github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-16 03:53:52 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
21,879 Commits 214 Branches 500 Tags 960 MiB
989d52a854
Commit Graph

21879 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Guo Xiang Tan
989d52a854 FIX: Show share popup only for valid buttons. 2017-05-04 11:20:06 -04:00
Guo Xiang Tan
790acfd99f SECURITY: XSS issue in share popup if invalid link is passed in. 2017-05-04 11:07:49 -04:00
Neil Lalonde
d143cde643 Version bump to v1.7.8 2017-04-10 14:25:07 -04:00
Sam Saffron
f09ca88c47 SECURITY: prefer render plain/html to render text where possible 2017-04-10 08:09:55 -04:00
Sam Saffron
e5c6d0ea65 SECURITY: do not send push notifications to suspended users 2017-04-05 08:29:43 -04:00
Neil Lalonde
33ac94534b Version bump to v1.7.7 2017-03-28 11:32:01 -04:00
Robin Ward
6ede1887b9 FIX: Update omniauth facebook to fix facebook logins 2017-03-27 17:25:23 -04:00
Guo Xiang Tan
e6f06f020d Version bump to v1.7.6 2017-03-23 10:43:43 +08:00
Guo Xiang Tan
db41af1c3c SECURITY: CSRF vulnerabilities in Admin::BackupsController. 2017-03-23 10:42:21 +08:00
Neil Lalonde
15b0a9a16f Version bump to v1.7.5 2017-03-20 11:59:53 -04:00
Guo Xiang Tan
2daed01070 SECURITY: Disallow symlinks when restoring uploads. 2017-03-17 14:29:37 +08:00
Robin Ward
c14d98354b SECURITY: Don't use backticks for exporting your archive 2017-03-16 16:27:52 -04:00
Sam
0f6a2b912a SECURITY: always allow staff to resend activation mails 2017-03-13 10:33:21 -04:00
Guo Xiang Tan
1c44c87945 FIX: Store user's id instead for sending activation email. 
* Email and username are both allowed to be used for logging in.
  Therefore, it is easier to just store the user's id rather than
  to store the username and email in the session.
 2017-03-13 20:57:21 +08:00
Guo Xiang Tan
8c5e13afd6 SECURITY: Only allow users to resend activation email with a valid session. 
* Improve error when an active user tries to request for an activation email.
 2017-03-13 20:57:17 +08:00
Guo Xiang Tan
395f43d92f FIX: Don't mark user as active if verified email is different. 2017-03-13 20:57:02 +08:00
Neil Lalonde
f6b43f987c Version bump to v1.7.4 2017-03-08 12:18:34 -05:00
Robin Ward
2c9a43e4fd Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email." 
This reverts commit 1060239e2d.
 2017-02-27 13:37:08 -05:00
Guo Xiang Tan
415bad645e FIX: Mobile topic timeline broken on Chrome 56. 
* See https://developers.google.com/web/updates/2017/01/scrolling-intervention.
  From Chrome 56 onwards, `touchstart` event listeners are treated as passive
  by default which does not call `preventDefault` resulting in the page
  scrolling when topic timeline handle is being dragged.
 2017-02-27 13:21:41 +08:00
Guo Xiang Tan
5cd680b0be SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 15:40:31 +08:00
Guo Xiang Tan
465660bdfc Revert "SECURITY: Ensure that user has been authenticated." 
This reverts commit d1091f7f57.
 2017-02-24 15:39:56 +08:00
Guo Xiang Tan
d1091f7f57 SECURITY: Ensure that user has been authenticated. 2017-02-24 11:46:59 +08:00
Sam
7912966209 SECURITY: inactive/suspended accounts should be banned from api 
Also fixes edge cases around users presenting multiple credentials
 2017-02-17 11:09:08 -05:00
Neil Lalonde
a86807b39b Version bump to v1.7.3 2017-02-13 16:45:01 -05:00
Sam
47b9eb6dbb new: server plugin outlet for indexable robots.txt 2017-02-13 14:05:08 -05:00
Sam
1d3f04d4bb SECURITY: correctly validate input when admin searches for screened ips 2017-02-06 16:11:48 -05:00
Sam
5fc70471be UX: less restrictive selector to allow for plugin outlets 
Currently plugin outlets in LIs will generate a wrapping SPAN,
this makes an allowence in core for nave extenstions (like solved does)
 2017-02-02 12:18:22 -05:00
Neil Lalonde
839a5e6e42 Version bump to v1.7.2 2017-01-26 13:32:57 -05:00
Robin Ward
2f78facb48 SECURITY: Prevent large onebox downloads, better timeout support 2017-01-25 14:59:35 -05:00
Guo Xiang Tan
d4ca8ea617 Fix broken emojis. 2017-01-24 16:18:39 +08:00
Régis Hanol
f49c9f6c43 FIX: log backups download/destroy staff action 
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
 2017-01-16 19:58:04 +01:00
Robin Ward
8f34c2332d Version bump to v1.7.1 2017-01-13 11:08:58 -05:00
Régis Hanol
9f3c38832e FIX: don't onebox to IP addresses 2017-01-12 22:36:59 +01:00
Arpit Jalan
1570c4e4a7 Update Translations 2017-01-12 13:26:45 +05:30
Guo Xiang Tan
0f574f641e UX: Truncate topic link title/URL on desktop to prevent overflow. 2017-01-12 12:24:39 +08:00
Guo Xiang Tan
38496985ef Fix syntax error. 2017-01-12 10:03:37 +08:00
Guo Xiang Tan
23d4435af1 Oops. 2017-01-12 09:56:20 +08:00
Guo Xiang Tan
79c80f9974 Make mention bot assign reviewers for collaborators as well. 2017-01-12 09:44:22 +08:00
Guo Xiang Tan
d0e3312d92 Merge pull request #4646 from tgxworld/log_readonly_mode_changes 
FEATURE: Log admin action when readonly mode is changed.
 2017-01-12 09:43:51 +08:00
Guo Xiang Tan
515f50e42e FEATURE: Log admin action when readonly mode is changed. 2017-01-12 09:41:02 +08:00
Jeff Atwood
240c4870cf FIX: add noopener to website field in user profile 2017-01-11 15:38:37 -08:00
Régis Hanol
887e9af84f FEATURE: new 'max_image_megapixels' site setting 2017-01-11 23:37:12 +01:00
Régis Hanol
fee5f082b8 Merge pull request #4647 from pfaffman/bbpress-missing-display-name 
Bbpress missing display name
 2017-01-11 21:57:44 +01:00
Régis Hanol
f3a325ac0f bump onebox 2017-01-11 21:55:31 +01:00
Jay Pfaffman
ffbaf374c8 use .presence rather than DIY checking 2017-01-11 12:55:25 -08:00
Jay Pfaffman
e307bbccf9 Merge branch 'master' of github.com:discourse/discourse into bbpress-missing-display-name 2017-01-11 11:28:38 -08:00
Jay Pfaffman
c5d6bfe7e2 bbpress: Use nicename if display_name is missing 2017-01-11 11:26:55 -08:00
Neil Lalonde
b177827841 more specs for staff action logging 2017-01-11 11:41:21 -05:00
Robin Ward
6c3426d266 Let's not notify for trust levels on Staff, either 2017-01-11 11:25:04 -05:00
Rafael dos Santos Silva
3a3a464a32 Merge pull request #4642 from miromichalicka/master 
Add support for import from Drupal 6
 2017-01-11 12:56:52 -02:00