github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-28 07:03:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
30,189 Commits 214 Branches 500 Tags 960 MiB
ae9eddb002
Commit Graph

17945 Commits

Author SHA1 Message Date
Penar Musaraj
ed9c21e42c FEATURE: hide muted categories from /categories list (#6531) 2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts (#6528) 
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
 2018-10-25 09:52:01 -04:00
Bianca Nenciu
effbef7d0b UX: Use user locale for locations. (#6527) 
* UX: Use user locale for locations.

* DEV: Added MaxMindDB test data and fixed test.
 2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296 UX: bumps the user-api-key version to 3 (#6526) 
* UX: bumps the user-api-key version to 3

* fix spec
 2018-10-25 09:46:34 +00:00
Bianca Nenciu
2a77550f8c FIX: Do not track right clicks. (#6530) 2018-10-25 09:46:04 +00:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520) 
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
 2018-10-25 09:45:31 +00:00
Sam Saffron
abaa3f0650 FEATURE: add server:before-head-close-crawler outlet for plugins 
This outlet allows plugins to inject html prior to closing head tag
 2018-10-25 16:31:05 +11:00
Kris
1d7720ef99 UX: Adding Google-compliant logo 2018-10-24 22:11:19 -04:00
Jeff Atwood
c62a8ee335 switch topic jump glyphs to better signify move to top/bottom 2018-10-24 18:41:41 -07:00
Jeff Wong
0ead513fb0 PERF: remove total unread notifications from message bus (#6529) 2018-10-25 12:14:34 +11:00
Kris
36e2f863ee UX: Increase size of topic title tap target on mobile 2018-10-24 20:43:38 -04:00
Kris
c219a5fb1e
Add btn-default class to all default buttons (#6521) 2018-10-24 16:09:36 -04:00
Kris
0140844eb0 Remove whitespace in template so we can use :empty psuedo 2018-10-24 16:00:22 -04:00
Matthew Campbell
05438d99a8 FIX: Ensure the like button always has a title, for accessibility (#6525) 
The like button previously didn't have a title for anonymous users,
because the `canToggleLike` flag wasn't set, but the `liked` flag wasn't
set either. This made the button inaccessible to blind users.
 2018-10-24 13:58:42 +00:00
Sam
5fd94d3211 PERF: limit unread count to 99 in blue circle 
This revises: e605542c4e

Previous commit was faulty
 2018-10-24 12:10:27 +11:00
Sam
e605542c4e PERF: limit unread count to 99 in the blue circle 
This safeguard is in place to avoid very expensive queries on the server
side
 2018-10-24 11:53:28 +11:00
Kris
0b4edfc7d6 UX: improve spacing on composer controls 2018-10-23 16:37:36 -04:00
Kris
a82dfbd2dc Mobile timeline fix 2018-10-23 07:59:00 -04:00
Kris
541b6a8446 UX: Allow vertical timeline to fit on narrower screens 2018-10-22 22:16:59 -04:00
Sam
de6b585368 minor, bypass gravatar update if user does not match 
this protects against a race condition that can happen when a user record
is destroyed reasonably quickly
 2018-10-23 12:20:41 +11:00
Daniel Hollas
cee51672c9 FIX: Strip accents from search query 
4481836 introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well

TODO in search with diacritics:
 - Still need to fix excerpts on search page
 - need to support accent stripping in in_topic search
 - need to make sure that in:title works correctly
 - need to fix "word boldening" in titles
 2018-10-23 12:10:33 +11:00
Joffrey JAFFEUX
7d2e582b28 FIX: validates import theme form (#6513) 2018-10-23 12:09:06 +11:00
Sam
b74dd7d379 FIX: stop logging every 404 error when searching for gravatars 2018-10-23 11:43:14 +11:00
Kyle Zhao
2cc195f3d9 prettier linting fix 2018-10-22 14:18:26 -04:00
Bianca Nenciu
37fa7775f1 FIX: Fix order of recently connected devices. (#6517) 2018-10-22 17:30:23 +00:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514) 
do not register new MIME type, parse raw body instead
 2018-10-22 13:22:23 -04:00
Jeff Wong
ec2613699f Change box category view to use flexbox 2018-10-22 10:15:31 -07:00
Régis Hanol
b9261588f9 make the code prettier 2018-10-22 19:07:41 +02:00
Régis Hanol
3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
David Taylor
3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
David Taylor
37b7afa522 FIX: Sanitize tags before creation 2018-10-22 10:53:42 +01:00
Kyle Zhao
dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)" 
This reverts commit fb8231077a.
 2018-10-19 11:53:29 -04:00
Kris
b35c8fb336 Add offset to topic footer admin menu, to avoid header overlap 2018-10-19 11:30:11 -04:00
David Taylor
0dd717e641 Revert "FIX: Sanitize tags before creation" 
This reverts commit 18ae8de9e5.
 2018-10-19 15:49:05 +01:00
David Taylor
18ae8de9e5 FIX: Sanitize tags before creation 2018-10-19 15:43:31 +01:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Bianca Nenciu
b69652278f FEATURE: Add Wiki Editor badge. (#6511) 2018-10-19 15:30:27 +02:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512) 
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
 2018-10-19 13:44:43 +01:00
Joffrey JAFFEUX
5f86564da1
FEATURE: adds latest to user-api-key session scope 2018-10-19 09:54:06 +02:00
Sam
9bfc939692 cleanup so gravatar download failures are consistent 
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
 2018-10-19 12:51:55 +11:00
Angus McLeod
85ef8e5a9f auto is not a valid value for min/max height (#6509) 2018-10-18 21:33:45 -04:00
Bianca Nenciu
22ada32d4d FIX: Strip @ when searching for users and groups. (#6506) 2018-10-19 11:56:10 +11:00
Robin Ward
f0af61da41
FIX: User AvatarLookup for looking up avatar details (#6508) 
This allows plugins with their own avatar logic to work in the user
summary sections.
 2018-10-18 15:49:34 -04:00
Blake Erickson
93485facaf FIX: lowercase username for add/rem group members 
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
 2018-10-18 13:17:24 -06:00
Régis Hanol
3973823a33 FIX: always update 'last_gravatar_download_attempt' when updating gravatar 2018-10-18 11:02:54 +02:00
Kyle Zhao
0f1afad6da FIX: extracted theme JavaScripts for multisite (#6502) 
* FIX: extracted theme javascripts for multisite

* onceoff to rebake all theme fields
 2018-10-18 17:05:34 +11:00
Guo Xiang Tan
22408f93c9 FIX: Wrap custom fields database statements in a transaction. 
Kind of strange that we don't do it because a database statement
may fail and leave us in a weird state.
 2018-10-18 12:23:04 +08:00
Guo Xiang Tan
44eba0bb60 FIX: Don't rescue PG::UniqueViolation within a transaction. 
Also acquire a transaction per link instead of failing when
any of the links can't be processed.

This prevents ActiveRecord from rolling back the transaction
and the next SQL statement sent to PG will fail. This is
however hard to test as it only happens when there are
two competing process trying to process this method at the
same time.
 2018-10-18 10:54:30 +08:00
Guto Foletto
0abc932056 add styles so permalinks admin could fit mobile screen (#6496) 2018-10-17 17:37:14 +02:00
Bianca Nenciu
f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
David Taylor
065bf0762c FEATURE: New plugin outlets for user card customization 2018-10-17 14:15:48 +01:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499) 
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
 2018-10-17 10:33:27 +01:00
Arpit Jalan
42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Joe
1b5ba899a1
UX: header items wrap on small screens for anon 2018-10-17 14:19:20 +08:00
Joe
5815a33a9a
FIX: closing an empty fullscreen composer with toggler prevents scrolling 2018-10-17 13:52:47 +08:00
Kris
b23ebf10c2 Minor post alignment fixes 2018-10-16 12:39:55 -04:00
Vinoth Kannan
e3c6dd26c4 FIX: Do not set null value to remove cookie 2018-10-16 06:48:54 +05:30
Sam
19d7543004 FIX: clear color scheme cache when clearing theme cache 2018-10-16 12:00:46 +11:00
Vinoth Kannan
08c404e138 FIX: Do not set null value to remove cookie 2018-10-16 06:12:32 +05:30
Sam
8d06731484 FIX: reduce amount of work onceoff does 
In the past onceoff was forcing inline download of gravatars,
this can be so expensive that it will never finish

This fix ensures it only marks avatars stale which will be picked
up by regular schedules
 2018-10-16 10:29:16 +11:00
Kyle Zhao
99d1ded3b3
rename route /javascripts to /theme-javascripts (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel
c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
Joffrey JAFFEUX
f6eff38c0e
FEATURE: adds list#(unread|new) to user api key routes (#6494) 2018-10-15 15:48:35 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Sam
4c8fe13500 FIX: remove code that restricted "header" theme field from admin 
There was some old code that restricted a percentage of a themes code from
admin, only when admin was refreshed, this leads to lots of confusion

Conditional is now removed
 2018-10-15 17:29:10 +11:00
Maja Komel
27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider 
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
 2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4 DEV: extract inline js when baking theme fields (#6447) 
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
 2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Joe
2acb885c72 FEATURE: fullscreen composer mode on desktop 
Adds keyboard shortcut and icon that allows expanding composer to full screen.
 2018-10-15 13:59:49 +11:00
Maja Komel
57b52cd1de FIX: keep emoji syntax for custom emojis in quotes (#6488) 2018-10-15 10:57:15 +08:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3. 
This reverts commit 3c59106bac.
 2018-10-15 09:43:31 +08:00
Joe
6a59187ae8
UX: images should be responsive in embedded comments 2018-10-14 23:38:07 +08:00
Robin Ward
2178f7768f FIX: Don't show empty user stats in the card when profile is hidden 2018-10-12 12:33:27 -04:00
Sam
a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472) 
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
 2018-10-12 10:40:48 +11:00
Bianca Nenciu
e68ecf1f1d UX: Add link to Groups in admin dashboard. (#6480) 
* UX: Add link to Groups in admin dashboard.

* UX: Site settings have immediate effect.
 2018-10-12 10:34:47 +11:00
Vinoth Kannan
39b7e32848 DEV: Require sso and sig query string params for sso_login 2018-10-12 05:03:30 +05:30
Blake Erickson
13b3cead06 FEATURE: Allow bulk removing users from a group 
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
 2018-10-11 15:30:54 -06:00
Neil Lalonde
12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Robin Ward
c2add85e75 FIX: Typo, should be authentication 
cc @xrav3nz
 2018-10-11 14:58:46 -04:00
Bianca Nenciu
ded5ff90aa FIX: Groups list does not refresh when query changes. (#6481) 2018-10-11 21:20:17 +08:00
David Taylor
1b0fbc4d30 FIX: Allow theme edit route name to be overridden 
This is required for the theme-creator plugin, this change won't have
any effect on regular Discourse installations
 2018-10-11 13:20:04 +01:00
Vinoth Kannan
6a444eee56
Merge pull request #6476 from vinothkannans/tl4-flag 
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
 2018-10-11 17:13:26 +05:30
Vinoth Kannan
227a49bb32 FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user 2018-10-11 17:11:46 +05:30
Bianca Nenciu
f1a52138d6 UX: Move Recently Used Devices to the bottom. (#6483) 2018-10-11 19:22:30 +08:00
Jeff Wong
b5b382dcd6 Feature: add boxes with subcategories option for desktop categories page (#6471) 
* Feature: add boxes with subcategories option for desktop categories page

* only add subclass div when subclasses exist
 2018-10-11 15:59:37 +08:00
Bianca Nenciu
6275e745a7 FIX: Fix open quote links in new window. (#6477) 2018-10-11 15:51:14 +08:00
Régis Hanol
09961fb425 FIX: properly escape name of custom emoji 2018-10-11 09:35:23 +02:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3." 
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
 2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Kyle Zhao
ffc241eb25
FIX: multiple loadScript to the same url may resolve prematurely (#6474) 
This is how `loadScript(url)` currently deals with multiple concurrent requests

1. Check existing `<script>` tags, and mark existing scripts (other than the 
   input `url`) as loaded
2. Find "true" `url` of the requested resource (CDN, subfolder path, etc)
3. Check if we have loaded the resource with that "true" `url`, and resolve 
   immediately if we have
4. Otherwise insert a `<script>` tag with the "true" `url` to load it

For example, in a subfolder install:

- Input `url` = `/javascripts/script.js`
- "True" `url` = `/subfolder/javascript/script.js`

And the _very_ subtle bug here is that we should use also use the true `url` 
for step (1), because:

- Since the input and true `url` are different, we mistakenly mark the true 
  `url` as loaded in step one 
- After finding the true `url`, and setting `loaded[trueUrl] = true` in (1), we
  resolve the promise prematurely, when the resource could still be loading
 2018-10-11 08:55:36 +08:00
Robin Ward
a566ed42ae FEATURE: Option to disable user presence and profile 
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
 2018-10-10 17:34:33 -04:00
Kris
34e8d17ad0 Fixing left alignment of post controls 2018-10-10 12:11:47 -04:00
David Taylor
98211f945f FIX: 'none' tag page would not load 2018-10-10 16:00:33 +01:00
Kris
94b115f7d9 increase contrast for $danger-medium on dark themes 2018-10-10 09:51:50 -04:00
Arpit Jalan
c84415b1f2 FEATURE: support category slug when creating new topic via URL 2018-10-10 17:06:02 +05:30
Guo Xiang Tan
ae6a5419e0 DEV: Report the backtrace as well. 2018-10-10 17:43:42 +08:00
Penar Musaraj
0ea8c1943f Let plugins decorate banner topic, fixes local dates in banners (#6452) 2018-10-10 17:27:23 +08:00
Kris
1f14fb5e1e Don't override category badge icon color in similar topic JIT 2018-10-09 15:38:49 -04:00