Commit Graph

752 Commits

Author SHA1 Message Date
Robin Ward
a139e469a7 SECURITY: Avoid mass assignment on user create 2016-08-05 12:43:50 -04:00
Robin Ward
90a3cc7f18 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 15:29:05 -04:00
Sam
f319923753 SECURITY: limit route access when using external avatars 2016-07-28 09:04:32 +10:00
Neil Lalonde
01b6bc08ba Merge fixes from master 2016-04-07 13:51:05 -04:00
Régis Hanol
2b9e8e5a7d Merge pull request #4147 from cpradio/default_top_timeframe
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
cpradio
c5bb1d1cfe Return default top setting as part of best_periods_for to see if it can be used 2016-04-05 14:27:18 -04:00
Régis Hanol
d402a45781 FIX: hitting '/t/:id/posts.json' should return the first page of posts 2016-04-05 19:12:14 +02:00
Neil Lalonde
01d0aeb5a9 merge master 2016-03-31 17:40:54 -04:00
Arpit Jalan
41208b99a1 FEATURE: RSS feed for user posts and topics 2016-03-31 20:24:05 +05:30
Guo Xiang Tan
9a5ded48cf FIX: Return a proper error message when sync sso fails. 2016-03-26 13:30:15 +08:00
Robin Ward
4180e207c3 FIX: Crazy large ids should not raise exceptions 2016-03-23 12:13:47 -04:00
Arpit Jalan
34469e725b FEATURE: separate API endpoints for public and private posts 2016-03-21 18:21:15 +05:30
Arpit Jalan
bd83cf7f4c FEATURE: add group posts and mentions RSS 2016-03-18 22:29:10 +05:30
Robin Ward
1fba835d4f FIX: Use a logging table for daily likes given. Use it for badges. 2016-03-18 11:18:54 -04:00
Neil Lalonde
213950e4cf FEATURE: add option to include topics from trust level 0 users in digest emails 2016-03-17 17:35:23 -04:00
Sam
0ea20f2d77 mock was causing spec to fail 2016-03-17 15:46:16 +11:00
Sam
84d234a98a Merge pull request #4076 from scossar/locale-from-header-setting
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
Robin Ward
06591022fe FEATURE: Generous badge 2016-03-15 16:08:29 -04:00
scossar
0cbeda8414 add site setting for setting locale from header 2016-03-14 16:18:19 -07:00
Arpit Jalan
89248580dc FEATURE: revert post to a specific revision 2016-03-11 02:46:55 +05:30
Robin Ward
5771d2aee2 SECURITY: Support for confirm old as well as new email accounts 2016-03-08 14:52:22 -05:00
Robin Ward
d62689fa76 Move updating a user's email to its own controller 2016-03-08 14:52:22 -05:00
Régis Hanol
1135d2094a Merge pull request #4006 from scossar/set-locale-from-header
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Régis Hanol
8d4bac7da2 fix build & add migration to clear common passwords cache 2016-03-03 19:39:22 +01:00
Arpit Jalan
bfaa4cdb37 FEATURE: compose a new pre-filled private message to a group via URL 2016-03-03 00:19:06 +05:30
Arpit Jalan
50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
scossar
0a396583ed set locale for anonymous from header
set locale on signup

update spec

add locale option
2016-02-26 13:45:00 -08:00
Sam Davies
b2f4659792 Pass discourse username to TopicRetriever from embed controller
When you specify `discourse_username` param on the embed URL, it should
translate to creating the post with that username.

This commit ensures that this is now the case.
2016-02-25 13:02:25 +00:00
Guo Xiang Tan
e8de80de98 FIX: Default to first page when page params is an array. 2016-02-25 11:32:58 +08:00
Arpit Jalan
6df5b38b54 better user update spec 2016-02-24 16:10:08 +05:30
Arpit Jalan
d77511319e show monthly top topics on 404 page 2016-02-24 13:46:55 +05:30
Arpit Jalan
1253afdf95 FIX: invite link should not auto-accept invitation if user is already logged in 2016-02-23 19:49:58 +05:30
Sam
3829c78526 PERF: shift most user options out of the user table
As it stands we load up user records quite frequently on the topic pages,
this in turn pulls all the columns for the users being selected, just to
discard them after they are loaded

New structure keeps all options in a discrete table, this is better organised
and allows us to easily add more column without worrying about bloating the
user table
2016-02-17 18:08:25 +11:00
Sam
dd6ebde824 FIX: Always ensure notifications are treated as read once clicked
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries

- Add feature "SetTransientHeader" that allows shipping info to server
   in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
Erick Guan
35142847ba FIX: Prepend the user id before username in admin user routes 2016-02-09 15:14:13 +01:00
Sam
b75353c26f correct specs 2016-01-27 23:40:45 +11:00
Arpit Jalan
0064927077 FIX: do not allow new email to be duplicate
FIX: return proper error message when email already exists
2016-01-23 13:42:53 +05:30
Régis Hanol
74b5d063f9 FIX: enabling suppress_from_homepage should only remove the category from the homepage 2016-01-20 17:55:58 +01:00
Régis Hanol
f61537bc16 Merge pull request #3952 from gdpelican/unsubscribe-via-email
Unsubscribe via email
2016-01-20 14:38:14 +01:00
James Kiesel
c7283751a3 Unsubscribe via email 2016-01-20 22:25:25 +13:00
Sam Saffron
7303f8f309 FEATURE: first pass at user summary page 2016-01-20 15:14:25 +11:00
Sam
ca3e2b4da3 FEATURE: you can not drill down and see why you have badges
Clicking on badges filters down the list to a particular user.
2016-01-18 17:59:20 +11:00
Guo Xiang Tan
a055c37939 Merge pull request #3956 from tgxworld/fix_clashing_slug
FIX: Clashing category slug.
2016-01-18 10:15:13 +08:00
Arpit Jalan
380764dc92 FIX: validate email when changing via user preferences page 2016-01-16 10:50:49 +05:30
Guo Xiang Tan
c60e360c90 FIX: Clashing category slug. 2016-01-13 15:32:29 +08:00
Arpit Jalan
e676974f16 Merge pull request #3953 from techAPJ/wiki
FEATURE: allow users to wikify their own posts based on trust level
2016-01-13 09:53:33 +05:30
Régis Hanol
8049dfdfda CLEANUP: remove 'contains_messages' leftover 💩 2016-01-12 11:29:26 +01:00
Arpit Jalan
06bac23e5f FEATURE: allow users to wikify their own posts based on trust level 2016-01-12 08:44:25 +05:30
Neil Lalonde
c7df6783a9 FIX: only invalidate password reset links using javascript 2016-01-04 11:48:54 -05:00
Guo Xiang Tan
c1dbf5c1c4 FEATURE: Autolinking to category using hashtags. 2016-01-05 00:12:24 +08:00