Commit Graph

47734 Commits

Author SHA1 Message Date
Roman Rizzi
7b5f7b4484
FIX: Don't change the default allowed_attribute when calling #sanitize_field (#19770) 2023-01-06 11:47:15 -03:00
David Taylor
5ce5ff053e
FIX: Bump messagebus to v4.3.1 (#19771)
Includes "FIX: Ensure non-long-polling requests are always spaced out": 233b248c96
2023-01-06 14:31:10 +00:00
Joffrey JAFFEUX
d464f1fc62
FIX: render_404 is not defined (#19769)
Note this endpoint is soon going to be replaced.
2023-01-06 14:38:08 +01:00
Matt Marjanović
aa4ff47208
FEATURE: Allow target attribute in links in user_field descriptions (#19102)
This change adds `target` to the set of attributes allowed by the
HTML sanitizer which is applied to the description of a user_field.

The rationale for this change:

 * If one puts a link (<a>...</a>) in the description of a user_field
   that is present and/or required at sign-up, the expectation is that
   a prospective new user will click on that link during sign-up.
 * Without an appropriate `target` attribute on the link, the new page
   will be loaded in the same window/tab as the sign-up form, but this
   will obliterate any fields that the user had already filled-out on
   the form.  (E.g., hitting the back-button will return to an
   empty form.)
 * Such UX behavior is incredibly aggravating to new users.

This change allows an admin to add a `target` attribute to links, to
instruct the browser to open them in a different window/tab, leaving
a sign-up form intact.
2023-01-06 10:18:35 -03:00
David Taylor
66e8a35b4d
DEV: Include message-bus request type in HTTP request data (#19762) 2023-01-06 11:26:18 +00:00
Alan Guo Xiang Tan
1ee9356a54 PR reviews 2023-01-06 09:51:46 +08:00
Alan Guo Xiang Tan
f71e3c07dd DEV: Experiment plugin api to add custom count to category section link
This commit introduces the experimental `registerUserCategorySectionLinkCountable`
and `refreshUserSidebarCategoriesSectionCounts` plugin APIs that allows
a plugin to register custom countables to category section links on top
of the defaults of unread and new.
2023-01-06 09:51:46 +08:00
Jamie Wilson
c46cd1bd04 DEV: Specify slug name during Category fabrication 2023-01-06 08:42:26 +08:00
Jamie Wilson
19a0bdc0ee FIX: Link to category settings should use slug
Links to category settings were created using the category name. If the name was a single word, the link would be valid (regardless of capitalization).

For example, if the category was named `Awesome`

`/c/Awesome/edit/settings`

is a valid URL as that is a case-insensitive match for the category slug of `awesome`.

However, if the category had a space in it, the URL would be

`/c/Awesome%20Name/edit/settings`

which does not match the slug of `awesome-name`.

This change uses the category slug, rather than the name, which is the expected behaviour (see `Category.find_by_slug_path`).
2023-01-06 08:42:26 +08:00
Martin Brennan
c4ea158656
FIX: Improve tags in email subjects and add filter headers (#19760)
This commit does a couple of things:

1. Changes the limit of tags to include a subject for a
   notification email to the `max_tags_per_topic` setting
   instead of the arbitrary 3 limit
2. Adds both an X-Discourse-Tags and X-Discourse-Category
   custom header to outbound emails containing the tags
   and category from the subject, so people on mail clients
   that allow advanced filtering (i.e. not Gmail) can filter
   mail by tags and category, which is useful for mailing
   list mode users

c.f. https://meta.discourse.org/t/headers-for-email-notifications-so-that-gmail-users-can-filter-on-tags/249982/17
2023-01-06 10:03:02 +10:00
Keegan George
12f843068d DEV: Remove unused locale 2023-01-06 07:35:03 +08:00
Martin Brennan
07cc8c8634
FIX: Do not error if autogenerated channel slug is blank (#19759)
In certain cases, like when `SiteSetting.slug_generation_method`
is set to `none` with certain locales, the autogenerated chat
channel slugs will end up blank. This was causing errors in
unrelated jobs calling `update!` on the channel. Instead, we
should just copy Category behaviour, which does not error
if the autogenerated slug ends up blank. We already allow
for this with chat channel URLs, using `-` in place of the
missing slug.
2023-01-06 09:04:52 +10:00
Martin Brennan
6977761593
DEV: Re-enable chat transcript nested system spec (#19758)
The problem here was that if your input has an Enter
listener (such as the chat message input) and the
`fill_in(with: str)` string has a `\n` at the end, this
is treated as an Enter keypress, so this `fill_in` was
submitting the chat message.
2023-01-06 09:04:38 +10:00
Keegan George
80164322e0
DEV: Remove unused locale (#19764) 2023-01-05 13:35:10 -08:00
Vinoth Kannan
7ecf4d12a9
FIX: use reviewer's guardian permissions to create post/topic while approve. (#19710)
We previously used post creator's guardian permissions which will raise an error if the reviewer added a staff-only (restricted) tag.

Co-authored-by: Natalie Tay <natalie.tay@discourse.org>
2023-01-05 19:31:37 +05:30
David Taylor
d5491b13f5
DEV: Fix syntax/formatting in xenforo import script (#19761)
Followup to 7dfe85fc
2023-01-05 12:47:05 +00:00
Martin Brennan
41acabad19
DEV: Change system spec JS log level to SEVERE by default (#19757)
Having this set to ALL pollutes the JS system spec
logs with a bunch of unnecessary noise like this:

> "PresenceChannel '/chat-user/core/1' dropped message (received 315, expecting 246), resyncing..."

Or:

> "DEPRECATION: The \u003Cdiscourse@component:plugin-connector::ember1112>#save computed property was just overridden. This removes the computed property and replaces it with a plain value, and has been deprecated.

Now, we will only log errors. To configure this set
the `SELENIUM_BROWSER_LOG_LEVEL` env var.
2023-01-05 16:41:22 +10:00
Alan Guo Xiang Tan
6543dec7cb
Version bump to v3.0.0.beta16 (#19751) 2023-01-05 09:45:40 +08:00
Alan Guo Xiang Tan
e58277adf3
DEV: Increase Capybara.default_max_wait_time on github actions (#19750)
Our working theory is that system tests on Github run on much less
powerful hardware as compared to running the tests on our work machines.
Hopefully, increasing the wait time now will help reduce some flakes
that we're seeing on Github.
2023-01-05 08:50:35 +08:00
Alan Guo Xiang Tan
cf862e7365
SECURITY: Convert send_digest to a post request (#19746)
Co-authored-by: Isaac Janzen <isaac.janzen@discourse.org>
2023-01-05 06:57:12 +08:00
Martin Brennan
c2013865d7
FEATURE: Make experimental hashtag autocomplete default for new sites (#19681)
This feature is stable enough now to make it the default going forward
for new sites. Existing sites that have not yet set enable_experimental_hashtag_autocomplete
to `true` will have it set to `false` for their site settings, which was the old default.

c.f https://meta.discourse.org/t/hashtags-are-getting-a-makeover/248866
2023-01-05 08:44:58 +10:00
Martin Brennan
16b9165630
FIX: Bookmark auto delete preference usage and default value (#19707)
This commit fixes an issue where the chat message bookmarks
did not respect the user's `bookmark_auto_delete_preference`
which they select in their user preference page.

Also, it changes the default for that value to "keep bookmark and clear reminder"
rather than "never", which ends up leaving a lot of expired bookmark
reminders around which are a pain to clean up.
2023-01-05 08:43:58 +10:00
Jarek Radosz
1174a94867
DEV: Update json5, remove an unused lockfile (#19732) 2023-01-04 23:15:49 +01:00
Alan Guo Xiang Tan
918dd4d635
SECURITY: use rstrip instead of regex gsub to prevent ReDOS (#19737)
`rstrip` implementation is much more performant than regex

Co-authored-by: Krzysztof Kotlarek <kotlarek.krzysztof@gmail.com>
2023-01-05 06:09:17 +08:00
Alan Guo Xiang Tan
83944213b2
SECURITY: Delete email tokens when a user's email is changed or deleted (#19735)
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
2023-01-05 06:08:55 +08:00
Alan Guo Xiang Tan
bf6b08670a
SECURITY: Check the length of raw post body (#19733)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-01-05 06:08:43 +08:00
Alan Guo Xiang Tan
692329896a
SECURITY: escape quotes in tag description when rendering (#19730)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2023-01-05 06:08:32 +08:00
Alan Guo Xiang Tan
cbcf8a064b
SECURITY: Don't expose user post counts to users who can't see the topic (#19728)
Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-01-05 06:08:19 +08:00
Alan Guo Xiang Tan
c0e2d7bada
SECURITY: Sanitize PendingPost titles before rendering to prevent XSS (#19726)
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2023-01-05 06:08:05 +08:00
Alan Guo Xiang Tan
ab3a032b4b
SECURITY: BCC active user emails from group SMTP (#19725)
When sending emails out via group SMTP, if we
are sending them to non-staged users we want
to mask those emails with BCC, just so we don't
expose them to anyone we shouldn't. Staged users
are ones that have likely only interacted with
support via email, and will likely include other
people who were CC'd on the original email to the
group.

Co-authored-by: Martin Brennan <martin@discourse.org>
2023-01-05 06:07:50 +08:00
dependabot[bot]
f4ab3f4543
Build(deps): Bump @babel/core in /app/assets/javascripts (#19723)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.20.7 to 7.20.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.12/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 22:50:20 +01:00
dependabot[bot]
ec1c8d3353
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#19722)
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.20.11 to 7.20.12.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.12/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 22:42:24 +01:00
dependabot[bot]
fb2c0ed548
Build(deps): Bump excon from 0.95.0 to 0.96.0 (#19721)
Bumps [excon](https://github.com/excon/excon) from 0.95.0 to 0.96.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.95.0...v0.96.0)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 22:38:22 +01:00
dependabot[bot]
f6c683e58c
Build(deps): Bump unicode-display_width from 2.4.0 to 2.4.2 (#19720)
Bumps [unicode-display_width](https://github.com/janlelis/unicode-display_width) from 2.4.0 to 2.4.2.
- [Release notes](https://github.com/janlelis/unicode-display_width/releases)
- [Changelog](https://github.com/janlelis/unicode-display_width/blob/main/CHANGELOG.md)
- [Commits](https://github.com/janlelis/unicode-display_width/compare/v2.4.0...v2.4.2)

---
updated-dependencies:
- dependency-name: unicode-display_width
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 22:37:48 +01:00
David Taylor
45435cbbd5
PERF: Use user-specific channel for message-bus logout (#19719)
Using a shared channel means that every user receives an update to the 'last_id' when *any* other user is logged out. If many users are being programmatically logged out at the same time, this can cause a very large number of message-bus polls.

This commit switches to use a user-specific channel, which means that each user has its own 'last id' which will only increment when they are logged out
2023-01-04 19:55:52 +00:00
dependabot[bot]
5c39e4b1c0
Build(deps-dev): Bump simplecov from 0.21.2 to 0.22.0 (#19626)
Bumps [simplecov](https://github.com/simplecov-ruby/simplecov) from 0.21.2 to 0.22.0.
- [Release notes](https://github.com/simplecov-ruby/simplecov/releases)
- [Changelog](https://github.com/simplecov-ruby/simplecov/blob/main/CHANGELOG.md)
- [Commits](https://github.com/simplecov-ruby/simplecov/compare/v0.21.2...v0.22.0)

---
updated-dependencies:
- dependency-name: simplecov
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 19:47:12 +01:00
Kris
dedf19803b
UX: more descriptive sidebar titles, casing (#19717) 2023-01-04 13:40:35 -05:00
Meghna
a9f2b62ac0
UX: fix the positioning of topic admin popup menu (#19713) 2023-01-04 17:45:24 +01:00
dependabot[bot]
696ec39327
Build(deps): Bump racc from 1.6.1 to 1.6.2 (#19625)
Bumps [racc](https://github.com/tenderlove/racc) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/tenderlove/racc/releases)
- [Changelog](https://github.com/ruby/racc/blob/master/ChangeLog)
- [Commits](https://github.com/tenderlove/racc/compare/v1.6.1...v1.6.2)

---
updated-dependencies:
- dependency-name: racc
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 17:16:39 +01:00
Martin Brennan
9e175a3613
DEV: Add chat system spec for multi-file upload (#19709)
Followup to 29638f0639
2023-01-04 15:26:52 +01:00
Joffrey JAFFEUX
ab7f3ee599
DEV: adds basic sorting to avoid flakey test (#19711)
`last_message_sent_at` has a `NOT_NULL` constraint in the DB so it should be safe to use for sorting.

This was causing two flakeys:

```
  1) UserNotifications.chat_summary with public channel email subject with regular mentions includes both channel titles when there are exactly two with unread mentions
     Failure/Error: example.run

       expected: "[Discourse] New message in Random 62 and Test channel"
            got: "[Discourse] New message in Test channel and Random 62"

       (compared using ==)
     # ./plugins/chat/spec/mailers/user_notifications_spec.rb:203:in `block (6 levels) in <main>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.1.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'

  2) UserNotifications.chat_summary with public channel email subject with regular mentions displays a count when there are more than two channels with unread mentions
     Failure/Error: example.run

       expected: "[Discourse] New message in Random 62 and 2 others"
            got: "[Discourse] New message in Test channel 0 and 2 others"

       (compared using ==)
     # ./plugins/chat/spec/mailers/user_notifications_spec.rb:236:in `block (6 levels) in <main>'
     # ./spec/rails_helper.rb:356:in `block (2 levels) in <top (required)>'
     # ./vendor/bundle/ruby/3.1.0/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2023-01-04 11:00:07 +01:00
Gerhard Schlager
8dfe7a68e6
UX: Remove unused strings (#19701)
* Remove unused strings
* Remove trailing quote from string
* Remove even more unused strings (they were removed in c4e10f2a9d)
* Don't use translations in tests which are only available on server
* Use more specific translation (and fix missing translation)
2023-01-04 10:32:53 +01:00
Osama Sayegh
bbcdf74c58
DEV: Flip primary_email_verified? default to false (#19703)
This commit changes the default return value of `Auth::ManagedAuthenticator#primary_email_verified?` to false. We're changing the default to force developers to think about email verification when building a new authentication method. All existing authenticators (in core and official plugins) have been updated to explicitly define the `primary_email_verified?` method in their subclass of `Auth::ManagedAuthenticator` (example commit 65f57a4d05).

Internal topic: t/82084.
2023-01-04 10:51:10 +03:00
Martin Brennan
42cf32169d
DEV: Refactor autocomplete scrolling element detection (#19706)
Rather than hardcoding `.hashtag-autocomplete__fadeout` as the
div element to scroll in autocomplete, instead pass it in as
an option via `scrollElementSelector`, then we don't have hashtag
template specific things in the autocomplete lib.
2023-01-04 14:11:52 +10:00
Alan Guo Xiang Tan
81c3c746d3
DEV: Fix a flaky test (#19705)
We don't really care about the order here so there is no need for us to
assert against a fixed order.
2023-01-04 09:21:21 +08:00
dependabot[bot]
6e0d4b2c1c
Build(deps): Bump unicode-display_width from 2.3.0 to 2.4.0 (#19700)
Bumps [unicode-display_width](https://github.com/janlelis/unicode-display_width) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/janlelis/unicode-display_width/releases)
- [Changelog](https://github.com/janlelis/unicode-display_width/blob/main/CHANGELOG.md)
- [Commits](https://github.com/janlelis/unicode-display_width/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: unicode-display_width
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 09:07:41 +08:00
dependabot[bot]
fdc64c4555
Build(deps): Bump parser from 3.1.3.0 to 3.2.0.0 (#19699)
Bumps [parser](https://github.com/whitequark/parser) from 3.1.3.0 to 3.2.0.0.
- [Release notes](https://github.com/whitequark/parser/releases)
- [Changelog](https://github.com/whitequark/parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whitequark/parser/compare/v3.1.3.0...v3.2.0.0)

---
updated-dependencies:
- dependency-name: parser
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 09:07:13 +08:00
dependabot[bot]
65ba9e3f60
Build(deps-dev): Bump bullet from 7.0.5 to 7.0.7 (#19698)
Bumps [bullet](https://github.com/flyerhzm/bullet) from 7.0.5 to 7.0.7.
- [Release notes](https://github.com/flyerhzm/bullet/releases)
- [Changelog](https://github.com/flyerhzm/bullet/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flyerhzm/bullet/compare/7.0.5...7.0.7)

---
updated-dependencies:
- dependency-name: bullet
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-04 09:06:51 +08:00
Alan Guo Xiang Tan
1e118a271a
DEV: Fix syntax error in spec file (#19702)
Follow-up to b4adb806e5
2023-01-04 05:51:21 +08:00
Roman Rizzi
c2e18c41a3
FIX: Check that the node has a src attr when getting size (#19696) 2023-01-03 15:27:05 -03:00