Commit Graph

10205 Commits

Author SHA1 Message Date
David Taylor
07de0db5e2
DEV: Cap qunit concurrency at 8 browsers (#28635)
`ember exam` points all browsers at a single ember-cli server process. With very high parallelism, we've started seeing `ChunkLoadError` exceptions, which may indicate the server being overloaded. Capping to 8 browsers to avoid that.
2024-08-29 19:00:54 +08:00
Gabriel Grubba
c8f5445030
Revert "DEV: Removal of create_post_for_category_and_tag_changes setting (#28…" (#28587)
This reverts commit fc33826dc5.
2024-08-27 16:19:51 -03:00
Penar Musaraj
f405c021eb
Bump version to v3.4.0.beta2-dev 2024-08-27 10:54:25 -04:00
Penar Musaraj
85abac4230
Bump version to v3.4.0.beta1 2024-08-27 10:54:25 -04:00
Alan Guo Xiang Tan
4a6fc45429
DEV: Migrate User#seen_notification_id to bigint (#28572)
`Notification#id` was migrated to `bigint` in 799a45a291
2024-08-27 14:32:55 +03:00
Martin Brennan
e58e7a49f5
FIX: Bookmark reminder was clearing incorrectly (#28506)
Followup 76c56c8284

The change introduced above made it so the expired
bookmark reminders were cleared when using the bulk
action menu for bookmarks. However this also affected
clearing reminders for bookmarks when sending notifications.

When clearing bookmark reminders after sending notifications,
we take into account the auto delete preference:

* never          - The bookmark `reminder_at` date should not be cleared,
                   and the bookmark is kept.
* clear_reminder - The bookmark `reminder_at` date is cleared and
                   the bookmark is kept

The `never` option made it so "expired" bookmark reminder show
on the user's bookmark list.

This commit fixes the change from the other commit and only
forces clearing of `reminder_at` if using the bookmark bulk
action service.
2024-08-26 09:17:39 +10:00
Alan Guo Xiang Tan
21bb28df91
PERF: Ensure suggested topics is only loaded on last page of topic view (#28507)
This commit improves `TopicsController#show` to not load suggested and
related topics unless it is the last page of the topic's view.
Previously, we avoided loading suggested and related topics by the use
of conditionals in the `TopicViewSerializer` to avoid calling
`TopicView#suggested_topics` and `TopicView#related_topics`. However,
this pattern is not reliable as the methods can still be called from
other spots in the code base. Instead, we ensure that
`TopicView#include_suggested` and `TopicView#include_related` is set
correctly on the instance of `TopicView` which ensures that for the
given instance, `TopicView#suggested_topics` and
`TopicView#related_topics` will be a noop.
2024-08-23 16:10:50 +08:00
锦心
ac365a86a2
FIX: Trigger user_logged_out event when the user logs out (#28482)
What did this fix?
===============

Previously, we only triggered this event in the `user.logged_out` method.
This resulted in the event being triggered only when the user was logged
out by the administrator or the site had strict logout mode enabled.
This bug affected customers who managed user status via webhooks.

meta topic: https://meta.discourse.org/t/user-log-out-event-not-triggered-in-webhooks/249464
2024-08-22 21:48:27 +08:00
David Taylor
819d07469d
DEV: fixup themes:install:archive flag (#28486)
Followup to a69f3a0880
2024-08-22 13:22:37 +01:00
David Taylor
58c4528a1c
DEV: Replace silent theme-install fails with exceptions (#28485)
Previously, we were silently failing when a theme hit SSRF protection, or the `git clone` command failed for some reason. This commit updates them to be exceptions, so they provide more useful error messages
2024-08-22 12:09:56 +01:00
David Taylor
a69f3a0880
DEV: Add env to themes:install:archive to allow skipping child themes (#28484) 2024-08-22 12:07:27 +01:00
Osama Sayegh
10ae7ef44a
FEATURE: Add estimated number of global and EU visitors to the about page (#28382)
This commit implements 2 new metrics/stats in the /about page for the _estimated_ numbers of unique visitors from the EU and the rest of the world. This new feature is currently off by default, but it can be enabled by turning on the hidden `display_eu_visitor_stats` site settings via the rails console.

There are a number of assumptions that we're making here in order to estimate the number of unique visitors, specifically:

1. we're assuming that the average of page views per anonymous visitor is similar to the average number of page views that a logged-in visitor makes, and
2. we're assuming that the ratio of logged in visitors from the EU is similar to the ratio of anonymous visitors from the EU

Discourse keeps track of the number of both logged-in and anonymous page views, and also the number of unique logged-in visitors and where they're from. So with those numbers and the assumptions above, we can estimate the number of unique anonymous visitors from the EU and the rest of the world.

Internal topic: t/128480.
2024-08-21 00:03:42 +03:00
Loïc Guitaut
0636855706 DEV: Allow using an AR relation as a model in services
This patch allows using an AR relation as a model in services without
fetching associated records. It will just check if the relation is empty
or not. In the former case, the execution will stop at that point, as
expected.
2024-08-20 16:32:46 +02:00
Osama Sayegh
db6eff7be9
DEV: Allow custom site activity items in the new /about page (#28400)
This commit introduces a new frontend API to add custom items to the "Site activity" section in the new /about page. The new API is called `addAboutPageActivity` and it works along side the `register_stat` serve-side API which serializes the data that the frontend API consumes. More details of how the two APIs work together is in the JSDoc comment above the API function definition.

Internal topic: t/128545/9.
2024-08-20 16:16:05 +03:00
Joffrey JAFFEUX
5b17e85fe1
FIX: broken mentioned users with capitalized usernames (#28421)
This commit fixes two codepaths which where incorrectly working with capitalized usernames as we were doing a mix of username_lower and non lower username.

Also adds two specs for these cases.
2024-08-19 20:57:45 +02:00
David Taylor
02678b3107
DEV: Use yarn-installed terser in assets.rake (#28422)
This was previously relying on a globally-installed terser, which comes from a time before Discourse had proper JS dependency management
2024-08-19 16:45:15 +01:00
Loïc Guitaut
86f1c177d6 DEV: Remove unnecessary freedom patches
This patch removes two freedom patches:

- `mail_disable_starttls.rb`: this has been fixed in the 2.8 release of
  the mail gem, so we don’t need it anymore.
- `rails4.rb`: those methods have been deprecated for a while now and
  should have been dropped with Discourse v3.2.
2024-08-19 12:06:54 +02:00
Alan Guo Xiang Tan
e1c4cf2566
DEV: Update Guardian#is_developer to only require admin for Developer (#28396)
In development mode and when a developer's email is configured as part
of `Rails.configuration.developer_emails`, the user can be trusted and
should not be required to be an admin user.
2024-08-19 13:46:28 +08:00
Guhyoun Nam
9c1812e071
FEATURE: add system_user_max_attachment_size_kb site setting (#28351)
* System user attachment size WIP

* spec check

* controller update

* add max to system_user_max_attachment_size_kb

* DEV: update to use static method for `max_attachment_size_for_user`

add test to use large image.
add check for failure.

* DEV: update `system_user_max_attachment_size_kb` default value to 0

remove unecessary test.
update tests to reflect the new default value of `system_user_max_attachment_size_kb`

* DEV: update maximum_file_size to check when is an attachment made by a system user

Add tests for when `system_user_max_attachment_size_kb` is over and under the limit
Add test for checking interaction with `max_attachment_size_kb`

* DEV: move `max_attachment_size_for_user` to private methods

* DEV: turn `max_attachment_size_for_user` into a static method

* DEV: typo in test case

* DEV: move max_attachment_size_for_user to private class method

* Revert "DEV: move max_attachment_size_for_user to private class method"

This reverts commit 5d5ae0b715.

---------

Co-authored-by: Gabriel Grubba <gabriel@discourse.org>
2024-08-16 11:03:39 -03:00
Gabriel Grubba
fc33826dc5
DEV: Removal of create_post_for_category_and_tag_changes setting (#28321)
* DEV: Removal of create_post_for_category_and_tag_changes setting

reverting commit: #65f35e1
and adding a migration to remove the setting
ref: t/132320

* DEV: change checks for zeros to check for nils

* DEV: remove create_post_for_category_and_tag_changes migration file

If anything goes wrong, we can always revert back to the previous state.
2024-08-14 12:12:21 -03:00
Gabriel Grubba
f6fadd7129
FEATURE: bring plugin:create to core from create-discourse-plugin gem (#28350)
* FEATURE: bring plugin:create to core from `gem exec create-discourse-plugin`

* DEV: remove plugin_rake spec and updated plugin rake creation with `begin/rescue` block
2024-08-14 11:45:46 -03:00
Alan Guo Xiang Tan
10ff0ee0cc
FIX: Ensure we dispose of MiniRacer::Context before forking daemons (#28361)
This commit updates `Demon::Base#start` to call `Discourse.before_fork`
before forking. According to the docs in `mini_racer`, we need to
"Dispose manually of all MiniRacer::Context objects prior to forking".

This commit is motivated by a segmentation fault which we are seeing in
production when killing a daemon process. Backtrace of the core dump
includes traces of `mini_racer` so we think this is the cause. Note that
we are not 100% sure if this will fix the issue.
2024-08-14 12:45:34 +08:00
Krzysztof Kotlarek
e82e255531
FIX: serialize Flags instead of PostActionType (#28362)
### Why?
Before, all flags were static. Therefore, they were stored in class variables and serialized by SiteSerializer. Recently, we added an option for admins to add their own flags or disable existing flags. Therefore, the class variable had to be dropped because it was unsafe for a multisite environment. However, it started causing performance problems. 

### Solution
When a new Flag system is used, instead of using PostActionType, we can serialize Flags and use fragment cache for performance reasons. 

At the same time, we are still supporting deprecated `replace_flags` API call. When it is used, we fall back to the old solution and the admin cannot add custom flags. In a couple of months, we will be able to drop that API function and clean that code properly. However, because it may still be used, redis cache was introduced to improve performance.

To test backward compatibility you can add this code to any plugin
```ruby
  replace_flags do |flag_settings|
    flag_settings.add(
      4,
      :inappropriate,
      topic_type: true,
      notify_type: true,
      auto_action_type: true,
    )
    flag_settings.add(1001, :trolling, topic_type: true, notify_type: true, auto_action_type: true)
  end
```
2024-08-14 12:13:46 +10:00
Krzysztof Kotlarek
559c9dfe0a
REVERT: FIX: serialize Flags instead of PostActionType (#28334) 2024-08-13 18:32:11 +10:00
Krzysztof Kotlarek
094052c1ff
FIX: serialize Flags instead of PostActionType (#28259)
### Why?
Before, all flags were static. Therefore, they were stored in class variables and serialized by SiteSerializer. Recently, we added an option for admins to add their own flags or disable existing flags. Therefore, the class variable had to be dropped because it was unsafe for a multisite environment. However, it started causing performance problems. 

### Solution
When a new Flag system is used, instead of using PostActionType, we can serialize Flags and use fragment cache for performance reasons. 

At the same time, we are still supporting deprecated `replace_flags` API call. When it is used, we fall back to the old solution and the admin cannot add custom flags. In a couple of months, we will be able to drop that API function and clean that code properly. However, because it may still be used, redis cache was introduced to improve performance.

To test backward compatibility you can add this code to any plugin
```ruby
  replace_flags do |flag_settings|
    flag_settings.add(
      4,
      :inappropriate,
      topic_type: true,
      notify_type: true,
      auto_action_type: true,
    )
    flag_settings.add(1001, :trolling, topic_type: true, notify_type: true, auto_action_type: true)
  end
```
2024-08-13 11:22:37 +10:00
Régis Hanol
d10fd36319
FEATURE: participating users statistics (#28322)
Adds a new statistics (hidden from the UI, but available via the API) that tracks daily participating users.

A user is considered as "participating" if they have

- Reacted to a post
- Replied to a topic
- Created a new topic
- Created a new PM
- Sent a chat message
- Reacted to a chat message

Internal ref - t/131013
2024-08-12 23:47:13 +02:00
Loïc Guitaut
84823550d4 DEV: Enable Rails 7.1 defaults 2024-08-12 10:41:13 +02:00
Isaac Janzen
5b1d9d602f
DEV: Add guardian modifier to prevent sending PM (#28282) 2024-08-08 12:57:13 -05:00
Alan Guo Xiang Tan
4c0af24173
DEV: Log a warning message when a MiniScheduler scheduled job is stuck (#28258)
This commit adds a `MiniSchedulerLongRunningJobLogger` class which will
poll every 60 seconds for mini_scheduler jobs which are stuck. When it
detects that a job is stuck, it will log a warning message with the
current backtrace of the thread that is executing the job.

Note that for scheduled jobs which are executed at a frequency of less
than 30 minutes, we will log when the job has been executing for 30
minutes.

For scheduled jobs executed at a frequency of less than 2 hours, we will
log when the job has been executing for a duration greater than its
specified frequency.

For scheduled jobs executed at a frequency greater than 2 hours, we will
log as long as the job has been executing for more than 2 hours.
2024-08-08 12:20:16 +08:00
Jarek Radosz
064332ef6e
DEV: Update ember-cli-deprecation-workflow from 2.2.0 to 3.0.1 (#28226)
From dependabot PR:

<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ember-cli/ember-cli-deprecation-workflow/releases">ember-cli-deprecation-workflow's releases</a>.</em></p>
<blockquote>
<h2>v3.0.1-ember-cli-deprecation-workflow</h2>
<h2>Release (2024-07-11)</h2>
<p>ember-cli-deprecation-workflow 3.0.1 (patch)</p>
<h4>🏠 Internal</h4>
<ul>
<li><code>ember-cli-deprecation-workflow</code>
<ul>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/192">#192</a> fix repository link in package.json (<a href="https://github.com/mansona"><code>@​mansona</code></a>)</li>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/191">#191</a> update release plan workflow (<a href="https://github.com/mansona"><code>@​mansona</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 1</h4>
<ul>
<li>Chris Manson (<a href="https://github.com/mansona"><code>@​mansona</code></a>)</li>
</ul>
<h2>v3.0.0</h2>
<h2>Release (2024-06-25)</h2>
<p>ember-cli-deprecation-workflow 3.0.0 (major)</p>
<h4>💥 Breaking Change</h4>
<ul>
<li><code>ember-cli-deprecation-workflow</code>
<ul>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/159">#159</a> [BREAKING] Convert to a module. Drops support for Ember &lt; 3.28, requires manual initialization (<a href="https://github.com/lolmaus"><code>@​lolmaus</code></a>)</li>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/175">#175</a> Node 16 is the minimum supported version (<a href="https://github.com/mixonic"><code>@​mixonic</code></a>)</li>
</ul>
</li>
</ul>
<h4>🐛 Bug Fix</h4>
<ul>
<li><code>ember-cli-deprecation-workflow</code>
<ul>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/181">#181</a> Remove unused broccoli magic (<a href="https://github.com/simonihmig"><code>@​simonihmig</code></a>)</li>
</ul>
</li>
</ul>
<h4>📝 Documentation</h4>
<ul>
<li><code>ember-cli-deprecation-workflow</code>
<ul>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/184">#184</a> Update configuration paths in documentation (<a href="https://github.com/backspace"><code>@​backspace</code></a>)</li>
</ul>
</li>
</ul>
<h4>🏠 Internal</h4>
<ul>
<li><code>ember-cli-deprecation-workflow</code>
<ul>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/189">#189</a> start using release-plan (<a href="https://github.com/mansona"><code>@​mansona</code></a>)</li>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/188">#188</a> start using pnpm (<a href="https://github.com/mansona"><code>@​mansona</code></a>)</li>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/178">#178</a> Upgrade Ember CLI to 5.4 (<a href="https://github.com/lolmaus"><code>@​lolmaus</code></a>)</li>
<li><a href="https://redirect.github.com/ember-cli/ember-cli-deprecation-workflow/pull/170">#170</a> Bump Node, swap to npm, update CI pipeline (<a href="https://github.com/mixonic"><code>@​mixonic</code></a>)</li>
</ul>
</li>
</ul>
<h4>Committers: 5</h4>
<ul>
<li>Andrey Mikhaylov (lolmaus) (<a href="https://github.com/lolmaus"><code>@​lolmaus</code></a>)</li>
<li>Buck Doyle (<a href="https://github.com/backspace"><code>@​backspace</code></a>)</li>
<li>Chris Manson (<a href="https://github.com/mansona"><code>@​mansona</code></a>)</li>
<li>Matthew Beale (<a href="https://github.com/mixonic"><code>@​mixonic</code></a>)</li>
<li>Simon Ihmig (<a href="https://github.com/simonihmig"><code>@​simonihmig</code></a>)</li>
</ul>
</blockquote>
</details>
2024-08-07 17:59:42 +02:00
Natalie Tay
a49a6941c6
DEV: Extend /filter's ability to order (#28242) 2024-08-07 16:37:00 +08:00
Osama Sayegh
5dbf812d32
DEV: Add site age and site activities section to the redesigned about page (#28214)
This commit continues on work laid out by 6039b513fe to redesign the /about page. In this commit, we add the site age and a section on the right hand side to show site activities/statistics such as topics, posts, sign-ups, likes etc.
2024-08-07 11:11:41 +03:00
David Taylor
6f80ebfc41
Revert "FIX: backup_restore.rb wants db user from user, not username (#28229)" (#28245)
This reverts commit 2e8273dcb4. We're seeing this cause issues in production multisite environments. Reverting while we investigate
2024-08-06 14:11:48 +01:00
Krzysztof Kotlarek
fc2259d1c8
FIX: limit the number of custom flags to 50 (#28221)
Admin can create up to 50 custom flags. It is limited for performance reasons.

When the limit is reached "Add button" is disabled and backend is protected by guardian.
2024-08-06 10:50:12 +10:00
Jay Pfaffman
2e8273dcb4
FIX: backup_restore.rb wants db user from user, not username (#28229)
ActiveRecord::Base.connection_pool.db_config.configuration_hash has the username in `user`, not `username`.
2024-08-06 08:49:20 +08:00
Alan Guo Xiang Tan
2492fe7715
FIX: Set sane default for Net::HTTP when processing a request (#28141)
This commit patches `Net::HTTP` to reduce the default timeouts of 60
seconds when we are processing a request. There are certain routes in
Discourse which makes external requests and if the proper timeouts are
not set, we risk having the Unicorn master process force restarting the
Unicorn workers once the `30` seconds timeout is reached. This can
potentially become a vector for DoS attacks and this commit is aimed at
reducing the risk here.
2024-08-06 07:12:42 +08:00
David Taylor
1b28b8e169
DEV: Upgrade babel & remove vendored safari-bugfix transformation (#28208)
The Safari 15 bugfix has been rolled into @babel/preset-env in the most recent version, so we no longer need to carry our vendored copy.

This commit updates @babel/preset-env, runs npx yarn-deduplicate yarn.lock, and removes the vendored transform.

This commit also refactors our theme transpiler to use @babel/preset-env, with the same list of target browsers as our ember-cli build uses. This means we no longer need to maintain a separate list of babel transforms for themes.
2024-08-05 10:35:26 +01:00
David Taylor
11369018b6
DEV: Stop storing theme-transpiler on filesystem in development (#28198)
We were writing theme-transpiler JS files to the filesystem on a per-process basis, and then immediately reading them back in. Plus, there was no cleanup mechanism, so the tmp directory would grow indefinitely.

This commit refactors things so that the `build.js` script outputs the theme-transpiler source to stdout. That way, we can read it directly into the process, and then into mini-racer, without needing to go via the filesystem. No cleanup required!

In production, the theme-transpiler is still cached in a file during `assets:precompile`
2024-08-01 17:59:34 +01:00
Blake Erickson
6ee6b1f1d1
DEV: Add validation for allowed iframes setting (#28178)
- Adds a validator for the allowed iframes site setting
- Adds a migration to update any values that don't pass the validator

Follow up to: 188cb58daa
2024-08-01 06:51:02 -06:00
Sérgio Saquetim
366dfec16c
DEV: Add plugin API to perform actions when the plugin is turned on/off (#28156)
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-31 15:38:10 -03:00
Blake Erickson
30048ab97f
FIX: Video thumbnails for missing videos (#28152)
Skip trying to find a thumbnail if the video src cannot be found.

Bug report: https://meta.discourse.org/t/317423
2024-07-31 10:54:52 -06:00
Krzysztof Kotlarek
5830f2c9a1
FIX: double reviewable items bug (#28161)
When `SiteSetting.review_every_post` is true and the category `require_topic_approval` system creates two reviewable items.
1. Firstly, because the category needs approval, the `ReviewableQueuePost` record` is created - at this stage, no topic is created.
2. Admin is approving the review. The topic and first post are created.
3. Because `review_every_post` is true `queue_for_review_if_possible` callback is evaluated and `ReviewablePost` is created.
4. Then `ReviewableQueuePost` is linked to the newly generated topic and post.

At the beginning, we were thinking about hooking to those guards:
```
  def self.queue_for_review_if_possible(post, created_or_edited_by)
    return unless SiteSetting.review_every_post
    return if post.post_type != Post.types[:regular] || post.topic.private_message?
    return if Reviewable.pending.where(target: post).exists?
...
```
And add something like
```
 return if Reviewable.approved.where(target: post).exists?
```

However, because the callback happens in point 3. before the `ReviewableQueuePost` is linked to the `Topic`, it was not possible.

Therefore, when `ReviewableQueuePost` is creating a `Topic`, a new option called `:reviewed_queued_post` is passed to `PostCreator` to avoid creating a second `Reviewable`.
2024-07-31 12:45:00 +10:00
Alan Guo Xiang Tan
e9c0a6dffe
FIX: Move downloading of Maxmind databases to after assets:precompile (#28157)
We have been seeing `ZLib::BufError` when running the `assets:precompile` rake
task.

```
I, [2024-07-30T05:19:58.807019 #1059]  INFO -- : Writing /var/www/discourse/public/assets/scripts/discourse-test-listen-boot-9b14a0fc65c689577e6a428dcfd680205516fe211700a71c7adb5cbcf4df2cc5.js
rake aborted!
Zlib::BufError: buffer error (Zlib::BufError)
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/sprockets-3.7.3/lib/sprockets/cache/file_store.rb💯in `<<'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/sprockets-3.7.3/lib/sprockets/cache/file_store.rb💯in `set'
/var/www/discourse/vendor/bundle/ruby/3.3.0/gems/sprockets-3.7.3/lib/sprockets/cache.rb:212:in `set'
```

The hypothesis here is that some thread unsafe issue is causing the
problem since we download the Maxmind databases in a thread and run
decompression operations once the gzip file is downloaded.

In the near term, we plan to move downloading of Maxmind databases out
of the Rake task into a scheduled job so this patch should be considered
a temporary solution.

The trade-off here is that build time will slightly increase since we
are not longer downloading Maxmind databases while precompiling assets
at the same time.
2024-07-31 08:55:01 +08:00
Nat
b29f49be97
Bump version to v3.4.0.beta1-dev 2024-07-30 15:35:33 +08:00
Nat
a4bfe8adb4
Bump version to v3.3.0.beta6 2024-07-30 15:35:32 +08:00
Régis Hanol
d5cd669464
FIX: race condition in Discourse.cache.fetch (#28124)
When using `Discourse.cache.fetch` with an expiry, there's a potential for a race condition due to how we read the data from redis.

The code used to be

```ruby
raw = redis.get(key) if !force
entry = read_entry(key) if raw
return entry if raw && !(entry == :__corrupt_cache__)
```

with `read_entry` defined as follow

```ruby
def read_entry(key)
  if data = redis.get(key)
    Marshal.load(data)
  end
rescue => e
  :__corrupt_cache__
end
```

If the value at "key" expired in redis between `raw = redis.get` and `entry = read_entry`, the `entry` variable would be `nil` despite `raw` having a value.

We would then proceed to return `entry` (which is `nil`) thinking it had a value, when it didn't.

The first `redis.get` can be skipped altogether and we can rely only on `read_entry` to read the data from redis. Thus avoiding the race condition and removing the double read operations.

Internal ref - t/132507
2024-07-30 09:08:12 +02:00
Nat
1239287697
Bump version to v3.3.0.beta6-dev 2024-07-30 14:35:57 +08:00
Nat
f4cbf025b5
Bump version to v3.3.0.beta5 2024-07-30 14:35:56 +08:00
Natalie Tay
188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
Alan Guo Xiang Tan
3193afe7ca
FIX: Rescue and warn when error is encountered in DiscourseIpInfo.mmdb_download (#28134)
Since switching to Maxmind permalinks to download the databases in
7079698cdf, we have received multiple
reports about rebuilds failing as `maxminddb:refresh` runs during
the rebuilds and failing to download the databases cases the rebuilds to
fail.

Downloading Maxmind databases should not sit in the critical rebuild
path but since we are close to the Discourse 3.3 release, we have opted
to just rescue all errors encountered when downloading the databases.

In the near future after the Discourse 3.3 release, we will be looking
at moving the downloading of maxmind databases out of the rebuild path.
2024-07-30 11:33:20 +08:00