Robin Ward
f5e0cf63f6
SECURITY: The SSO return_path
was an open redirect
...
This security fix needs SSO to be configured, and the user has to go
through the entire auth process before being redirected to the wrong host so
it is probably lower priority for most installs.
2015-01-22 12:33:07 -05:00
Neil Lalonde
6e0152ab94
Version bump to v1.1.1
2014-11-18 15:57:50 -05:00
Régis Hanol
9c1341b554
FIX: limit the number of group members returned for automatic groups
2014-11-18 12:13:45 +01:00
Régis Hanol
f18d30f1d7
FIX: don't limit the number of group members returned to the front-end (UI needs some work for large groups)
2014-11-18 12:09:37 +01:00
Jeff Atwood
75b5b27f78
we don't need this /popular redirect any more
2014-11-17 16:40:23 -08:00
Régis Hanol
7bb9a839e5
fix the build (again)
2014-11-17 16:06:43 +01:00
Régis Hanol
dd9c475ea0
FIX: changing category within edit grace period as TL3 pops up an error
2014-11-17 15:57:45 +01:00
Régis Hanol
7641d88224
FEATURE: new 'maximum new user accounts per registration IP' site setting
2014-11-17 12:04:29 +01:00
Sam
c7bc692f40
PERF: stop querying banner topic on every page hit
2014-11-14 15:39:17 +11:00
Sam
4fc3834dd6
FEATURE: allow inline disposition on uploads
...
when linking an upload allow ?inline=1 to display upload inline
2014-11-13 08:50:55 +11:00
Régis Hanol
a036ac7bdc
FIX: users can see the raw email source of their own posts
2014-11-12 14:49:42 +01:00
Régis Hanol
ec76be964e
UX: better footer handling
2014-11-10 21:51:55 +01:00
riking
d7a4e39e1d
FEATURE: ?include_raw parameter for /t/id/posts.json
...
include_raw is not added for the wordpress view because it uses the
BasicPostSerializer, and is not a one-line change.
This is the only use of the TopicViewPostsSerializer class, and the
previous change covered the only use of the TopicViewSerializer class.
No other locations include the PostStreamSerializerMixin. Therefore,
this feature is most likely complete.
2014-11-07 07:28:07 -08:00
Neil Lalonde
361aca1156
merge master
2014-11-06 15:26:38 -05:00
Régis Hanol
bb2d538194
FEATURE: log impersonations
2014-11-06 10:58:47 +01:00
Robin Ward
fde5e739c9
Work in progress (up till about?)
2014-11-05 12:39:25 -05:00
Robin Ward
c9eb809dad
FIX: The text to users who signed up when approval was required was
...
misleading.
2014-11-04 15:48:03 -05:00
Sam
8432acf0af
Merge pull request #2938 from riking/include_raw
...
Add ?include_raw parameter to topic views
2014-11-04 14:26:35 +11:00
Régis Hanol
fd5677808c
SPEC: make sure digest doesn't pick any topics in categories that are muted
2014-11-03 16:57:50 +01:00
Régis Hanol
b09ad87098
FIX: add 'show emails' button from moderators in user admin section
2014-11-03 12:46:08 +01:00
riking
6a946712b3
Add ?include_raw parameter to topic views
2014-11-01 14:32:18 -07:00
Sam
bd78fca121
Merge pull request #2908 from cpradio/pr-dismiss-posts-topics-on-category
...
FEATURE: Show dismiss posts/topics buttons on category filtered lists
2014-10-31 11:34:53 +11:00
Robin Ward
572842721d
FIX: Better page titles for SEO
2014-10-30 14:26:56 -04:00
Robin Ward
013e3312ad
SECURITY: Don't allow redirects with periods in case you don't control
...
other tlds on the same domain.
2014-10-30 11:32:26 -04:00
Robin Ward
316f1bea04
SECURITY: Don't allow redirects with periods in case you don't control
...
other tlds on the same domain.
2014-10-30 11:31:44 -04:00
cpradio
50f7fbc361
Apply comment from @sam to consolidate logic
2014-10-30 10:19:49 -04:00
Sam
59cc2476a1
Merge pull request #2933 from techAPJ/patch-1
...
trivial update to allow api endpoint for sync_sso
2014-10-30 21:39:54 +11:00
Arpit Jalan
fb750af659
trivial update to allow api endpoint for sync_sso
2014-10-30 15:30:44 +05:30
Régis Hanol
6e053942a4
FIX: moderators should be able to search users by email
2014-10-29 22:08:41 +01:00
Régis Hanol
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
Sam
7d6d8bd0a3
FEATURE: admin end point to sync sso /admin/users/sync_sso
...
Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2014-10-28 11:25:21 +11:00
Régis Hanol
e7f251c105
LOTS of changes to properly handle post/topic revisions
...
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
1cc37e32b9
FEATURE: add max_reply_history to limit number of replies
...
that can be expanded, when clicking "in-reply-to"
2014-10-27 09:44:42 +11:00
cpradio
c6e54741bb
Apply comments from eviltrout, using this.get('category.id'), and use snake case for category_id
2014-10-24 17:01:28 -04:00
cpradio
439f393d89
Show dismiss posts/topics buttons on category filtered lists
2014-10-23 17:41:39 -04:00
Régis Hanol
de415b804c
FIX: add 'Content-Length' header for avatars
2014-10-22 15:39:51 +02:00
Sam
832655df14
attempt to get content length through
2014-10-21 16:17:13 +11:00
Sam
4e7057efb1
Clean up content type and add Expires header when serving CDN assets
2014-10-21 15:59:34 +11:00
Robin Ward
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
Robin Ward
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
Régis Hanol
10094a0bcd
FIX: resolve flags as good when deleting a spam user
2014-10-20 16:59:06 +02:00
Sam
8efee0d03d
don't use Markdown
2014-10-18 17:17:38 +11:00
Jeff Atwood
92b615b503
reorganize site settings a bit
2014-10-19 23:14:50 -07:00
Sam
742c5e29c9
FEATURE: advanced search help
2014-10-18 14:27:33 +11:00
Régis Hanol
c59e56ec63
Merge pull request #2882 from techAPJ/patch-1
...
FEATURE: show raw email for replies/topics created via email
2014-10-18 21:16:17 +02:00
Arpit Jalan
72873b8368
further optimize raw email feature
2014-10-18 00:50:02 +05:30
Robin Ward
0cbdf6f5bb
FIX: Many bugs with admin badges interface
...
* Editing a badge's title would show it as changed in the side even if
you didn't hit save
* Clicking a badge would not scroll to the top
* If there was an error saving a badge there was a missing i18n key
* URLs were using queryParams instead of paths
* User `label` tags for checkboxes for larger click targets
* Saved! text would persist when viewing another badge
* After creating a new badge it would show nothing
* Validation errors were not being properly released to the client
* Query errors were surrounded by an extra array
2014-10-17 16:14:49 -04:00
Robin Ward
f3a67a48a3
Merge pull request #2874 from cpradio/clear-notifications
...
FEATURE: Mark All as Read button for Notifications page
2014-10-16 15:57:19 -04:00
Robin Ward
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
Robin Ward
d2ac5a9ac6
Rename /category/xyz
paths to /c/xyz
-- @SamSaffron did most of the
...
work even though I'm merging the patch!
2014-10-16 12:15:31 -04:00