Commit Graph

51432 Commits

Author SHA1 Message Date
David Taylor
8c01947c45
DEV: Remove USE_EMBROIDER flag (#23971)
Embroider has been the default since b72ed3cb38. This commit removes the ability to set `USE_EMBROIDER=0` and go back to the classic build.
2023-10-19 10:38:25 +01:00
Martin Brennan
9ef3a18ce4
DEV: Add new experimental admin UI route and sidebar (#23952)
This commit adds a new admin UI under the route `/admin-revamp`, which is
only accessible if the user is in a group defined by the new `enable_experimental_admin_ui_groups` site setting. It
also adds a special `admin` sidebar panel that is shown instead of the `main`
forum one when the admin is in this area.

![image](https://github.com/discourse/discourse/assets/920448/fa0f25e1-e178-4d94-aa5f-472fd3efd787)

We also add an "Admin Revamp" sidebar link to the community section, which
will only appear if the user is in the setting group:

![image](https://github.com/discourse/discourse/assets/920448/ec05ca8b-5a54-442b-ba89-6af35695c104)

Within this there are subroutes defined like `/admin-revamp/config/:area`,
these areas could contain any UI imaginable, this is just laying down an
initial idea of the structure and how the sidebar will work. Sidebar links are
currently hardcoded.

Some other changes:

* Changed the `main` and `chat` panels sidebar panel keys to use exported const values for reuse
* Allowed custom sidebar sections to hide their headers with the `hideSectionHeader` option
* Add a `groupSettingArray` setting on `this.siteSettings` in JS, which accepts a group site setting name
  and splits it by `|` then converts the items in the array to integers, similar to the `_map` magic for ruby
  group site settings
* Adds a `hidden` option for sidebar panels which prevents them from showing in separated mode and prevents
  the switch button from being shown

---------

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
2023-10-19 14:23:41 +10:00
Ted Johansson
47b2667099
DEV: Remove deprecated UrlHelper#escape_uri helper (#24002)
The UrlHelper#escape_uri helper has been deprecated and replaced by UrlHelper#normalized_encode, and was marked for removal in 3.0. This PR removes the method.
2023-10-19 10:37:14 +08:00
Alan Guo Xiang Tan
b4eb078b0e
FIX: Preserve preview_theme_id param on topic redirects (#23965)
Why this change?

When the URL `/t/1234?preview_theme_id=21` is loaded, we redirect to
`/t/<topic slug>/1234` stripping the `preview_theme_id` query params.

What does this change do?

This change builds on 61248652cd and
simply adds the `preview_theme_id` query param when redirecting.
2023-10-19 09:32:56 +08:00
Martin Brennan
788651467b
DEV: Flaky fixes for Email::Sender spec (#24000) 2023-10-19 00:21:24 +00:00
Martin Brennan
5dc45b5dcf
FIX: Secure upload post processing race condition (#23968)
* FIX: Secure upload post processing race condition

This commit fixes a couple of issues.

A little background -- when uploads are created in the composer
for posts, regardless of whether the upload will eventually be
marked secure or not, if secure_uploads is enabled we always mark
the upload secure at first. This is so the upload is by default
protected, regardless of post type (regular or PM) or category.

This was causing issues in some rare occasions though because
of the order of operations of our post creation and processing
pipeline. When creating a post, we enqueue a sidekiq job to
post-process the post which does various things including
converting images to lightboxes. We were also enqueuing a job
to update the secure status for all uploads in that post.

Sometimes the secure status job would run before the post process
job, marking uploads as _not secure_ in the background and changing
their ACL before the post processor ran, which meant the users
would see a broken image in their posts. This commit fixes that issue
by always running the upload security changes inline _within_ the
cooked_post_processor job.

The other issue was that the lightbox wrapper link for images in
the post would end up with a URL like this:

```
href="/secure-uploads/original/2X/4/4e1f00a40b6c952198bbdacae383ba77932fc542.jpeg"
```

Since we weren't actually using the `upload.url` to pass to
`UrlHelper.cook_url` here, we weren't converting this href to the CDN
URL if the post was not in a secure context (the UrlHelper does not
know how to convert a secure-uploads URL to a CDN one). Now we
always end up with the correct lightbox href. This was less of an issue
than the other one, since the secure-uploads URL works even when the
upload has become non-secure, but it was a good inconsistency to fix
anyway.
2023-10-18 23:48:01 +00:00
Penar Musaraj
6837888b8b
UX: Update highlight.js styles (#23999) 2023-10-18 19:07:39 -04:00
Jarek Radosz
16d16c8969
DEV: Precompile the transpiler before themes:update (#23997) 2023-10-19 01:00:23 +02:00
Jarek Radosz
75c9635d8b
DEV: Remove the transpilation message (#23998) 2023-10-19 01:00:15 +02:00
Ella E
bec53210e8
DEV: remove unused root max width in wizard (#23996) 2023-10-18 16:25:04 -06:00
dependabot[bot]
d5b18bcbbf
Build(deps): Bump sass-embedded from 1.69.3 to 1.69.4 (#23993)
Bumps [sass-embedded](https://github.com/ntkme/sass-embedded-host-ruby) from 1.69.3 to 1.69.4.
- [Commits](https://github.com/ntkme/sass-embedded-host-ruby/compare/v1.69.3...v1.69.4)

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 00:22:45 +02:00
dependabot[bot]
67594f8d74
Build(deps-dev): Bump the types group (#23994)
Bumps the types group in /app/assets/javascripts with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [@types/ember](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember) | `4.0.7` | `4.0.8` |
| [@types/ember__application](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__application) | `4.0.8` | `4.0.9` |
| [@types/ember__array](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__array) | `4.0.6` | `4.0.7` |
| [@types/ember__component](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__component) | `4.0.18` | `4.0.19` |
| [@types/ember__engine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__engine) | `4.0.7` | `4.0.8` |
| [@types/ember__object](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__object) | `4.0.8` | `4.0.9` |
| [@types/ember__routing](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__routing) | `4.0.16` | `4.0.17` |
| [@types/ember__runloop](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__runloop) | `4.0.6` | `4.0.7` |
| [@types/ember__test](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/ember__test) | `4.0.3` | `4.0.4` |
| [@types/jquery](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jquery) | `3.5.23` | `3.5.24` |
| [@types/qunit](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/qunit) | `2.19.6` | `2.19.7` |
| [@types/rsvp](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/rsvp) | `4.0.5` | `4.0.6` |


Updates `@types/ember` from 4.0.7 to 4.0.8
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember)

Updates `@types/ember__application` from 4.0.8 to 4.0.9
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__application)

Updates `@types/ember__array` from 4.0.6 to 4.0.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__array)

Updates `@types/ember__component` from 4.0.18 to 4.0.19
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__component)

Updates `@types/ember__engine` from 4.0.7 to 4.0.8
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__engine)

Updates `@types/ember__object` from 4.0.8 to 4.0.9
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__object)

Updates `@types/ember__routing` from 4.0.16 to 4.0.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Changelog](https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/ember__routing/history-location.d.ts)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__routing)

Updates `@types/ember__runloop` from 4.0.6 to 4.0.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__runloop)

Updates `@types/ember__test` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/ember__test)

Updates `@types/jquery` from 3.5.23 to 3.5.24
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jquery)

Updates `@types/qunit` from 2.19.6 to 2.19.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/qunit)

Updates `@types/rsvp` from 4.0.5 to 4.0.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/rsvp)

---
updated-dependencies:
- dependency-name: "@types/ember"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__application"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__array"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__component"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__engine"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__object"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__routing"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__runloop"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/ember__test"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/jquery"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/qunit"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
- dependency-name: "@types/rsvp"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: types
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 00:22:30 +02:00
dependabot[bot]
9b22b7fd92
Build(deps): Bump thor from 1.2.2 to 1.3.0 (#23991)
Bumps [thor](https://github.com/rails/thor) from 1.2.2 to 1.3.0.
- [Release notes](https://github.com/rails/thor/releases)
- [Commits](https://github.com/rails/thor/compare/v1.2.2...v1.3.0)

---
updated-dependencies:
- dependency-name: thor
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 00:10:40 +02:00
Jarek Radosz
dca23d3a53
DEV: Group @types/* updates (#23992) 2023-10-19 00:01:16 +02:00
Ella E
7af291b40d
UX: Wizard static confetti (#23973)
* UX: add static confetti bacgkround image on wizard steps

* DEV: slow down speed animation for confetti

* DEV: compress image file size

* UX: use an image that has transparent background

* DEV: use correct image file name
2023-10-18 15:19:00 -06:00
Penar Musaraj
a125c9e63e
UX: Minor fixes to passkey handling (#23947)
- don't try to guess the name of the manager (too many options)
- improve error message when registration is not allowed
- output error in console when registration fails
- minor fix to rename dialog layout
- hides action buttons in DiscourseHub (because adding passkeys there is not possible)
- adds acceptance test to ensure action buttons are hidden for admins seeing another user's profile
2023-10-18 11:46:51 -04:00
Mark VanLandingham
585bb0df27
DEV: Add class name of action type for flag-action-type container (#23972) 2023-10-18 10:18:52 -05:00
Kris
31797ebc40
UX: improve handling of long theme names in admin (#23963) 2023-10-18 09:41:21 -04:00
David Taylor
3690fe59cc
DEV: Deprecate api.registerConnectorClass (#23721)
This API came from a time when themes had to define JS and templates inside `<script>` tags. Nowadays, it's rarely used, and much better patterns are available for registering connectors.
2023-10-18 13:01:46 +01:00
dependabot[bot]
c3bde99cd0
Build(deps): Bump ember-template-imports from 3.4.2 to 4.0.0 in /app/assets/javascripts (#23970)
* Build(deps): Bump ember-template-imports in /app/assets/javascripts

Bumps [ember-template-imports](https://github.com/ember-template-imports/ember-template-imports) from 3.4.2 to 4.0.0.
- [Release notes](https://github.com/ember-template-imports/ember-template-imports/releases)
- [Changelog](https://github.com/ember-template-imports/ember-template-imports/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ember-template-imports/ember-template-imports/compare/v3.4.2...v4.0.0)

---
updated-dependencies:
- dependency-name: ember-template-imports
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Remove legacy decorators from gjs file

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2023-10-18 12:42:26 +01:00
David Taylor
25ddbd1aa6
DEV: Convert remaining core services to native class syntax (#23756) 2023-10-18 12:28:56 +01:00
David Taylor
93c67eeb4f
DEV: Consolidate and update jsconfig, and add types packages (#23824)
These updates significantly improve IDE tooling for imports across the Discourse core codebase, and also for framework packages. The `@types/ember-*` packages are a temporary solution until we get onto Ember 5, which ships its types in the main package.

The previous approach of having jsconfig files in each package directory did work, but once you start adding all the possible interlinks between them, we hit the file count limit of VSCode's tooling (because it counts every file for every jsconfig its referenced in). Having one file at the root means that a single file can apply to all core packages and plugins.

Long-term, to get the same functionality for all themes/plugins, we may need to look at building/publishing a Discourse types package which can be added to theme/plugin package.json files for development purposes.
2023-10-18 12:13:20 +01:00
Godfrey Chan
c34f8b65cb
DEV: Rename I18n imports to discourse-i18n (#23915)
As of #23867 this is now a real package, so updating the imports to
use the real package name, rather than relying on the alias. The
name change in the package name is because `I18n` is not a valid
name as NPM packages must be all lowercase.

This commit also introduces an eslint rule to prevent importing from
the old I18n path.

For themes/plugins, the old 'i18n' name remains functional.
2023-10-18 11:07:09 +01:00
dependabot[bot]
0a6dfee0b9
Build(deps): Bump ember-this-fallback from 0.3.1 to 0.4.0 in /app/assets/javascripts (#23959)
* Build(deps): Bump ember-this-fallback in /app/assets/javascripts

Bumps [ember-this-fallback](https://github.com/tildeio/ember-this-fallback) from 0.3.1 to 0.4.0.
- [Release notes](https://github.com/tildeio/ember-this-fallback/releases)
- [Changelog](https://github.com/tildeio/ember-this-fallback/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tildeio/ember-this-fallback/commits)

---
updated-dependencies:
- dependency-name: ember-this-fallback
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Remove stale patch

* Update patch filenames

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2023-10-18 10:56:35 +01:00
Alan Guo Xiang Tan
3c26df78ea
UX: Fix deselect text location in edit sidebar category/tag modal (#23966)
Why this change?

In 38d3208027, the position of the
`headerBelowTitle` outlet was changed causing the deselect text in the
edit sidebar catgegory/tag modals to appear inline with the title which
we do not want.

What does this change do?

This change introduces the `belowModalTitle` outlet in `DModal` which is
where the `headerBelowTitle` outlet was located before it was changed.
2023-10-18 11:33:35 +08:00
Krzysztof Kotlarek
8c355d9e99
FIX: log for CleanUpTags job (#23964)
In previous [PR](https://github.com/discourse/discourse/pull/23864) we introduced setting to automatically delete unused tags. This action should be logged.
2023-10-18 03:24:14 +00:00
Martin Brennan
e91d8feab3
Revert "FEATURE: Count only approved flagged posts in user pages (#22799)" (#23962)
This reverts commit 5f0bc4557f.

Through extensive internal discussion we have decided to revert
this change, as it significantly impacted moderation flow for
some Discourse site moderators, especially around "something else"
flags. We need to re-approach how flags are counted holistically,
so to that end this change is being reverted.
2023-10-18 11:38:17 +10:00
dependabot[bot]
30778e5fa4
Build(deps-dev): Bump sass in /app/assets/javascripts (#23960)
Bumps [sass](https://github.com/sass/dart-sass) from 1.69.3 to 1.69.4.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.69.3...1.69.4)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-18 02:48:43 +02:00
Krzysztof Kotlarek
4773f5d720
FEATURE: predefined simple list for admin setting (#23953)
Some admin settings are multiple list with predefined values. In that case, we should not allow to input any value which later will fail validation.
2023-10-18 00:25:32 +00:00
Bianca Nenciu
bf97899029
DEV: Limit preloaded categories (#23958)
Site data is preloaded on the first page load, which includes categories
data. For sites with many categories, site data takes a long time to
serialize and to transfer.

In the future, preloaded category data will be completely removed.
2023-10-17 22:04:56 +03:00
Bianca Nenciu
2e68ead45b
FEATURE: Use async search for category dropdowns (#23774)
This commit introduces a new endpoint to search categories and uses it
instead of the categories map that is preloaded using SiteSerializer.

This feature is enabled only when the hidden site setting
lazy_load_categories is enabled and should be used only on sites with
many categories.
2023-10-17 19:46:54 +03:00
Blake Erickson
60ae69027c
DEV: Add category style deprecation check warning (#23951)
The category style site setting is being deprecated. This commit will
show a warning on the admin dashboard if a site isn't using the default
category style (bullet).
2023-10-17 10:40:31 -06:00
Bianca Nenciu
c95ffb98ef
DEV: Serialize categories in topic lists (#23597)
At this moment, this feature is under a site setting named
lazy_load_categories.

In the future, categories will no longer be preloaded through site data.
This commit add information about categories in topic list and ensures
that data is used to display topic list items.

Parent categories are serialized too because they are necessary to
render {{category-link}}.
2023-10-17 19:06:01 +03:00
Discourse Translator Bot
5e6c63901f
Update translations (#23955) 2023-10-17 10:57:06 -04:00
Penar Musaraj
87a635ed32
UX: Fix icon color for video placeholder (#23957)
Also adds a small effect on hover.
2023-10-17 10:25:57 -04:00
Godfrey Chan
6036001667
DEV: stop relying on global jQuery, import "jquery" instead (#23924)
We'll probably have to keep the globals around for compatibility, but we should always import it ourselves. We'll followup with an updated eslint config to enforce this.
2023-10-17 13:56:59 +01:00
dependabot[bot]
070f4e318b
Build(deps): Bump @babel/traverse from 7.23.0 to 7.23.2 (#23949)
Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.23.0 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-17 13:43:12 +02:00
Martin Brennan
3cde7f125d
DEV: Remove hashtag autocomplete experimental setting (#23954)
Everything relying on this was removed in
09223e5ae7
2023-10-17 15:05:58 +10:00
Martin Brennan
61c87fb59f
FIX: Properly attach secure images to email for non-secure uploads (#23865)
There are cases where a user can copy image markdown from a public
post (such as via the discourse-templates plugin) into a PM which
is then sent via an email. Since a PM is a secure context (via the
.with_secure_uploads? check on Post), the image will get a secure
URL in the PM post even though the backing upload is not secure.

This fixes the bug in that case where the image would be stripped
from the email (since it had a /secure-uploads/ URL) but not re-attached
further down the line using the secure_uploads_allow_embed_images_in_emails
setting because the upload itself was not secure.

The flow in Email::Sender for doing this is still not ideal, but
there are chicken and egg problems around when to strip the images,
how to fit in with other attachments and email size limits, and
when to apply the images inline via Email::Styles. It's convoluted,
but at least this fixes the Template use case for now.
2023-10-17 14:08:21 +10:00
Krzysztof Kotlarek
09eca87c76
FIX: synonym tags are not considered as unused (#23950)
Currently, `Tag.unused` scope is used to delete unused tags on `/tags` and by CleanUpTags job. Synonym tags, should not be included and treated as unused. Synonyms are only deleted when main tag is deleted:

https://github.com/discourse/discourse/blob/main/app/models/tag.rb#L57
2023-10-16 23:53:02 +00:00
dependabot[bot]
ee9aa02ab3
Build(deps): Bump terser in /app/assets/javascripts (#23948)
Bumps [terser](https://github.com/terser/terser) from 5.21.0 to 5.22.0.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/terser/terser/compare/v5.21.0...v5.22.0)

---
updated-dependencies:
- dependency-name: terser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-16 23:45:02 +02:00
Jeff Wong
d208396c5c
UX: improve touch, swipe, panning performance on mobile menus (#23775)
PERF: improve touch, swipe, panning performance on mobile menus
---

* stop event propagation on swipe events: other touch events were stealing a huge amount of time here. Stop event
propagation when handling pan events.
* animate with [web animations api](https://developer.mozilla.org/en-US/docs/Web/API/Web_Animations_API/Using_the_Web_Animations_API)
* prefer translate3d to hint for gpu rendering.
* query document for elements only on start move event, not on subsequent move
events
* remove unused calculations for directioned velocity and distance: all swipe/pan elements function in x/y direction only.
* re-implement scroll locking behavior.

re-implemented scroll lock behavior
---

With stop event propagation, we need to re-implement scroll locking on menu swipes.
Previously, this was using onTouchMove which was costly.

We may now use styling with overflow-y:hidden to lock scroll behavior.

overflow:hidden on html/body elements is now supported by iOS as of 2022
https://bugs.webkit.org/show_bug.cgi?id=153852
https://bugs.webkit.org/show_bug.cgi?id=220908

UX: improve swipe
---

Some improvements to get gestures and swipes feeling a little more polished.

This focuses on end gesture, and how we transfer it to a css animation to
complete a menu open/close action.

Multitouch: events may pan, scroll, and zoom - especially on iOS safari.
Cancelling the swipe event allows for a more pleasant zooming experience.

* ease-out on menus opening, linear on close
* calculate animation duration for opening and closing,
attempt to better transfer user swipe velocity to css animation.
* more timely close/open and cleanup from calculated animation timing.
* add animation to closing menus on cloak tap
* correctly animate menus with ease-in and ease-out
* add swipe cancel event on multitouch event

DEV
---

* lean on promises

js animations api gives us promises to listen to. Update test waiters
to use waitForPromise from @ember/test-waiters instead of reigster/unregister.

* convert swipe mixin to its own class.

Convert swipe callbacks to custom events on the element.
Move shared functions for max animation time and close logic to
new shared class.

swipe-events lib uses custom events to trigger callbacks, rather than assuming
implemented hard coded function from the mixin's base class. Custom events are
triggered from the bound element as swipestart, swipeend, swipe

Add shared convenience functions for swipe events so they can be more easily
shared.

A client receives an initial swipe event and can check some state to see if it
wants to handle the swipe event and if it doesn't, calling
`event.preventDefault();` will prevent `swipe` and `swipeend` events from firing
until another distinct swipestart event is fired. Swipe events will auto-cancel on multitouch.

The scroll lock has also exposed as its own utility class.
2023-10-16 11:27:00 -07:00
Joffrey JAFFEUX
d1ef6ab99f
FIX: do not serialize status when profile is hidden (#23946)
Users can decide to hide their profile and presence. It seems more correct to also not return the status in this case.

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-10-16 17:43:39 +02:00
Penar Musaraj
1400d4a8fd
Bump version to v3.2.0.beta3-dev 2023-10-16 11:20:22 -04:00
Penar Musaraj
be04154838
Bump version to v3.2.0.beta2 2023-10-16 11:20:20 -04:00
Penar Musaraj
13afad70a5
DEV: Lint admin-email-preview-test.js 2023-10-16 10:46:02 -04:00
Alan Guo Xiang Tan
cbbe3a808b
SECURITY: Add a default limit as to when logs should be truncated
Why this change?

This ensures that malicious requests cannot end up causing the logs to
quickly fill up. The default chosen is sufficient for most legitimate
requests to the Discourse application.

When truncation happens, parsing of logs in supported format like
lograge may break down.
2023-10-16 10:34:38 -04:00
Kelvin Tan
ee084b754e
SECURITY: Prevent unauthorized access to grouped poll results
This adds access controls for the `/polls/grouped_poll_results`
endpoint, such that only users with appropriate permissions can read
the grouped results of a given poll.
2023-10-16 10:34:37 -04:00
Alan Guo Xiang Tan
4cb7472376
SECURITY: Prevent arbitrary topic custom fields from being set
Why this change?

The `PostsController#create` action allows arbitrary topic custom fields
to be set by any user that can create a topic. Without any restrictions,
this opens us up to potential security issues where plugins may be using
topic custom fields in security sensitive areas.

What does this change do?

1. This change introduces the `register_editable_topic_custom_field` plugin
API which allows plugins to register topic custom fields that are
editable either by staff users only or all users. The registered
editable topic custom fields are stored in `DiscoursePluginRegistry` and
is called by a new method `Topic#editable_custom_fields` which is then
used in the `PostsController#create` controller action. When an unpermitted custom fields is present in the `meta_data` params,
a 400 response code is returned.

2. Removes all reference to `meta_data` on a topic as it is confusing
   since we actually mean topic custom fields instead.
2023-10-16 10:34:35 -04:00
David Taylor
0ed20fe1cd
SECURITY: Correctly escape 'text' email preview 2023-10-16 10:34:34 -04:00