Commit Graph

5030 Commits

Author SHA1 Message Date
Robin Ward
fe8bd92f71 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
Gerhard Schlager
b549cab2ad FIX: Don't send notification email when user isn't allowed to see topic 2019-07-02 09:05:36 +10:00
Neil Lalonde
6411810630 Update translations 2019-06-25 11:50:50 -04:00
Neil Lalonde
dbc59cfe61 Update translations 2019-06-17 13:25:37 -04:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Robin Ward
89e0d8c521 FIX: There is new behavior on a live site, staff are granted access. 2019-06-17 08:17:39 -04:00
AhmadF.Cheema
c5dec04970 Fix minor typos in server.en.yml 2019-06-12 09:14:22 -04:00
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Guo Xiang Tan
9d0fba64c0 FIX: Use attachment format in user export system post take 2. 2019-06-11 12:15:11 +08:00
Guo Xiang Tan
a112259c66 DEV: Missed a spot in 658c6e0caf. 2019-06-11 11:41:28 +08:00
Guo Xiang Tan
658c6e0caf FIX: Use attachment format in user export system post. 2019-06-11 11:33:01 +08:00
Robin Ward
bdfa55ee5d UX: Copyedits on reviewable filters 2019-06-10 13:45:38 -04:00
Robin Ward
8b31b812f8 UX: Use a glyph to indicate a new topic instead of "New Topic:"
In the review queue it was easy to miss "New Topic:" so let's try a font
awesome glyph instead.
2019-06-10 12:43:20 -04:00
Neil Lalonde
5d7e34e0ad Update translations 2019-06-10 10:36:08 -04:00
Arpit Jalan
9acd851b9a FIX: correct link to list of watched words 2019-06-06 20:21:54 +05:30
Robin Ward
58ff7216ca UX: Display "Queued Topic" if a Queued Post will create a topic 2019-06-05 14:11:28 -04:00
Robin Ward
d902c4eb9f FEATURE: Can sort reviewable queue
Choices are Priority / Created At (and desc versions.)
2019-06-05 13:21:05 -04:00
Robin Ward
f1d547c301 FEATURE: Show "in reply to" on the review queue
We now show if a queued or flagged post is a reply to another when in
the review queue. It's especially helpful for queued posts where
normally they are linked to the topic where they are created, and you
have no context about the reply.

Note that this will only apply to new queued posts going forward.
Previously queued posts will not show the "in reply to"
2019-06-05 12:34:41 -04:00
Kris
cdd2c8ef4a TYPO: Don't say code twice 2019-06-05 12:12:09 -04:00
Régis Hanol
32f878db69
COPY: remove unnecessary "title" in links to topics on meta
Follow-up to 969d6af88e
2019-06-05 11:29:41 +02:00
Arpit Jalan
e7fe7010b8
FIX: use hijack for processing bulk invites (#7679)
FIX: do not store bulk invite CSV file on server
2019-06-04 20:19:46 +05:30
Neil Lalonde
ecc9c76692
FEATURE: dynamically update the topic heat settings monthly (#7670)
The site settings beginning with "topic views heat" and "topic post like
heat" are set to defaults when installing Discourse, but there has not
been a process or guidance for updating these values based on
community activity.

This feature will update them once a month. The low, medium, and
high settings will be based on the minimums of the 45th, 25th, and
10th percentile topics respectively, so that 45% of topics will have
some "heat".

Disable automatic changes with the automatic_topic_heat_values setting.
2019-06-04 10:34:07 -04:00
Joffrey JAFFEUX
4fe885dedf
FIX: corrects description as it's not unique (#7688) 2019-06-04 15:39:09 +02:00
Joffrey JAFFEUX
b79d02ff48
FEATURE: displays average for 2 columns tables which support average 2019-06-04 11:08:26 +02:00
Maja Komel
c9a34aa10c FIX: add title attribute for notifications 2019-06-04 17:02:12 +08:00
Maja Komel
87d3b86484 FIX: better error message when user without permissions replies via email 2019-06-04 16:39:41 +08:00
Jeff Atwood
969d6af88e copyedit on theme wizard step 2019-06-03 09:42:04 -07:00
Penar Musaraj
16982d2a69
Update UI for wizard themes further reading step (#7669) 2019-06-03 10:47:17 -04:00
David Taylor
5e61893cb2 FIX: Display generic descriptor for associated account with no info 2019-06-03 12:14:02 +01:00
David Taylor
7500eed4c0
FEATURE: Multi-file javascript support for themes (#7526)
You can now add javascript files under `/javascripts/*` in a theme, and they will be loaded as if they were included in core, or a plugin. If you give something the same name as a core/plugin file, it will be overridden. Support file extensions are `.js.es6`, `.hbs` and `.raw.hbs`.
2019-06-03 10:41:00 +01:00
Dan Ungureanu
c1e7a1b292 UX: Merge settings related to muted tags. (#7656) 2019-06-03 12:23:23 +10:00
Sam Saffron
ee1e21b401 DEV: continue granting discourse.org pagerank by default
We can discuss on meta if it makes sense to strip this
2019-06-03 12:05:41 +10:00
Kris
98336de266 UX: Cleanup crawler styles, improve schema.org markup (#7668)
* Cleaning up crawler styles, improving some schema.org markup

* Cleaning up crawler styles, improving some schema.org markup

* additional styling

* add space for pagination
2019-06-03 12:03:16 +10:00
Arpit Jalan
b893e9fcbb Fix the build. 2019-06-02 15:20:53 +05:30
Jeff Atwood
b4c1a367ed minor copyedit on watched word review 2019-06-02 01:48:48 -07:00
Sam Saffron
3b8819f0ab FEATURE: add support for defer topic functionality
This feature allows end users to "defer" topics by marking them unread

The functionality is default disabled. This also introduces the new site
setting default_other_enable_defer: to enable this by default on new user
accounts.
2019-05-31 15:44:35 +10:00
Gerhard Schlager
1af9cfa244 Add comments to help translators with Message Format 2019-05-30 22:22:24 +02:00
Neil Lalonde
dbfdce95c9 Update translations 2019-05-30 10:40:16 -04:00
Bianca Nenciu
8196af165d FIX: Add Chromebook detection. 2019-05-30 16:29:51 +03:00
Dan Ungureanu
8728850452 FEATURE: Mute topics tagged with both muted and unmuted tags. 2019-05-30 07:58:17 +08:00
Penar Musaraj
a93aa5bbce Add "further reading for themes" step to wizard 2019-05-29 08:28:03 +08:00
Osama Sayegh
f3c07e27d9
FIX: correct translations for logs error rate notice (#7622)
The problem here is that hour and minute were passed to the %{duration} variable which made them impossible to translate in other languages.

I wonder if it's worth having 2 almost identical translations just for "reached" and "exceeded"? Perhaps we could combine them in one copy?
2019-05-28 22:10:51 +03:00
Jeff Atwood
03e98164cb copyedit, remove needless colons 2019-05-28 00:15:47 -07:00
Régis Hanol
9568f25882
TYPO: punctiation -> punctuation
Thanks to @yarons.
2019-05-27 22:57:23 +02:00
Penar Musaraj
dfcc2e7ad8 Revert "FEATURE: Send notification when member was accepted to group. (#7503)"
This reverts commit 42c82d544e.
2019-05-27 15:19:59 -04:00
Robin Ward
d95a68b837 FEATURE: When suspending a user, allow the Delete + Replies action
Previously you could only delete the post
2019-05-27 12:27:16 -04:00
Bianca Nenciu
42c82d544e
FEATURE: Send notification when member was accepted to group. (#7503) 2019-05-27 17:28:41 +03:00