Saurabh Patel
9e3143445b
DEV:add uploaded_meta option in category for category meta image ( #6724 )
2018-12-07 16:24:07 +01:00
David Taylor
86f8734bc0
FIX: Prioritize explicit 'connect' over matching by email
...
This is an edge case that was previously handled by TwitterAuthenticator, but not FacebookAuthenticator.
2018-12-07 15:05:51 +00:00
David Taylor
3cad3f9df1
DEV: Add profile fetching support to ManagedAuthenticator
2018-12-07 15:05:51 +00:00
David Taylor
f7ce607e5d
FIX: Return 422 instead of 500 for invalid SSO signature ( #6738 )
2018-12-07 15:01:44 +00:00
David Taylor
6c71395bf6
FIX: Only hide shared draft topics from latest
( #6737 )
...
Previously we were hiding them from all topic lists, which can result in
topics being "stuck" in an unread state with no easy way to clear them.
2018-12-07 12:44:23 +00:00
Bianca Nenciu
41e184280d
FEATURE: Remove full quotes of direct replies. ( #6729 )
2018-12-07 13:07:11 +01:00
David Taylor
7828c1156c
FIX: Do not serialize user fields unless they are specified for display ( #6736 )
2018-12-07 11:08:59 +00:00
David Taylor
5e09398c5b
FIX: Do not serialize user fields unless they are specified for display ( #6736 )
2018-12-07 10:57:28 +00:00
Guo Xiang Tan
cffb3d7976
SECURITY: Require groups to be given when inviting to a restricted category. ( #6715 )
2018-12-07 15:54:53 +08:00
David Taylor
0b1d660876
UX: Make shared drafts behaviour consistent for non-staff users ( #6734 )
...
This makes it easier to diagnose the problem when a public category
is set as the 'shared drafts category'. Doing this is not recommended.
2018-12-06 18:59:29 +00:00
David Taylor
e8f32dd3ba
DEV: Fix extremely rare test failure
...
If this was the first test to run, the Fabricate(:user) would be given
the same ID as the Fabricate.build(:user, id: 1). This works around it.
2018-12-06 13:32:56 +00:00
Xiao Guan
7ec124fc89
FEATURE: Improved deprecation warnings ( #6722 )
...
* FEATURE: Discourse.deprecate can report version
* Ember counterpart for deprecation
2018-12-06 11:38:01 +00:00
Gerhard Schlager
43cfdb1cb9
FIX: Wizard tries harder to find existing Welcome Topic
...
The wizard searches for:
* a topic that with the "is_welcome_topic" custom field
* a topic with the correct slug for the current default locale
* a topic with the correct slug for the English locale
* the oldest globally pinned topic
It gives up if it didn't find any of the above.
2018-12-06 10:27:22 +01:00
Guo Xiang Tan
27c793a192
FIX: `UserNotificationsHelper#logo_url' to work with S3 based uploads.
...
https://meta.discourse.org/t/digest-logo-not-working/103255
2018-12-06 09:39:08 +08:00
Bianca Nenciu
b585f7f336
DEV: Apply code review.
2018-12-05 21:56:18 +01:00
Bianca Nenciu
1a4f592749
FIX: Always allow admins upload selectable avatars.
2018-12-05 21:55:23 +01:00
David Taylor
37249c9a32
FIX: Do not reset link counts when post is rebaked
...
This was an indentation mistake introduced in 44eba0b
. Pretty understandable, considering we are indented 8 levels deep in this method. Will follow-up with a refactor to improve this.
2018-12-05 18:54:30 +01:00
Guo Xiang Tan
978f0db109
SECURITY: Require groups to be given when inviting to a restricted category. ( #6715 )
2018-12-05 16:43:07 +01:00
Vinoth Kannan
d33d031742
FEATURE: Filter topic and post web hook events by tags ( #6726 )
...
* FEATURE: Filter topic and post web hook events by tags
* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Sam
82e45f5485
FIX: method extraction caused push notifications to include incorrect post
...
Previously the push notification code path was not tested for notification
collapsing. This happens if you get multiple replies to a topic you are
watching.
2018-12-05 16:40:10 +11:00
Gerhard Schlager
99117d664c
FEATURE: Multisite support for S3 backup store ( #6700 )
2018-12-05 10:10:39 +08:00
David Taylor
e117deb2ba
FIX: Improve avatar loading, and add tests
...
Follow-up from 4e2cc9c
2018-12-04 15:09:32 +00:00
David Taylor
22001b3c50
DEV: Run tests with default value for max_consecutive_replies
( #6723 )
2018-12-04 12:07:27 +00:00
Régis Hanol
3c9c95ac83
Update Rubocop to 0.60
2018-12-04 10:48:16 +01:00
Sam
aa97f6fdba
FEATURE: disable notifications for small actions that are whispers
...
Previously we would notify on small actions if they were whispers
this inconsistently lead to all sorts of problems including
- collapsed "N replies" after assign
- empty push notifications
New behavior adds an api to explicitly send push notifications as well
if needed: create_notification_alert
2018-12-04 17:54:42 +11:00
Sam
5c17e46274
FEATURE: allow advanced specification of excerpts for posts
...
Previously users could control excerpt with `<span class='excerpt'>`
in Markdown, this is somewhat limited for plugins that need to define this
across a section. This adds support for DIV as well
2018-12-04 15:13:34 +11:00
David Taylor
9248ad1905
DEV: Enable Style/SingleLineMethods
and Style/Semicolon
in Rubocop ( #6717 )
2018-12-04 11:48:13 +08:00
Bianca Nenciu
1a4676c6e0
FIX: Fixed tests. ( #6716 )
2018-12-03 17:03:11 +01:00
Penar Musaraj
f8e6a37858
FIX: raise exception when getting dimensions of missing image
...
- follow-up on 0eacd45ab1
2018-12-03 10:19:49 -05:00
Bianca Nenciu
3f8fa4ad4e
FEATURE: Do not check consecutive replies for original poster. ( #6714 )
2018-12-03 02:32:29 -08:00
Rishabh
503ae1829f
FIX: All multisite upload paths should start with /uploads/default/.. ( #6707 )
2018-12-03 12:04:14 +08:00
Maja Komel
6121d11187
FIX: make staff_edit_locks_post work with download_remote_images_to_local
2018-12-03 14:14:59 +11:00
Sam
f555582eb2
DEV: add extra diagnostics for intermittent test fail
2018-12-03 11:46:31 +11:00
Maja Komel
1073634271
FIX: show generic title when quoting off-topic secure category posts
2018-12-03 09:42:32 +11:00
Sam
236c755d62
FIX: do not store key tracking last seen time indefinitely
...
UserStat has some special logic to keep adding time read if repeat calls
are made in intervals less than 100 seconds. This is called regularly
when we update read timings on a topic.
We only need to cache this key in redis for 100 seconds, however previously
we would keep it forever, 1 key per user. This has potential of bloating
a very large amount of keys for no longer active users in redis.
2018-12-03 08:35:26 +11:00
David Taylor
4e010382cc
REFACTOR: Initialize auth providers after plugin.activate!
...
Also added some helpful functionality for plugin developers:
- Raises RuntimeException if the auth provider has been registered too late
- Logs use of deprecated parameters
2018-11-30 16:58:18 +00:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP ( #6704 )
...
* FEATURE: allow plugins and themes to extend the default CSP
For plugins:
```
extend_content_security_policy(
script_src: ['https://domain.com/script.js ', 'https://your-cdn.com/ '],
style_src: ['https://domain.com/style.css ']
)
```
For themes and components:
```
extend_content_security_policy:
type: list
default: "script_src:https://domain.com/ |style_src:https://domain.com "
```
* clear CSP base url before each test
we have a test that stubs `Rails.env.development?` to true
* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
David Taylor
208005f9c9
REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
...
Changes to functionality
- Removed syncing of user metadata including gender, location etc.
These are no longer available to standard Facebook applications.
- Removed the remote 'revoke' functionality. No other providers have
it, and it does not appear to be standard practice in other apps.
- The 'facebook_no_email' event is no longer logged. The system can
cope fine with a missing email address.
Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
David Taylor
534e1b1b18
DEV: Introduce Auth::ManagedAuthenticator
...
A generic implementation of Auth::Authenticator which stores data in the
new UserAssociatedAccount model. This should help significantly reduce the duplicated
logic across different auth providers.
2018-11-30 11:18:11 +00:00
Arpit Jalan
059e36a6ff
FIX: log name changes only when the name is actually updated
2018-11-30 15:30:46 +05:30
Vinoth Kannan
fc0b7c9e26
FIX: incoming email matches the wrong user if null bounce key available in db
2018-11-30 12:29:51 +05:30
Sam
c6adf7f032
DEV: correct heisentest
...
After you visit a page in Rails an INFO is logged, this depending on
timing could land in the string or not
This changes the level to WARN which avoids the issue
2018-11-30 15:03:41 +11:00
Guo Xiang Tan
eecd1a7d8c
FIX: Jobs::CleanUpUploads
fails when value of upload data_type is an empty string.
2018-11-30 10:46:39 +08:00
Penar Musaraj
ad665b901a
FIX: Refactor commit a8c3ca, add test
2018-11-29 19:12:00 -05:00
Penar Musaraj
0eacd45ab1
FIX: refactor ImageSizer.resize
...
reverts 140d9c2
2018-11-29 15:28:45 -05:00
Arpit Jalan
40f10855c6
FIX: defer flags (only) when handling a flag and deleting replies ( #6702 )
2018-11-29 22:44:18 +05:30
Maja Komel
4a8f21d387
FIX: prevent minimum_required_tags on category being set to null ( #6703 )
...
* FIX: prevent minimum_required_tags on category being set to null
* add migration for NOT_NULL constraint for minimum_required_tags
* add specs
2018-11-29 18:10:14 +01:00
Bianca Nenciu
ddd260941e
FIX: Fix query selecting users not accepting PMs.
2018-11-29 15:59:30 +08:00
Guo Xiang Tan
56034c733a
UX: Strip class when link is not oneboxed due to site setting limits.
2018-11-29 14:33:01 +08:00
Rishabh
05a4f3fb51
FEATURE: Multisite support for S3 image stores ( #6689 )
...
* FEATURE: Multisite support for S3 image stores
* Use File.join to concatenate all paths & fix linting on multisite/s3_store_spec.rb
2018-11-29 12:11:48 +08:00
Saurabh Patel
55945ec7c8
FIX: throw error when link in reason for grant badge is an external link ( #6690 )
2018-11-28 18:01:41 +01:00
Drew Stephens
3ae4c9ab6d
Suppress tar(1)'s output ( #6694 )
2018-11-28 17:32:19 +01:00
Vinoth Kannan
bfb3c4d9f9
DEV: create bounce alert earlier if email_log detected from bounce_key
2018-11-28 21:13:06 +05:30
Gerhard Schlager
e7b76b319a
FEATURE: Setting for short title used by Android on homescreen
2018-11-28 14:59:30 +01:00
Vinoth Kannan
25253dec56
FIX: Get email address from email_log if bounced with verp
...
We can not access mail.final_recipient attr if it bounced with verp
2018-11-28 19:04:09 +05:30
Arpit Jalan
851ef14096
Revert "FIX: do not agree flags by default when deleting posts"
...
This reverts commit cb6fc8057b
.
2018-11-28 10:21:11 +05:30
Vinoth Kannan
7dbf709467
FIX: create whisper post in PMs when bounces with verp and user is staged
2018-11-28 08:24:23 +05:30
Arpit Jalan
654d7996ae
FIX: title was repeating on about page
2018-11-28 08:06:14 +05:30
Guo Xiang Tan
a1e77aa2ed
FEATURE: Reimplement SiteSetting.max_oneboxes_per_post
. ( #6668 )
...
Previously, the site setting was only effective on the client side of
things. Once the site setting was been reached, all oneboxes are not
rendered. This commit changes it such that the site setting is respected
both on the client and server side. The first N oneboxes are rendered and
once the limit has been reached, subsequent oneboxes will not be
rendered.
2018-11-27 16:00:31 +08:00
Arpit Jalan
6cb49cd42c
Merge pull request #6671 from techAPJ/destroy-posts-flags
...
FIX: do not agree flags by default when deleting posts
2018-11-27 11:27:23 +05:30
Arpit Jalan
cb6fc8057b
FIX: do not agree flags by default when deleting posts
2018-11-27 10:57:20 +05:30
Guo Xiang Tan
68bef91dd6
DEV: Minor clean up of specs.
2018-11-27 13:09:58 +08:00
Vinoth Kannan
1da265db11
UX: category images have no sizes ( #6662 )
2018-11-27 08:40:06 +08:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) ( #6673 )
...
* Add missing icons to set
* Revert FA5 revert
This reverts commit 42572ff
* use new SVG syntax in locales
* Noscript page changes (remove login button, center "powered by" footer text)
* Cast wider net for SVG icons in settings
- include any _icon setting for SVG registry (offers better support for plugin settings)
- let themes store multiple pipe-delimited icons in a setting
- also replaces broken onebox image icon with SVG reference in cooked post processor
* interpolate icons in locales
* Fix composer whisper icon alignment
* Add support for stacked icons
* SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
* load SVG sprite with pre-initializers
* FIX: enable caching on SVG sprites
* PERF: use JSONP for SVG sprites so they are served from CDN
This avoids needing to deal with CORS for loading of the SVG
Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is
* Add missing SVG sprite JSONP script to CSP
* Upgrade to FA 5.5.0
* Add support for all FA4.7 icons
- adds complete frontend and backend for renamed FA4.7 icons
- improves performance of SvgSprite.bundle and SvgSprite.all_icons
* Fix group avatar flair preview
- adds an endpoint at /svg-sprites/search/:keyword
- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset
* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Gerhard Schlager
5640166b27
FIX: Notify only invited users about mentions in PMs
2018-11-26 22:42:56 +01:00
Vinoth Kannan
cedd2118c4
FEATURE: If PM email bounced for staged user then alert in whisper reply ( #6648 )
2018-11-27 00:29:37 +05:30
David Taylor
afcf149c34
FIX: Fix mentions for mixed case group names
2018-11-26 15:34:56 +00:00
Guo Xiang Tan
482013a1d4
FIX: Group mentions missing after post processing.
2018-11-26 12:57:07 +08:00
Guo Xiang Tan
57e2f4990d
PERF: Move processing of inline onebox out of V8 context. ( #6658 )
2018-11-26 09:21:38 +08:00
Arpit Jalan
0ee822c550
remove unneeded variable assignment
2018-11-25 23:36:34 +05:30
Arpit Jalan
b5bf182ad5
FIX: validate topic deletion when acting on a flag
2018-11-25 23:24:03 +05:30
David Taylor
a3ed570124
FIX: Fix routes ending in :username
for usernames containing periods ( #6660 )
2018-11-23 17:41:41 +00:00
Bianca Nenciu
c38f7b240b
DEV: Fix build.
2018-11-23 17:34:50 +02:00
Bianca Nenciu
172b3bf4d3
FIX: Fix broken theme field URLs. ( #6622 )
2018-11-23 16:11:05 +01:00
David Taylor
f645cb9c14
FEATURE: Use translated name for 'your email has been authenticated by' ( #6649 )
2018-11-22 19:12:04 +00:00
Gerhard Schlager
2ef16e9f4e
FIX: Failed to delete post belonging to non-existent topic
2018-11-22 15:08:37 +01:00
Guo Xiang Tan
a57baeec2a
Fix the build.
2018-11-22 16:37:24 +08:00
Guo Xiang Tan
28a6cf8228
FIX: Mention lookup should be case insensitive.
2018-11-22 16:32:56 +08:00
Guo Xiang Tan
3f636b2d19
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:16:33 +08:00
Guo Xiang Tan
672e95bcb4
FIX: Staged users should not be mentionable.
2018-11-22 15:00:46 +08:00
Guo Xiang Tan
c5a70eca6e
PERF: Move mention lookups out of the V8 context. ( #6640 )
...
We were looking up each mention one by one without any form of caching and that results
in a problem somewhat similar to an N+1. When we have to do alot of DB
lookups, it also increased the time spent in the V8 context which may
eventually lead to a timeout. The change here makes it such that mention lookups only does a single
DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
Guo Xiang Tan
596e09aaf9
FIX: Wizard icons step fields have incorrect values.
...
https://meta.discourse.org/t/is-the-wizard-supposed-to-not-let-you-skip-adding-icons/102417
2018-11-22 14:19:36 +08:00
Kyle Zhao
8e32aa1483
FEATURE: show post approvals in Moderation History ( #6643 )
2018-11-22 10:22:23 +08:00
Guo Xiang Tan
d298f00046
DEV: Improve specs to be more specific about what has changed.
2018-11-22 10:10:07 +08:00
Gerhard Schlager
c376670bd2
FIX: a search term containing '& could lead to errors
...
This also makes sure that the search term in front or after special characters isn't ignored.
2018-11-21 22:07:56 +01:00
Arpit Jalan
10cc698df3
FIX: respond with proper error message if user not found
2018-11-21 10:47:37 +05:30
Sam
20268385a5
FIX: never attempt to log invalid post numbers
...
Previously in some cases we would queue logging of invalid post numbers
The impact would be we would miss logging an incoming link and would leak
an error.
2018-11-21 11:58:47 +11:00
Sam
86255faa08
FEATURE: do not switch to JPEG unless you meet 75k byte savings
...
This also adjusts the algorithm to expect
- 30% saving for JPEG conversion
AND
- Minimum of 75K bytes saved
The reasoning for increase of saving requirements is cause PNG may have been
uploaded unoptimized, 30% saving on PNG is very possible
2018-11-21 11:01:08 +11:00
Kyle E. Mitchell
15e793fd3b
FEATURE: Terms of Service v1.0.0
...
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Rishabh
eacbe28f55
FIX: Skip gsub for normalizing whitespaces when text is nil ( #6631 )
2018-11-20 09:12:32 +01:00
Guo Xiang Tan
1a57be3248
Avoid deprecated site setting logging in SiteSetting.settings_hash
.
2018-11-20 11:59:38 +08:00
Guo Xiang Tan
81b3bdaabd
FIX: Remove site settings override for deprecated url site settings.
2018-11-20 11:42:39 +08:00
Régis Hanol
4459665dee
REFACTOR: use tables instead of custom fields for polls ( #6359 )
...
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
2018-11-19 14:50:00 +01:00
Joffrey JAFFEUX
e860c8b844
FIX: adds support for missing reports from old dashboard ( #6624 )
2018-11-19 12:20:05 +01:00
Guo Xiang Tan
cf21c7f5aa
DEV: Fix typo in specs.
2018-11-19 15:13:54 +08:00
Guo Xiang Tan
fe131c5ea2
Fix missing avatars on topic list page.
...
Introduced in b50fab2d72
2018-11-19 14:55:41 +08:00
Sam
01dc0abb05
dev, give spec a bit more time waiting on timeout
2018-11-19 16:21:39 +11:00
Guo Xiang Tan
b50fab2d72
PERF: Fix N+1 for non-staff users when tagging is enabled.
2018-11-19 12:53:58 +08:00
Kyle Zhao
962fbd1ec7
include '/plugins/' directory for script-src and blob for worker-src
...
- plugins may include additional static JS assets
- ACE.js editor register a service worker with a blob for syntax
checking
2018-11-16 16:31:01 -05:00
Guo Xiang Tan
45f299dfdd
PERF: Try to match users before groups.
...
User mentions are more common than group mentions so
this will allow us to avoid an extra query.
2018-11-16 16:41:20 +08:00
Guo Xiang Tan
0ac5126a78
FIX: Clear uploads cache on SiteSetting.refresh!
.
...
This fixes a bug where the return value of uploads site settings
may defer between processes even though we trigger a refresh via
MessageBus.
2018-11-16 11:02:51 +08:00
Guo Xiang Tan
9e86b425bc
FIX: Job to clean up old URL settings when new setting has been set.
...
Related to 44391ee8ab
2018-11-16 09:33:31 +08:00
Kyle Zhao
055d59373a
CSP: drop 'self' in script-src
( #6611 )
2018-11-15 12:14:16 -05:00
Joffrey JAFFEUX
c52e68a0c8
FIX: better handling of missing welcome topic in wizard ( #6606 )
2018-11-15 12:20:48 +01:00
Sam
6b9b73236a
SECURITY: enforce hostname to match discourse hostname
...
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
# Conflicts:
# config/application.rb
# spec/requests/application_controller_spec.rb
2018-11-15 16:17:22 +11:00
Sam
8e55e61a2e
Correct spec
2018-11-15 15:42:16 +11:00
Sam
e7001f879a
SECURITY: enforce hostname to match discourse hostname
...
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Sam
6556a87629
FIX: only check for conflict on edit drafts
...
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
Régis Hanol
5852fe7975
FIX: change 'max_consecutive_replies' default to 3
2018-11-14 22:58:05 +01:00
Leo McArdle
7bc121a065
allow CSP reports to be sent when header isn't set by Discourse ( #6594 )
2018-11-14 16:23:29 -05:00
Maja Komel
c701036034
FIX: reset bump date resets bumped_at to the last regular post in topic ( #6605 )
2018-11-14 18:56:22 +01:00
Régis Hanol
c78dcde973
FIX: only send originalText when we need to
2018-11-14 17:47:59 +01:00
Bianca Nenciu
b6576d9473
FEATURE: Add new setting to force user edit last post. ( #6571 )
2018-11-14 15:48:16 +01:00
David Taylor
d003ae45f9
DEV: Correct typo in users_controller_spec
2018-11-14 14:30:44 +00:00
Guo Xiang Tan
df111259fe
More URL site settings into a onceoff job.
...
* Doing it in a post migration was a bad idea
because the migration will fail if the site
is down while trying to download uploads
which points to the instance. This mainly
affects self-hosters using `discourse_docker`
where `./launcher rebuild` will take the
existing container down.
2018-11-14 20:29:20 +08:00
Bianca Nenciu
fce0a0ccc8
FEATURE: Compute distance between logins to generate login alerts. ( #6562 )
2018-11-14 13:26:47 +01:00
Penar Musaraj
f6fb079129
Disable wizard invites step when local_logins are turned off
2018-11-14 13:05:32 +01:00
Bianca Nenciu
34e4d82f1a
FEATURE: Report edit conflicts when saving draft. ( #6585 )
2018-11-14 12:56:25 +01:00
Guo Xiang Tan
861b52b6f3
Fix the build take 2.
2018-11-14 18:07:04 +08:00
Guo Xiang Tan
72370b9c36
Add deprecation warnings for url based site settings.
2018-11-14 16:09:26 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. ( #6573 )
2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b
FEATURE: Log password changes in UserHistory ( #6600 )
2018-11-14 08:32:42 +08:00
Kyle Zhao
38a9bc740d
FIX: change title when primary group changes ( #6602 )
2018-11-14 08:28:41 +08:00
Robin Ward
467be59d75
FEATURE: Allow expanded posts to return user custom fields
2018-11-13 12:44:54 -05:00
Vinoth Kannan
2374f3e8ac
remove unnecessary expectation lines
2018-11-13 16:52:08 +05:30
Guo Xiang Tan
d5df1db3c4
DEV: Improve tests to provide better errors when it fails.
2018-11-13 16:48:04 +08:00
Guo Xiang Tan
e28af0429c
DEV: Improve tests to be more specific.
2018-11-13 15:02:46 +08:00
Sam
80ceb57c76
DEV: add API endpoint to destroy_timings only of last post
...
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Guo Xiang Tan
7b44339529
FIX: Prevent uploads used in site settings from being deleted.
2018-11-13 09:15:16 +08:00
Kyle Zhao
3493ea85cc
remove Logster from CSP whitelist ( #6593 )
...
Logster 1.3 no longer has inline JS and is now CSP compliant
2018-11-13 09:55:57 +11:00
Robin Ward
0cb33d2b52
UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio"
2018-11-12 16:23:37 -05:00
Vinoth Kannan
dda1824270
Use hijack in inline onebox controller
2018-11-13 02:39:20 +05:30
Penar Musaraj
4f81bb8303
Disallow revision edits with empty raw content
2018-11-12 15:28:38 -05:00
Vinoth Kannan
44d95ad5ab
FIX: Cache url data for failed inline oneboxes
2018-11-13 01:44:20 +05:30
David Taylor
d89ffbeffd
FEATURE: Add button to delete unused tags ( #6587 )
...
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Bianca Nenciu
5af9a69a3b
FIX: Do not check for suspicious login when impersonating. ( #6534 )
...
* FIX: Do not check for suspicious login when impersonating.
* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Maja Komel
012da86a07
FIX user directory time period count ( #6586 )
2018-11-12 15:30:05 +01:00
Joffrey JAFFEUX
9c616e0679
FIX: handles not found reports in bulk loading ( #6582 )
2018-11-12 13:47:24 +01:00
Gerhard Schlager
7c4d4331bc
FEATURE: Better handling of quotation marks in site text search
...
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Guo Xiang Tan
575d6855ea
DEV: Improve specs for Validators::UploadValidator
.
2018-11-12 14:11:32 +08:00
Sam
e17a13ce19
FEATURE: additional "related messages" section
...
This splits out previous message correspondence from suggeted and instead
has a dedicated section called "related messages"
2018-11-12 13:04:42 +11:00
Régis Hanol
6b51d84dc5
FIX: Don't enqueue topics if the user can't create them
...
Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
2018-11-09 18:24:28 +01:00
Sam
64d9be726f
the protection I placed was in the wrong path moved to /session/sso
...
correct previous commit
2018-11-09 17:18:01 +11:00
Sam
3ae4fcd1f7
Improve redirect avoidance for /sso paths
...
e6b3310577
was missing an ege case
where return url included current_hostname
2018-11-09 17:03:58 +11:00
Sam
7d52f5869d
Revert "FIX: Don't enqueue topics if the user can't create them"
...
This reverts commit 515e103db6
.
2018-11-09 15:25:38 +11:00
Sam
e6b3310577
FIX: never redirect back to /sso
it will cause a loop
...
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
Vinoth Kannan
515e103db6
FIX: Don't enqueue topics if the user can't create them
2018-11-09 06:10:23 +05:30
Sam
15991677d4
FIX: ensure we never cache login redirects by mistake
2018-11-09 11:14:35 +11:00
Gerhard Schlager
24e5be3f0c
FIX: Relative links in translations should work with subfolder
2018-11-08 23:31:05 +00:00
Guo Xiang Tan
57f92ac808
Revert "Swtich to regexp for DbHelper.remap
."
...
Regexp is so much slower.
This reverts commit c3f89e3cd7
.
2018-11-08 14:20:09 +08:00
Guo Xiang Tan
c3f89e3cd7
Swtich to regexp for DbHelper.remap
.
2018-11-08 14:08:38 +08:00
Sam
42572ff138
Revert font awesome 5 changes
...
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Guo Xiang Tan
9737938a4a
Add option to skip tabels when using DbHelper.remap
.
2018-11-08 12:29:37 +08:00
Penar Musaraj
09dc922b3b
Fix several FontAwesome 5 issues
...
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
Guo Xiang Tan
3365753bd0
PERF: Reduce number of database queries for DbHelper.remap
...
* Cuts number of queries from 273 to 89
* Add some specs
* For a table with 500 posts, benchmarks locally shows a runtime
reduction from 0.046929135 to 0.032694705.
2018-11-08 10:54:39 +08:00
Gerhard Schlager
0122b8cd8b
Fix random build error
...
Request specs could poison the cache since clear_cache! deletes only today and yesterday from the cache.
2018-11-08 02:51:42 +01:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs ( #6557 )
...
* First take on subsetting svg icons
* FontAwesome 5 svg subset WIP
* Include icons from plugins/badges into svg sprite subset
* add svg icon support to themes
* Add spec for SvgSprite
* Misc. SVG icon fixes
* Use FA5 svgs in local-dates plugin
* CSS adjustments, fix SVG icons in group flair
* Use SVG icons in poll plugin
* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Guo Xiang Tan
1e64658c25
Fix brittle specs.
2018-11-07 15:02:53 +08:00
Sam
0a442e319c
FIX: correct svg handling for images
...
We regressed and optimized images no longer worked with svg
The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Bianca Nenciu
2070edf889
FIX: Clarify User.group_locked_trust_level.
...
* Rename User.group_locked_trust_level to User.group_granted_trust_level.
* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Guo Xiang Tan
bdb8e9efdb
DEV: Remove mocks from specs.
2018-11-07 09:55:58 +08:00
Sam
06b9d8223a
FIX: search within topic not working correctly in CJK
...
We were splitting the term prior to search causing everything to miss
2018-11-07 09:41:55 +11:00
Jeff Atwood
afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post
...
FIX: disable flagging hidden posts
2018-11-05 11:05:32 -08:00
Penar Musaraj
7b3432f711
Enforce disabling flagging hidden posts server-side
2018-11-05 10:00:59 -05:00
Joffrey JAFFEUX
78954672f9
FIX: uses hex to compare images
...
It prevents some terminals from crashing in case of errors and dumping the whole file content into the terminal.
2018-11-05 09:47:15 -05:00
Maja Komel
1ac3e5473a
FIX: don't strip eml attachments from received emails
2018-11-05 09:35:22 +01:00
Sam
d84256a876
FEATURE: add Noindex to robots.txt for disallowed routes
...
This strips pages out of indexes that should not exist see:
https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Joffrey JAFFEUX
d37e8e17ef
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-11-01 21:29:29 +01:00
Joffrey JAFFEUX
38ad1b96cb
FEATURE: adds header text/background color to site ( #6462 )
2018-11-01 21:29:04 +01:00
Kyle Zhao
f9b36820ef
FIX: only extract script tags with certain types ( #6553 )
...
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
2018-11-01 16:01:46 -04:00
Robin Ward
ec91450aae
FEATURE: Track how many user flags are agreed/disagreed/ignored
...
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
ceafcbc898
FEATURE: show added date when looking at group members
2018-11-01 15:33:28 +11:00
Sam
aa044623bd
FIX: do not create superflous sessions when logged on
...
In some SSO implementations we may want to issue SSO pipelines for
already logged on users
In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
Sam
23423ba112
correct spec and error reporting
...
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Bianca Nenciu
e0ccd36dbe
FEATURE: Suspicious logins report. ( #6544 )
2018-10-30 22:51:58 +00:00
Bianca Nenciu
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Sam
9933059426
FEATURE: push related PMs to take first 3 slots
...
Previously the related PMs were last meaning you would have to work through
all unread to see them.
Also amends it so it either asks for related by group OR user not both.
2018-10-29 10:47:59 +11:00
Rafael dos Santos Silva
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report
2018-10-26 15:59:04 +02:00
Penar Musaraj
ed9c21e42c
FEATURE: hide muted categories from /categories list ( #6531 )
2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926
Only check for suspicious login for staff members
2018-10-26 00:29:28 +02:00
Régis Hanol
306d77b54f
FIX: don't use srcset on cropped thumbnails
2018-10-25 16:08:10 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts ( #6528 )
...
* wizard page inline js
* print topic inline js
* drop JS for preventing double submission
this is the default behavior with Rails' UJS `disable_with` helper
* omniauth complete redirect JS
* account activate inline js
2018-10-25 09:52:01 -04:00
David Taylor
56e0f47bcd
FIX: Do not update last_seen
for API access
...
This regressed in 2dc3a50
. I have now added tests for the behavior.
2018-10-25 13:38:57 +01:00
Bianca Nenciu
effbef7d0b
UX: Use user locale for locations. ( #6527 )
...
* UX: Use user locale for locations.
* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Régis Hanol
addf6f6d17
FIX: support comma in 'sso_provider_secrets' site setting
2018-10-24 21:23:18 +02:00
Sam
e955a7b49d
Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )""
...
This reverts commit 322b27b6dc
.
Oops rushed on the revert here... should be good
2018-10-24 15:14:01 +11:00
Sam
322b27b6dc
Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )"
...
This reverts commit 63356d883e
.
This caused an outage, got to revert
2018-10-24 15:03:58 +11:00
Kyle Zhao
63356d883e
FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )
2018-10-24 14:34:10 +11:00
Sam
5fd94d3211
PERF: limit unread count to 99 in blue circle
...
This revises: e605542c4e
Previous commit was faulty
2018-10-24 12:10:27 +11:00
Daniel Hollas
cee51672c9
FIX: Strip accents from search query
...
4481836
introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well
TODO in search with diacritics:
- Still need to fix excerpts on search page
- need to support accent stripping in in_topic search
- need to make sure that in:title works correctly
- need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
Sam
b74dd7d379
FIX: stop logging every 404 error when searching for gravatars
2018-10-23 11:43:14 +11:00
Sam
adab7a3a48
improve test, also ensure no zero size is generated
2018-10-23 08:50:07 +11:00
Sam
bea8d337b2
DEV: ensure resizing test does not raise bad error
...
Current resizing test was showing binary diff in terminal and failing
in latest image magick 7, this fixes both issues
2018-10-23 08:45:06 +11:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy ( #6514 )
...
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
Bianca Nenciu
99b43f281b
FIX: Fix browser detection for Microsoft Edge. ( #6516 )
...
cool!
2018-10-22 23:15:41 +11:00
David Taylor
3377f26eba
FIX: Clean tag before searching for matches
2018-10-22 11:09:06 +01:00
Arpit Jalan
ce0a51665e
FIX: count emoji shortcuts in topic title
...
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao
dca830cb73
Revert "FEATURE: [Experimental] Content Security Policy ( #6504 )"
...
This reverts commit fb8231077a
.
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy ( #6504 )
2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers ( #6512 )
...
* FIX: Prevent duplicate tags in tag-choosers
This reverts 5685b45
, which fixes the duplicate tags problem.
The fix introduced by 5685b45
is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Guo Xiang Tan
65faff5832
DEV: Improve specs to provide a better error message.
2018-10-19 14:31:17 +08:00
Sam
9bfc939692
cleanup so gravatar download failures are consistent
...
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Blake Erickson
f1ba981ae9
Improve add user to group spec for uppercase usernames
...
Oops forgot to check for this. See previous commit for more details.
2018-10-18 13:32:36 -06:00
Blake Erickson
93485facaf
FIX: lowercase username for add/rem group members
...
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Régis Hanol
3973823a33
FIX: always update 'last_gravatar_download_attempt' when updating gravatar
2018-10-18 11:02:54 +02:00
Guo Xiang Tan
bbf542da01
DEV: Prefer <<~
over <<
.
2018-10-18 14:17:30 +08:00
Kyle Zhao
0f1afad6da
FIX: extracted theme JavaScripts for multisite ( #6502 )
...
* FIX: extracted theme javascripts for multisite
* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Bianca Nenciu
f60b10d090
UX: Warn users if the post that's currently edited has changed. ( #6498 )
2018-10-17 15:35:32 +02:00
David Taylor
501ac4dfa6
DEV: Cleanup properly after user_serializer test
2018-10-17 10:54:22 +01:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display ( #6499 )
...
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Arpit Jalan
42c405a820
FIX: use topic summary for meta description if topic excerpt is blank
2018-10-17 14:13:30 +05:30
Sam
19d7543004
FIX: clear color scheme cache when clearing theme cache
2018-10-16 12:00:46 +11:00
Penar Musaraj
b06dccac49
FIX: force enable a user's email_private_messages option when user replies via email ( #6478 )
...
* Enable user email PM when posting to group or replying to topic via email
* remove extra line
* Add test and fix snake_case
* Only reenable email_private_messages for PM replies
2018-10-16 10:51:57 +11:00
Davide Porrovecchio
005e1f5373
Add Cache-Control header to CORS ( #6490 )
2018-10-16 10:46:55 +11:00
Sam
fc94732f88
avoid looking up badge multiple times in spec
2018-10-16 10:42:16 +11:00
Bianca Nenciu
c68a456baa
FIX: Do not award badges for links in restricted categories. ( #6492 )
2018-10-16 10:38:59 +11:00
Neil Lalonde
0724948878
fix failing spec when HUB_BASE_URL is present
2018-10-15 15:06:02 -04:00
Neil Lalonde
d166c38ab7
REFACTOR: distributed_cache is moved to the message_bus gem
2018-10-15 15:01:45 -04:00
Kyle Zhao
99d1ded3b3
rename route /javascripts
to /theme-javascripts
( #6495 )
2018-10-15 11:32:52 -04:00
Maja Komel
c104256991
FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility
2018-10-15 16:18:29 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV ( #6484 )
2018-10-15 09:12:54 +01:00
Guo Xiang Tan
8fa59f0548
FIX: Can't clean a tag if the given string is frozen.
2018-10-15 14:48:45 +08:00
Maja Komel
27e732a58d
FEATURE: allow multiple secrets for Discourse SSO provider
...
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4
DEV: extract inline js when baking theme fields ( #6447 )
...
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields
This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
Guo Xiang Tan
5ae4cbcf88
DEV: Clear ColorScheme.hex_cache
to avoid leaking state.
2018-10-15 11:16:26 +08:00
Guo Xiang Tan
2ce684b134
DEV: Clear hex_cache
after each test.
2018-10-15 10:24:46 +08:00
Guo Xiang Tan
84d4c81a26
FEATURE: Support backup uploads/downloads directly to/from S3.
...
This reverts commit 3c59106bac
.
2018-10-15 09:43:31 +08:00
Sam
057087e0e8
FEATURE: log long running jobs in the defer queue
...
If a job in the defer queue takes longer than 90 seconds log an error
2018-10-12 17:03:47 +11:00
Sam
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Blake Erickson
13b3cead06
FEATURE: Allow bulk removing users from a group
...
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.
Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Neil Lalonde
12f132736b
FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value
2018-10-11 15:11:48 -04:00
Gerhard Schlager
7a41a783a4
FIX: Don't reply to Unsubscribe email sent to mailing list mirror
2018-10-11 16:09:22 +02:00
Vinoth Kannan
6a444eee56
Merge pull request #6476 from vinothkannans/tl4-flag
...
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:13:26 +05:30
Vinoth Kannan
227a49bb32
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:11:46 +05:30
Guo Xiang Tan
3c59106bac
Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
...
This reverts commit c29a4dddc1
.
We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1
FEATURE: Support backup uploads/downloads directly to/from S3.
2018-10-11 10:38:43 +08:00
Guo Xiang Tan
5039a6c3f1
FIX: Strip null bytes in mail subjects.
2018-10-11 09:46:32 +08:00
Vinoth Kannan
59be289084
FIX: Do not add lightbox to onebox images ( #6479 )
2018-10-11 08:57:21 +11:00
Robin Ward
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu
4e0533a20b
FIX: Generate Onebox for posts of type moderator_action. ( #6466 )
2018-10-10 18:39:03 +08:00
Sam
45f01e637b
FIX: when associating Github account disassociate others
...
There are some cases where an email floats from one GitHub account to another
if this happens just take over the Github mapping record
2018-10-10 15:46:50 +11:00
Guo Xiang Tan
f26804394a
DEV: Remove the use of stubs on Rails.logger
in our test suite.
2018-10-10 09:34:50 +08:00