Commit Graph

53928 Commits

Author SHA1 Message Date
Natalie Tay
a721e8fa48
DEV: Also fetch user when granting admin (#27384) 2024-06-07 16:45:35 +08:00
Discourse Translator Bot
db6eb2dd3e
Update translations (#27322) 2024-06-04 21:44:09 +02:00
Jarek Radosz
5e5234bb69
DEV: Fix the order of operations in themes-frontend (#27319)
Previously "themes frontend" CI job would:

1. pull compatible versions of themes that happened to be in the base image
2. clone all official themes (overriding the compatible versions from 1.)
3. run tests
2024-06-04 15:16:56 +02:00
Discourse Translator Bot
5558028f8c
Update translations (#27275) 2024-05-31 12:27:30 +02:00
Discourse Translator Bot
0b1b451a48
Update translations (#27105) 2024-05-21 17:40:55 +02:00
Martin Brennan
175b656689 FIX: is_my_own? check for users who are anonymously doing actions (#25716)
Followup to 978d52841a

It's complicated...we have multiple "anonymous" user concepts
in core, and even two classes called the exact same thing --
AnonymousUser.

The first case is Guardian::AnonymousUser, which is used for
people who are browsing the forum without being authenticated.

The second case is the model AnonymousUser, which is used when
a user is liking or posting anonymously via allow_anonymous_likes
or allow_anonymous_posting site settings.

We will untangle this naming nightmare later on...but for the
time being, only authenticated users who are pretending to be
anonymous should be able to like posts if allow_anonymous_likes
is on.
2024-05-21 13:50:26 +08:00
Martin Brennan
05d144273a DEV: Add post_action_users_list modifier for PostActionUsersController (#25740)
This commit adds another plugin modifier related to post
actions, similar to ae24e04a5e.

This will be used to exclude users who liked _and_ reacted to
the post, since now in discourse-reactions we make a Like when
a user reacts too. This will affect the display of the post footer.
2024-05-21 13:50:26 +08:00
Martin Brennan
26ba5cda43 DEV: Add a plugin modifier for user_action_stream_builder (#25691)
Reactions needs this to be able to filter out likes received
actions, where there is also an associated reaction, since
now most reactions also count as a like.
2024-05-21 13:50:26 +08:00
Alan Guo Xiang Tan
c4cc9eaf2b
DEV: Don't run discourse-ai plugin specs when running against stable (#27096)
`discourse-ai` has custom gems which need to be bumped in order to be
compatible with Ruby 3.3. However, its version is pinned so we can't
pull in the commits in which upgrades the gems to be compatible with
Ruby 3.3. Just avoid running the specs on `stable` branch for now until
we release a new stable.
2024-05-21 12:11:58 +08:00
Alan Guo Xiang Tan
d42cc7171e
DEV: Pull compatible themes in tests workflow (#27094)
This commit adds a step in our tests workflow on Github actions to update the themes to
use the compatible version when not running aginast the `main` branch.
This is to ensure that we are not running
the tests for themes against an incompatible version of Discourse.
2024-05-21 10:38:50 +08:00
Alan Guo Xiang Tan
56b3dfe6e5
Backport dependencies upgrade to make stable compatible with Ruby 3.3 (#27091)
* DEV: Drop fast_xs gem (#26442)

Why this gem?

This gem was added close to 10 years ago to speed up the generation of
RSS feeds. However, RSS feeds generation do not even call `String#to_xs`
anymore and the `fast_xs` gem does not install on macOS without using
the following workaround:

`bundle config build.fast_xs
--with-cflags=\"-Wno-incompatible-pointer-types\"`

Therefore, we have decided to drop the gem.

* DEV: Drop gc_tracer gem (#26441)

Why this change?

This gem is failing to install cleanly on macOS and the following
workaround is required:

`bundle config build.gc_tracer
--with-cflags=\"-Wno-incompatible-pointer-types\"`

Instead of requiring this workaround, we have decided to drop `gc_tracer`
because it isn't a gem that is used anymore.

* DEV: Add `csv` to Gemfile to resolve Ruby 3.3 deprecation warning (#26995)

The following warning is being printed when running Discourse with Ruby
3.3

`warning: /usr/local/lib/ruby/3.3.0/csv.rb was loaded from the standard
library, but will no longer be part of the default gems since Ruby
3.4.0. Add csv to your Gemfile or gemspec.`

* DEV: Add `mutex_m` and `drb` to Gemfile to remove deprecation warning (#27012)

Resolves the following deprecation warnings when running Discourse on
Ruby 3.3

```
warning: /Users/tgxworld/.asdf/installs/ruby/3.3.1/lib/ruby/3.3.0/mutex_m.rb was loaded from the standard library, but will no longer be part of the default gems since Ruby 3.4.0. Add mutex_m to your Gemfile or gemspec. Also contact author of activesupport-7.0.8.1 to add mutex_m into its gemspec.

warning: /Users/tgxworld/.asdf/installs/ruby/3.3.1/lib/ruby/3.3.0/drb.rb was loaded from the standard library, but will no longer be part of the default gems since Ruby 3.4.0. Add drb to your Gemfile or gemspec. Also contact author of activesupport-7.0.8.1 to add drb into its gemspec.
```

* Build(deps): Bump google-protobuf from 3.25.2 to 3.25.3 (#25709)

Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Build(deps): Bump actionview_precompiler from 0.3.0 to 0.4.0 (#25977)

Bumps [actionview_precompiler](https://github.com/jhawthorn/actionview_precompiler) from 0.3.0 to 0.4.0.
- [Commits](https://github.com/jhawthorn/actionview_precompiler/compare/v0.3.0...v0.4.0)

---
updated-dependencies:
- dependency-name: actionview_precompiler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-21 09:20:01 +08:00
Grant
e70fa2df6f
FIX: Allow redirect when downloading maxmind database (#26333) (#27040)
Per https://dev.maxmind.com/geoip/release-notes/2024#presigned-urls-for-database-downloads 

MaxMind users who download databases should make sure that their HTTP client follows redirects and there are no proxy or firewall settings that would block requests to the host we are redirecting to.

Co-authored-by: Jay Pfaffman <jay@literatecomputing.com>
2024-05-16 10:12:34 +08:00
Jan Cernik
747ecc1f8c
Bump version to v3.2.2 2024-05-15 12:28:24 -03:00
Discourse Translator Bot
7270bc4816
Update translations (#27018) 2024-05-14 16:19:49 +02:00
David Taylor
39edf2a564
FIX: Don't unnecessarily scrub query params from homepage (stable) (#26960) 2024-05-09 23:12:43 +01:00
Discourse Translator Bot
94a9c6bc11
Update translations (#26904) 2024-05-07 09:31:05 -04:00
Discourse Translator Bot
662e1cdfe1
Update translations (#26822) 2024-04-30 21:57:33 +02:00
David Taylor
6f688be5c1
FIX: Improve handling of 'PublicExceptions' when bootstrap_error_pages enabled (#26737)
- Fix the readonly mode checking to avoid empty strings being passed (the `check_readonly_mode` before_action will not execute in the case of these re-dispatched exceptions)

Partial backport of bca855f239
2024-04-24 10:32:51 +01:00
Discourse Translator Bot
1b44077715
Update translations (#26714) 2024-04-23 16:22:32 +02:00
Discourse Translator Bot
500da3d311
Update translations (#26652) 2024-04-16 17:37:54 +02:00
Discourse Translator Bot
0d761a0c4b
Update translations (#26576) 2024-04-09 18:48:49 +02:00
Discourse Translator Bot
0060fbfc0b
Update translations (#26464) 2024-04-02 18:19:51 +02:00
Discourse Translator Bot
5abd8e9bb0
Update translations (#26369) 2024-03-26 16:30:06 +01:00
Loïc Guitaut
6168e041b3 DEV: Switch to Chromium in CI 2024-03-25 21:27:14 +01:00
Jeff Wong
7e7b2cf7b5
PERF: only allow one reviewable notification at a time (#26331)
This job may notify hundreds of mods and take quite a while to run.

Co-authored-by: Sam <sam.saffron@gmail.com>
2024-03-22 15:00:33 -07:00
Discourse Translator Bot
7d9c8993cd
Update translations (#26243) 2024-03-19 16:00:12 +01:00
Jarek Radosz
6a0aa03aa2
UX: Fix the video spinner css (#25770)
A followup to 62e36145c5
2024-03-15 16:06:05 +08:00
Jarek Radosz
b1111e64d1
UX: Tweak play button css (#25754)
* Remove unnecessary properties
* Use rem unit
* Add a drop shadow
* Make the "box shadow" slightly more subtle
* Use --d-border-radius
* Don't scale the "box shadow" on hover
* Scale down the on-hover size
* Make the button slightly larger
* Respect prefers-reduced-motion
* Use white rather than --secondary-or-primary
* Don't animate on-hover on mobile
2024-03-15 16:05:45 +08:00
Blake Erickson
c90488b917
FIX: Add a boarder around the video placeholder play button (#25727)
The video placeholder play button is white, so on a video placeholder
that is also white it is very hard to see where the play button is, so
this change adds a dark grey transparent background to the play button
so that it stands out. This is similar to how we have done the
play/pause button on animated gifs.
2024-03-15 16:01:43 +08:00
Penar Musaraj
457c2bf5bb
FIX: Handle old Firefox versions that do not support isConditionalMediationAvailable (#25549)
Some versions of Firefox will throw a TypeError when calling
PublicKeyCredential.isConditionalMediationAvailable() because the
method does not exist. That would previously lead to a "Sorry, an error
has occurred." modal when trying to login.

This commit fixes the issue by properly checking if the method exists.
Since it only affects older Firefox versions, no tests are added.
2024-03-15 16:01:27 +08:00
Neil Lalonde
798068b2a3
FIX: missing translation of guidelines_topic.body (#25505)
Broken in https://github.com/discourse/discourse/pull/25253
2024-03-15 15:59:17 +08:00
Nat
d41529c811
Bump version to v3.2.1 2024-03-15 15:27:07 +08:00
Penar Musaraj
bcc556b956
SECURITY: Limit invites params length 2024-03-15 14:37:28 +08:00
Alan Guo Xiang Tan
c41755bd69
SECURITY: Add rate limits for uploads 2024-03-15 14:37:23 +08:00
Bianca Nenciu
5a0851d8ac
SECURITY: Generate more category CSS on client
This commit moves the generation of category background CSS from the
server side to the client side. This simplifies the server side code
because it does not need to check which categories are visible to the
current user.
2024-03-15 14:37:19 +08:00
Daniel Waterworth
e9a8c059ec
SECURITY: Prevent large staff actions causing DoS
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:37:15 +08:00
Daniel Waterworth
1f2ded8e8d
SECURITY: Don't disclose the existence of secret subcategories 2024-03-15 14:37:11 +08:00
Discourse Translator Bot
9f85bf559a
Update translations (#26137) 2024-03-12 15:40:16 +01:00
Jarek Radosz
99fe9ddd40 UX: Fix the video spinner css (#25770)
A followup to 62e36145c5
2024-03-06 14:36:50 -07:00
Jarek Radosz
8f643dc1b8 UX: Tweak play button css (#25754)
* Remove unnecessary properties
* Use rem unit
* Add a drop shadow
* Make the "box shadow" slightly more subtle
* Use --d-border-radius
* Don't scale the "box shadow" on hover
* Scale down the on-hover size
* Make the button slightly larger
* Respect prefers-reduced-motion
* Use white rather than --secondary-or-primary
* Don't animate on-hover on mobile
2024-03-06 14:36:50 -07:00
Blake Erickson
cda09483de FIX: Set the video background to be black (#25744)
If you upload a portrait video or just a video that doesn't fit in the
normal video dimensions we want it to have a black background instead of
trying to render parts of the placeholder image as the video background.

This change removes the placeholder image for the video background when
the play button is clicked and replaces it with an all black background.
2024-03-06 14:36:50 -07:00
Blake Erickson
0003599754 FIX: Add a boarder around the video placeholder play button (#25727)
The video placeholder play button is white, so on a video placeholder
that is also white it is very hard to see where the play button is, so
this change adds a dark grey transparent background to the play button
so that it stands out. This is similar to how we have done the
play/pause button on animated gifs.
2024-03-06 14:36:50 -07:00
Blake Erickson
0821b2b6fe FEATURE: Auto generate and display video preview image (#25633)
This change will allow auto generated video thumbnails to be used
instead of the black video thumbnail that overlays videos.

Follow up to: 2443446e62
2024-03-06 14:36:50 -07:00
Blake Erickson
aac6036868 FIX: Video playback on iOS (#25513) 2024-03-06 14:36:50 -07:00
Discourse Translator Bot
ef94de52d9
Update translations (#26031) 2024-03-05 16:47:51 +01:00
Jeff Wong
895a018e9d
FEATURE: site setting to include post in penalty messages (#26026)
Adds a site setting to include a post's content in penalty message.
When silencing/suspending a user from a post, or a reviewable with
a post, adds an option to include a post's content in the email
message by default.
2024-03-04 18:35:35 -08:00
Discourse Translator Bot
1167b5b9a5
Update translations (#25915) 2024-02-27 20:50:35 +01:00
Jeff Wong
ba8555df86
DEV: resolve on conflict (#25848) 2024-02-26 10:04:13 -08:00
Discourse Translator Bot
e049f82681
Update translations (#25768) 2024-02-22 13:17:06 -05:00
Penar Musaraj
d85414f885
DEV: Add SecureUploadEndpointHelpers for controllers (#25758) (#25769)
This commit moves some code out of UploadController#show_secure
so it can be reused in other controllers if a secure upload
needs to have permission checks run.

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-02-20 10:34:29 -05:00