github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-16 22:43:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
21,865 Commits 214 Branches 500 Tags 960 MiB
8c5e13afd6
Commit Graph

1888 Commits

Author SHA1 Message Date
Guo Xiang Tan
8c5e13afd6 SECURITY: Only allow users to resend activation email with a valid session. 
* Improve error when an active user tries to request for an activation email.
 2017-03-13 20:57:17 +08:00
Guo Xiang Tan
395f43d92f FIX: Don't mark user as active if verified email is different. 2017-03-13 20:57:02 +08:00
Sam
1d3f04d4bb SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:48 -05:00
Régis Hanol
f49c9f6c43 FIX: log backups download/destroy staff action 
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
 2017-01-16 19:58:04 +01:00
Guo Xiang Tan
515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Arpit Jalan
e793caf3e3 FIX: only allow CSV file to be uploaded for bulk invite 2017-01-11 16:26:01 +05:30
Guo Xiang Tan
d6bf5b0e78 Use any orientation for web app manifest. 2017-01-11 17:32:24 +08:00
Guo Xiang Tan
cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Neil Lalonde
fc0a0a76a4 Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user 2017-01-10 17:25:36 -05:00
Guo Xiang Tan
68300f515c FIX: Return 404 if id is not valid. 2017-01-06 10:39:44 +08:00
Neil Lalonde
685e6bdbab FIX: tags canonical url can raise error or be wrong 2017-01-05 15:17:23 -05:00
Claas Augner
bec10ada2a
Remove unused email templates from controller 2017-01-05 15:31:14 +01:00
Guo Xiang Tan
5098baee2f FIX: Undefined variable. 2017-01-04 17:37:23 +08:00
Guo Xiang Tan
43671b1fda UX: Display group fullname in mention autocomplete. 2017-01-04 11:40:14 +08:00
Rafael dos Santos Silva
d3fb724578 Merge pull request #4632 from xfalcox/native-app-banner 
FEATURE: Opt-in native Discourse app install banner
 2017-01-03 16:32:24 -02:00
Rafael dos Santos Silva
d7c8c2d5e3 FEATURE: Opt-in native Discourse app install banner on Android/iOS 2017-01-03 15:50:45 -02:00
Guo Xiang Tan
ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Guo Xiang Tan
5aee2673c7 FIX: Push null fields to last when sorting group members. 2016-12-22 14:55:24 +08:00
Guo Xiang Tan
5605700fa9 UX: Sort groups by name. 2016-12-22 14:46:20 +08:00
Guo Xiang Tan
8551d821a0 FEATURE: Add site setting to disable group directory. 2016-12-22 14:14:22 +08:00
Guo Xiang Tan
5e75d5c1bf PERF: N+1 query on groups page. 2016-12-21 20:59:09 +08:00
Guo Xiang Tan
5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Guo Xiang Tan
9db5d5b6a7 FIX: Incorrect serializer for groups page. 2016-12-20 15:44:22 +08:00
Guo Xiang Tan
7c7c233c1c FIX: Can't update Groups#allow_membership_requests in admin. 2016-12-20 15:14:35 +08:00
Guo Xiang Tan
502e114c60 FIX: Incorrect count when loading more groups. 2016-12-20 14:39:44 +08:00
Guo Xiang Tan
193f8301a4 FIX: Do not show automatic groups to normal users. 2016-12-20 14:26:49 +08:00
Régis Hanol
52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links 
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
 2016-12-20 00:31:10 +01:00
Sam
2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki 
FEATURE: Category setting to make all topics wikis
 2016-12-20 09:15:51 +11:00
Neil Lalonde
923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Joe Buhlig
87251fded7 FEATURE: Category setting to make all topics wikis 
FEATURE: Category setting to make all topics wikis
 2016-12-19 06:42:18 -06:00
Guo Xiang Tan
18c8323987 FIX: Incorrect path for redirect. 2016-12-19 18:12:15 +08:00
Sam
e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Sam
dd383300b1 FEATURE: rate limit by login on password reset 2016-12-19 11:03:07 +11:00
Sam
15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Sam
61eb134181 FEATURE: setting to allow arbitrary redirects from sso origin 
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
 2016-12-16 13:37:44 +11:00
Sam
6ff309aa80 SECURITY: don't grant same privileges to user_api and api access 
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
 2016-12-16 12:05:43 +11:00
Sam
98f4a2adcb FIX: on 404 from brotli asset path return a correctly encoded doc 
old implementation would cache the 404 for 1 year with incorrect encoding

hilarity would ensue
 2016-12-15 16:05:20 +11:00
Guo Xiang Tan
4b940dc8bd FEATURE: Add groups page. 2016-12-14 17:27:47 +08:00
Robin Ward
03bc6f70f9 Better error messages when embedding fails 2016-12-13 14:38:05 -05:00
Guo Xiang Tan
2686ee5ab2 FIX: Admin can't add/remove public group users. 2016-12-13 16:39:44 +08:00
Guo Xiang Tan
43ee9f884e FEATURE: Add Group#full_name. 2016-12-13 16:16:26 +08:00
Guo Xiang Tan
7bfabb029b UX: Move editing group from into an individual tab. 2016-12-13 15:15:20 +08:00
Guo Xiang Tan
da7009a968 FEATURE: Add request membership button for allowed groups. 2016-12-12 22:48:08 +08:00
Guo Xiang Tan
9a800107cb FIX: Associate category logo and background to uploads record. 2016-12-12 17:37:28 +08:00
Guo Xiang Tan
05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Guo Xiang Tan
790f1ef9f3 FIX: Permit missing params. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
be5b5f6bea FEATURE: Public groups. 2016-12-12 17:00:30 +08:00
Guo Xiang Tan
b9b4b0c175 FIX: Members should be ordered by username. 2016-12-08 14:27:38 +08:00
Guo Xiang Tan
a2da2971af FEATURE: Allow columns on group members page to be sortable. 2016-12-08 10:49:12 +08:00
Robin Ward
d379f57c58 FIX: Show an error page if finish-installation can't run 2016-12-07 11:10:08 -05:00