Commit Graph

48655 Commits

Author SHA1 Message Date
Blake Erickson
a891e06989
SECURITY: set max-height property for iframes (#22089)
Co-authored-by: David Battersby <info@davidbattersby.com>
2023-06-13 11:09:40 -06:00
Blake Erickson
5e3106387f
SECURITY: Use canonical url for topic embeddings (#22088)
This prevents duplicate topics from being created when using embed_urls
that only differ on query params.
2023-06-13 11:09:23 -06:00
Discourse Translator Bot
8189ea6858
Update translations (#22082) 2023-06-13 15:18:50 +02:00
Discourse Translator Bot
bff0dfcf07
Update translations (#21951) 2023-06-06 15:36:57 +02:00
Discourse Translator Bot
3000f4566c
Update translations (#21828) 2023-05-31 09:15:22 +02:00
Discourse Translator Bot
45f740ba86
Update translations (#21703) 2023-05-23 21:23:49 +02:00
Ted Johansson
c9ee11c675
FIX: Remove obsolete references to lounge category (#21608)
### What is this change?

The lounge category was replaced with the general category in https://github.com/discourse/discourse/pull/18097.

However, there are still a few references to the lounge category in code. In particular, `Category#seeded?` is erroring out in production looking for `SiteSetting.lounge_category_id`.
2023-05-17 16:48:31 +08:00
Discourse Translator Bot
292ca384b9
Update translations (#21584) 2023-05-16 19:40:07 +02:00
Ted Johansson
aaec964547
DEV: Add both safe and unsafe Discourse.store.download methods (stable) (#21499)
### Background

Several call sites use `FileStore#download` (through `Discourse.store.download`). In some cases the author seems aware that the method can raise an error if the download fails, and in some cases not. Because of this we're seeing some of these exceptions bubble all the way up and getting logged in production. Although they are not really actionable at that point. Rather each call site needs to be considered to figure out how to handle them.

### What is this change?

This change accomplishes primarily two things.

Firstly it separates the method into a safe version which will handle errors by returning `nil`, and an unsafe version which will re-package upstream errors in a new `FileStore::DownloadError` class.

Secondly it updates the call sites which have been doing error handling downstream to use the new safe version.

For backwards compatibility, there's an interim situation and a desired end state.

**Interim:**

```
FileStore#download      → Old unsafe version. Will raise any error and show a deprecation warning.
FileStore#download!     → New unsafe version. Will raise FileStore::DownloadError.
FileStore#download_safe → New safe version.   Will return nil.
```

**Desired end-state:**

```
FileStore#download  → New safe version.   Will return nil.
FileStore#download! → New unsafe version. Will raise FileStore::DownloadError.
```

### What's next?

We need to do a quick audit of the call sites that are using the old unsafe version without any error handling, as well as check for call sites in plugins other repos. Follow-up PRs incoming.
2023-05-12 11:38:08 +08:00
Discourse Translator Bot
99371c3e99
Update translations (#21456) 2023-05-10 00:48:15 +02:00
Martin Brennan
27082f7f53
DEV: Remove noisy SiteSetting deprecations (#21459)
We don't need these, they are causing a lot of
log noise on our servers, they have been removed
from the main branch from some time and it is
doubtful that anyone else needs to be told these
warnings on stable.
2023-05-09 19:40:01 +02:00
Blake Erickson
784006c71e
SECURITY: Do not overwrite permissions on the General category (#21390)
Before this fix if you had modified the default general category
settings they would be reset back to the default after a deploy.
2023-05-04 14:30:34 -06:00
Discourse Translator Bot
0bbbb9edc8
Update translations (#21335) 2023-05-02 17:39:38 +02:00
Discourse Translator Bot
845000a6ce
Update translations (#21146) 2023-04-25 17:23:28 +02:00
Ted Johansson
59dd20c415
Version bump to v3.0.3 (#21136) 2023-04-18 16:14:45 +08:00
Ted Johansson
0c11acf6cf
SECURITY: Encode embed url (#21134)
The embed_url in "This is a companion discussion..." could be used for
XSS.

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
2023-04-18 15:05:33 +08:00
Ted Johansson
bbc7746cef
SECURITY: Ensure site setting being updated is a configurable site setting (#21132) 2023-04-18 14:32:21 +08:00
Krzysztof Kotlarek
bd301c3f08
FIX: improve performance of UserStat.ensure_consistency (#21044) (#21121)
Optimize `UserStatpost_read_count` calculation.

In addition, tests were updated to fail when code is not evaluated. Creation of PostTiming was updating `post_read_count`. Count it has to be reset to ensure that ensure_consitency correctly calculates result.

Extracting users seen in the last hour to separate Common Table Expression reduces the amount of processed rows.

Before
```
Update on user_stats  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12606.121..12606.127 rows=0 loops=1)
  ->  Hash Join  (cost=267492.07..270822.95 rows=2900 width=174) (actual time=12561.814..12603.689 rows=10 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 67
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.014..39.173 rows=75534 loops=1)
        ->  Hash  (cost=267455.80..267455.80 rows=2901 width=48) (actual time=12558.613..12558.617 rows=77 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 39kB
              ->  Subquery Scan on x  (cost=267376.03..267455.80 rows=2901 width=48) (actual time=12168.601..12558.572 rows=77 loops=1)
                    ->  GroupAggregate  (cost=267376.03..267426.79 rows=2901 width=12) (actual time=12168.595..12558.525 rows=77 loops=1)
                          Group Key: pt.user_id
                          ->  Sort  (cost=267376.03..267383.28 rows=2901 width=4) (actual time=12100.490..12352.106 rows=2072830 loops=1)
                                Sort Key: pt.user_id
                                Sort Method: external merge  Disk: 28488kB
                                ->  Nested Loop  (cost=1.28..267209.18 rows=2901 width=4) (actual time=0.040..11528.680 rows=2072830 loops=1)
                                      ->  Nested Loop  (cost=0.86..261390.02 rows=13159 width=8) (actual time=0.030..3492.887 rows=3581648 loops=1)
                                            ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..89.71 rows=28 width=4) (actual time=0.010..0.201 rows=78 loops=1)
                                                  Index Cond: (last_seen_at > '2023-04-11 00:22:49.555537'::timestamp without time zone)
                                            ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..9287.60 rows=4455 width=8) (actual time=0.081..38.542 rows=45919 loops=78)
                                                  Index Cond: (user_id = u.id)
                                      ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=3581648)
                                            Index Cond: (id = pt.topic_id)
                                            Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                            Rows Removed by Filter: 0
Planning Time: 0.692 ms
Execution Time: 12612.587 ms
```
After
```
Update on user_stats  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=677.724..677.729 rows=0 loops=1)
  ->  Hash Join  (cost=9473.60..12804.30 rows=2828 width=174) (actual time=672.536..677.706 rows=1 loops=1)
        Hash Cond: (user_stats.user_id = x.user_id)
        Join Filter: (x.c <> user_stats.posts_read_count)
        Rows Removed by Join Filter: 54
        ->  Seq Scan on user_stats  (cost=0.00..3125.34 rows=75534 width=134) (actual time=0.012..23.977 rows=75534 loops=1)
        ->  Hash  (cost=9438.24..9438.24 rows=2829 width=48) (actual time=647.818..647.822 rows=55 loops=1)
              Buckets: 4096  Batches: 1  Memory Usage: 37kB
              ->  Subquery Scan on x  (cost=9381.66..9438.24 rows=2829 width=48) (actual time=647.409..647.805 rows=55 loops=1)
                    ->  HashAggregate  (cost=9381.66..9409.95 rows=2829 width=12) (actual time=647.403..647.786 rows=55 loops=1)
                          Group Key: pt.user_id
                          Batches: 1  Memory Usage: 121kB
                          ->  Nested Loop  (cost=1.86..9367.51 rows=2829 width=4) (actual time=0.056..625.245 rows=120022 loops=1)
                                ->  Nested Loop  (cost=1.44..3692.96 rows=12832 width=8) (actual time=0.047..171.754 rows=217440 loops=1)
                                      ->  Nested Loop  (cost=1.00..254.63 rows=25 width=12) (actual time=0.030..1.407 rows=56 loops=1)
                                            Join Filter: (u.id = user_stats_1.user_id)
                                            ->  Nested Loop  (cost=0.71..243.08 rows=25 width=8) (actual time=0.018..1.207 rows=87 loops=1)
                                                  ->  Index Scan using index_users_on_last_seen_at on users u  (cost=0.42..86.71 rows=27 width=4) (actual time=0.009..0.156 rows=87 loops=1)
                                                        Index Cond: (last_seen_at > '2023-04-11 00:47:07.437568'::timestamp without time zone)
                                                  ->  Index Only Scan using user_stats_pkey on user_stats us  (cost=0.29..5.79 rows=1 width=4) (actual time=0.011..0.011 rows=1 loops=87)
                                                        Index Cond: (user_id = u.id)
                                                        Heap Fetches: 87
                                            ->  Index Scan using user_stats_pkey on user_stats user_stats_1  (cost=0.29..0.45 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=87)
                                                  Index Cond: (user_id = us.user_id)
                                                  Filter: (posts_read_count < 10000)
                                                  Rows Removed by Filter: 0
                                      ->  Index Scan using index_post_timings_on_user_id on post_timings pt  (cost=0.44..92.98 rows=4455 width=8) (actual time=0.036..2.492 rows=3883 loops=56)
                                            Index Cond: (user_id = user_stats_1.user_id)
                                ->  Index Scan using forum_threads_pkey on topics t  (cost=0.42..0.44 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=217440)
                                      Index Cond: (id = pt.topic_id)
                                      Filter: ((deleted_at IS NULL) AND ((archetype)::text = 'regular'::text))
                                      Rows Removed by Filter: 0
Planning Time: 1.406 ms
Execution Time: 677.817 ms
```
2023-04-18 10:04:50 +10:00
Penar Musaraj
7468b78885
SECURITY: strip xlink:href from uploaded SVGs (#21058)
This was inadvertently removed in 4c46c7e. In very specific scenarios,
this could be used execute arbitrary JavaScript.

Only affects instances where SVGs are allowed as uploads and CDN is not
configured.
2023-04-11 14:15:41 -04:00
Discourse Translator Bot
dc3aaf852b
Update translations (#21056) 2023-04-11 15:44:29 +02:00
Discourse Translator Bot
b2c7e65f38
Update translations (#20862) 2023-04-05 09:12:44 +02:00
Alan Guo Xiang Tan
75446832b2
SECURITY: Update URI gem to 0.12.1 to address CVE-2023-28755 (#20907)
See https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
2023-03-31 07:51:55 +08:00
David Taylor
428b0c91ac
SECURITY: Limit URL length for theme remote (stable) (#20788) 2023-03-23 12:07:02 +00:00
Discourse Translator Bot
8464573baa
Update translations (#20761) 2023-03-22 12:13:48 +01:00
Blake Erickson
e54f52a756
Version bump to v3.0.2 (#20714) 2023-03-16 18:12:53 -06:00
Blake Erickson
92ffbcaece SECURITY: Bump Rails to v7.0.4.3 (#20675) 2023-03-16 16:25:48 -06:00
Ted Johansson
d133692605 SECURITY: Add FinalDestination::FastImage that's SSRF safe 2023-03-16 16:25:48 -06:00
Alan Guo Xiang Tan
87032e87ea SECURITY: SSRF protection bypass with IPv4-mapped IPv6 addresses
As part of this commit, we've also expanded our list of private IP
ranges based on
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
and https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
2023-03-16 16:25:48 -06:00
Alan Guo Xiang Tan
3c49c4ee35 SECURITY: Monkey-patch web-push gem to use safer HTTP client
`FinalDestination::HTTP` is our patch of `Net::HTTP` which defend us
against SSRF and DNS rebinding attacks.
2023-03-16 16:25:48 -06:00
Blake Erickson
3374457c44 SECURITY: Fix XSS in full name composer reply
We are using htmlSafe when rendering the name field so we need to escape
any html being passed in.
2023-03-16 16:25:48 -06:00
Loïc Guitaut
78a3efa710 SECURITY: Rate limit the creation of backups 2023-03-16 16:09:08 +01:00
Discourse Translator Bot
b5bee9d331
Update translations (#20672) 2023-03-14 15:29:08 +01:00
Alan Guo Xiang Tan
749a4c5937 DEV: Introduce stub_ip_lookup spec helper (#20571) 2023-03-09 08:46:41 +08:00
Sam
f6dc6da3f8 DEV: avoid mocking FinalDestination (#20570) 2023-03-09 08:46:41 +08:00
Discourse Translator Bot
05b03ca562
Update translations (#20560) 2023-03-07 14:58:27 +01:00
Gerhard Schlager
47d3df3fbf
DEV: Add digest to licensed's default gems list (#20480)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-02-28 15:08:09 +01:00
Discourse Translator Bot
a73ca7acaa
Update translations (#20479) 2023-02-28 14:53:04 +01:00
Rafael dos Santos Silva
107a4da71b
Backport Nokogiri to stable for Ruby 3.2 (#20417)
* Build(deps): Bump nokogiri from 1.13.10 to 1.14.0 (#19856)

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.10 to 1.14.0.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.10...v1.14.0)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Build(deps): Bump nokogiri from 1.14.0 to 1.14.1 (#20079)

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.0 to 1.14.1.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.14.0...v1.14.1)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Build(deps): Bump nokogiri from 1.14.1 to 1.14.2 (#20272)

Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.14.1 to 1.14.2.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.14.1...v1.14.2)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-22 13:13:07 -03:00
Discourse Translator Bot
563fa14a89
Update translations (#20390) 2023-02-21 17:10:42 +01:00
Discourse Translator Bot
f58bca13d8
Update translations (#20284) 2023-02-15 11:24:44 +01:00
Discourse Translator Bot
f000f9c6ae
Update translations (#20194) 2023-02-07 14:37:15 +01:00
Andrei Prigorshnev
ded6aed15e
FIX: avoid race condition when setting user status (#19817) (#20182)
This is a backport of 84e13e9.

We caught it in logs, race condition led to this error:

    ActiveRecord::RecordNotUnique 
    (PG::UniqueViolation: ERROR:  duplicate key value violates unique constraint "user_statuses_pkey"
    DETAIL:  Key (user_id)=(15) already exists.)


The reason the problem happened was that we were checking if a user has status and if not inserting status:

    if user_status
      ...
    else
      self.user_status = UserStatus.create!(status)
    end

The problem is that it's possible that another request will insert status just after we check if status exists and just before our request call `UserStatus.create!(status)`. Using `upsert` fixes the problem because under the hood `upsert` generates the only SQL request that uses "INSERT ... ON CONFLICT DO UPDATE". So we do everything in one SQL query, and that query takes care of resolving possible conflicts.
2023-02-06 20:32:45 +04:00
Discourse Translator Bot
4395efc188
Update translations (#20184) 2023-02-06 16:50:11 +01:00
Keegan George
a409924425 FIX: Failing system spec for rate limited search (#20046) 2023-02-01 19:05:58 -08:00
Sam
1856ea83ec FEATURE: rate limit anon searches per second (#19708) 2023-02-01 19:05:58 -08:00
Alan Guo Xiang Tan
42d2cb2d4e
SECURITY: Hide PM count for tags by default (#20061) (#20090)
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-02-01 06:43:58 +08:00
Discourse Translator Bot
a9f762550d
Update translations (#20102) 2023-01-31 15:21:19 +01:00
Jarek Radosz
df70c8bf1c FIX: Don't spam presence requests when getting 429 (#20084)
The presence service would retry `/presence/update` requests every second (or immediately in tests) in case where server returns 429 (rate limit) errors. That could lead to infinite spamming (until user refreshed tab/tabs)

Co-authored-by: David Taylor <david@taylorhq.com>
2023-01-31 14:04:21 +01:00
Jarek Radosz
78fe2656b4 DEV: Convert presence service tests to actual unit tests (#20076) 2023-01-31 14:04:21 +01:00
Arpit Jalan
29805b32ef
DEV: Move back to web-push gem (#19849) (#20091)
Our fork was needed for OpenSSL 3 and Ruby 2.X compatibility.

The OpenSSL 3 part was merged into the gem for version 3.

Discourse dropped support for Ruby 2.X.

That means we don't need our fork anymore.

Co-authored-by: Rafael dos Santos Silva <xfalcox@gmail.com>
2023-01-31 14:54:04 +05:30