Commit Graph

31835 Commits

Author SHA1 Message Date
Guo Xiang Tan
5c2e194d01 SECURITY: Users can pick non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:38:25 +08:00
Guo Xiang Tan
899caf35ba Revert "SECURITY: User could non-avatar uploads."
This reverts commit 89581fa301.
2018-12-18 13:37:31 +08:00
Guo Xiang Tan
89581fa301 SECURITY: User could non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:35:33 +08:00
Guo Xiang Tan
d7660dfe40 FIX: Enabling readonly mode should clear anon cache as well. 2018-12-18 11:56:25 +08:00
Sam Saffron
abbbcb2622 DEV: allow creating users with random passwords via rake
Use: `RANDOM_PASSWORD=1 bin/rake admin:create`

Handy in conjunction with dev mode /session/username/become.
2018-12-18 11:43:16 +08:00
Jeff Atwood
f67cc2a540 minor copyedit 2018-12-17 19:31:02 -08:00
Kris
2a518c88d0 Prevent bullet badge from shrinking/growing as flex item 2018-12-17 21:05:32 -05:00
Kris
7d7b6baab9 Topic-list category width restriction no longer needed 2018-12-17 21:01:04 -05:00
Vinoth Kannan
efcea148eb DEV: Use destroy! method to raise error if any (#0d3c1cde) 2018-12-18 03:05:43 +05:30
Vinoth Kannan
ece44a44f8 UX: Change default date range of dashboard trending search report to a month 2018-12-18 03:00:30 +05:30
Gerhard Schlager
2bdbca3801 DEV: Remove unnecessary to_not raise_error from specs
Follow-up to 01cdbd3a13
2018-12-17 16:10:10 +01:00
Bianca Nenciu
5bda4d26b4 FIX: Rescue errors in job. (#6745) 2018-12-17 15:28:57 +01:00
Bianca Nenciu
f0027961c7 FIX: Properly reset controller of admin-user-index. (#6760) 2018-12-17 15:28:29 +01:00
Bianca Nenciu
1023003eba FIX: Strip remote url before import. (#6762) 2018-12-17 15:27:49 +01:00
Joffrey JAFFEUX
22cea9ce90
FIX: adusts select-kit position even if not expanded (#6785) 2018-12-17 12:29:51 +01:00
Joffrey JAFFEUX
6ee3900791
FIX: ensures nothing is triggering rendering loop in after render (#6784) 2018-12-17 12:15:03 +01:00
Gerhard Schlager
01cdbd3a13 FEATURE: Prohibit S3 bucket reusage
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
Gerhard Schlager
1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Maja Komel
040ddec63d Fix avatar flair styles 2018-12-17 10:44:34 +01:00
Guo Xiang Tan
c0aae16f6b FIX: Clear anon cache when disabling readonly mode.
`SiteSerializer#is_readonly` is cached for an anonymous user so we have
to clear the cache when disabling readonly mode. Otherwise, the site may
appear to be in readonly mode for an extended period of time.
2018-12-17 17:27:44 +08:00
Guo Xiang Tan
9e795b9d90 Follow up to 704a122656. 2018-12-17 16:39:46 +08:00
Guo Xiang Tan
e75ad37aaf FIX: Switch recently readonly mdoe cache to a DistributedCache.
A per process cache is hard to reason about. During PostgreSQL
failovers. The site may bounce in and out of readonly mode depending on
which server and process that a request hits.
2018-12-17 13:28:36 +08:00
Guo Xiang Tan
704a122656 Remove Ruby warning due to assignment in conditional. 2018-12-17 13:08:12 +08:00
Saurabh Patel
ed1a309fe4 FIX: use new key for delete topic to make it lowercased as all other buttons label around it (#6778) 2018-12-17 10:55:19 +08:00
Gerhard Schlager
7e1f20b07f FIX: Create CORS rule on S3 only before a backup upload 2018-12-17 00:15:37 +01:00
Joffrey JAFFEUX
d803dfc14a
FIX: makes more resilient select-kit positioning (#6776) 2018-12-15 16:23:23 +01:00
Kris
6213e020e6 Improving usercard badge alignment 2018-12-14 22:16:18 -05:00
Guo Xiang Tan
e9ea0102a5 FIX: Consistency about our response for invalid user id in Admin::UsersController. 2018-12-15 08:01:35 +08:00
Neil Lalonde
ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
Vinoth Kannan
0d3c1cde90 FIX: Use find_by_id method to prevent record not found exception 2018-12-15 03:19:45 +05:30
David Taylor
430083019d UX: Improve dashboard report title copy
Make capitalization consistent, and slightly improve clarity of two headings
2018-12-14 17:37:07 +00:00
Neil Lalonde
4ddaceda1a Version bump to v2.2.0.beta6 2018-12-14 12:21:55 -05:00
Neil Lalonde
f1385cf72d Version bump to v2.1.5 2018-12-14 12:20:44 -05:00
David Taylor
1960236822
FIX: Suspicious login detection (#6772) 2018-12-14 16:30:34 +00:00
David Taylor
77fe57f923 FEATURE: Rake task to list users which have been staff in the past month 2018-12-14 16:29:12 +00:00
David Taylor
62ec0f92ea FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:49:05 +00:00
David Taylor
9f3e2a9e34
FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:47:00 +00:00
Penar Musaraj
a19f69590a DEV: add "topic-list-before-relative-date" plugin outlet 2018-12-14 10:39:22 -05:00
Neil Lalonde
124ae46763 Update translations 2018-12-14 10:34:12 -05:00
Kris
2f70bd83a3 Increase contrast of pinned excerpt for dark themes 2018-12-14 10:04:44 -05:00
Kyle Zhao
b0c2e9bb05
minor changes to default script-src (#6770)
- add report-sample to force require a sample of the violating code
- do not whitelist GA/GTM's entire domain
2018-12-14 08:17:31 -05:00
Joffrey JAFFEUX
03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel
9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Guo Xiang Tan
05104600ea FIX: Incorrect translation key on admin search logs. 2018-12-14 17:12:33 +08:00
Kris
6553744e50 Fixing topic status alignment in search 2018-12-13 21:49:43 -05:00
Kris
6cbcd58603 Lighten lazyload placeholder background 2018-12-13 15:38:33 -05:00
Joffrey JAFFEUX
afdd244486
UX: removes superfluous posters column header (#6765) 2018-12-13 21:29:00 +01:00
Kris
60189e8c92 Mobile alignment fixes 2018-12-13 15:26:52 -05:00
Joffrey JAFFEUX
bcf4a17751
FIX: apply original margin-bottom to fix position placeholder (#6764) 2018-12-13 18:21:12 +01:00
Joffrey JAFFEUX
5cb99d08ed
FIX: define actions on connector class early (#6763)
This would prevent failure with connectors templates defining actions as closures. In this case action existence is checked at compile time and not runtime.
2018-12-13 15:43:30 +01:00