github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-15 05:33:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
34,172 Commits 214 Branches 500 Tags 960 MiB
a91881280d
Commit Graph

34172 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joffrey JAFFEUX
a91881280d FIX: closes search-menu on escape (#7804) 2019-06-27 09:34:34 +02:00
Joffrey JAFFEUX
690fb5c4fb FIX: prevents failure when TL was mutated on internal object (#7808) 2019-06-27 09:34:31 +02:00
Gerhard Schlager
9c8aa0a906 SECURITY: XSS in routes 
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
 2019-06-26 16:45:33 +02:00
Bianca Nenciu
3503271959 SECURITY: Escape email text for posts containing [details]. 2019-06-26 16:45:25 +02:00
Neil Lalonde
2c26998f86 Version bump to v2.3.1 2019-06-25 12:26:20 -04:00
Neil Lalonde
6411810630 Update translations 2019-06-25 11:50:50 -04:00
Sam Saffron
0fa02274c2 DEV: bump version on mini_scheduler 
This corrects a catastrophic state that can ensue if redis becomes readonly

It also adds support for multiple queues and minor cleanup
 2019-06-25 11:50:19 -04:00
Penar Musaraj
8b963bce37 FIX: Do not refresh all settings on save for all settings, limit to only a few 
- Followup to 0e303c7f5d

- Automatically reloads site settings after saving only for the logo, logo_small and large_icon settings.
 2019-06-25 11:49:09 -04:00
Penar Musaraj
e1822034dc FIX: use correct name for selectable_avatars_enabled site setting 2019-06-25 11:48:56 -04:00
Maja Komel
faf059e018 FIX: remove temporary hack for fixed iOS bug (#7773) 
A bug where input focus is displaced on modals was fixed in iOS 11.3 update. This hack was causing problems on topic page since hiding main-outlet results in lost read position after opening and closing a modal.
 2019-06-25 11:48:42 -04:00
Joffrey JAFFEUX
f2d5cde24c FIX: category-chooser search should be scoped to category (#7794) 2019-06-24 11:31:41 +02:00
Neil Lalonde
0bcb62fc2d Version bump to v2.3.0 2019-06-17 20:47:22 -04:00
Neil Lalonde
04be572a92 Merge diffs from master 2019-06-17 20:07:19 -04:00
Neil Lalonde
a4308fdd43 Merge master 2019-06-17 20:04:04 -04:00
Jeff Wong
893b50031d
replace subfolder on cdn url conversion between general cdn and s3 (#7764) 
When both a cdn URL and an s3 cdn URL defined, subfolder paths were leaking
through to the s3 cdn URL. If we are replacing the cdn url with the s3_cdn url,
we also need to make sure that the subpath is removed as well, as it appears in
the original cdn url.

The test should give a fairly good gist of the situations - in subfolder
situations where s3_cdn and a cdn is defined:
`asset_path` returns the asset with a subfolder, in the form `{cdn_url}/{subfolder}/{asset_path}`

Currently this is being replaced to `{s3_cdn_url}/{subfolder}/{asset_path}`
I am proposing we change this to: `{s3_cdn_url}/{asset_path}` as it seems like
for s3_cdn urls we should not be carrying around app subfolder pathing anywhere
we are looking up s3 paths.
 2019-06-17 11:51:17 -07:00
Neil Lalonde
dbc59cfe61 Update translations 2019-06-17 13:25:37 -04:00
David Taylor
40cbcc7720 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 18:20:48 +01:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9" 
This reverts commit b8340c6c8e.
 2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9 
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
 2019-06-17 15:59:41 +01:00
Robin Ward
89e0d8c521 FIX: There is new behavior on a live site, staff are granted access. 2019-06-17 08:17:39 -04:00
Arpit Jalan
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Joffrey JAFFEUX
59e84e8e05
DEV: skip tests instead of commenting them (#7774) 2019-06-17 10:24:20 +02:00
Arpit Jalan
102be5a9e3 DEV: optimize fix for sub-categories not getting pre-filled. 2019-06-17 13:28:08 +05:30
tshenry
c909033f2b Add plugin outlets to login/create-account modals (#7770) 2019-06-17 16:22:00 +10:00
Sam Saffron
10b94e4530 Attempt to get travis to run tests correctly 2019-06-17 16:14:26 +10:00
Sam Saffron
704c579550 FIX: do not allow unbound membership lookups 
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
 2019-06-17 15:32:06 +10:00
Sam Saffron
fe4f0a4369 FIX: staged users should not be included in TL groups 
staged users should not be included in any automatic groups cause for all
purposes they do not exist.
 2019-06-17 15:10:47 +10:00
Joffrey JAFFEUX
32cd9ba59b
FIX: ensures local-dates modal is not taking full height on mobile (#7772) 2019-06-16 08:48:07 +02:00
Arpit Jalan
48b9e0d749 FIX: sub-categories was not getting selected for pre-filled topics 2019-06-15 13:46:15 +05:30
Kris
9cb656250d FIX: Allow tall tables to scroll vertically on iOS 2019-06-14 14:26:59 -04:00
Penar Musaraj
4bbb43cb2b DEV: pull plugin repos before linting them 2019-06-14 13:50:15 -04:00
Robin Ward
035e63c81f FIX: Allow the clear callbacks to execute in acceptance tests 2019-06-14 13:29:13 -04:00
Penar Musaraj
73bce82c82 Exclude plugins from RuboCop checks 
Since official plugins are now in the discourse_test image, rubocop catches issues in plugins.

This is a temporary measure.
 2019-06-14 10:06:26 -04:00
Robin Ward
a8793d0d9a REFACTOR: Test Memory Usage Fixes (#7769) 
* Calling `Discourse.reset()` creates a new container
We should run our de-initializers only after acceptance tests,
since initializers are not run outside of acceptance tests anyway,
and the container at this point can be passed properly to the
`teardown()` method.

* Remove `Discourse.reset` from tests
This would cause a new container to be created which leaks many objects.

* `updateCurrentUser` is more accurate than `replaceCurrentUser`
 2019-06-14 14:54:20 +02:00
Guo Xiang Tan
c3381b845b DEV: Install diffy in production for rake posts:inline_uploads task. 2019-06-14 14:42:53 +08:00
Guo Xiang Tan
77c06384c0 Fix the build. 2019-06-14 13:56:35 +08:00
Guo Xiang Tan
5d16d10a9e DEV: Fix edge case for InlineUploads. 2019-06-14 13:48:03 +08:00
Sam Saffron
ecb2fd8222 DEV: improve db:create to catch all cases 
- No RAILS_ENV - create multisite / dev / test
- `test` RAILS_ENV - create multisite / test
 2019-06-14 15:47:05 +10:00
Guo Xiang Tan
befb074c98 DEV: InlineUploads should process CDN upload URLs as well. 2019-06-14 13:14:37 +08:00
Sam Saffron
a01488ae67 DEV: improve on rake db:create 
Followup on 3af00a65 which broke build
 2019-06-14 15:06:07 +10:00
Guo Xiang Tan
41abebcbce DEV: Support both http and https for InlineUploads. 2019-06-14 12:48:31 +08:00
Guo Xiang Tan
7bb94e8716 DEV: Increase wait duration between smoke test further during edit. 
Otherwise, the app detects that we're replying too quickly.
 2019-06-14 12:21:54 +08:00
Sam Saffron
3af00a65e6 FIX: site settings loading default values when no db 
This fixes a condition where an intermittent db connection could cause
invalid site settings to be stored

It also removes a catch all we had.

Somewhere around Rails 5 `db:create` started wanting full environment
this is a problem for Discourse since it needs to boot up data from the
db.

This removes the catch all and surgically adds a db / redis bypass to
db:create task.
 2019-06-14 14:21:07 +10:00
Sam Saffron
62f4284865 DEV: 302 status is normal in smoke test 
Login can redirect there are potentially other cases
 2019-06-14 14:21:07 +10:00
Guo Xiang Tan
eaa7527933 DEV: Switch posts:inline_uploads scope to be more generic. 2019-06-14 11:53:34 +08:00
Guo Xiang Tan
c9db897777 FIX: Remove onebox src from Jobs::PullHotlinkedImages. 
The test that was added is incorrect because the post was not cooked.
 2019-06-14 09:21:25 +08:00
Sam Saffron
457be89445 DEV: only skip migration if a non seeded upload exists 
Followup to 667b9801
 2019-06-14 09:52:02 +10:00
Sam Saffron
667b98017a FIX: do not attempt to migrate pre-existing uploads 
This makes this job re-runnable just in case cause it will skip creation
of new uploads if an upload already exists
 2019-06-14 09:39:22 +10:00