Robin Ward
afea20953f
FIX: Broken certificates
2019-10-24 14:13:27 -03:00
Roman Rizzi
3a73f29928
FIX: Rate limit and hijack certificate generation. ( #8215 )
...
To eliminate a DDOS attack vector, we're taking the following measures:
The endpoint will be rate-limited to 3 requests every 60 seconds (per user).
A 24 hours max-age cache header is sent with the response.
The route will be hijacked to generate the certificate in the background.
2019-10-22 15:39:58 -03:00
Krzysztof Kotlarek
5bcc1c1cd5
FIX: Narrative Bot certificates are ERB templates ( #8174 )
...
There are at least two ways of rendering templates outside of the controller. The first one is Rails way enabled with Rails 5 https://evilmartians.com/chronicles/new-feature-in-rails-5-render-views-outside-of-actions
The downside of this method is that all variables need to be passed as params (I could find a way to pass the whole context)
Another way is to use instance_eval described in Erubi documentation
https://github.com/jeremyevans/erubi#usage - it works perfectly fine, however, I didn't feel very confident about using eval unless necessary.
An additional benefit of using `ApplicationController.render` is that if Rails would change the ERB engine in the future, this code should still work.
If you want to test it on your local, you need to be signed in and then that two URLs are generating certificates:
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=standard&user_id=1
http://localhost:3000/discobot/certificate.svg?date=Oct+07+2019&type=advanced&user_id=1
Dev: https://dev.discourse.org/t/discourse-narrative-bot-should-not-be-storing-giant-strings/17130
2019-10-22 15:39:42 -03:00
Bianca Nenciu
3503271959
SECURITY: Escape email text for posts containing [details].
2019-06-26 16:45:25 +02:00
Neil Lalonde
6411810630
Update translations
2019-06-25 11:50:50 -04:00
Neil Lalonde
dbc59cfe61
Update translations
2019-06-17 13:25:37 -04:00
Joffrey JAFFEUX
32cd9ba59b
FIX: ensures local-dates modal is not taking full height on mobile ( #7772 )
2019-06-16 08:48:07 +02:00
Robin Ward
a8793d0d9a
REFACTOR: Test Memory Usage Fixes ( #7769 )
...
* Calling `Discourse.reset()` creates a new container
We should run our de-initializers only after acceptance tests,
since initializers are not run outside of acceptance tests anyway,
and the container at this point can be passed properly to the
`teardown()` method.
* Remove `Discourse.reset` from tests
This would cause a new container to be created which leaks many objects.
* `updateCurrentUser` is more accurate than `replaceCurrentUser`
2019-06-14 14:54:20 +02:00
Robin Ward
c322cccd53
FIX: Memory Leaks when decorating posts ( #7749 )
...
* Remove long-deprecated method
* FIX: Memory Leaks when decorating posts
Previously we'd keep creating mixins dynamically when decorating the
same class.
This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
Neil Lalonde
5d7e34e0ad
Update translations
2019-06-10 10:36:08 -04:00
Régis Hanol
84e5d58a0d
DEV: make prettier 💅 happy
2019-06-06 12:28:41 +02:00
Régis Hanol
c131903e56
FIX: clone dateTime before changing timezone
2019-06-06 11:16:58 +02:00
Joffrey JAFFEUX
b339d67401
DEV: refactors select-kit helper to prevent it to leak into global state ( #7708 )
2019-06-06 10:47:10 +02:00
Guo Xiang Tan
70b73c2159
DEV: Use proper heredoc name.
2019-06-04 16:31:18 +08:00
Bianca Nenciu
63e3d49508
DEV: Add test for poll plugin reduce_excerpt.
2019-06-04 16:30:15 +08:00
Neil Lalonde
dbfdce95c9
Update translations
2019-05-30 10:40:16 -04:00
Jeff Atwood
dc43828905
add trust level blog link to discobot PM welcome
2019-05-29 18:19:35 -07:00
Régis Hanol
0df5349dbf
FIX: ensure the post url is present
...
Also don't interpolate a string
2019-05-30 00:05:53 +02:00
Régis Hanol
a188d15b08
FIX: reduce poll when post is nil
2019-05-30 00:02:33 +02:00
Bianca Nenciu
227c45107d
FEATURE: Implement Onebox for posts including polls. ( #7539 )
2019-05-29 17:05:52 +02:00
Sam Saffron
1efed6e527
DEV: amend test for anonymous handling to use real data
...
Previously we relied on fabrication on anonymous, we can not get the
transaction commit pipeline to work as it does in production, cleanly
This amends it so our anonymous user is created using the core APIs
Signed-off-by: Sam Saffron <sam.saffron@gmail.com>
2019-05-29 15:05:37 +10:00
Bianca Nenciu
3a1d99577e
FIX: Replace details content with instruction.
2019-05-29 08:36:04 +08:00
Joffrey JAFFEUX
b98b994fe7
apply prettier on plugins ( #7605 )
2019-05-27 11:06:11 +02:00
Joffrey JAFFEUX
bfea922167
DEV: global s/this.get\("(\w+)"\)/this.$1 ( #7592 )
2019-05-27 10:15:39 +02:00
Gerhard Schlager
edc6ac0c66
Update translations
2019-05-21 00:04:37 +02:00
Gerhard Schlager
0afcad148a
DEV: Always use %{count} in pluralized strings
2019-05-20 23:26:22 +02:00
Gerhard Schlager
b788948985
FEATURE: English locale with international date formats
...
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
Gerhard Schlager
a58aa9b4bf
Update translations
2019-05-20 13:42:05 +02:00
Sam Saffron
3c1fa3910f
DEV: track the correct channel in specs
...
These tests are erratically failing due to distributed cache messages that
can land between tests
Ensure we are only looking for the correct messages
2019-05-20 18:27:09 +10:00
Sam Saffron
aeb7143aff
DEV: correct flaky poll specs
...
They were relying on a pristine message bus, however current implementation
still uses redis, stuff can get held up and we can end up publishing
distributed cache messages in the middle invalidating the tests
2019-05-17 16:16:02 +10:00
David Taylor
5605dba85c
DEV: Automatically annotate plugin models alongside core models
2019-05-13 16:37:47 +01:00
Guo Xiang Tan
c00dab89e4
Fix the build take 2.
2019-05-13 11:22:48 +08:00
Guo Xiang Tan
9059a8ca90
Fix the build.
2019-05-13 10:16:26 +08:00
Sam Saffron
30990006a9
DEV: enable frozen string literal on all files
...
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Guo Xiang Tan
41f4f9302d
UX: Rename discobot tutorial triggers.
...
We found the previous triggers less straight forward than just calling
it tutorial.
`start new user` -> `start tutorial`
`start new advanced user` -> `start advanced tutorial`
2019-05-10 09:08:16 +08:00
Joffrey JAFFEUX
f3a346464e
FIX: allTimezonesd was mistakenly removed ( #7513 )
2019-05-09 10:22:54 +02:00
Guo Xiang Tan
c72f16d927
Follow up to 329969ea20
.
2019-05-08 15:36:12 +08:00
Guo Xiang Tan
329969ea20
FIX: Discobot mention tutorial should be case insensitive.
2019-05-07 10:54:22 +08:00
Guo Xiang Tan
61cc0f8c5f
Follow up to 152238b4cf
.
2019-05-07 09:57:27 +08:00
Guo Xiang Tan
152238b4cf
DEV: Prefer public_send
over send
.
2019-05-07 09:33:21 +08:00
Joffrey JAFFEUX
1d784c7a18
FEATURE: adds support for dates in polls ( #7450 )
2019-04-29 10:01:19 +02:00
Tim Lange
d5d784b9f2
FIX: Narration Bot now gets site setting for automatic post deletion ( #7432 )
2019-04-25 07:29:20 +08:00
Joffrey JAFFEUX
0284910125
Update translations
2019-04-24 15:02:04 +02:00
Robin Ward
21b975e71a
FIX: Broken plugin spec
2019-04-23 15:29:26 -04:00
Kris
99efd12376
FIX: Url in Russian translation
2019-04-18 17:10:58 -04:00
Joffrey JAFFEUX
5c8213ffd3
removes debugging statement ( #7362 )
2019-04-11 15:02:38 +02:00
Joffrey JAFFEUX
7dd684744c
UX: sets min date on calendar when initial date is set ( #7361 )
2019-04-11 14:37:39 +02:00
Joffrey JAFFEUX
46dc38e5a5
UX: minor local-dates form improvements ( #7360 )
2019-04-11 14:03:53 +02:00
Joffrey JAFFEUX
7226240df3
UX: full revamp of local-dates form ( #7357 )
2019-04-11 11:14:34 +02:00
Joffrey JAFFEUX
ad5edc8bb1
UX: copy and formating improvements to local-dates form ( #7343 )
2019-04-09 10:33:01 +02:00