Robin Ward
a139e469a7
SECURITY: Avoid mass assignment on user create
2016-08-05 12:43:50 -04:00
Robin Ward
9adfccfad1
FIX: Regression with escaping on badge page
...
In this branch (stable) we can't run the sanitizer because the bundle is not
loaded. The long badge description is not sanitized, but it
has to be created by an admin so it's extremely low risk.
In the beta / tests-passed branches the text is sanitized.
2016-07-28 16:11:41 -04:00
Robin Ward
5d062206db
SECURITY: Make sure uploaded_urls have corresponding upload records
2016-07-28 15:41:03 -04:00
Robin Ward
f416634ea0
SECURITY: Cross-Site Scripting in Category and Group Settings
2016-07-28 15:30:53 -04:00
Robin Ward
90a3cc7f18
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 15:29:05 -04:00
Sam
f319923753
SECURITY: limit route access when using external avatars
2016-07-28 09:04:32 +10:00
Guo Xiang Tan
cd5842d38b
SECURITY: Possible SQL injection.
2016-07-19 13:03:00 +08:00
Sam
2b81c593f5
SECURITY: restrict constantize classes in search controller
2016-06-17 13:48:15 +10:00
Robin Ward
1e241dedad
SECURITY: Unapproved, active users should not receive emails
2016-06-16 13:09:47 -04:00
Régis Hanol
6dfd8ed47e
SECURITY: 2 XSSs in post gutter and local oneboxes
2016-05-14 00:09:11 +02:00
Neil Lalonde
01b6bc08ba
Merge fixes from master
2016-04-07 13:51:05 -04:00
Régis Hanol
a5d8dfb07e
FIX: don't hardcode maximum file size
2016-04-06 22:51:28 +02:00
Erick Guan
e09634dbae
Add plugin outlets for user stream item and topic list item
2016-04-06 15:03:49 -04:00
Steven Slade
0deea4f7d4
add ability to have post-menu in second position
2016-04-06 14:05:52 -04:00
Robin Ward
5866f0df18
Remove UserFirst for mention since it can be retrieved elsewhere
2016-04-06 14:01:37 -04:00
Steven Slade
b1d04412db
altering topic-map widget's like count to show total topic like count
...
* altering topic-map widget's like count to display total topic like count rather than the first post's like count
* changing likeCount to topicLikeCount for virtual dom element to show total likes of thread
2016-04-06 12:49:27 -04:00
Régis Hanol
2b9e8e5a7d
Merge pull request #4147 from cpradio/default_top_timeframe
...
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
Sam
4f10b5e940
avoid exception for general case
2016-04-06 13:18:11 +10:00
Robin Ward
c30d327b77
FEATURE: Two new badges - First Emoji and First Mention
2016-04-05 15:17:41 -04:00
Neil Lalonde
56e47c8d7e
FEATURE: report on admin dashboard when favicon is failing to load
2016-04-05 14:42:32 -04:00
cpradio
c5bb1d1cfe
Return default top setting as part of best_periods_for to see if it can be used
2016-04-05 14:27:18 -04:00
Régis Hanol
d402a45781
FIX: hitting '/t/:id/posts.json' should return the first page of posts
2016-04-05 19:12:14 +02:00
Guo Xiang Tan
a1add415e5
UX: Quote button covered by youtube info header on mobile.
2016-04-05 16:18:07 +08:00
Arpit Jalan
d9371ae631
UX: 'login to reply' button should match 'reply to topic' button
2016-04-05 12:56:27 +05:30
Jeff Atwood
0463187772
darken the gold a bit
2016-04-05 00:05:38 -07:00
Régis Hanol
f382897952
FIX: don't extract link with 'mailto' scheme
2016-04-05 00:43:11 +02:00
Régis Hanol
b00ea5dc92
fix Group.ensure_consistency!
2016-04-04 23:41:49 +02:00
Neil Lalonde
7899c2d86e
Merge pull request #4138 from NickIvanter/internal-links-issue
...
FIX: internal links in subfolder installs
2016-04-04 15:14:47 -04:00
Régis Hanol
841f36b058
FIX: automatically unstage user when signing in using OAuth
2016-04-04 19:04:10 +02:00
Régis Hanol
79639e2dec
FIX: ensure group's users counters are kept in sync
2016-04-04 17:03:18 +02:00
Guo Xiang Tan
d677f852c4
UX: Group notification level dropdown not positioned properly.
2016-04-04 22:54:21 +08:00
Régis Hanol
e4e74c5fbb
UX: use 'number' helper when displaying the number of replies in a topic
2016-04-04 11:42:38 +02:00
Régis Hanol
4ab61dfdad
UX: hide new button in automatic group since we can't create automatic group
2016-04-04 11:26:58 +02:00
Régis Hanol
d3ee48a316
UX: use clearfix on top-section of the user's sumarry (props to @DeanMarkTaylor)
2016-04-04 11:18:15 +02:00
Arpit Jalan
74e7fc8f7e
FIX: edit category button on mobile was showing up for moderators even when allow_moderators_to_create_categories was disabled
2016-04-04 14:05:06 +05:30
Arpit Jalan
0e02d24428
FIX: check for confirm value before removing user from PM
2016-04-04 11:56:07 +05:30
Nick Ivanter
9ca9fe729a
FIX: internal links in subfolder installs
...
https://meta.discourse.org/t/links-arent-showing-in-the-sidebar-or-topic-summaries-on-subfolder-installs/41787/15
2016-04-04 01:40:44 +03:00
Oskar Rough
9e769e5357
Optically and vertically align the "13 days later" element
2016-04-03 13:30:22 +02:00
Dean Taylor
5cfc83a1a3
FIX: Digest broken anchor tag for blank/SVG logo
...
Highlighted here:
https://meta.discourse.org/t/svg-image-as-digest-logo-has-limited-support/39935/11?u=deanmarktaylor
2016-04-02 17:45:34 +01:00
Arpit Jalan
f9d1a2554d
FIX: do not allow SVG image as digest logo
2016-04-02 17:27:06 +05:30
Arpit Jalan
05164d4cae
FEATURE: add Google Analytics code to more user pages
2016-04-02 01:29:08 +05:30
Régis Hanol
514d6ede0e
FIX: addPosterIcon wasn't working on initial load
2016-04-01 18:25:13 +02:00
Robin Ward
b32d727d95
FIX: Bad auto merge
2016-03-31 17:42:16 -04:00
Neil Lalonde
01d0aeb5a9
merge master
2016-03-31 17:40:54 -04:00
Sam
bd1ca35f8b
FIX: pinned picker in IE11
2016-04-01 05:54:36 +11:00
Arpit Jalan
13fa0f8cf8
FIX: only show regular posts in RSS feed
2016-03-31 21:34:53 +05:30
Arpit Jalan
41208b99a1
FEATURE: RSS feed for user posts and topics
2016-03-31 20:24:05 +05:30
Sam
a344b1ed37
Merge pull request #4126 from iamntz/patch-4
...
Romanian Plurals
2016-03-31 08:17:00 +11:00
Régis Hanol
59d89d5333
UX: words in the stats button should be dark grey
2016-03-30 23:16:22 +02:00
Régis Hanol
0bf001ccd7
FIX: badge grant count wasn't filtered to the current user in the user summary
2016-03-30 23:11:00 +02:00
