github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-15 23:33:57 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
18,654 Commits 214 Branches 500 Tags 960 MiB
a139e469a7
Commit Graph

18654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robin Ward
a139e469a7 SECURITY: Avoid mass assignment on user create 2016-08-05 12:43:50 -04:00
Robin Ward
a1e94cb1c1 FIX: Broken test 2016-08-05 12:41:29 -04:00
Robin Ward
9adfccfad1 FIX: Regression with escaping on badge page 
In this branch (stable) we can't run the sanitizer because the bundle is not
loaded. The long badge description is not sanitized, but it
has to be created by an admin so it's extremely low risk.

In the beta / tests-passed branches the text is sanitized.
 2016-07-28 16:11:41 -04:00
Robin Ward
5d062206db SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 15:41:03 -04:00
Robin Ward
f416634ea0 SECURITY: Cross-Site Scripting in Category and Group Settings 2016-07-28 15:30:53 -04:00
Robin Ward
80834df757 SECURITY: SQL Injection in Admin List Active Users 2016-07-28 15:29:16 -04:00
Robin Ward
90a3cc7f18 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 15:29:05 -04:00
Sam
f319923753 SECURITY: limit route access when using external avatars 2016-07-28 09:04:32 +10:00
Neil Lalonde
c8081af728 Version bump to v1.5.4 2016-07-26 11:47:38 -04:00
Guo Xiang Tan
cd5842d38b SECURITY: Possible SQL injection. 2016-07-19 13:03:00 +08:00
Neil Lalonde
ba3f7936a8 Version bump to v1.5.3 2016-06-21 11:44:32 -04:00
Sam
40a4aa4313 SECURITY: update logster 2016-06-20 12:15:54 +10:00
Sam
2b81c593f5 SECURITY: restrict constantize classes in search controller 2016-06-17 13:48:15 +10:00
Robin Ward
1e241dedad SECURITY: Unapproved, active users should not receive emails 2016-06-16 13:09:47 -04:00
Neil Lalonde
77d9467818 Version bump to v1.5.2 2016-05-19 12:23:46 -04:00
Sam
416e78796b SECURITY: update rack-mini-profiler 2016-05-18 18:34:02 +10:00
Régis Hanol
6dfd8ed47e SECURITY: 2 XSSs in post gutter and local oneboxes 2016-05-14 00:09:11 +02:00
Neil Lalonde
47e932159e Version bump to v1.5.1 2016-04-07 14:07:44 -04:00
Neil Lalonde
dc71f6b9d9 Update Translations 2016-04-07 13:51:31 -04:00
Neil Lalonde
01b6bc08ba Merge fixes from master 2016-04-07 13:51:05 -04:00
Régis Hanol
a5d8dfb07e FIX: don't hardcode maximum file size 2016-04-06 22:51:28 +02:00
Régis Hanol
42da8a9246 match is old school (cc @EvilTrout) 2016-04-06 21:57:54 +02:00
Régis Hanol
fe000cd9c2 FIX: <details> should expand when supported by the browser 2016-04-06 21:44:29 +02:00
Robin Ward
8e50f0de6a FIX: Support editing translation keys with uppercase characters 2016-04-06 15:26:18 -04:00
frictionel
9410c2b986 correcting errors in translation sources 
* Update client.en.yml
 2016-04-06 21:08:47 +02:00
Régis Hanol
2c508f205a FEATURE: properly set 'In-Reply-To' header when sending an email that is a reply to an incoming email 2016-04-06 21:05:10 +02:00
Erick Guan
e09634dbae Add plugin outlets for user stream item and topic list item 2016-04-06 15:03:49 -04:00
Steven Slade
0deea4f7d4 add ability to have post-menu in second position 2016-04-06 14:05:52 -04:00
Robin Ward
5866f0df18 Remove UserFirst for mention since it can be retrieved elsewhere 2016-04-06 14:01:37 -04:00
Steven Slade
b1d04412db altering topic-map widget's like count to show total topic like count 
* altering topic-map widget's like count to display total topic like count rather than the first post's like count

* changing likeCount to topicLikeCount for virtual dom element to show total likes of thread
 2016-04-06 12:49:27 -04:00
Régis Hanol
2b9e8e5a7d Merge pull request #4147 from cpradio/default_top_timeframe 
FIX: Use default top setting when user is return or enough data exists for Top Page Results
 2016-04-06 18:33:56 +02:00
Robin Ward
189d70661e FIX: Don't count emojis within quotes 2016-04-06 12:02:35 -04:00
Régis Hanol
56c870cca2 add support for 1.5 pixel ratio 2016-04-06 10:57:59 +02:00
Arpit Jalan
9a045c216c FIX: verify that sso_url setting includes protocol 2016-04-06 11:12:47 +05:30
Sam
4f10b5e940 avoid exception for general case 2016-04-06 13:18:11 +10:00
Arpit Jalan
bc97e09dde Merge pull request #4144 from oppegard/patch-1 
Update DEVELOPMENT-OSX-NATIVE.md
 2016-04-06 08:07:38 +05:30
Glenn Oppegard
342784e497 Update DEVELOPMENT-OSX-NATIVE.md 2016-04-05 19:44:53 -06:00
Glenn Oppegard
1f4b3faf9b Update DEVELOPMENT-OSX-NATIVE.md 2016-04-05 19:38:53 -06:00
Robin Ward
ba80ae73be FIX: Broken spec 2016-04-05 16:39:20 -04:00
Robin Ward
64a1a44c4b FIX: Don't create user first records on private posts 2016-04-05 16:13:10 -04:00
Robin Ward
50fbda1ab7 FIX: Not sure why the default group didn't work 2016-04-05 15:37:41 -04:00
Robin Ward
c30d327b77 FEATURE: Two new badges - First Emoji and First Mention 2016-04-05 15:17:41 -04:00
Neil Lalonde
56e47c8d7e FEATURE: report on admin dashboard when favicon is failing to load 2016-04-05 14:42:32 -04:00
cpradio
c5bb1d1cfe Return default top setting as part of best_periods_for to see if it can be used 2016-04-05 14:27:18 -04:00
Régis Hanol
d402a45781 FIX: hitting '/t/:id/posts.json' should return the first page of posts 2016-04-05 19:12:14 +02:00
Guo Xiang Tan
a1add415e5 UX: Quote button covered by youtube info header on mobile. 2016-04-05 16:18:07 +08:00
Arpit Jalan
b3c73847a5 Merge pull request #4140 from oblakeerickson/osx-readme 
improve os x instructions
 2016-04-05 13:00:27 +05:30
Arpit Jalan
d9371ae631 UX: 'login to reply' button should match 'reply to topic' button 2016-04-05 12:56:27 +05:30
Jeff Atwood
0463187772 darken the gold a bit 2016-04-05 00:05:38 -07:00
Jeff Atwood
b7be56cfd1 read only mode buttons can be smaller 2016-04-04 23:41:26 -07:00