Bianca Nenciu
2c9d76e510
FIX: Use specified limit option in user search ( #20020 )
2023-01-26 16:17:15 +02:00
Natalie Tay
d5745d34c2
SECURITY: Limit the character count of group membership requests ( #19993 )
...
When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.
Co-authored-by: Ted Johansson <ted@discourse.org>
2023-01-25 13:50:33 +02:00
dependabot[bot]
3866867e45
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts ( #19982 )
2023-01-24 22:51:23 +01:00
dependabot[bot]
69c7f676ea
Build(deps): Bump ember-auto-import in /app/assets/javascripts ( #19981 )
2023-01-24 22:50:05 +01:00
Kris
75032f4752
UX: remove extra whitespace in search helper ( #19980 )
2023-01-24 15:27:05 -05:00
Kris
e71bf672cb
UX: prevent user card status overflow ( #19979 )
2023-01-24 13:58:24 -05:00
Kris
4da8e15801
A11Y: discourse-tags should have a role and label ( #19977 )
2023-01-24 13:04:32 -05:00
Kris
a57d6a0f75
A11Y: add aria-labels for flagging textareas ( #19938 )
2023-01-24 09:49:15 -05:00
Jarek Radosz
17deb79fcb
DEV: Fix random typos ( #19973 )
2023-01-24 15:41:01 +01:00
Aleksey Bogdanov
1bc39c1a4f
FIX: text selection breaks opening of links in new tabs ( #19867 )
...
When a user checks "Open all external links in a new tab" preference
he expects not to be overruled by unrelated text selections.
Yet if text is selected during a link click the link is followed on
the same tab. This change corrects that.
2023-01-24 14:17:03 +01:00
David Taylor
48713653df
DEV: Add failing test for api.modifyClass
with native getters ( #19911 )
...
https://meta.discourse.org/t/251793/8
2023-01-24 10:41:48 +00:00
Krzysztof Kotlarek
ac4ee1a3d4
FIX: TL4 user is not redirected to latest when delete topic ( #19967 )
...
Continue of https://github.com/discourse/discourse/pull/19766
When TL4 is allowed to delete topic, they should not be redirected to / after that action.
2023-01-24 11:28:04 +11:00
dependabot[bot]
bc9874033f
Build(deps): Bump qunit from 2.19.3 to 2.19.4 in /app/assets/javascripts ( #19962 )
2023-01-23 23:52:22 +01:00
Kris
239815c4a4
UX: fixes and adjustments for user nav ( #19954 )
2023-01-23 14:28:55 -05:00
Jordan Vidrine
b26e0dcf35
UX: Set penalty history to sticky ( #19933 )
2023-01-23 07:14:23 -06:00
dependabot[bot]
54e5a2e4c4
Build(deps): Bump sass from 1.57.0 to 1.57.1 in /app/assets/javascripts ( #19538 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.57.0...1.57.1 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 23:36:16 +01:00
dependabot[bot]
f81c94637a
Build(deps): Bump ember-rfc176-data in /app/assets/javascripts ( #19925 )
...
Bumps [ember-rfc176-data](https://github.com/ember-cli/ember-rfc176-data ) from 0.3.17 to 0.3.18.
- [Release notes](https://github.com/ember-cli/ember-rfc176-data/releases )
- [Changelog](https://github.com/ember-cli/ember-rfc176-data/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ember-cli/ember-rfc176-data/compare/v0.3.17...v0.3.18 )
---
updated-dependencies:
- dependency-name: ember-rfc176-data
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:56:17 +01:00
dependabot[bot]
9be9f97373
Build(deps): Bump @babel/standalone in /app/assets/javascripts ( #19945 )
...
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone ) from 7.20.12 to 7.20.13.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.20.13/packages/babel-standalone )
---
updated-dependencies:
- dependency-name: "@babel/standalone"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:53:57 +01:00
dependabot[bot]
36447fb043
Build(deps): Bump jsdom from 21.0.0 to 21.1.0 in /app/assets/javascripts ( #19944 )
...
Bumps [jsdom](https://github.com/jsdom/jsdom ) from 21.0.0 to 21.1.0.
- [Release notes](https://github.com/jsdom/jsdom/releases )
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md )
- [Commits](https://github.com/jsdom/jsdom/compare/21.0.0...21.1.0 )
---
updated-dependencies:
- dependency-name: jsdom
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:39:36 +01:00
Kris
f7907a3645
A11Y: remove heading tags from user profile ( #19935 )
2023-01-20 12:27:07 -05:00
Kris
1521bace4f
A11Y: add secondary skip link to user profiles ( #19926 )
2023-01-20 10:30:57 -05:00
Ted Johansson
90d452ab6c
FIX: Don't display staff-only options to non-staff in group member bulk menu ( #19907 )
...
In the group member bulk edit menu we are displaying staff-only options
to non-staff. The requests are blocked by the back-end, so there is no
harm other than to the user experience.
Notably the individual user edit menu is correctly filtering out
unavailable options. This change brings the bulk edit menu in line with
that.
2023-01-20 11:16:04 +08:00
Krzysztof Kotlarek
b05f193cf0
FIX: move min tag setting to tags section in edit category ( #19789 )
...
`Minimum number of tags required in a topic` should be in `Tags` panel instead of `Settings`
2023-01-20 13:30:39 +11:00
Isaac Janzen
292d3677e9
FEATURE: Allow admins to permanently delete revisions ( #19913 )
...
# Context
This PR introduces the ability to permanently delete revisions from a post while maintaining the changes implemented by the revisions.
Additional Context: /t/90301
# Functionality
In the case a staff member wants to _remove the visual cue_ that a post has been edited eg.
<img width="86" alt="Screenshot 2023-01-18 at 2 59 12 PM" src="https://user-images.githubusercontent.com/50783505/213293333-9c881229-ab18-4591-b39b-e3419a67907d.png ">
while maintaining the changes made in the edits, they can enable the (hidden) site setting of `can_permanently_delete`.
When this is enabled, after _hiding_ the revisions
<img width="149" alt="Screenshot 2023-01-19 at 1 53 35 PM" src="https://user-images.githubusercontent.com/50783505/213546080-2a9e9c55-b3ef-428e-a93d-1b6ba287dfae.png ">
there will be an additional button in the history modal to <kbd>Delete revisions</kbd> on a post.
<img width="997" alt="Screenshot 2023-01-19 at 1 49 51 PM" src="https://user-images.githubusercontent.com/50783505/213546333-49042558-50ab-4724-9da7-08bacc68d38d.png ">
Since this action is permanent, we display a confirmation dialog prior to triggering the destroy call
<img width="722" alt="Screenshot 2023-01-19 at 1 55 59 PM" src="https://user-images.githubusercontent.com/50783505/213546487-96ea6e89-ac49-4892-b4b0-28996e3c867f.png ">
Once confirmed the history modal will close and the post will `rebake` to display an _unedited_ post.
<img width="868" alt="Screenshot 2023-01-19 at 1 56 35 PM" src="https://user-images.githubusercontent.com/50783505/213546608-d6436717-8484-4132-a1a8-b7a348d92728.png ">
see that there is not a visual que for _revision have been made on this post_ for a post that **HAS** been edited. In addition to this, a user history log for `purge_post_revisions` will be added for each action completed.
# Limits
- Admins are rate limited to 20 posts per minute
2023-01-19 15:09:01 -06:00
Kris
f66e798ed7
A11Y: more descriptive user page titles ( #19819 )
2023-01-19 12:45:45 -05:00
Kris
20f5a69427
UX: add missing space and other minor search adjustments ( #19899 )
2023-01-18 09:40:38 -05:00
Kris
145d2baa14
A11Y: add aria tags to the new user nav ( #19774 )
2023-01-17 12:18:16 -05:00
David Taylor
011c9b9973
DEV: Use message-bus chunked encoding in development ( #19878 )
...
This was previously disabled because of incompatibility with the ember-cli proxy. This commit fixes that incompatibility, and restores the development behaviour to match production.
There were three issues at play:
1. Our bootstrap-js addon handles the forwarding of most requests in the ember-cli proxy. This is not built to handle streaming responses. Solution: skip our custom request processing for `/message-bus/*` and use ember-cli's default `http-proxy`.
2. The request/response size-limiting middleware (`rawMiddleware`) would apply even to unhandled paths, causing request and response bodies to be buffered. Solution: skip it for any paths which are not handled by our custom addon.
3. Expressjs servers will buffer/compress responses. Solution: add `Cache-Control: no-transform` to message-bus responses. For now I've done this in development only, but it may be useful to add it to message-bus's default headers in future
2023-01-17 09:54:33 +00:00
David Taylor
624f4a7de9
Drop support for iOS < 15.7 ( #19847 )
...
https://meta.discourse.org/t/224747
2023-01-16 17:28:59 +00:00
chapoi
d59ed1cbfe
UX: fix alignment issues with autocomplete ( #19828 )
2023-01-16 09:09:23 +11:00
dependabot[bot]
9ed4550b86
Build(deps): Bump eslint in /app/assets/javascripts ( #19873 )
...
Bumps [eslint](https://github.com/eslint/eslint ) from 8.31.0 to 8.32.0.
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v8.31.0...v8.32.0 )
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-15 22:32:00 +01:00
Joffrey JAFFEUX
a444023113
DEV: adds row index support ( #19871 )
...
This commits adds a data-index attribute on each `select-kit-row` DOM node and also makes available `this.index` in each `select-kit-row` template.
2023-01-13 16:39:21 +01:00
Joffrey JAFFEUX
f525f722ea
DEV: adds expandedOnInsert option to sk ( #19870 )
...
Allows to display a select-kit component expanded by default.
Usage:
```
<SingleSelect
@value={{this.value}}
@content={{this.content}}
@options={{hash expandedOnInsert=true}}
/>
```
2023-01-13 16:13:13 +01:00
dependabot[bot]
5cd136510a
Build(deps): Bump message-bus-client in /app/assets/javascripts ( #19864 )
...
Bumps [message-bus-client](https://github.com/discourse/message_bus ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/discourse/message_bus/releases )
- [Changelog](https://github.com/discourse/message_bus/blob/main/CHANGELOG )
- [Commits](https://github.com/discourse/message_bus/compare/v4.3.1...v4.3.2 )
---
updated-dependencies:
- dependency-name: message-bus-client
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-13 12:22:00 +00:00
Alan Guo Xiang Tan
5db72f8daf
FIX: Preload user sidebar attrs when ?enable_sidebar=1
( #19843 )
...
This allows users to preview the sidebar even when
`SiteSetting.naviation_menu` is set to `false`.
2023-01-13 06:47:58 +08:00
Isaac Janzen
28078d78e2
DEV: Make 'username' optional for bookmark notifications ( #19851 )
...
Data Explorer queries have a `user_id` assigned to each query created. DE Reports can be bookmarked for later reference.
When creating the bookmark notification there was the possibility of a notification error being thrown (that made the notification menu inaccessible) due to a DE Query not having a owner (associated user_id). This can happen in a couple ways:
- having a query created by a user that was then later deleted leaving the query without ownership
- having a TA create a query for a customer using a temporary account, that would then later be deleted leaving the query without ownership
Since there is a case that `bookmark.user` is not valid the PR makes the `bookmark.user.username` optional for a bookmark notification. As [tested](https://github.com/discourse/discourse/pull/19851/files#diff-5b5154de37f96988d551feff6f1dfe5ba804fbcbc1c33b5478dde02a447a634f ) in the case a username is not present, we will still render the `content` of the notification minus the username. This creates a safe fallback when looking up non-valid users.
2023-01-12 12:22:11 -06:00
dependabot[bot]
1a759fd75f
Build(deps): Bump @ember/render-modifiers in /app/assets/javascripts ( #19832 )
...
Bumps [@ember/render-modifiers](https://github.com/emberjs/ember-render-modifiers ) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/emberjs/ember-render-modifiers/releases )
- [Changelog](https://github.com/emberjs/ember-render-modifiers/blob/master/CHANGELOG.md )
- [Commits](https://github.com/emberjs/ember-render-modifiers/compare/v2.0.4...v2.0.5 )
---
updated-dependencies:
- dependency-name: "@ember/render-modifiers"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 10:47:23 +01:00
Martin Brennan
21a95b000e
DEV: Remove defunct TODOs ( #19825 )
...
* Firefox now finally returns PerformanceMeasure from performance.measure
* Some TODOs were really more NOTE or FIXME material or no longer relevant
* retain_hours is not needed in ExternalUploadsManager, it doesn't seem like anywhere in the UI sends this as a param for uploads
* https://github.com/discourse/discourse/pull/18413 was merged so we can remove JS test workaround for settings
2023-01-12 09:41:39 +10:00
Isaac Janzen
92bb728fe5
DEV: Add search suggestions for tag-intersections ( #19777 )
...
Added `tagIntersection` search context for handling search suggestions on tag intersection and tag+category routes.
# Tag & Category Route Search Suggestions
eg. /tags/c/general/5/updates
### Before
<img width="422" alt="Screenshot 2023-01-06 at 2 58 50 PM" src="https://user-images.githubusercontent.com/50783505/211098933-ade438c6-5008-49ce-9a90-c8200ec5fe00.png ">
### After
<img width="359" alt="Screenshot 2023-01-06 at 3 00 35 PM" src="https://user-images.githubusercontent.com/50783505/211099183-c3feaeac-8661-47ed-843c-da9d9fb78e9e.png ">
# Tag Intersection Route Search Suggestions
eg. /tags/intersection/updates/foo
### Before
<img width="421" alt="Screenshot 2023-01-06 at 3 02 23 PM" src="https://user-images.githubusercontent.com/50783505/211099435-e8fc6d87-2772-45b5-b455-1831f80eab3a.png ">
### After
<img width="362" alt="Screenshot 2023-01-09 at 2 02 09 PM" src="https://user-images.githubusercontent.com/50783505/211397349-acb350f7-8e6a-4d9f-a749-8292e49400d9.png ">
I defaulted to using `+` as a separator for tag intersections. The reasoning behind this is that we don't make the tag intersection routes easily accessible, so if you are going out of your way to view multiple tags, you are most likely going to be searching by **both** of those tags as well.
# General Search
Introducing flex wrap removes whitespace causing a [test](https://github.com/discourse/discourse/pull/19777/files#diff-5d3d13fabc1a511635eb7471ffe74f4d455d77f6984543c2be6ad136dfaa6d3aR813 ) to fail, but to remedy this I added spacing to the `.search-item-prefix` and `.search-item-slug` which achieves the same thing.
### After
<img width="359" alt="Screenshot 2023-01-09 at 2 04 54 PM" src="https://user-images.githubusercontent.com/50783505/211397900-60220394-5596-4e13-afd0-b6130afa0de2.png ">
2023-01-11 13:02:22 -06:00
Ted Johansson
d2e9ea6193
FEATURE: Allow group owners promote more owners ( #19768 )
...
This change allows group owners (in addition to admins) to promote other members to owners.
2023-01-11 16:43:18 +08:00
Ted Johansson
06bda1fc62
FIX: wrap plugin outlets on user preference page
2023-01-09 14:17:50 +01:00
Martin Brennan
c31772879b
FIX: Disable image optimization in iOS Safari ( #19790 )
...
There are various performance issues with the Canvas in iOS Safari
that are causing crashes when processing images with spikes of over 100%
CPU usage. The cause of this is unknown, but profiling points to
CanvasRenderingContext2D.getImageData() and
CanvasRenderingContext2D.drawImage().
Until Safari makes some progress with OffscreenCanvas or other
alternatives we cannot support this workflow. We will revisit in 6
months.
This is gated behind the hidden `composer_ios_media_optimisation_image_enabled`
site setting for people who really still want to try using this.
2023-01-09 12:16:02 +10:00
dependabot[bot]
15e81b6174
Build(deps): Bump jsdom from 20.0.3 to 21.0.0 in /app/assets/javascripts ( #19786 )
...
Bumps [jsdom](https://github.com/jsdom/jsdom ) from 20.0.3 to 21.0.0.
- [Release notes](https://github.com/jsdom/jsdom/releases )
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md )
- [Commits](https://github.com/jsdom/jsdom/compare/20.0.3...21.0.0 )
---
updated-dependencies:
- dependency-name: jsdom
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-08 23:41:14 +01:00
David Taylor
5ce5ff053e
FIX: Bump messagebus to v4.3.1 ( #19771 )
...
Includes "FIX: Ensure non-long-polling requests are always spaced out": 233b248c96
2023-01-06 14:31:10 +00:00
Alan Guo Xiang Tan
1ee9356a54
PR reviews
2023-01-06 09:51:46 +08:00
Alan Guo Xiang Tan
f71e3c07dd
DEV: Experiment plugin api to add custom count to category section link
...
This commit introduces the experimental `registerUserCategorySectionLinkCountable`
and `refreshUserSidebarCategoriesSectionCounts` plugin APIs that allows
a plugin to register custom countables to category section links on top
of the defaults of unread and new.
2023-01-06 09:51:46 +08:00
Alan Guo Xiang Tan
cf862e7365
SECURITY: Convert send_digest to a post request ( #19746 )
...
Co-authored-by: Isaac Janzen <isaac.janzen@discourse.org>
2023-01-05 06:57:12 +08:00
Martin Brennan
c2013865d7
FEATURE: Make experimental hashtag autocomplete default for new sites ( #19681 )
...
This feature is stable enough now to make it the default going forward
for new sites. Existing sites that have not yet set enable_experimental_hashtag_autocomplete
to `true` will have it set to `false` for their site settings, which was the old default.
c.f https://meta.discourse.org/t/hashtags-are-getting-a-makeover/248866
2023-01-05 08:44:58 +10:00
Martin Brennan
16b9165630
FIX: Bookmark auto delete preference usage and default value ( #19707 )
...
This commit fixes an issue where the chat message bookmarks
did not respect the user's `bookmark_auto_delete_preference`
which they select in their user preference page.
Also, it changes the default for that value to "keep bookmark and clear reminder"
rather than "never", which ends up leaving a lot of expired bookmark
reminders around which are a pain to clean up.
2023-01-05 08:43:58 +10:00
Jarek Radosz
1174a94867
DEV: Update json5, remove an unused lockfile ( #19732 )
2023-01-04 23:15:49 +01:00