Commit Graph

13401 Commits

Author SHA1 Message Date
David Taylor
9cfe3f9948 SECURITY: Add confirmation screen when connecting associated accounts 2019-07-24 13:29:59 +01:00
Guo Xiang Tan
477bacb3ae SECURITY: XSS when displaying watched words in admin panel.
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:58:52 +08:00
Robin Ward
d1c12539dd SECURITY: XSS with title selector on preferences page
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 17:35:26 -04:00
romanrizzi
2a7d270fd6 Revert "FIX: remove misplaced save button"
This reverts commit f1381a274b.
2019-07-03 10:58:33 -03:00
romanrizzi
f1381a274b FIX: remove misplaced save button 2019-07-03 10:47:54 -03:00
romanrizzi
34d548dbd3 FIX: Remove misplaced outlet 2019-07-03 10:47:43 -03:00
Arpit Jalan
867eebb55e FIX: creating new badge is failing on empty SQL query (#7837) 2019-07-02 15:17:32 +05:30
Sam Saffron
467e03a2ec DEV: lint file
We no longer need that isAppleDevice require
2019-06-27 11:29:51 +02:00
Joffrey JAFFEUX
a91881280d FIX: closes search-menu on escape (#7804) 2019-06-27 09:34:34 +02:00
Joffrey JAFFEUX
690fb5c4fb FIX: prevents failure when TL was mutated on internal object (#7808) 2019-06-27 09:34:31 +02:00
Gerhard Schlager
9c8aa0a906 SECURITY: XSS in routes
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2019-06-26 16:45:33 +02:00
Penar Musaraj
8b963bce37 FIX: Do not refresh all settings on save for all settings, limit to only a few
- Followup to 0e303c7f5d

- Automatically reloads site settings after saving only for the logo, logo_small and large_icon settings.
2019-06-25 11:49:09 -04:00
Penar Musaraj
e1822034dc FIX: use correct name for selectable_avatars_enabled site setting 2019-06-25 11:48:56 -04:00
Maja Komel
faf059e018 FIX: remove temporary hack for fixed iOS bug (#7773)
A bug where input focus is displaced on modals was fixed in iOS 11.3 update. This hack was causing problems on topic page since hiding main-outlet results in lost read position after opening and closing a modal.
2019-06-25 11:48:42 -04:00
Joffrey JAFFEUX
f2d5cde24c FIX: category-chooser search should be scoped to category (#7794) 2019-06-24 11:31:41 +02:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Arpit Jalan
102be5a9e3 DEV: optimize fix for sub-categories not getting pre-filled. 2019-06-17 13:28:08 +05:30
tshenry
c909033f2b Add plugin outlets to login/create-account modals (#7770) 2019-06-17 16:22:00 +10:00
Arpit Jalan
48b9e0d749 FIX: sub-categories was not getting selected for pre-filled topics 2019-06-15 13:46:15 +05:30
Kris
9cb656250d FIX: Allow tall tables to scroll vertically on iOS 2019-06-14 14:26:59 -04:00
Arpit Jalan
efc05e7224 FIX: remove topic timer info on completion 2019-06-13 17:01:43 +05:30
Joffrey JAFFEUX
fbbce235ce
UX: improves change-timestamp modal (#7766) 2019-06-13 13:30:33 +02:00
Joffrey JAFFEUX
19ca2d4772
DEV: reset widget clean callback between tests (#7761) 2019-06-12 17:49:02 +02:00
Robin Ward
13b979cb71 FIX: Performing actions on a particular reviewable was displaying an error
It was expecting a method to remove the reviewable from the current
list, only we were not displaying a list.

Instead, we refresh the reviewable model with the latest result.
2019-06-12 10:56:30 -04:00
David Taylor
0ebe5ec1f8 FIX: Check postStream.gaps exists before trying postSteam.gaps.after 2019-06-11 23:48:21 +01:00
Robin Ward
f6e0c79742 FIX: Trigger change event when inserting text
This would normally not fire and result in odd behavior in the review
queue when inserting links.
2019-06-11 17:27:34 -04:00
Robin Ward
3d7c26c15e FIX: Memory Leaks w/ Container (#7750)
Gives instance initializers the ability to add a `teardown` method that
will be called between tests to clean up after themselves.
2019-06-11 18:41:27 +02:00
Robin Ward
47095a7fa1 FIX: Memory leak when adding ajax prefilter repeatedly. 2019-06-11 11:50:35 -04:00
Robin Ward
c322cccd53 FIX: Memory Leaks when decorating posts (#7749)
* Remove long-deprecated method

* FIX: Memory Leaks when decorating posts

Previously we'd keep creating mixins dynamically when decorating the
same class.

This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
David Taylor
f4fd75aea4 DEV: Rename variable to avoid conflict 2019-06-11 13:02:40 +01:00
David Taylor
f1d5b992bf DEV: Correct linting error 2019-06-11 12:51:18 +01:00
Joffrey JAFFEUX
dc15486f0a Revert "DEV: resets csrf ajax prefilter only if present (#7747)"
This reverts commit 6612218a4e.
2019-06-11 13:34:25 +02:00
David Taylor
61b587f66e
FIX: Mark ignored posts as 'read', if last visible post is read (#7739) 2019-06-11 12:16:28 +01:00
David Taylor
000a35b219 FIX: Do not live-load posts from ignored users 2019-06-11 12:07:14 +01:00
Joffrey JAFFEUX
6612218a4e
DEV: resets csrf ajax prefilter only if present (#7747) 2019-06-11 12:50:20 +02:00
Joffrey JAFFEUX
ebf77f74b7 Revert "DEV: prevents csrf token to leak state between tests (#7746)"
This reverts commit b29d63a52d.
2019-06-11 12:19:49 +02:00
Joffrey JAFFEUX
b29d63a52d
DEV: prevents csrf token to leak state between tests (#7746) 2019-06-11 11:54:23 +02:00
Joffrey JAFFEUX
e6714d3531 Revert "DEV: attempts to prevent session object to be retain in csrf init (#7743)"
This reverts commit 62c56b6e59.
2019-06-11 10:58:32 +02:00
Joffrey JAFFEUX
4deb0f6d59
DEV: prevents post-cooked decorators to leak between tests (#7744) 2019-06-11 10:02:10 +02:00
Joffrey JAFFEUX
62c56b6e59
DEV: attempts to prevent session object to be retain in csrf init (#7743) 2019-06-11 09:59:14 +02:00
Joffrey JAFFEUX
c407e32368
DEV: should check on object and not length (#7742) 2019-06-11 09:45:45 +02:00
Guo Xiang Tan
e5cace9185 FIX: File size text should not be part of link. 2019-06-11 15:21:06 +08:00
Guo Xiang Tan
06d974d55c FEATURE: Add base62 sha1 to cooked data attribute
* FEATURE: Add base62 sha1 to data attribute in `Post#cooked`.

* FIX: Use `Upload#short_url` when quoting an image.
2019-06-11 11:15:45 +10:00
Guo Xiang Tan
bd538f7437 FIX: Composer preview not caching inline onebox. 2019-06-11 09:14:53 +08:00
Bianca Nenciu
9168ffc201 PERF: Use already loaded post when quoting or opening draft. 2019-06-11 08:21:38 +08:00
Roman Rizzi
ace6ce0462
FIX: Add 'deleted' to the list of status filters (#7738) 2019-06-10 15:43:49 -03:00
Robin Ward
bdfa55ee5d UX: Copyedits on reviewable filters 2019-06-10 13:45:38 -04:00
Robin Ward
86f3e74799 DEV: Allow {{d-button}} to include a href 2019-06-10 13:24:40 -04:00