Jeff Atwood
afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post
...
FIX: disable flagging hidden posts
2018-11-05 11:05:32 -08:00
Penar Musaraj
7b3432f711
Enforce disabling flagging hidden posts server-side
2018-11-05 10:00:59 -05:00
Joffrey JAFFEUX
78954672f9
FIX: uses hex to compare images
...
It prevents some terminals from crashing in case of errors and dumping the whole file content into the terminal.
2018-11-05 09:47:15 -05:00
Maja Komel
1ac3e5473a
FIX: don't strip eml attachments from received emails
2018-11-05 09:35:22 +01:00
Sam
d84256a876
FEATURE: add Noindex to robots.txt for disallowed routes
...
This strips pages out of indexes that should not exist see:
https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Kyle Zhao
f9b36820ef
FIX: only extract script tags with certain types ( #6553 )
...
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
2018-11-01 16:01:46 -04:00
Robin Ward
ec91450aae
FEATURE: Track how many user flags are agreed/disagreed/ignored
...
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
ceafcbc898
FEATURE: show added date when looking at group members
2018-11-01 15:33:28 +11:00
Sam
aa044623bd
FIX: do not create superflous sessions when logged on
...
In some SSO implementations we may want to issue SSO pipelines for
already logged on users
In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
Sam
23423ba112
correct spec and error reporting
...
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Bianca Nenciu
e0ccd36dbe
FEATURE: Suspicious logins report. ( #6544 )
2018-10-30 22:51:58 +00:00
Bianca Nenciu
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Sam
9933059426
FEATURE: push related PMs to take first 3 slots
...
Previously the related PMs were last meaning you would have to work through
all unread to see them.
Also amends it so it either asks for related by group OR user not both.
2018-10-29 10:47:59 +11:00
Rafael dos Santos Silva
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report
2018-10-26 15:59:04 +02:00
Penar Musaraj
ed9c21e42c
FEATURE: hide muted categories from /categories list ( #6531 )
2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926
Only check for suspicious login for staff members
2018-10-26 00:29:28 +02:00
Régis Hanol
306d77b54f
FIX: don't use srcset on cropped thumbnails
2018-10-25 16:08:10 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts ( #6528 )
...
* wizard page inline js
* print topic inline js
* drop JS for preventing double submission
this is the default behavior with Rails' UJS `disable_with` helper
* omniauth complete redirect JS
* account activate inline js
2018-10-25 09:52:01 -04:00
David Taylor
56e0f47bcd
FIX: Do not update last_seen for API access
...
This regressed in 2dc3a50
2018-10-25 13:38:57 +01:00
Bianca Nenciu
effbef7d0b
UX: Use user locale for locations. ( #6527 )
...
* UX: Use user locale for locations.
* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Régis Hanol
addf6f6d17
FIX: support comma in 'sso_provider_secrets' site setting
2018-10-24 21:23:18 +02:00
Sam
e955a7b49d
Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )""
...
This reverts commit 322b27b6dc
2018-10-24 15:14:01 +11:00
Sam
322b27b6dc
Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )"
...
This reverts commit 63356d883e
2018-10-24 15:03:58 +11:00
Kyle Zhao
63356d883e
FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )
2018-10-24 14:34:10 +11:00
Sam
5fd94d3211
PERF: limit unread count to 99 in blue circle
...
This revises: e605542c4e
2018-10-24 12:10:27 +11:00
Daniel Hollas
cee51672c9
FIX: Strip accents from search query
...
4481836
2018-10-23 12:10:33 +11:00
Sam
b74dd7d379
FIX: stop logging every 404 error when searching for gravatars
2018-10-23 11:43:14 +11:00
Sam
adab7a3a48
improve test, also ensure no zero size is generated
2018-10-23 08:50:07 +11:00
Sam
bea8d337b2
DEV: ensure resizing test does not raise bad error
...
Current resizing test was showing binary diff in terminal and failing
in latest image magick 7, this fixes both issues
2018-10-23 08:45:06 +11:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy ( #6514 )
...
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
Bianca Nenciu
99b43f281b
FIX: Fix browser detection for Microsoft Edge. ( #6516 )
...
cool!
2018-10-22 23:15:41 +11:00
David Taylor
3377f26eba
FIX: Clean tag before searching for matches
2018-10-22 11:09:06 +01:00
Arpit Jalan
ce0a51665e
FIX: count emoji shortcuts in topic title
...
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao
dca830cb73
Revert "FEATURE: [Experimental] Content Security Policy ( #6504 )"
...
This reverts commit fb8231077a
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy ( #6504 )
2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers ( #6512 )
...
* FIX: Prevent duplicate tags in tag-choosers
This reverts 5685b455685b45
2018-10-19 13:44:43 +01:00
Guo Xiang Tan
65faff5832
DEV: Improve specs to provide a better error message.
2018-10-19 14:31:17 +08:00
Sam
9bfc939692
cleanup so gravatar download failures are consistent
...
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Blake Erickson
f1ba981ae9
Improve add user to group spec for uppercase usernames
...
Oops forgot to check for this. See previous commit for more details.
2018-10-18 13:32:36 -06:00
Blake Erickson
93485facaf
FIX: lowercase username for add/rem group members
...
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Régis Hanol
3973823a33
FIX: always update 'last_gravatar_download_attempt' when updating gravatar
2018-10-18 11:02:54 +02:00
Guo Xiang Tan
bbf542da01
DEV: Prefer <<~ over <<.
2018-10-18 14:17:30 +08:00
Kyle Zhao
0f1afad6da
FIX: extracted theme JavaScripts for multisite ( #6502 )
...
* FIX: extracted theme javascripts for multisite
* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Bianca Nenciu
f60b10d090
UX: Warn users if the post that's currently edited has changed. ( #6498 )
2018-10-17 15:35:32 +02:00
