Guo Xiang Tan
5c2e194d01
SECURITY: Users can pick non-avatar uploads.
...
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:38:25 +08:00
Guo Xiang Tan
899caf35ba
Revert "SECURITY: User could non-avatar uploads."
...
This reverts commit 89581fa301
.
2018-12-18 13:37:31 +08:00
Guo Xiang Tan
89581fa301
SECURITY: User could non-avatar uploads.
...
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:35:33 +08:00
Guo Xiang Tan
d7660dfe40
FIX: Enabling readonly mode should clear anon cache as well.
2018-12-18 11:56:25 +08:00
Sam Saffron
abbbcb2622
DEV: allow creating users with random passwords via rake
...
Use: `RANDOM_PASSWORD=1 bin/rake admin:create`
Handy in conjunction with dev mode /session/username/become.
2018-12-18 11:43:16 +08:00
Jeff Atwood
f67cc2a540
minor copyedit
2018-12-17 19:31:02 -08:00
Kris
2a518c88d0
Prevent bullet badge from shrinking/growing as flex item
2018-12-17 21:05:32 -05:00
Kris
7d7b6baab9
Topic-list category width restriction no longer needed
2018-12-17 21:01:04 -05:00
Vinoth Kannan
efcea148eb
DEV: Use destroy! method to raise error if any (#0d3c1cde)
2018-12-18 03:05:43 +05:30
Vinoth Kannan
ece44a44f8
UX: Change default date range of dashboard trending search report to a month
2018-12-18 03:00:30 +05:30
Gerhard Schlager
2bdbca3801
DEV: Remove unnecessary to_not raise_error
from specs
...
Follow-up to 01cdbd3a13
2018-12-17 16:10:10 +01:00
Bianca Nenciu
5bda4d26b4
FIX: Rescue errors in job. ( #6745 )
2018-12-17 15:28:57 +01:00
Bianca Nenciu
f0027961c7
FIX: Properly reset controller of admin-user-index. ( #6760 )
2018-12-17 15:28:29 +01:00
Bianca Nenciu
1023003eba
FIX: Strip remote url before import. ( #6762 )
2018-12-17 15:27:49 +01:00
Joffrey JAFFEUX
22cea9ce90
FIX: adusts select-kit position even if not expanded ( #6785 )
2018-12-17 12:29:51 +01:00
Joffrey JAFFEUX
6ee3900791
FIX: ensures nothing is triggering rendering loop in after render ( #6784 )
2018-12-17 12:15:03 +01:00
Gerhard Schlager
01cdbd3a13
FEATURE: Prohibit S3 bucket reusage
...
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
Gerhard Schlager
1a8ca68ea3
FEATURE: Improve backup stats on admin dashboard
...
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Maja Komel
040ddec63d
Fix avatar flair styles
2018-12-17 10:44:34 +01:00
Guo Xiang Tan
c0aae16f6b
FIX: Clear anon cache when disabling readonly mode.
...
`SiteSerializer#is_readonly` is cached for an anonymous user so we have
to clear the cache when disabling readonly mode. Otherwise, the site may
appear to be in readonly mode for an extended period of time.
2018-12-17 17:27:44 +08:00
Guo Xiang Tan
9e795b9d90
Follow up to 704a122656
.
2018-12-17 16:39:46 +08:00
Guo Xiang Tan
e75ad37aaf
FIX: Switch recently readonly mdoe cache to a DistributedCache
.
...
A per process cache is hard to reason about. During PostgreSQL
failovers. The site may bounce in and out of readonly mode depending on
which server and process that a request hits.
2018-12-17 13:28:36 +08:00
Guo Xiang Tan
704a122656
Remove Ruby warning due to assignment in conditional.
2018-12-17 13:08:12 +08:00
Saurabh Patel
ed1a309fe4
FIX: use new key for delete topic to make it lowercased as all other buttons label around it ( #6778 )
2018-12-17 10:55:19 +08:00
Gerhard Schlager
7e1f20b07f
FIX: Create CORS rule on S3 only before a backup upload
2018-12-17 00:15:37 +01:00
Joffrey JAFFEUX
d803dfc14a
FIX: makes more resilient select-kit positioning ( #6776 )
2018-12-15 16:23:23 +01:00
Kris
6213e020e6
Improving usercard badge alignment
2018-12-14 22:16:18 -05:00
Guo Xiang Tan
e9ea0102a5
FIX: Consistency about our response for invalid user id in Admin::UsersController
.
2018-12-15 08:01:35 +08:00
Neil Lalonde
ef0e84e3d9
FIX: clear the site_contact_username setting if the user's staff privileges are revoked
2018-12-14 16:52:44 -05:00
Vinoth Kannan
0d3c1cde90
FIX: Use find_by_id method to prevent record not found exception
2018-12-15 03:19:45 +05:30
David Taylor
430083019d
UX: Improve dashboard report title copy
...
Make capitalization consistent, and slightly improve clarity of two headings
2018-12-14 17:37:07 +00:00
Neil Lalonde
4ddaceda1a
Version bump to v2.2.0.beta6
2018-12-14 12:21:55 -05:00
Neil Lalonde
f1385cf72d
Version bump to v2.1.5
2018-12-14 12:20:44 -05:00
David Taylor
1960236822
FIX: Suspicious login detection ( #6772 )
2018-12-14 16:30:34 +00:00
David Taylor
77fe57f923
FEATURE: Rake task to list users which have been staff in the past month
2018-12-14 16:29:12 +00:00
David Taylor
62ec0f92ea
FIX: Only serialize group membership domains for administrators ( #6771 )
2018-12-14 15:49:05 +00:00
David Taylor
9f3e2a9e34
FIX: Only serialize group membership domains for administrators ( #6771 )
2018-12-14 15:47:00 +00:00
Penar Musaraj
a19f69590a
DEV: add "topic-list-before-relative-date" plugin outlet
2018-12-14 10:39:22 -05:00
Neil Lalonde
124ae46763
Update translations
2018-12-14 10:34:12 -05:00
Kris
2f70bd83a3
Increase contrast of pinned excerpt for dark themes
2018-12-14 10:04:44 -05:00
Kyle Zhao
b0c2e9bb05
minor changes to default script-src ( #6770 )
...
- add report-sample to force require a sample of the violating code
- do not whitelist GA/GTM's entire domain
2018-12-14 08:17:31 -05:00
Joffrey JAFFEUX
03014b0d05
FEATURE: adds security tab to dashboard ( #6768 )
...
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel
9f89aadd33
FIX: delete all posts in batches without hijack ( #6747 )
2018-12-14 11:04:18 +01:00
Guo Xiang Tan
05104600ea
FIX: Incorrect translation key on admin search logs.
2018-12-14 17:12:33 +08:00
Kris
6553744e50
Fixing topic status alignment in search
2018-12-13 21:49:43 -05:00
Kris
6cbcd58603
Lighten lazyload placeholder background
2018-12-13 15:38:33 -05:00
Joffrey JAFFEUX
afdd244486
UX: removes superfluous posters column header ( #6765 )
2018-12-13 21:29:00 +01:00
Kris
60189e8c92
Mobile alignment fixes
2018-12-13 15:26:52 -05:00
Joffrey JAFFEUX
bcf4a17751
FIX: apply original margin-bottom to fix position placeholder ( #6764 )
2018-12-13 18:21:12 +01:00
Joffrey JAFFEUX
5cb99d08ed
FIX: define actions on connector class early ( #6763 )
...
This would prevent failure with connectors templates defining actions as closures. In this case action existence is checked at compile time and not runtime.
2018-12-13 15:43:30 +01:00