Commit Graph

66 Commits

Author SHA1 Message Date
Blake Erickson
745d1de40c SECURITY: Use FinalDestination for topic embeds 2020-05-27 09:31:15 -06:00
Blake Erickson
7f6a321fec SECURITY: ensure embed_url contains valid http(s) uri 2020-05-22 15:15:44 -06:00
Penar Musaraj
99fd65328c FIX: Skip absolutizing URLs when source URI is invalid 2020-02-07 10:54:24 -05:00
Sam Saffron
0fb497eb23 DEV: use Discourse.cache over Rails.cache
Discourse.cache is a more consistent method to use and offers clean fallback
if you are skipping redis

This is part of a larger change that both optimizes Discoruse.cache and omits
use of setex on $redis in favor of consistently using discourse cache

Bench does reveal that use of Rails.cache and Discourse.cache is 1.25x slower
than redis.setex / get so a re-implementation will follow prior to porting
2019-11-27 12:36:19 +11:00
Daniel Waterworth
55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Krzysztof Kotlarek
427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
romanrizzi
d01c938e1a Revert "FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element."
This reverts commit 50afe59306.
2019-08-09 11:35:22 -03:00
romanrizzi
50afe59306 FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element. 2019-08-09 11:13:09 -03:00
Sam Saffron
2408d55551 FIX: embedding topics would fail with some HTML
When truncating content we try to search for first paragraph, if HTML had
no P it would fallback to first div which may have nested elements.
2019-08-07 12:45:55 +10:00
Kyle Zhao
0e1d6151b9 FIX: Frozen string error in TopicEmbed.import (#7938)
When `SiteSetting.embed_truncate` is enabled (by default), the truncated
string is mutatable and does not raise an error.

However, when the setting is disabled, the `contents` string is frozen
and immutable, and will raise a `FrozenError`.
2019-07-25 09:21:01 -04:00
Guo Xiang Tan
d369b84ced Fix modifying frozen strings error. 2019-05-13 14:31:20 +08:00
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Maja Komel
6c8069c65a FIX: properly escape embed url 2019-01-07 18:11:43 +01:00
Kyle Zhao
e25a6e085e FIX: drop title updates through RSS feeds
can create an update loop
2018-08-28 16:25:04 +10:00
Guo Xiang Tan
932195d828 DEV: Update test case for TopicEmbed. 2018-08-24 09:42:12 +08:00
Kyle Zhao
baf413d527 FIX: update TopicEmbed's title and user correctly 2018-08-21 18:31:01 +08:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Kyle Zhao
0cc4b42180 FIX: TopicEmbed.import should update title and author 2018-05-02 17:12:31 +10:00
Arpit Jalan
12706c4b29 FEATURE: support markdown rendering for embedded posts 2018-03-11 08:00:48 +05:30
Gerhard Schlager
5a56746610 FIX: Embedded topic was not found when URL contained query string 2018-02-14 00:28:30 +01:00
Arpit Jalan
9030d3ef63 FIX: do not create duplicate topics
https://meta.discourse.org/t/duplicate-http-https-topics-are-randomly-created/77190
2018-01-04 23:53:52 +05:30
Gerhard Schlager
e30851e45a Move escape_uri method to a more suitable place 2017-12-12 20:17:46 +01:00
Guo Xiang Tan
367fb1c524 FIX: Onebox fails on encoded URL.
https://meta.discourse.org/t/onebox-breaks-if-theres-chinese-text-in-url/67364
2017-09-26 18:34:54 +08:00
Gerhard Schlager
6f6b47f096 FIX: do not escape already escaped chars in URL 2017-09-22 17:36:44 +02:00
Gerhard Schlager
1a435414d5 FIX: handle URL encoded email addresses 2017-09-22 14:26:06 +02:00
Guo Xiang Tan
b84e87dedd FIX: Don't raise an error if URL timesout. 2017-08-10 12:58:56 +09:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward
39e1948174 FIX: If the error is 401 unauthorized or such, just do nothing 2017-05-25 15:42:05 -04:00
Arpit Jalan
aeead60036 FIX: make TopicEmbed trashable 2017-04-25 18:40:39 +05:30
Robin Ward
dad57fa033 FIX: More errors with non-ascii URLs 2017-03-07 11:21:41 -05:00
Robin Ward
cd571b26ba FIX: Allow Safe Redirections in Topic Embedding 2016-09-15 13:56:59 -04:00
Robin Ward
7da44e3bf0 FEATURE: Support author meta tags for embedding 2016-08-30 12:01:04 -04:00
Robin Ward
c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Robin Ward
884bdf7240 FEATURE: Ability to scrub titles when importing embeddable content 2016-08-22 12:43:02 -04:00
Robin Ward
e2b5919579 FIX: Don't normalize URLs before fetching them, only for saving them 2015-11-06 16:25:11 -05:00
kerryliu
b7803fc68e FIX: allow emoji class when crawling embedded content, add rspc-html-matchers 2015-11-05 18:51:26 -08:00
Sam
c1ecd6f4ce update annotations 2015-09-18 10:41:10 +10:00
Robin Ward
d1c69189f3 FEATURE: Can edit category/host relationships for embedding 2015-08-20 15:56:04 -04:00
Robin Ward
fb8ba5e137 FIX: PG::UniqueViolation when trying to use the same embed code
Previously providing an embed code already in use would result in
a logged server error. After this commit the error is gracefully
bubbled up from the `PostCreator`
2015-06-15 12:09:59 -04:00
Robin Ward
edae9d7ad9 FIX: Sometimes contents is nil, don't break in that case. 2015-05-06 12:40:24 -04:00
Will Jordan
bbfa5c7df1 Fix NoMethodError in TopicEmbed#find_remote
Stop TopicEmbed#find_remote from generating `NoMethodError: undefined method `empty?' for nil:NilClass` exceptions
2015-04-22 16:52:02 -07:00
Régis Hanol
e7f251c105 LOTS of changes to properly handle post/topic revisions
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
Sam
414c6d191f FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 15:19:25 +10:00
Akshay
3fd784b513 removed useless assignments at some places 2014-08-19 18:10:23 +05:30
Robin Ward
77d68ccf08 FIX: Robin is fired for the typo 2014-05-08 16:44:32 -04:00
Robin Ward
44ed0d5232 FIX: Even more safety, the topic must exist as well. 2014-05-08 16:41:25 -04:00
Robin Ward
5fb962a65f FIX: Some extra safety - in the case that an imported post was deleted,
don't error out of the PollFeed job
2014-05-08 16:27:17 -04:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam
e5f41b8a21 FEATURE: whitelist and blacklist selectors for embeds 2014-04-15 14:07:30 +10:00
Robin Ward
ce40a27274 FIX: If there is an invalid URI in the import, don't throw an error 2014-04-09 11:04:45 -04:00