Commit Graph

42291 Commits

Author SHA1 Message Date
Neil Lalonde
b0f06b8ed0
FIX: don't allow category and tag tracking settings on staged users (#13688)
Configuring staged users to watch categories and tags is a way to sign
them up to get many emails. These emails may be unwanted and get marked
as spam, hurting the site's email deliverability.
Users can opt-in to email notifications by logging on to their
account and configuring their own preferences.

If staff need to be able to configure these preferences on behalf of
staged users, the "allow changing staged user tracking" site setting
can be enabled. Default is to not allow it.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-07-16 14:50:40 -04:00
Rafael dos Santos Silva
e12b00eab7
FEATURE: Stop checking referer for embeds (#13756)
Flips content_security_policy_frame_ancestors default to enabled, and
removes HTTP_REFERER checks on embed requests, as the new referer
privacy options made the check fragile.
2021-07-16 15:25:49 -03:00
Rafael dos Santos Silva
2fc0a3fd93
FEATURE: Enable client-side image optimization by default (#13724) 2021-07-16 15:23:04 -03:00
Rafael dos Santos Silva
216dc99f18
FIX: Media optimization setting was misnamed (#13766) 2021-07-16 15:13:16 -03:00
Andrei Prigorshnev
27b97e4f64
DEV: add pick-files-button component (#13764)
* DEV: add pick-files-button component
* Scope querySelector to the component, add removeEventListener, fix formatting
2021-07-16 21:50:50 +04:00
Rafael dos Santos Silva
366238bb81
FIX: Disable the post submit button during image processing properly (#13765)
There was a UI bug when submitting multiple files in the same batch. We
would remove the disabled status of the submit button after the previous
file was sucesfully uploaded and the next one was still mid
optimization.

Reported at https://meta.discourse.org/t/-/194841/15?u=falco
2021-07-16 14:19:59 -03:00
Dan Ungureanu
079d2af55f
FIX: Clear stale status of reloaded reviewables (#13750)
* FIX: Clear stale status of reloaded reviewables

Navigating away from and back to the reviewables reloaded Reviewable
records, but did not clear the "stale" attribute.

* FEATURE: Show user who last acted on reviewable

When a user acts on a reviewable, all other clients are notified and a
generic "reviewable was resolved by someone" notice was shown instead of
the buttons. There is no need to keep secret the username of the acting
user.
2021-07-16 19:57:12 +03:00
Mark VanLandingham
9b15affaae
DEV: Plugin outlet in topic-status component (#13763) 2021-07-16 11:10:35 -05:00
David Taylor
422fa1b1d8 FIX: Use correct setting for DiscourseConnect card background overrides 2021-07-16 16:19:09 +01:00
David Taylor
50b3d7708e DEV: Update discourse_connect_overrides_ setting copy 2021-07-16 16:19:09 +01:00
Penar Musaraj
438a762956
FEATURE: Add assistant to quick search widget (#13650)
Replaces the autocomplete overlay for categories and usernames on the search input and adds suggestions as items in the search results instead. Also adds the same behaviour for @mentions as well as special `in: status: order:` keywords. See PR for more details.
2021-07-16 11:08:20 -04:00
Penar Musaraj
361c8be547
PERF: Add scheduled job to delete old stylesheet cache rows (#13747) 2021-07-16 10:58:01 -04:00
Osama Sayegh
810892139b
FIX: Ascending/descending sorting in the group membership requests page
The `GroupsController#members` endpoint accepts a `desc` parameter to determine how members are sorted, but it's been deprecated in favor of a boolean `asc` parameter. However, in the frontend, specifically the group membership requests page was not updated entirely to use the `asc` param and it still passes a `desc` param when changing how group requests are sorted.

This commit updates the `group-requests` Ember controller so it passes a boolean `asc` param and removes all references of `desc`. The controller view/template has already been updated to use `asc`:

207c3085fc/app/assets/javascripts/discourse/app/templates/group-requests.hbs (L15-L16)
2021-07-16 11:02:24 +03:00
Andrei Prigorshnev
c4d7545f35
FIX: when updating timestamps on topic set a correct bump date (#13746)
There was a bug with changing timestamps using the topic wrench button. Under some circumstances, a topic was disappearing from the top of the latest tab after changing timestamps. Steps to reproduce:
- Choose a topic on the latest tab (the topic should be created some time ago, but has recent posts)
- Change topic timestamps (for example, move them one day forward):
- Go back to the latest tab and see that topic has disappeared.

This PR fixes this. We were setting topic.bumped_at to the timestamp user specified on the modal. This is incorrect. Instead, we should be setting topic.bumped_at to the created_at timestamp of the last regular (not a whisper and so on) post on the topic.
2021-07-16 11:56:51 +04:00
Penar Musaraj
207c3085fc
DEV: Refactor stylesheet live-reloading (#13755)
We have had reports of tabs freezing in Firefox, and reporting an error
in this line. I haven't been able to reproduce, but I suspect the
`forEach` loop is at the heart of the issue, so I have replaced it with
(hopefully) a safer call.

* More refactoring
* Do not reload stylesheets with unchanged filenames
* Select last matching stylesheet
2021-07-16 13:43:31 +10:00
Andrei Prigorshnev
1cadae3879
FIX: simplify and improve choosing favorite badges (#13743)
* No need to return anything except a status code from the server

* Switch a badge state before sending a request and then switch it back in case of an error
2021-07-16 11:13:00 +08:00
David Taylor
444e21b12d
FEATURE: Add 'users.list' API scope (#13742) 2021-07-16 11:10:04 +08:00
Osama Sayegh
7323c65d53
FIX: Debounce group name validation correctly (#13757) 2021-07-16 10:51:13 +08:00
Tobias Eigen
8bdec18d58
changed private message -> personal message (#13753)
We are trying to not use "private message" in the interface, in favor of "personal message", because of course admins can read all messages so they are not really private unless encrypted messaging is turned on..
2021-07-15 13:22:57 -07:00
Tobias Eigen
23773b3f19
updated copy for reply_as_new_group_message (#13754)
I changed from "Create a new private message with the same recipients" to "Create new message starting with same recipients". 

Wanting to remove "private message" because these messages are not private (admins can read them). Also want to communicate that this is a way to expand the conversation to new people without having to explicitly invite them to the current message, or give them access to the past discussions. 

ref: https://dev.discourse.org/t/bring-invite-to-message-in-line-with-new-invite-system/49578/12?u=tobiaseigen

ref: https://meta.discourse.org/t/how-do-you-add-another-person-to-a-private-message-when-its-already-sent/43357/8?u=tobiaseigen
2021-07-15 13:22:21 -07:00
Jarek Radosz
c458cebfc3
FIX: User's "Top badges" grid (#13752)
Fixes a regression introduced in #13719
2021-07-15 21:16:35 +02:00
Neil Lalonde
5f8fa976d4
Version bump to v2.8.0.beta3 (#13703) 2021-07-15 14:54:02 -04:00
David Taylor
8b89787426
SECURITY: Sanitize YouTube Onebox data (#13748)
CVE-2021-32764
2021-07-15 19:31:50 +01:00
Penar Musaraj
55bed48917
DEV: Remove stylesheet controller non-prod code (#13745) 2021-07-15 12:52:40 -04:00
Penar Musaraj
a23153fdca
FIX: Add order to outputted stylesheet link tags (#13735)
See PR for details. (Disabled by default in this commit.)
2021-07-15 12:51:46 -04:00
Vinoth Kannan
d6fc39c886
FEATURE: update existing users when group default notifications changed. (#13434)
Currently, the changes will only affect the users added after.
2021-07-15 19:53:57 +05:30
Joe
ebce983a26
DEV: pass more arguments to before-create-topic-button (#13740)
This commit passes a few more arguments to the `before-create-topic-button` outlet.

We need these arguments to avoid template overrides in themes.
2021-07-15 21:11:59 +08:00
Vinoth Kannan
74b3730143
DEV: return populated data at the end of the method. (#13739)
And some minor refactoring.
2021-07-15 17:45:32 +05:30
Andrei Prigorshnev
5cd447695e
FIX: problems with choosing favorite badges (#13731) 2021-07-15 14:51:44 +04:00
David Taylor
4ce58fbf0b
DEV: Improve rake release_note:generate date handling (#13726)
* DEV: Improve rake `release_note:generate` date handling

A commit-ish value like HEAD@{2021-01-01} is based on the **local state** of HEAD on that date. It does not use dates attached to commits.

Instead, the rake task now detects date-like strings and supplies them to `git log` via the `--after` and `--before` flags

* Skip printing plugin when there are no changes found

A list of skipped plugins is printed on a single line at the end of the output
2021-07-15 16:15:57 +10:00
Vinoth Kannan
76fe3a16a9
DEV: trigger new discourse events after_create_dev_record & after_populate_dev_records. (#13733)
After every new random record created using the `dev:populate` rake task a new Discourse event will be triggered. So the plugins can modify the records if needed.
2021-07-15 11:11:41 +05:30
Osama Sayegh
31aa701518
FEATURE: Add option to grant badge multiple times to users using Bulk Award (#13571)
Currently when bulk-awarding a badge that can be granted multiple times, users in the CSV file are granted the badge once no matter how many times they're listed in the file and only if they don't have the badge already.

This PR adds a new option to the Badge Bulk Award feature so that it's possible to grant users a badge even if they already have the badge and as many times as they appear in the CSV file.
2021-07-15 05:53:26 +03:00
Kris
0109edb847
UX: stop imgur/google photo mobile onebox overflow (#13738) 2021-07-15 09:14:05 +08:00
dependabot[bot]
ae33104702
Build(deps): Bump rubocop-ast from 1.7.0 to 1.8.0 (#13737)
Bumps [rubocop-ast](https://github.com/rubocop-hq/rubocop-ast) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/rubocop-hq/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop-ast/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-15 00:19:49 +02:00
Osama Sayegh
2484abddb6
FIX: Assets for the theme tests page are not compressed (#13736)
A couple of weeks we made a change that skipped compressing assets used by the theme qunit page: https://github.com/discourse/discourse/pull/13619. This is a follow-up PR to stop the application helper from generating the assets for the theme qunit page with `.br` or `.gzip` extensions when a site uses S3 as a CDN.
2021-07-14 22:52:35 +03:00
Penar Musaraj
f7ab852e12
FIX: Issues with custom icons in themes (#13732)
Fixes two issues:
- ignores invalid XML in custom icon sprite SVG file (and outputs an error if sprite was uploaded via admin UI)
- clears SVG sprite cache when deleting an `icons-sprite` upload in a theme
2021-07-14 15:18:29 -04:00
Penar Musaraj
7d43e51821
FIX: Remove button to dismiss theme error messages (#13734) 2021-07-14 15:17:32 -04:00
Vinoth Kannan
7605cbab27
DEV: Bump discourse_dev_assets to 0.0.3. (#13730)
Using `literate_randomizer` to generate random paragraph text.
2021-07-14 20:21:34 +05:30
Jarek Radosz
f89b135a21
FIX: user/badges grid fix (#13729)
No more special CSS just for this path.
2021-07-14 16:43:24 +02:00
Jarek Radosz
c750bfb4af
FIX: A memoization bug in UserLookup and refactor (#13692)
`@group_lookup` memoization bug was introduced in #13587.
2021-07-14 13:51:33 +02:00
Gerhard Schlager
2a95f892af
DEV: Update i18n:check rake task to detect invalid Markdown links (#13728)
In addition to that it fixes a problem where the check failed on empty locale files and allows calling the rake task with multiple locales.
2021-07-14 13:26:12 +02:00
Bianca Nenciu
2318bd66a7
FIX: Use array to keep best link for each onebox (#13717)
Use a Map to hold the best link element for each Onebox HTML element.

Using an Object did not work as intended because Object can use only
Strings or Symbols as keys. Using HTML elements (representing oneboxes)
as keys most probably converted them to some generic string and sometimes
different Oneboxes were associated same key. It seems to be browser and
content dependent, without any clear indication of what is happening
internally.

This bug caused link counts to show only for the last Onebox because
the best link from the last Onebox was considered for all the other
Oneboxes.
2021-07-14 12:51:55 +03:00
Kim Lindberger
7e52eada20
FIX: Use Terser for minification even if uglify-js is not available (#13683) 2021-07-14 14:20:57 +08:00
Jordan Vidrine
1fb48fc9a6
A11Y: Add labels where needed (#13686) 2021-07-14 14:19:21 +08:00
Jarek Radosz
a2425487b2
UX: Make sure there's always a margin on badges page (#13693) 2021-07-14 13:45:26 +08:00
Jarek Radosz
c3045e6828
FIX: Don't try to load badges if there none left (#13695)
Converted `actions` hash to `@action` and added:

```
if (!this.canLoadMore) {
  return;
}
```
2021-07-14 14:42:31 +10:00
Martin Brennan
068889cb5f
FIX: Email threads sometimes not grouping for group SMTP (#13727)
This PR fixes a couple of issues related to group SMTP:

1. When running the group SMTP job, we were exiting early if the email was for the OP because of an IMAP race condition. However this causes issues when replying as a new topic for an existing SMTP topic, as the recipient does not get the OP email which can cause threading problems.
2. When sending emails for a new topic spun out like the issue in 1., we are not maintaining the original subject/topic title because that is based on the incoming email record, which we were not doing because the group SMTP email was never sent because of issue 1.
2021-07-14 14:23:14 +10:00
Bianca Nenciu
d11fe6fde5
FIX: Use rem for font sizes in post headings (#13720)
Size of headings increased proportionally with their nesting because
their size was relative to the parent element (used em). This commit
makes headings from posts use rem instead which are relative to the
root HTML element.

<h1><div><h1>test</h1></div></h1> looks the same as <h1>test</h1> now.
2021-07-14 11:15:58 +10:00
Jarek Radosz
15320d432b
DEV: Make badges grid a grid (#13719)
Even grid gaps, more space for text, removed on-hover shadow

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2021-07-13 21:58:51 +02:00
jbrw
a64aea38b7
FIX: Don’t use user_generated images as avatar images in Oneboxed Twitter content (#13712)
By default, Twitter will return the URL for the avatar image of the tweet poster as the `og:image` value.

However, if the `user_generated` attribute is true, we should not use this as the avatar URL as this will be an URL of an image in the tweet itself (e.g., an image belonging to a tweeted news story).
2021-07-13 14:54:28 -04:00