guo Xiang Tan
712ff01f38 PERF: Remove eager load. 2016-11-25 11:21:08 +08:00
Guo Xiang Tan
63a88ee6e7 Merge pull request #4566 from tgxworld/fix_perf_redirect_to_top
Fix perf redirect to top
2016-11-25 03:39:56 +01:00
Sam
88a46be051 FEATURE: display text excerpts when scrolling on mobile 2016-11-25 11:35:29 +11:00
Neil Lalonde
f885e5b5e6 fix success response handling of sending digest preview email 2016-11-24 15:05:33 -05:00
Guo Xiang Tan
84914c5e1f PERF: Fix N+1 query. 2016-11-24 17:47:14 +08:00
Guo Xiang Tan
b889bfefbb PERF: Don't calculate the same query twice. 2016-11-24 14:05:26 +08:00
Neil Lalonde
47aa3d94aa FEATURE: send digest preview to an email address 2016-11-23 17:51:57 -05:00
Sam
e2c87da42a FEATURE: Add basic support for Safe Mode
In Safe Mode all JS extensions and site customizations are disabled.

To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Guo Xiang Tan
f824afb4d3 FEATURE: Allow date_of_field column to be updated. 2016-11-17 15:16:58 +08:00
cpradio
c3d4c949f1 Add comments to relevant sections denoting "create new topic" scenario is not supported for cannot-see-mention (per @coding-horror instruction) 2016-11-16 06:26:36 -05:00
Robin Ward
32a8d5ed1f Merge pull request #4550 from cpradio/cannot-see-mention
FEATURE: Notify user when mention can't see the reply they were mentioned in
2016-11-15 16:40:47 -05:00
Sam
63d9d4f301 FIX: properly specify default on no cache on all resources 2016-11-15 17:00:44 +11:00
cpradio
824c235760 FEATURE: Notify user when mention can't see the reply they were mentioned in
FIX: Group Mention Notifications
2016-11-14 22:03:16 -05:00
Kiffin Gish
3aa22715af A new guard for changing post timestamps called can_change_post_timestamps? 2016-11-06 20:14:09 +01:00
Neil Lalonde
764a572070 FIX: when subcategories with the same name exist, filtering by tags might use the wrong subcategory 2016-11-02 15:29:33 -04:00
Neil Lalonde
29edbafac7 FIX: post short link on subfolder installs 2016-11-01 15:20:04 -04:00
Neil Lalonde
9ef1688a76 FEATURE: per-category default topic list sort order 2016-11-01 12:18:41 -04:00
Neil Lalonde
8c9d390cac FIX: Tags used only on deleted topics could not be used again 2016-10-28 15:11:50 -04:00
Régis Hanol
71f940d478 FIX: use metadata to hold the message_id with sparkpost 2016-10-27 19:35:50 +02:00
Dmitry Demenchuk
fb25485bb1 Delete useless home_redirect method from ForumsController. 2016-10-27 15:45:22 +01:00
Régis Hanol
41f19641d1 FIX: don't error out when we receive a bounce associated to a deleted user 2016-10-26 10:13:05 +02:00
Régis Hanol
81e2a0099f FIX: ensure the group 'everyone' is never shown when using a different locale 2016-10-24 10:53:31 +02:00
Guo Xiang Tan
ee9946388c Merge pull request #4507 from ming-relax/feat-delete-by-email
Remove user from a group by user email
2016-10-24 11:28:27 +08:00
Sam
9a94d1b212 FIX: everyone is not a visible group 2016-10-24 13:03:22 +11:00
Robin Ward
19e2eec219 Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
Sam
bfa33f2518 Merge pull request #4500 from tgxworld/performance_on_users_page
PERF: Remove ordering by username.
2016-10-21 10:40:58 +11:00
Robin Ward
c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Ming HU
dffd8baa91 Remove user from a group by user email 2016-10-18 17:10:47 +08:00
Régis Hanol
3949c24f80 FIX: sparkpost webhooks support 2016-10-17 11:26:49 +02:00
Guo Xiang Tan
18d032ad91 PERF: Remove ordering by username.
* Ordering by username results in a very expensive query
for very little upside UX wise.
2016-10-15 01:13:58 +08:00
Sam
f4f5524190 FEATURE: user API now contains scopes so permission is granular
previously we supported blanket read and write for user API, this
change amends it so we can define more limited scopes. A scope only
covers a few routes. You can not grant access to part of the site and
leave a large amount of the information hidden to API consumer.
2016-10-14 16:05:42 +11:00
Neil Lalonde
0328141e05 FIX: prevent creation of tags with invalid characters 2016-10-12 15:44:36 -04:00
Régis Hanol
ddcc084d22 Revert "FEATURE: Use the top period default for users who have been inactive or are new" 2016-10-11 17:56:46 +02:00
cpradio
2de50a616d FEATURE: Use the top period default for users who have been inactive or are new 2016-10-11 09:55:15 -04:00
Sam
6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam
f6ac914376 Merge pull request #4467 from cpradio/advanced-search-ui
FEATURE: Advanced Search UI
2016-10-11 10:02:35 +11:00
Sam
3e513f5c05 Merge pull request #4459 from vibol/master
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Neil Lalonde
600b23c0a4 FIX: permalink redirects should work on tag paths 2016-10-04 12:01:42 -04:00
cpradio
4b71fd253b Advanced Search UI
Properly support Categories so it updates the search box correctly

Use category id, as it is more consistent with search results than using the slugs, especially for parent/subcategory

Added Status

Improve AutoComplete so it can receive updates
Added the ability for AutoComplete to receive updates to badge-selector and group-selector

Respect null, which is set via web-hooks

Support both # and category: for category detection.

Only update the searchedTerms if they differ from its current value (this helps the Category Selector receive updates)

Opt in receive updates (#3)

* Make the selectors opt-in for receiving updates

* Opt-in to receive updates

* Fix category detection for search-advanced-options

Fix eslint error

Update user-selector so it can receive updates live too
Make the canReceiveUpdates check validate against 'true'

Converted to use template literals

Refactor the regex involved with this feature
Split apart the init to make it a bit more manageable/testable

Switch the category selector to category-chooser, so it is a dropdown of categories instead of auto-complete

Reduce RegEx to make this happier with unicode languages and reduce some of the complexity
2016-10-04 11:18:01 -04:00
Robin Ward
f62d01ff1b FIX: Clear the session after a reset token was used 2016-09-30 12:20:23 -04:00
Guo Xiang Tan
1c3992e575 FIX: Ensure that translations bundle exists before merging plugin bundle. 2016-09-30 14:29:30 +08:00
Vibol Hou
c3d60d5d1d Merge remote-tracking branch 'upstream/master' 2016-09-29 02:12:05 -07:00
Guo Xiang Tan
72ccb4e11d FIX: Plugin "admin_js" translations bundle was not fetched. 2016-09-29 04:42:26 +08:00
Vibol Hou
34af73c7cb FEATURE: sparkpost webhook 2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva
0229df4c73 Second review fixes 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
2a5a0bebb3 Adjusts from review 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
acc70cc3de SiteSetting, admin passtrough, CSS, hide on mobile 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
6faedfa716 Rate limit printing 2016-09-26 20:46:55 -03:00
Rafael dos Santos Silva
c12e533273 Feature: Adds a button to print a topic 2016-09-26 20:44:50 -03:00
Guo Xiang Tan
4e663998af PERF: N+1 query on user summary page. 2016-09-23 12:44:08 +08:00
Robin Ward
7f66cf618c FIX: You should be an admin to do the wizard 2016-09-22 11:12:51 -04:00
Robin Ward
29cf47cfb2 Track steps the user has completed, nag them to finish it. 2016-09-22 09:52:19 -04:00
Robin Ward
35b767f6af Company Name Step which updates the TOS 2016-09-22 09:52:19 -04:00
Robin Ward
28b6c300a0 Clean up wizard updater API for better plugin use 2016-09-22 09:52:19 -04:00
Robin Ward
af83c8dc14 Upload Logos Step 2016-09-22 09:52:19 -04:00
Robin Ward
c94e6f1b96 Add locale step 2016-09-22 09:52:19 -04:00
Robin Ward
9f12b571ef Wizard: Server Side Validation + Finished Step 2016-09-22 09:52:19 -04:00
Robin Ward
3a4615c205 Wizard: Step 1 2016-09-22 09:48:58 -04:00
Robin Ward
0471ad393c Scaffold for new Wizard - Rails / Ember / Tests 2016-09-22 09:48:58 -04:00
Robin Ward
6070939daa Support for other i18n bundles 2016-09-22 09:48:58 -04:00
Guo Xiang Tan
9374e5d42d Revert "FIX: don't overwrite category's logo & background URLs"
This reverts commit 641b95f655.
2016-09-22 11:30:19 +08:00
Régis Hanol
641b95f655 FIX: don't overwrite category's logo & background URLs 2016-09-21 22:11:31 +02:00
Guo Xiang Tan
547750e9dd Unify API keys and web hooks into a single admin nav header. 2016-09-20 05:22:03 +08:00
Robin Ward
2766b2edc3 FIX: Allow redirection for slugs that start with digits 2016-09-19 13:31:19 -04:00
Erick Guan
00d5facf36 FEATURE: prompts new webhook events 2016-09-19 12:07:17 +08:00
cpradio
2eddeab66b Escape the hyphen 2016-09-16 19:07:46 -04:00
cpradio
0d2d8797b6 FIX: Backup validation wasn't escaping hyphens 2016-09-16 15:20:42 -04:00
Sam
75f3f7fcbd FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
Guo Xiang Tan
512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Sam
e6fcaadd45 FIX: redirects back to origin for SSO and omniauth login 2016-09-16 13:48:50 +10:00
Sam
25a82e7d22 PERF: only publish notification state if we changed it
also publish seen_notification_id so we can tell what is new and what is old
cleanup controller so it correctly checks user
fix bug around clearing notification when people click mark read
2016-09-16 12:02:19 +10:00
Guo Xiang Tan
b0752b1f91 FIX: Don't bypass validations. 2016-09-15 10:15:17 +08:00
Sam
2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Arpit Jalan
19ddf95efa FIX: add custom invite email templates 2016-09-08 00:54:48 +05:30
Erick Guan
9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Guo Xiang Tan
aabb7a8592 FIX: DiscourseEvent should not be triggered from within the controller. 2016-09-05 15:58:04 +08:00
Sam
1d281e02c7 id is optional if already specified in header 2016-09-02 17:08:46 +10:00
Sam
be0fd5b4cc FEATURE: allow user api key revocation for read only keys 2016-09-02 17:04:00 +10:00
Régis Hanol
e064e6f7a3 FEATURE: new 'categories_and_latest' endpoint 2016-08-29 22:47:44 +02:00
Sam
0303080586 we do not define auth providers for builtins 2016-08-29 11:12:24 +10:00
Sam
22b8c0d44e FIX: fullscreen login set from client needs to be respected 2016-08-29 10:13:51 +10:00
Neil Lalonde
2251104e32 FEATURE: avatar flair can be font awesome icons 2016-08-26 17:15:37 -04:00
Sam
ca79c4b276 stop eating up push_urls 2016-08-26 13:23:06 +10:00
Sam
2b15919aee missing spot where old api was used 2016-08-26 10:58:34 +10:00
Sam
eaf87f0770 FIX: correctly handle api key so it uses current user provider 2016-08-26 10:39:13 +10:00
Arpit Jalan
bfefda06f6 FIX: handle embed count when topic not found 2016-08-25 07:12:20 +05:30
Neil Lalonde
50a8eb1810 Merge pull request #4405 from gdpelican/fix/intersection-pagination
FIX: Don't join on tags unnecessarily when matching all tags
2016-08-24 14:45:15 -04:00
Robin Ward
c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Sam
691f739f11 better error handling
push notifications imply read access, no need for a special permission
2016-08-23 16:48:00 +10:00
Régis Hanol
2690ef7050 prefix setting with 'desktop_' since it's only used for desktop 2016-08-22 23:43:42 +02:00
Régis Hanol
d06e2793aa fix logic for when to include topics in category list 2016-08-22 23:11:08 +02:00
Régis Hanol
4d6028ea2d UX: new 'category_page_style' site setting 2016-08-22 23:01:43 +02:00
James Kiesel
386b8b8498 Don't join on tags unnecessarily when matching all tags 2016-08-19 10:37:32 -05:00
Régis Hanol
eb953c0904 FIX: /categories page on mobile 2016-08-19 01:47:00 +02:00
Neil Lalonde
a644602612 FIX: infinite scrolling of topic list when filtered to one tag 2016-08-18 16:36:30 -04:00
Régis Hanol
6d1d7b7c8f UX: new /categories layout 2016-08-17 23:23:16 +02:00
Neil Lalonde
d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00
Sam
79c1d3459b line was there twice 2016-08-17 17:03:48 +10:00
Sam
91b72936c4 Normalize away a requested push if for some reason we can not push there 2016-08-17 16:44:38 +10:00
Sam
b4dfb84f37 PERF: stop doing work for HEAD requests on topics 2016-08-17 10:04:23 +10:00
Sam
a25a8115e8 FEATURE: support HEAD request to /user-api-key/new
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Sam
416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam
b7cea24d76 FEATURE: more user API flow, support key creation 2016-08-16 17:06:52 +10:00
Sam
0b334cdf74 FIX: stop removing query params from destination url in sso 2016-08-16 17:06:52 +10:00
Neil Lalonde
3b792054f2 Merge pull request #4387 from gdpelican/feature/tags-intersection
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel
037e9bb7b8 Support any number of tag intersections 2016-08-15 15:30:17 -04:00
Sam
fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel
7e73b933c7 First pass 2016-08-12 15:28:46 -04:00
Sam
7e4503dd99 FEATURE: basic info route for all sites, even ones that require login
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam
afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Robin Ward
429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Neil Lalonde
5f67cd7b45 FIX: tag input detects when a tag is not allowed and won't offer to create it anyway 2016-08-03 13:18:56 -04:00
Guo Xiang Tan
bf683178a8 FIX: Remove tag plugin code from tag hashtag check. 2016-08-02 10:59:12 +08:00
Régis Hanol
681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Neil Lalonde
1f12e41029 FIX: query for tag with no sub-categories 2016-07-28 16:59:00 -04:00
Neil Lalonde
82e170d6a6 FIX: 404 when filtering by category, no sub-category, and a tag 2016-07-28 16:19:03 -04:00
Neil Lalonde
77847f0d46 FIX: meta description tags for tags 2016-07-28 11:49:23 -04:00
Robin Ward
2f8ab8cd30 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 11:38:12 -04:00
Guo Xiang Tan
36ddb1787e FEATURE: Add toggle topic visibility button in popup menu. 2016-07-28 16:57:04 +08:00
Sam
c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4 SECURITY: limit route access when using external avatars 2016-07-28 09:00:43 +10:00
Régis Hanol
6dac9075dc new 'convert_pasted_images_quality' site setting 2016-07-27 19:59:44 +02:00
Régis Hanol
be099bb637 only convert pasted images to HQ jpg when it's at least 5% smaller 2016-07-27 19:55:13 +02:00
Andre Pereira
8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Neil Lalonde
3c0df3510a FIX: tags index should show all tags belonging to a category even if they have never been used 2016-07-26 16:04:11 -04:00
Régis Hanol
749b981759 FEATURE: new 'convert_pasted_images_to_hq_jpg' site setting 2016-07-25 23:01:28 +02:00
Neil Lalonde
ece4fa82c9 FIX: add canonical link to tags topic lists 2016-07-25 16:16:19 -04:00
Neil Lalonde
11b3b5e30a FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter 2016-07-25 16:16:18 -04:00
Régis Hanol
d2e22ab215 extract bounce scores into site settings 2016-07-25 17:27:28 +02:00
Sam
df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Neil Lalonde
7c092b0fe0 FEATURE: add filter to show topics that have not been tagged 2016-07-20 16:21:51 -04:00
Neil Lalonde
a74606c87c PERF: tag groups index query 2016-07-15 17:16:26 -04:00
Régis Hanol
7b6d946613 FIX: searching received emails for TO was broken 2016-07-13 22:43:25 +02:00
Guo Xiang Tan
5fed886c8f FIX: Update post replies when we move posts. (#4324) 2016-07-13 17:34:21 +02:00
Sam
4161ee210a FEATURE: improved tag and category watching and tracking
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status

New watching and tracking logic takes care of handling old topics
(either with or without read state)

When you watch a topic you now watch historically

Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Robin Ward
1eb64151f6 User interface for watching first post 2016-07-07 11:21:50 -04:00
Régis Hanol
c104e4c022 allow avatars up to 1000px 2016-07-05 18:49:33 +02:00
Guo Xiang Tan
f256e3afb6 Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Sam
0c6d8e155c Merge pull request #4300 from NuckChorris/patch-2
Log RecordInvalid when verbose_sso_logging enabled
2016-07-01 14:12:06 +10:00
Guo Xiang Tan
904d9735ab
Refactor desktop notifications to be more modular. 2016-07-01 00:11:32 +08:00
Peter Lejeck
e265b7b090 Log RecordInvalid when verbose_sso_logging enabled 2016-06-29 22:12:25 -07:00
Neil Lalonde
99e88ce39f FIX: n+1 query when fetching tag groups 2016-06-29 18:41:22 -04:00
Guo Xiang Tan
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode. 2016-06-29 15:10:01 +08:00
Guo Xiang Tan
20359788dc
Rename SiteSetting#use_https to force_https. 2016-06-29 15:02:43 +08:00
Guo Xiang Tan
e221414935
PERF: Remove N+1 queries on user messages page. 2016-06-29 09:30:54 +08:00
Sam
1411eedad3 FEATURE: offer to unwatch categories when unwatching category 2016-06-28 18:34:20 +10:00
Robin Ward
ccf9b70671 When restoring a backup, disable emails.
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Arpit Jalan
3232ce8265 FIX: better error message when trying to approve post for closed/deleted topic 2016-06-24 15:11:45 +05:30
Régis Hanol
5bfc9cf69e Allow API to create staged users 2016-06-23 12:27:05 +02:00
Régis Hanol
2ecd0da59f REFACTOR: use same code path for handling emails via API and POP 2016-06-22 15:50:49 +02:00
Sam
2d425892c4 FIX: update list of invited users after inviting 2016-06-21 16:01:29 +10:00
Régis Hanol
7fca6f502f fix and improve image downsizing algorithm 2016-06-20 12:35:07 +02:00
Sam
8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00
Sam
7edf7b590f SECURITY: restrict constantize classes in search controller 2016-06-17 13:47:34 +10:00
Sam
dd1a184955 Correct mailing list mode unsubscribe 2016-06-17 11:57:23 +10:00
Sam
852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Régis Hanol
49f8a2baa7 FEATURE: support for mandrill webhooks 2016-06-13 12:32:14 +02:00
Guo Xiang Tan
95a013784f Merge pull request #4260 from jamescook/james/replace-certain-gsub-with-tr
Replace certain uses of 'gsub' with 'tr' / 'chomp' for a speed improvement
2016-06-13 18:25:38 +08:00
Sam
e66c51fd85 correct regression where clicking on unlisted topics does not work 2016-06-12 16:36:38 +10:00
James Cook
c0e25b5a9a Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
improvement
2016-06-10 22:08:37 -05:00
Sam
3015030fe2 FIX: unlisted topics do not get "slug auto correct" logic 2016-06-10 10:53:26 +10:00
Neil Lalonde
a6090339a7 FEATURE: tag group options: limit usage of one tag per group, tags in a group can't be used unless a prerequisite tag is used 2016-06-09 16:01:19 -04:00
Régis Hanol
214e25f1b5 use proper 'Message-Id' field 2016-06-09 00:33:13 +02:00
Robin Ward
9a81115c1c FIX: Duplicate link shouldn't happen on edit 2016-06-08 17:22:23 -04:00
Régis Hanol
3e3538d603 loosen security a bit on mailgun's webhook 2016-06-08 22:38:38 +02:00
Neil Lalonde
a49ace0ffb FEATURE: ability to restrict tags to categories using groups 2016-06-07 15:36:20 -04:00
Robin Ward
431179dd25 FEATURE: Prompt users when they are entering duplicate links 2016-06-07 14:47:22 -04:00
Robin Ward
6aaa484baa REFACTOR: Move composer messages to store 2016-06-07 14:47:22 -04:00
Arpit Jalan
4253141700 FEATURE: custom email message for topic invites 2016-06-07 23:43:15 +05:30
Arpit Jalan
b1a94049e0 FIX: only staff can access 'resend all invites' feature 2016-06-07 10:57:08 +05:30
Arpit Jalan
a9c6df198c FEATURE: rate limit resend invites 2016-06-07 10:24:20 +05:30
Jeff Atwood
5c3e36aec2 Merge pull request #4252 from techAPJ/invite-email-improvements
FEATURE: customize invite email message
2016-06-06 14:24:39 -07:00
Neil Lalonde
f3f6c2f98f FEATURE: tag groups 2016-06-06 14:18:48 -04:00
Régis Hanol
fe595f1653 FEATURE: mailjet webhook 2016-06-06 19:47:45 +02:00
Arpit Jalan
7b205ebba4 FEATURE: customize invite email message 2016-06-06 20:15:30 +05:30
Arpit Jalan
c4e1ad0953 FEATURE: Resend all pending invitations 2016-06-03 12:23:13 +05:30
Régis Hanol
9704603fab FEATURE: sendgrid webhooks 2016-06-01 21:48:06 +02:00
Neil Lalonde
deb93044b4 FEATURE: new tags can be created from the "edit category" modal when defining the set of permitted tags 2016-05-31 17:27:22 -04:00
Neil Lalonde
2c78bea5a0 FIX: could not remove tags from a category 2016-05-31 17:27:22 -04:00
Neil Lalonde
a6aab00663 FEATURE: show category-to-tag relationships on tags index page 2016-05-31 17:27:22 -04:00
Neil Lalonde
6796b15857 FEATURE: restrict tags to be used in a category 2016-05-30 16:56:33 -04:00
Régis Hanol
116efffdaa FEATURE: webhooks support for mailgun 2016-05-30 17:11:17 +02:00
Neil Lalonde
3d5716a2c8 FIX: tag input doesn't show staff-only tags to non-staff 2016-05-26 18:03:50 -04:00
Neil Lalonde
f13470b96b Use db schema for tags instead of plugin store and custom fields 2016-05-26 14:29:48 -04:00
Neil Lalonde
2293fca012 FEATURE: after category name is changed, URLs with old category slug and tag filter will redirect to new category slug 2016-05-24 16:16:32 -04:00
Arpit Jalan
f387dfe226 FIX: mixed case group mentions were not getting highligted in composer 2016-05-22 18:32:49 +05:30
Steve Kemp
8f8ad3fe4a Allow an (optional) post-creation time to be submitted. (#4205)
* Allow an (optional) post-creation time to be submitted.

This should allow a new post to be created with an initial
date/time specified by the caller, which will be useful for
people writing importers..

* Only allow `created_at` to be submitted via the API.

This addresses the previous concern.
2016-05-22 10:54:03 +02:00
Régis Hanol
6137bb46d3 FIX: a User is *not* a Topic 2016-05-14 10:06:29 +02:00
Régis Hanol
1e57bbf5c8 Lots bounce emails related fixes
- Show bounce score on user admin page
- Added reset bounce score button on user admin page
- Only whitelisted email types are sent to emails with high bounce score
- FIX: properly detect bounces even when there is no TO: header in the email
- Don't desactivate a user when reaching the bounce threshold
2016-05-06 19:34:33 +02:00
Robin Ward
89e506551a
Add body class to account-created route 2016-05-05 14:37:09 -04:00
Neil Lalonde
c1aded8b64 FIX: crawler view of tags index page 2016-05-03 16:10:12 -04:00
Arpit Jalan
82daf93eb3 Merge pull request #4206 from techAPJ/convert-topic
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
Robin Ward
664f1913c8
FIX: Don't include hidden posts in embedded comments 2016-05-03 15:01:20 -04:00
Régis Hanol
8e611ec7a1 FEATURE: handle bounced emails 2016-05-02 23:15:32 +02:00
Arpit Jalan
acfb540952 FEATURE: move a topic from PM to regular topic or vice versa 2016-05-02 21:34:05 +05:30
Neil Lalonde
e5918c7d00 FEATURE: Merge tagging plugin into core 2016-04-27 11:58:53 -04:00
Arpit Jalan
74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Sam
0b6d12f95d FIX: when no notification state exists on topic, mute on unsubscribe 2016-04-25 11:24:52 +10:00
Sam
7ee11b0508 more logging, add referer 2016-04-25 10:48:36 +10:00
Rafael dos Santos Silva
bbe642070e App Banner Support for Android Chrome (#4103)
* App Banner Support for Android Chrome

* Oops, forgot semicolon;
2016-04-20 10:54:01 -04:00
Régis Hanol
7d9f2265b9 FIX: improve support for handling emails coming from screened email addresses 2016-04-18 23:01:54 +02:00
Sam
9e50f36c50 Merge pull request #4137 from cpradio/add-warning-to-flag
FEATURE: Add warning input to flag dialog when notifying a user
2016-04-15 16:23:22 +10:00
Régis Hanol
379bfac36d Merge pull request #4010 from riking/patch-sitelinks
FEATURE: Add /search discovery
2016-04-14 10:35:13 +02:00
Robin Ward
5518141ad5
Option for verbose logging when API calls to create posts fail 2016-04-12 12:10:48 -04:00
Guo Xiang Tan
983d64fd56 PERF: N+1 query on badges index. 2016-04-12 17:45:02 +08:00
Régis Hanol
7783ba46fc remove /error endpoint 2016-04-11 20:43:24 +02:00
Robin Ward
cc25716e47 FIX: Allow message format translations to be overridden 2016-04-08 14:49:50 -04:00
Thorben Egberts
cf8b3fbd56 FEATURE: add user custom fields to user card
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
Sam
19ca08857f FEATURE: verbose SSO logging
By enabling the site setting verbose_sso_logging
you can log information every time a user tries initiates SSO
and during SSO failures
2016-04-08 11:20:01 +10:00
Guo Xiang Tan
4e7e4cee7d PERF: Rendering crawler's template is expensive. 2016-04-07 16:28:31 +02:00
Sam
a130cb8305 FEATURE: move more urgent emails notifications to critical queue
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Sam
8ec7fd84fd FEATURE: prioritize sidekiq jobs
This commit introduces 3 queues for sidekiq

"critical" for urgent jobs (weighted at 4x weight)
"default" for standard jobs(weighted at 2x weight)
"low" for less important jobs


"critical jobs"

Reset Password emails has been seperated to its own job
Heartbeat which is required to keep sidekiq running
Test email which needs to return real quick


"low priority jobs"

Notify mailing list
Pull hotlinked images
Update gravatar

"default"

All the rest

Note: for people running sidekiq from command line use

bin/sidekiq -q critical,4 -q default,2 -q low
2016-04-07 12:56:43 +10:00
Régis Hanol
a5d8dfb07e FIX: don't hardcode maximum file size 2016-04-06 22:51:28 +02:00
Régis Hanol
2b9e8e5a7d Merge pull request #4147 from cpradio/default_top_timeframe
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
Neil Lalonde
56e47c8d7e FEATURE: report on admin dashboard when favicon is failing to load 2016-04-05 14:42:32 -04:00
cpradio
c5bb1d1cfe Return default top setting as part of best_periods_for to see if it can be used 2016-04-05 14:27:18 -04:00
Régis Hanol
d402a45781 FIX: hitting '/t/:id/posts.json' should return the first page of posts 2016-04-05 19:12:14 +02:00
Régis Hanol
841f36b058 FIX: automatically unstage user when signing in using OAuth 2016-04-04 19:04:10 +02:00
Régis Hanol
79639e2dec FIX: ensure group's users counters are kept in sync 2016-04-04 17:03:18 +02:00
cpradio
95fa340601 Added spec tests 2016-04-03 19:44:14 -04:00
cpradio
b4f4cf794b Add warning input to flag dialog
Added isWarning property
pass is_warning along to post_action
Added is_warning to possible arguments to receive from post_actions route
Only show warning checkbox for staff
Only permit the is_warning argument if the user is staff
2016-04-03 18:48:39 -04:00
Arpit Jalan
13fa0f8cf8 FIX: only show regular posts in RSS feed 2016-03-31 21:34:53 +05:30
Arpit Jalan
41208b99a1 FEATURE: RSS feed for user posts and topics 2016-03-31 20:24:05 +05:30
Régis Hanol
0bf001ccd7 FIX: badge grant count wasn't filtered to the current user in the user summary 2016-03-30 23:11:00 +02:00
Sam
ed750cac39 FIX: if badges are disabled badge pages should 404 2016-03-29 17:21:32 +11:00
Kane York
f2ddd44712 FEATURE: Add /search discovery
The opensearch.xml results in a "site search engine" being added to
Chrome, while the sitelinks search tag results in "Search this website"
being added to Google Search.
2016-03-28 15:07:59 -07:00
Guo Xiang Tan
6d64b6d39f FIX: Query for category hashtag should be case sensitive. 2016-03-28 11:15:10 +08:00
Guo Xiang Tan
9a5ded48cf FIX: Return a proper error message when sync sso fails. 2016-03-26 13:30:15 +08:00
Arpit Jalan
da2f1fda15 FIX: increase read_timeout when downloading avatar 2016-03-24 17:40:03 +05:30
Robin Ward
f0552af5f1 FIX: Don't log validation errors for sso 2016-03-23 14:44:34 -04:00
Régis Hanol
39863953cd new 'enable_staged_users' site setting 2016-03-23 18:56:03 +01:00
Robin Ward
4180e207c3 FIX: Crazy large ids should not raise exceptions 2016-03-23 12:13:47 -04:00
Arpit Jalan
c54dc4a8d9 FIX: update RSS description for public/private posts 2016-03-21 18:45:16 +05:30
Arpit Jalan
34469e725b FEATURE: separate API endpoints for public and private posts 2016-03-21 18:21:15 +05:30
Régis Hanol
2a5b339be8 Merge pull request #4099 from xfalcox/add-to-homescreen-android
Better Add to Homescreen on Android
2016-03-21 10:23:08 +01:00
Rafael dos Santos Silva
c4da6ed88b Better Add to Homescreen on Android
Adds standalone screen, and top-bar color and background color on splash screen
2016-03-20 22:18:40 -04:00
Aryan Raj
c3507a3242 Fix: Added underscore to my_redirect regex 2016-03-20 13:00:56 +05:30
Arpit Jalan
a7eec3da5c FIX: blank search was broken 2016-03-18 23:38:45 +05:30
Arpit Jalan
bd83cf7f4c FEATURE: add group posts and mentions RSS 2016-03-18 22:29:10 +05:30
Robin Ward
5d4ee2ca1d FEATURE: Warn a user when they have few likes remaining 2016-03-18 11:30:29 -04:00
Robin Ward
1fba835d4f FIX: Use a logging table for daily likes given. Use it for badges. 2016-03-18 11:18:54 -04:00
Sam
50f7616d04 FIX: include pinned status in search results 2016-03-18 16:26:20 +11:00
Sam
84d234a98a Merge pull request #4076 from scossar/locale-from-header-setting
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00