Guo Xiang Tan
0ac5126a78
FIX: Clear uploads cache on SiteSetting.refresh!
.
...
This fixes a bug where the return value of uploads site settings
may defer between processes even though we trigger a refresh via
MessageBus.
2018-11-16 11:02:51 +08:00
Guo Xiang Tan
9e86b425bc
FIX: Job to clean up old URL settings when new setting has been set.
...
Related to 44391ee8ab
2018-11-16 09:33:31 +08:00
Kyle Zhao
055d59373a
CSP: drop 'self' in script-src
( #6611 )
2018-11-15 12:14:16 -05:00
Joffrey JAFFEUX
c52e68a0c8
FIX: better handling of missing welcome topic in wizard ( #6606 )
2018-11-15 12:20:48 +01:00
Sam
6b9b73236a
SECURITY: enforce hostname to match discourse hostname
...
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
# Conflicts:
# config/application.rb
# spec/requests/application_controller_spec.rb
2018-11-15 16:17:22 +11:00
Sam
8e55e61a2e
Correct spec
2018-11-15 15:42:16 +11:00
Sam
e7001f879a
SECURITY: enforce hostname to match discourse hostname
...
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Sam
6556a87629
FIX: only check for conflict on edit drafts
...
In some unknown cases non edit drafts are being checked for conflict
2018-11-15 13:14:07 +11:00
Régis Hanol
5852fe7975
FIX: change 'max_consecutive_replies' default to 3
2018-11-14 22:58:05 +01:00
Leo McArdle
7bc121a065
allow CSP reports to be sent when header isn't set by Discourse ( #6594 )
2018-11-14 16:23:29 -05:00
Maja Komel
c701036034
FIX: reset bump date resets bumped_at to the last regular post in topic ( #6605 )
2018-11-14 18:56:22 +01:00
Régis Hanol
c78dcde973
FIX: only send originalText when we need to
2018-11-14 17:47:59 +01:00
Bianca Nenciu
b6576d9473
FEATURE: Add new setting to force user edit last post. ( #6571 )
2018-11-14 15:48:16 +01:00
David Taylor
d003ae45f9
DEV: Correct typo in users_controller_spec
2018-11-14 14:30:44 +00:00
Guo Xiang Tan
df111259fe
More URL site settings into a onceoff job.
...
* Doing it in a post migration was a bad idea
because the migration will fail if the site
is down while trying to download uploads
which points to the instance. This mainly
affects self-hosters using `discourse_docker`
where `./launcher rebuild` will take the
existing container down.
2018-11-14 20:29:20 +08:00
Bianca Nenciu
fce0a0ccc8
FEATURE: Compute distance between logins to generate login alerts. ( #6562 )
2018-11-14 13:26:47 +01:00
Penar Musaraj
f6fb079129
Disable wizard invites step when local_logins are turned off
2018-11-14 13:05:32 +01:00
Bianca Nenciu
34e4d82f1a
FEATURE: Report edit conflicts when saving draft. ( #6585 )
2018-11-14 12:56:25 +01:00
Guo Xiang Tan
861b52b6f3
Fix the build take 2.
2018-11-14 18:07:04 +08:00
Guo Xiang Tan
72370b9c36
Add deprecation warnings for url based site settings.
2018-11-14 16:09:26 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. ( #6573 )
2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b
FEATURE: Log password changes in UserHistory ( #6600 )
2018-11-14 08:32:42 +08:00
Kyle Zhao
38a9bc740d
FIX: change title when primary group changes ( #6602 )
2018-11-14 08:28:41 +08:00
Robin Ward
467be59d75
FEATURE: Allow expanded posts to return user custom fields
2018-11-13 12:44:54 -05:00
Vinoth Kannan
2374f3e8ac
remove unnecessary expectation lines
2018-11-13 16:52:08 +05:30
Guo Xiang Tan
d5df1db3c4
DEV: Improve tests to provide better errors when it fails.
2018-11-13 16:48:04 +08:00
Guo Xiang Tan
e28af0429c
DEV: Improve tests to be more specific.
2018-11-13 15:02:46 +08:00
Sam
80ceb57c76
DEV: add API endpoint to destroy_timings only of last post
...
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Guo Xiang Tan
7b44339529
FIX: Prevent uploads used in site settings from being deleted.
2018-11-13 09:15:16 +08:00
Kyle Zhao
3493ea85cc
remove Logster from CSP whitelist ( #6593 )
...
Logster 1.3 no longer has inline JS and is now CSP compliant
2018-11-13 09:55:57 +11:00
Robin Ward
0cb33d2b52
UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio"
2018-11-12 16:23:37 -05:00
Vinoth Kannan
dda1824270
Use hijack in inline onebox controller
2018-11-13 02:39:20 +05:30
Penar Musaraj
4f81bb8303
Disallow revision edits with empty raw content
2018-11-12 15:28:38 -05:00
Vinoth Kannan
44d95ad5ab
FIX: Cache url data for failed inline oneboxes
2018-11-13 01:44:20 +05:30
David Taylor
d89ffbeffd
FEATURE: Add button to delete unused tags ( #6587 )
...
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Bianca Nenciu
5af9a69a3b
FIX: Do not check for suspicious login when impersonating. ( #6534 )
...
* FIX: Do not check for suspicious login when impersonating.
* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Maja Komel
012da86a07
FIX user directory time period count ( #6586 )
2018-11-12 15:30:05 +01:00
Joffrey JAFFEUX
9c616e0679
FIX: handles not found reports in bulk loading ( #6582 )
2018-11-12 13:47:24 +01:00
Gerhard Schlager
7c4d4331bc
FEATURE: Better handling of quotation marks in site text search
...
It also matches 3 dots with the ellipsis symbol.
2018-11-12 13:26:41 +01:00
Guo Xiang Tan
575d6855ea
DEV: Improve specs for Validators::UploadValidator
.
2018-11-12 14:11:32 +08:00
Sam
e17a13ce19
FEATURE: additional "related messages" section
...
This splits out previous message correspondence from suggeted and instead
has a dedicated section called "related messages"
2018-11-12 13:04:42 +11:00
Régis Hanol
6b51d84dc5
FIX: Don't enqueue topics if the user can't create them
...
Co-authored-by: Vinoth Kannan <vinothkannan@vinkas.com>
2018-11-09 18:24:28 +01:00
Sam
64d9be726f
the protection I placed was in the wrong path moved to /session/sso
...
correct previous commit
2018-11-09 17:18:01 +11:00
Sam
3ae4fcd1f7
Improve redirect avoidance for /sso paths
...
e6b3310577
was missing an ege case
where return url included current_hostname
2018-11-09 17:03:58 +11:00
Sam
7d52f5869d
Revert "FIX: Don't enqueue topics if the user can't create them"
...
This reverts commit 515e103db6
.
2018-11-09 15:25:38 +11:00
Sam
e6b3310577
FIX: never redirect back to /sso
it will cause a loop
...
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
Vinoth Kannan
515e103db6
FIX: Don't enqueue topics if the user can't create them
2018-11-09 06:10:23 +05:30
Sam
15991677d4
FIX: ensure we never cache login redirects by mistake
2018-11-09 11:14:35 +11:00
Gerhard Schlager
24e5be3f0c
FIX: Relative links in translations should work with subfolder
2018-11-08 23:31:05 +00:00
Guo Xiang Tan
57f92ac808
Revert "Swtich to regexp for DbHelper.remap
."
...
Regexp is so much slower.
This reverts commit c3f89e3cd7
.
2018-11-08 14:20:09 +08:00
Guo Xiang Tan
c3f89e3cd7
Swtich to regexp for DbHelper.remap
.
2018-11-08 14:08:38 +08:00
Sam
42572ff138
Revert font awesome 5 changes
...
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Guo Xiang Tan
9737938a4a
Add option to skip tabels when using DbHelper.remap
.
2018-11-08 12:29:37 +08:00
Penar Musaraj
09dc922b3b
Fix several FontAwesome 5 issues
...
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
Guo Xiang Tan
3365753bd0
PERF: Reduce number of database queries for DbHelper.remap
...
* Cuts number of queries from 273 to 89
* Add some specs
* For a table with 500 posts, benchmarks locally shows a runtime
reduction from 0.046929135 to 0.032694705.
2018-11-08 10:54:39 +08:00
Gerhard Schlager
0122b8cd8b
Fix random build error
...
Request specs could poison the cache since clear_cache! deletes only today and yesterday from the cache.
2018-11-08 02:51:42 +01:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs ( #6557 )
...
* First take on subsetting svg icons
* FontAwesome 5 svg subset WIP
* Include icons from plugins/badges into svg sprite subset
* add svg icon support to themes
* Add spec for SvgSprite
* Misc. SVG icon fixes
* Use FA5 svgs in local-dates plugin
* CSS adjustments, fix SVG icons in group flair
* Use SVG icons in poll plugin
* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Guo Xiang Tan
1e64658c25
Fix brittle specs.
2018-11-07 15:02:53 +08:00
Sam
0a442e319c
FIX: correct svg handling for images
...
We regressed and optimized images no longer worked with svg
The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Bianca Nenciu
2070edf889
FIX: Clarify User.group_locked_trust_level.
...
* Rename User.group_locked_trust_level to User.group_granted_trust_level.
* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Guo Xiang Tan
bdb8e9efdb
DEV: Remove mocks from specs.
2018-11-07 09:55:58 +08:00
Sam
06b9d8223a
FIX: search within topic not working correctly in CJK
...
We were splitting the term prior to search causing everything to miss
2018-11-07 09:41:55 +11:00
Jeff Atwood
afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post
...
FIX: disable flagging hidden posts
2018-11-05 11:05:32 -08:00
Penar Musaraj
7b3432f711
Enforce disabling flagging hidden posts server-side
2018-11-05 10:00:59 -05:00
Joffrey JAFFEUX
78954672f9
FIX: uses hex to compare images
...
It prevents some terminals from crashing in case of errors and dumping the whole file content into the terminal.
2018-11-05 09:47:15 -05:00
Maja Komel
1ac3e5473a
FIX: don't strip eml attachments from received emails
2018-11-05 09:35:22 +01:00
Sam
d84256a876
FEATURE: add Noindex to robots.txt for disallowed routes
...
This strips pages out of indexes that should not exist see:
https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Joffrey JAFFEUX
d37e8e17ef
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-11-01 21:29:29 +01:00
Joffrey JAFFEUX
38ad1b96cb
FEATURE: adds header text/background color to site ( #6462 )
2018-11-01 21:29:04 +01:00
Kyle Zhao
f9b36820ef
FIX: only extract script tags with certain types ( #6553 )
...
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
2018-11-01 16:01:46 -04:00
Robin Ward
ec91450aae
FEATURE: Track how many user flags are agreed/disagreed/ignored
...
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
ceafcbc898
FEATURE: show added date when looking at group members
2018-11-01 15:33:28 +11:00
Sam
aa044623bd
FIX: do not create superflous sessions when logged on
...
In some SSO implementations we may want to issue SSO pipelines for
already logged on users
In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
Sam
23423ba112
correct spec and error reporting
...
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Bianca Nenciu
e0ccd36dbe
FEATURE: Suspicious logins report. ( #6544 )
2018-10-30 22:51:58 +00:00
Bianca Nenciu
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Sam
9933059426
FEATURE: push related PMs to take first 3 slots
...
Previously the related PMs were last meaning you would have to work through
all unread to see them.
Also amends it so it either asks for related by group OR user not both.
2018-10-29 10:47:59 +11:00
Rafael dos Santos Silva
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report
2018-10-26 15:59:04 +02:00
Penar Musaraj
ed9c21e42c
FEATURE: hide muted categories from /categories list ( #6531 )
2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926
Only check for suspicious login for staff members
2018-10-26 00:29:28 +02:00
Régis Hanol
306d77b54f
FIX: don't use srcset on cropped thumbnails
2018-10-25 16:08:10 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts ( #6528 )
...
* wizard page inline js
* print topic inline js
* drop JS for preventing double submission
this is the default behavior with Rails' UJS `disable_with` helper
* omniauth complete redirect JS
* account activate inline js
2018-10-25 09:52:01 -04:00
David Taylor
56e0f47bcd
FIX: Do not update last_seen
for API access
...
This regressed in 2dc3a50
. I have now added tests for the behavior.
2018-10-25 13:38:57 +01:00
Bianca Nenciu
effbef7d0b
UX: Use user locale for locations. ( #6527 )
...
* UX: Use user locale for locations.
* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Régis Hanol
addf6f6d17
FIX: support comma in 'sso_provider_secrets' site setting
2018-10-24 21:23:18 +02:00
Sam
e955a7b49d
Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )""
...
This reverts commit 322b27b6dc
.
Oops rushed on the revert here... should be good
2018-10-24 15:14:01 +11:00
Sam
322b27b6dc
Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )"
...
This reverts commit 63356d883e
.
This caused an outage, got to revert
2018-10-24 15:03:58 +11:00
Kyle Zhao
63356d883e
FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )
2018-10-24 14:34:10 +11:00
Sam
5fd94d3211
PERF: limit unread count to 99 in blue circle
...
This revises: e605542c4e
Previous commit was faulty
2018-10-24 12:10:27 +11:00
Daniel Hollas
cee51672c9
FIX: Strip accents from search query
...
4481836
introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well
TODO in search with diacritics:
- Still need to fix excerpts on search page
- need to support accent stripping in in_topic search
- need to make sure that in:title works correctly
- need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
Sam
b74dd7d379
FIX: stop logging every 404 error when searching for gravatars
2018-10-23 11:43:14 +11:00
Sam
adab7a3a48
improve test, also ensure no zero size is generated
2018-10-23 08:50:07 +11:00
Sam
bea8d337b2
DEV: ensure resizing test does not raise bad error
...
Current resizing test was showing binary diff in terminal and failing
in latest image magick 7, this fixes both issues
2018-10-23 08:45:06 +11:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy ( #6514 )
...
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
Bianca Nenciu
99b43f281b
FIX: Fix browser detection for Microsoft Edge. ( #6516 )
...
cool!
2018-10-22 23:15:41 +11:00
David Taylor
3377f26eba
FIX: Clean tag before searching for matches
2018-10-22 11:09:06 +01:00
Arpit Jalan
ce0a51665e
FIX: count emoji shortcuts in topic title
...
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao
dca830cb73
Revert "FEATURE: [Experimental] Content Security Policy ( #6504 )"
...
This reverts commit fb8231077a
.
2018-10-19 11:53:29 -04:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy ( #6504 )
2018-10-19 10:39:22 -04:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers ( #6512 )
...
* FIX: Prevent duplicate tags in tag-choosers
This reverts 5685b45
, which fixes the duplicate tags problem.
The fix introduced by 5685b45
is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Guo Xiang Tan
65faff5832
DEV: Improve specs to provide a better error message.
2018-10-19 14:31:17 +08:00
Sam
9bfc939692
cleanup so gravatar download failures are consistent
...
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Blake Erickson
f1ba981ae9
Improve add user to group spec for uppercase usernames
...
Oops forgot to check for this. See previous commit for more details.
2018-10-18 13:32:36 -06:00
Blake Erickson
93485facaf
FIX: lowercase username for add/rem group members
...
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Régis Hanol
3973823a33
FIX: always update 'last_gravatar_download_attempt' when updating gravatar
2018-10-18 11:02:54 +02:00
Guo Xiang Tan
bbf542da01
DEV: Prefer <<~
over <<
.
2018-10-18 14:17:30 +08:00
Kyle Zhao
0f1afad6da
FIX: extracted theme JavaScripts for multisite ( #6502 )
...
* FIX: extracted theme javascripts for multisite
* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Bianca Nenciu
f60b10d090
UX: Warn users if the post that's currently edited has changed. ( #6498 )
2018-10-17 15:35:32 +02:00
David Taylor
501ac4dfa6
DEV: Cleanup properly after user_serializer test
2018-10-17 10:54:22 +01:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display ( #6499 )
...
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Arpit Jalan
42c405a820
FIX: use topic summary for meta description if topic excerpt is blank
2018-10-17 14:13:30 +05:30
Sam
19d7543004
FIX: clear color scheme cache when clearing theme cache
2018-10-16 12:00:46 +11:00
Penar Musaraj
b06dccac49
FIX: force enable a user's email_private_messages option when user replies via email ( #6478 )
...
* Enable user email PM when posting to group or replying to topic via email
* remove extra line
* Add test and fix snake_case
* Only reenable email_private_messages for PM replies
2018-10-16 10:51:57 +11:00
Davide Porrovecchio
005e1f5373
Add Cache-Control header to CORS ( #6490 )
2018-10-16 10:46:55 +11:00
Sam
fc94732f88
avoid looking up badge multiple times in spec
2018-10-16 10:42:16 +11:00
Bianca Nenciu
c68a456baa
FIX: Do not award badges for links in restricted categories. ( #6492 )
2018-10-16 10:38:59 +11:00
Neil Lalonde
0724948878
fix failing spec when HUB_BASE_URL is present
2018-10-15 15:06:02 -04:00
Neil Lalonde
d166c38ab7
REFACTOR: distributed_cache is moved to the message_bus gem
2018-10-15 15:01:45 -04:00
Kyle Zhao
99d1ded3b3
rename route /javascripts
to /theme-javascripts
( #6495 )
2018-10-15 11:32:52 -04:00
Maja Komel
c104256991
FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility
2018-10-15 16:18:29 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV ( #6484 )
2018-10-15 09:12:54 +01:00
Guo Xiang Tan
8fa59f0548
FIX: Can't clean a tag if the given string is frozen.
2018-10-15 14:48:45 +08:00
Maja Komel
27e732a58d
FEATURE: allow multiple secrets for Discourse SSO provider
...
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4
DEV: extract inline js when baking theme fields ( #6447 )
...
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields
This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
aa60936115
DEV: Add order to avoid randomly failing test.
2018-10-15 11:42:45 +08:00
Guo Xiang Tan
5ae4cbcf88
DEV: Clear ColorScheme.hex_cache
to avoid leaking state.
2018-10-15 11:16:26 +08:00
Guo Xiang Tan
2ce684b134
DEV: Clear hex_cache
after each test.
2018-10-15 10:24:46 +08:00
Guo Xiang Tan
84d4c81a26
FEATURE: Support backup uploads/downloads directly to/from S3.
...
This reverts commit 3c59106bac
.
2018-10-15 09:43:31 +08:00
Sam
057087e0e8
FEATURE: log long running jobs in the defer queue
...
If a job in the defer queue takes longer than 90 seconds log an error
2018-10-12 17:03:47 +11:00
Sam
a1c912b630
Return 400 instead of 404 for bad token
2018-10-12 10:51:41 +11:00
Bianca Nenciu
048cdfbcfa
FIX: Do not allow revoking the token of current session. ( #6472 )
...
* FIX: Do not allow revoking the token of current session.
* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Blake Erickson
13b3cead06
FEATURE: Allow bulk removing users from a group
...
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.
Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Neil Lalonde
12f132736b
FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value
2018-10-11 15:11:48 -04:00
Gerhard Schlager
7a41a783a4
FIX: Don't reply to Unsubscribe email sent to mailing list mirror
2018-10-11 16:09:22 +02:00
Vinoth Kannan
6a444eee56
Merge pull request #6476 from vinothkannans/tl4-flag
...
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:13:26 +05:30
Vinoth Kannan
227a49bb32
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:11:46 +05:30
Guo Xiang Tan
3c59106bac
Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
...
This reverts commit c29a4dddc1
.
We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1
FEATURE: Support backup uploads/downloads directly to/from S3.
2018-10-11 10:38:43 +08:00
Guo Xiang Tan
5039a6c3f1
FIX: Strip null bytes in mail subjects.
2018-10-11 09:46:32 +08:00
Vinoth Kannan
59be289084
FIX: Do not add lightbox to onebox images ( #6479 )
2018-10-11 08:57:21 +11:00
Robin Ward
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu
4e0533a20b
FIX: Generate Onebox for posts of type moderator_action. ( #6466 )
2018-10-10 18:39:03 +08:00
Sam
45f01e637b
FIX: when associating Github account disassociate others
...
There are some cases where an email floats from one GitHub account to another
if this happens just take over the Github mapping record
2018-10-10 15:46:50 +11:00
Guo Xiang Tan
f26804394a
DEV: Remove the use of stubs on Rails.logger
in our test suite.
2018-10-10 09:34:50 +08:00
Bianca Nenciu
1d26a473e7
FEATURE: Show "Recently used devices" in user preferences ( #6335 )
...
* FEATURE: Added MaxMindDb to resolve IP information.
* FEATURE: Added browser detection based on user agent.
* FEATURE: Added recently used devices in user preferences.
* DEV: Added acceptance test for recently used devices.
* UX: Do not show 'Show more' button if there aren't more tokens.
* DEV: Fix unit tests.
* DEV: Make changes after code review.
* Add more detailed unit tests.
* Improve logging messages.
* Minor coding style fixes.
* DEV: Use DropdownSelectBoxComponent and run Prettier.
* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Bianca Nenciu
1fb1f4c790
FIX: Make error in Discourse Hub more descriptive. ( #6438 )
2018-10-09 22:05:31 +08:00
David Taylor
ac89a728f8
DEV: Remove autospec hacks for social auth providers
...
This was causing erratic test failures. Autospec continues to work after
removing, so this 5-year-old code is no longer needed.
2018-10-09 12:42:57 +01:00
Erin Kosewic
51aba32651
FEATURE: add branch option to remote theme import
...
* FEATURE: add branch option to remote theme import
* FIX: Add missing variable in params
* FIX: Add missing param for import_theme method
* SPEC: Add test methods for branch support in git import
* FIX: Add missing space to scss style
* Do not assume default branch as master
* Change branch field placeholder
* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Gerhard Schlager
2f90c15d7a
Fix random build error
2018-10-09 01:03:05 +02:00
Gerhard Schlager
4881fb028f
FIX: allow_uppercase_posts didn't work for topic titles
2018-10-08 23:50:06 +02:00
Joffrey JAFFEUX
22187508e3
FEATURE: adds header text/background color to site ( #6462 )
2018-10-08 11:52:57 +02:00
Guo Xiang Tan
40fa96777d
FEATURE: Post deployment migrations. ( #6406 )
...
This moves us away from the delayed drops pattern which
was problematic on two counts. First, it uses a hardcoded "delay for"
duration which may be too short for certain deployment strategies.
Second, delayed drop doesn't ensure that it only runs after
the latest application code has been deployed. If the migration runs
and the application code fails to deploy, running the migration after
"delay for" has been met will cause the application to blow up.
The new strategy allows post deployment migrations to be skipped if the
env `SKIP_POST_DEPLOYMENT_MIGRATIONS` is provided.
```
SKIP_POST_DEPLOYMENT_MIGRATIONS=1 rake db:migrate
-> deploy app servers
SKIP_POST_DEPLOYMENT_MIGRATIONS=0 rake db:migrate
```
To aid with the generation of a post deployment migration, a generator
has been added. Simply run `rails generate post_migration`.
2018-10-08 15:47:38 +08:00
Arpit Jalan
c0bb04d89d
FIX: convert tag string to array when filtering topic list by tags
2018-10-08 08:56:25 +05:30
Guo Xiang Tan
1b1ef21481
DEV: Improve Jobs::CleanUpEmailLogs
specs.
2018-10-08 11:11:20 +08:00
Penar Musaraj
26956bbe1a
FIX: Safari issue with some emojis ( #6456 )
...
https://meta.discourse.org/t/emojis-selected-on-ios-displaying-additional-rectangles/86132/8
2018-10-08 10:32:25 +08:00
Sam
550e108a8c
FEATURE: only export settings that changed via rake task
2018-10-08 11:54:52 +11:00
Vinoth Kannan
4000dddd32
Merge pull request #6458 from vinothkannans/fix-giphy
...
FIX: Display large/broken image placeholders for image oneboxes
2018-10-07 18:08:54 +05:30
Vinoth Kannan
c499872597
FIX: Display large/broken image placeholders for image oneboxes
2018-10-07 17:42:41 +05:30
David Taylor
9bf522f227
FEATURE: Mixed case tagging ( #6454 )
...
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.
- If force_lowercase_tags is disabled, then mixed case tags are allowed.
- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.
- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.
- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.
- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Vinoth Kannan
8430ea927e
FIX: Generate webhook payloads before destroy events ( #6325 )
2018-10-05 16:53:59 +08:00
Sam
5b630f3188
FIX: stop logging every time invalid params are sent
...
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
Vinoth Kannan
3faa022c6f
Merge pull request #6453 from vinothkannans/sso_provider_redirect
...
FIX: redirect users to SSO client URL after social login
2018-10-05 00:34:34 +05:30
Vinoth Kannan
ca74246651
FIX: redirect users to SSO client URL after social login
2018-10-05 00:01:08 +05:30
David Taylor
5b56a8cd09
DEV: Merge multiple discourse_tagging_spec files
2018-10-04 15:44:29 +01:00
Maja Komel
361ad7ed2b
FEATURE: add indication if incoming email attachment was rejected and inform sender about it ( #6376 )
...
* FEATURE: add indication if incoming email attachment was rejected and inform sender about it
* include errors for rejected attachments in email
* don't send warning email to staged users
* use user object instead of user_id in add_attachments method
2018-10-04 22:08:28 +08:00
Paul Trippett
b8a1196b6b
Add missing fields to Upload Fabricator ( #6448 )
2018-10-04 22:00:07 +08:00
Guo Xiang Tan
d43ed4afa2
Remove unused variable.
2018-10-04 13:21:37 +08:00
Lucas Nicodemus
1907338834
FIX: No longer educate users who are editing
...
A user editing a post will no longer get composer messages that are
meant for new users posting replies and threads. These messages don't
make sense in an edit context at all -- they're usually discussing
making salient replies or topics, or adding avatars. They make even less
sense when a user is an admin attempting to change the default topics
for the first time.
Since these messages actually do make sense for a user when they have a
low post count, though, they're still going to occur. They just occur
when a user is creating new content (and thus, more likely to read the
notice), not during edits.
This is in response to this issue:
https://meta.discourse.org/t/education-message-for-editing-wiki-topic/66682
2018-10-04 13:20:13 +08:00
Vinoth Kannan
a651d39b8a
FIX: Display errors in single theme pages ( #6449 )
...
Currently the errors are not well handled. So it breaks the whole UI of admin themes list page.
2018-10-04 02:33:06 +05:30
Sam
ad0e768742
FEATURE: add support for responsive images in posts
...
When creating lightboxes we will attempt to create 1.5x and 2x thumbnails
for retina screens, this can be controlled with a new hidden site setting
called responsice_post_image_sizes, if you wish to create 3x images run
SiteSetting.responsive_post_image_sizes = "1|1.5|2|3"
The default should be good for most of the setups as it balances filesize
with quality. 3x thumbs can get big.
2018-10-03 13:44:53 +10:00
Neil Lalonde
dc1e7bb645
UX: when admin is deleted, make it clear in staff action logs when records belong to a deleted user and show their username in the details
2018-10-02 13:46:54 -04:00
Penar Musaraj
34516c72bd
FIX: Recover public actions (likes) when recovering a post ( #6412 )
2018-10-02 11:25:08 -04:00
Joffrey JAFFEUX
a515ba8612
FIX: corrects typo and adds a spec for likes report ( #6439 )
...
* FIX: corrects typo and adds a spec for likes report
* save!
2018-10-02 02:27:43 -07:00
Bianca Nenciu
e0d7cdac12
UX: Improve error messages for minimum and maximum username lengths.
2018-10-02 13:10:20 +08:00
Penar Musaraj
da9eee5262
FIX: Force enable user PM emails option when user posts to a group by email.
2018-10-02 12:38:10 +08:00
Gerhard Schlager
e2770bc1c4
FIX: async reload of locales could result in missing translations
2018-10-01 17:14:36 +02:00
Guo Xiang Tan
cf60ae32ea
FIX: Onceoff job to fix missing user profile backgrounds.
2018-10-01 18:31:09 +08:00
Guo Xiang Tan
cfa7173da3
FIX: Onceoff job to fix missing user profile backgrounds.
2018-10-01 16:26:40 +08:00
Guo Xiang Tan
de85bb0a39
FIX: Don't update user_profile URLs unless upload is persisted.
2018-10-01 14:21:39 +08:00
Guo Xiang Tan
e262a08350
Add UploadRecovery#recover_user_profile_backgrounds
.
2018-10-01 10:51:54 +08:00
Robin Ward
02da022c70
PERF: Quit out of the email job quickly if disabled ( #6423 )
...
This prevents sidekiq from doing a bunch of queries when email is
disabled.
Critical emails are a special case and will be sent.
2018-10-01 01:15:45 +08:00
Kyle Zhao
819f090d6a
move large blobs out of <head>
( #6428 )
...
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Penar Musaraj
70d74f8fc1
FIX: advanced search ordering broken when using tags
2018-09-28 17:27:08 +08:00
Bianca Nenciu
5407036ef9
DEV: Run prettier. ( #6420 )
2018-09-21 11:02:23 +00:00
Kyle Zhao
e402394375
FEATURE: auto grant an available title when removing old title
...
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list ( #6418 )
2018-09-21 09:07:13 +08:00
Guo Xiang Tan
1a64b3a487
FIX: Don't try to recover an invalid sha1.
2018-09-20 14:21:57 +08:00
Sam
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Guo Xiang Tan
195bd02fce
FIX: Avoid race condition when enqueuing job.
2018-09-20 11:24:01 +08:00
Jeff Wong
d5442fbf08
FIX: do not send tl1 welcome message when a user has the basic user badge
2018-09-19 12:53:36 -07:00
Guo Xiang Tan
767f27929d
Rename Jobs::RecoverPostUploads
to rerun the job take 2.
2018-09-19 22:40:32 +08:00
Guo Xiang Tan
d403883d16
DEV: Improve specs for 293cf600f0
.
2018-09-19 16:03:52 +08:00
Sam
5302709343
FIX: in redis readonly raise an exception from DistributedMutex
...
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller
When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb
In redis readonly no thumbnails will be generated
2018-09-19 15:50:58 +10:00
Sam
abc39c492a
FIX: in redis readonly raise an exception from DistributedMutex
...
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller
When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb
In redis readonly no thumbnails will be generated
2018-09-19 15:49:18 +10:00
Guo Xiang Tan
bc7f58191e
FIX: UploadRecovery
should look at links too.
2018-09-19 11:52:57 +08:00
Guo Xiang Tan
4a92c5b2d6
UploadRecovery
should recover attachments too.
2018-09-19 10:44:36 +08:00
Vinoth Kannan
9281b72308
FEATURE: Log entity export in staff logs
2018-09-19 03:16:45 +05:30
Arpit Jalan
fadcd36f92
FIX: do not treat ignore_redirects domains as blacklisted
...
This fix prevents domains present in `ignore_redirects` to be treated as
blacklisted domains and makes sure that onboxing happens for those domains.
Issue reported here: https://meta.discourse.org/t/steam-store-oneboxing-no-longer-works/97266
2018-09-18 10:38:02 +05:30
Guo Xiang Tan
ce6a0a5e9e
FIX: Moving upload to tombstone should update modification time.
...
A upload created a long time ago will be nuked from the tombstone
immediately if it gets deleted.
2018-09-18 10:48:29 +08:00
Guo Xiang Tan
f2fbf1fdb0
DEV: Basic specs for TagGroupsController
.
2018-09-18 08:22:03 +08:00
Sam
7b70a208ba
SECURITY: correct XSS on long topic titles
2018-09-18 08:56:10 +10:00
Sam
7d6b348d0b
SECURITY: correct XSS on long topic titles
2018-09-18 08:54:44 +10:00
Régis Hanol
4481836de2
FEATURE: new 'search_ignore_accents' site setting
2018-09-17 10:42:30 +02:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data ( #6370 )
2018-09-17 16:31:46 +08:00
Kyle Zhao
7b19ed06c1
reworked specs of existing group behavior
2018-09-17 17:46:43 +10:00
Kyle Zhao
6659417807
FEATURE: match user title when primary group changes
...
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Sam
33541c4096
FEATURE: unconditionally omit no-follow for staff
...
Previously TL2 and below staff would have links
no-followed which was never intended
2018-09-17 12:02:20 +10:00
Sam
37c5280f73
correct spec
2018-09-17 11:37:01 +10:00
Rishabh
4f46aa1ba3
FEATURE: Add SiteSetting for s3_configure_tombstone_policy
...
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-17 10:57:50 +10:00
Sam
725d2c0d47
correct spec
2018-09-17 10:54:35 +10:00
Sam
173d0d53d5
correct erratic spec
2018-09-17 10:12:00 +10:00
OsamaSayegh
c7d81e2682
FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard
2018-09-17 09:49:53 +10:00
Neil Lalonde
526ffc4966
FIX: error in response body to blocked crawlers, showing 500 Internal Server Error with status of 403
2018-09-14 15:40:20 -04:00
Neil Lalonde
b87a089822
FIX: don't block api requests when whitelisted_crawler_user_agents is set
2018-09-14 15:40:20 -04:00
Guo Xiang Tan
c3f6b4d966
DEV: Test against real Upload#url
format.
2018-09-14 13:43:33 +08:00
Sam
419b14e58b
FIX: correctly keep stylesheet cache entries
...
The intent from day one was to keep MAX_TO_KEEP stylesheets per target
however the DELETE statement did not perform target filtering
This meant we often deleted the wrong stylesheets from the cache
2018-09-14 12:54:11 +10:00
Guo Xiang Tan
8ddcb6564e
FIX: Onceoff job to recover missing post uploads.
...
This fixes the regression due to 1f636c445b
2018-09-14 10:52:33 +08:00
Guo Xiang Tan
ea522589cf
Accept custom AR relation for UploadRecovery
.
2018-09-14 10:51:55 +08:00
Guo Xiang Tan
1d6597c646
FIX: Do not try to recover invalid Upload#short_url
in UploadRecovery
.
2018-09-14 10:51:36 +08:00
Guo Xiang Tan
692f2aa395
Fix the build.
2018-09-14 10:51:26 +08:00
Guo Xiang Tan
2176605fc4
Add basic test case for UploadRecovery
.
2018-09-14 10:51:20 +08:00
Guo Xiang Tan
dffd4fa9e6
Add extra protection in Upload#get_from_url
.
...
In case the extension goes missing from the URL.
2018-09-14 10:49:34 +08:00
Régis Hanol
39a2d92417
FIX: don't index urls to local files
2018-09-14 12:31:35 +10:00
Guo Xiang Tan
6a2589353b
Merge pull request #6394 from tgxworld/recover_broken_uploads
...
FIX: Onceoff job to recover missing post uploads.
2018-09-13 18:16:56 -07:00
Guo Xiang Tan
aa1af9fc22
FIX: Onceoff job to recover missing post uploads.
...
This fixes the regression due to 1f636c445b
2018-09-14 09:04:01 +08:00
Gerhard Schlager
fd931b948d
Use a more helpful failure message in spec
2018-09-13 21:31:44 +02:00
Régis Hanol
30619c244c
FIX: don't index urls to local files
2018-09-13 18:53:53 +02:00
Joffrey JAFFEUX
a6502ce879
FIX: ensures errors in report initialization fail nicely ( #6392 )
2018-09-13 17:36:55 +02:00
Guo Xiang Tan
2ae7d3a118
Merge pull request #6388 from pmusaraj/drafts-second-user-test
...
Add test to ensure a user cannot see drafts stream of another user
2018-09-13 06:53:44 -07:00
Arpit Jalan
74eec1849d
FIX: ignore and log bad json values for custom fields
2018-09-13 17:42:48 +05:30
Arpit Jalan
d288462abf
Merge pull request #6393 from techAPJ/bad-json
...
FIX: ignore and log bad json values for custom fields
2018-09-13 15:54:01 +05:30
Arpit Jalan
e364547ff7
FIX: ignore and log bad json values for custom fields
2018-09-13 14:26:30 +05:30
Guo Xiang Tan
0a06b3d977
Accept custom AR relation for UploadRecovery
.
2018-09-13 16:33:14 +08:00
Guo Xiang Tan
6c65718301
Include response body when raising an error in FileHelper#download
.
2018-09-13 15:43:58 +08:00
Guo Xiang Tan
05a57d4f27
DEV: Clear cache after not before.
...
* Clearing after ensures that state does not leak
to specs in other files.
2018-09-13 14:23:32 +08:00
Guo Xiang Tan
5eb65ad612
FIX: Do not try to recover invalid Upload#short_url
in UploadRecovery
.
2018-09-13 13:59:17 +08:00
Guo Xiang Tan
1afe7162e1
Fix the build.
2018-09-13 13:41:38 +08:00
Guo Xiang Tan
d99dd840e4
Add basic test case for UploadRecovery
.
2018-09-13 13:26:23 +08:00
pmusaraj
7f05af5995
cleanup
2018-09-12 13:10:14 -04:00
pmusaraj
aa614e393c
return 403 when trying drafts of another user
2018-09-12 13:08:02 -04:00
pmusaraj
b8c0a29bec
better test name
2018-09-12 11:09:30 -04:00
pmusaraj
11fd18b254
code-styling fixes
2018-09-12 11:06:30 -04:00
pmusaraj
3a00c2adeb
add test to ensure that userA cannot see drafts stream of userB
2018-09-12 10:13:20 -04:00
Guo Xiang Tan
3884e99e88
Add extra protection in Upload#get_from_url
.
...
In case the extension goes missing from the URL.
2018-09-12 00:12:14 -07:00
Guo Xiang Tan
f31758cc70
FIX: Uploads not being linked correctly to posts.
...
Regression due to 1f636c445b
.
2018-09-11 23:54:07 -07:00
Guo Xiang Tan
b3469bea2d
FIX: Uploads not being linked correctly to posts.
...
Regression due to 1f636c445b
.
2018-09-11 23:50:23 -07:00
Sam
d1984a0b4d
FIX: display a correct error when attempting to agree on a deferred flag
...
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.
This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Guo Xiang Tan
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
...
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
Guo Xiang Tan
71caf7521d
Drop tif
, tiff
, webp
and bmp
from supported images.
...
https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-12 09:29:54 +08:00
Osama Sayegh
16bd3f2cf2
FIX: use current user color scheme when filling theme-color
attribute ( #6384 )
...
* FIX: use current user color scheme when filling `meta` attribute `theme-color`
* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Robin Ward
3bb4f4c5ef
Adds test to make sure moderators can't make master keys
...
It wasn't obvious from the code, plus we'd never want this to regress!
2018-09-11 12:02:06 -04:00
Gerhard Schlager
1a01385e88
FIX: "false" didn't work as locale_default
2018-09-11 13:42:10 +02:00
Guo Xiang Tan
85620abb71
DEV: Clear connections after multisite specs.
2018-09-11 10:15:06 +08:00
Neil Lalonde
ea7ee8e9f7
Merge master
2018-09-10 19:39:09 -04:00
Sam
a5ae7ee8e2
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:25:19 +10:00
Sam
e64402cb3b
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:24:02 +10:00
Rishabh
80eace4268
Merge pull request #6383 from discourse/fix_username_suggester
...
FIX: don't raise an error on integer usernames in user_name_suggester
2018-09-11 00:30:29 +05:30
Rishabh Nambiar
81c87df18a
FIX: don't raise an error on integer usernames
2018-09-10 22:17:56 +05:30
David Taylor
84fc7abb73
FIX: Allow rake destroy:topics
to delete topics in sub-categories
2018-09-10 12:52:14 +01:00
Guo Xiang Tan
df04e69cde
FIX: S3Helper#list
creates incorrect prefix.
2018-09-10 16:34:40 +08:00
Neil Lalonde
9e77fd8fc3
FIX: wrong category links on subfolder install in rss feed for a category topic list
2018-09-07 10:03:30 -04:00
Sam
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653
FIX: Remove user fields when anonymizing user
2018-09-07 00:02:56 +02:00
Guo Xiang Tan
1f636c445b
PERF: Add fast path to find uploads before resorting to LIKE
query.
...
For a normal upload url
Before
```
Warming up --------------------------------------
264.000 i/100ms
Calculating -------------------------------------
2.754k (± 8.4%) i/s - 13.728k in 5.022066s
```
After
```
Warming up --------------------------------------
341.000 i/100ms
Calculating -------------------------------------
3.435k (±11.6%) i/s - 17.050k in 5.045676s
```
2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5
Always link post to uploads in post process.
...
The operation is cheap anyway so no point skipping.
2018-09-06 14:08:03 +08:00
Guo Xiang Tan
434035f167
FIX: Link post to uploads in PostCreator
.
...
* This ensures that uploads are linked to their post on creation
instead of a background job which may be delayed if Sidekiq
is facing difficulties.
2018-09-06 11:18:11 +08:00
Gerhard Schlager
26082688d1
FIX: Zero is a valid value for the page parameter
2018-09-05 20:43:05 +02:00
Guo Xiang Tan
f3aef2cc83
FIX: Incorrect/missing extension in short_url fails to map to upload.
...
`Hash#invert` causes us to lose keys if the hash contains similar
values.
2018-09-05 21:48:58 +08:00
Gerhard Schlager
2c5d9269a0
FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled
2018-09-05 11:44:28 +02:00
Sam
d9c0dc8687
correct prev commit
...
s3. did not exists it is s3-
2018-09-05 16:11:44 +10:00
Sam
83e1315e42
FIX: correct urls in uploads table to point at dualstack
...
Last week we added support for dual stack urls but did not remap the
the old records in the uploads and optimized images table
This caused a few minor edge cases worst was that if you rebaked old
images S3 CDN was not repopulated.
2018-09-05 15:58:04 +10:00
Gerhard Schlager
b8fc699164
FIX: Detect {{foo}} as interpolation key
2018-09-05 00:47:39 +02:00
Vinoth Kannan
d9be4f47e8
SPEC: redirect to original URL after social signup
2018-09-05 03:24:50 +05:30
Vinoth Kannan
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
Guo Xiang Tan
3b337bfc6b
Revert "FIX: Don't rate limit admin and staff constraints when matching routes."
...
This reverts commit 651b50b1a1
.
2018-09-04 14:27:21 +08:00
Guo Xiang Tan
19182c0c8f
DEV: Skip fragile tests for now.
2018-09-04 13:58:09 +08:00
Guo Xiang Tan
651b50b1a1
FIX: Don't rate limit admin and staff constraints when matching routes.
...
* When an error is raised when checking route constraints, we
can only return true/false which either lets the request
through or return a 404 error. Therefore, we just skip
rate limiting here and let the controller handle the
rate limiting.
2018-09-04 13:52:58 +08:00
Guo Xiang Tan
08b268c5bc
Be more forceful in disconnecting connections during failover.
2018-09-04 10:32:43 +08:00
Sam
ad70502ab8
FIX: ignore invalid usernames in incoming link tracker
...
If an incoming link username has NULL in it simply ignore it
2018-09-04 12:28:32 +10:00
Guo Xiang Tan
8dc1463ab3
Enable Lint/ShadowingOuterLocalVariable
for Rubocop.
2018-09-04 10:16:42 +08:00
Sam
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Gerhard Schlager
eeedc3901e
FIX: Replying to deleted post via email should create new reply to topic
2018-09-03 23:06:40 +02:00
Vinoth Kannan
24a14af15a
FIX: Respect invalidate_oneboxes option for inline oneboxes
2018-09-03 22:33:43 +05:30
Guo Xiang Tan
ecf60c0c33
DEV: More attempts at stablizing specs in Travis.
...
Re-enable skipped test because it doesn't fail locally
for me to debug it.
2018-09-03 14:52:15 +08:00
Gerhard Schlager
f33433bf9e
Validation of params should restrict to max int ( #6331 )
...
* FIX: Validation of params should restrict to max int
* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan
747c9bb47f
Merge pull request #6317 from nbianca/ignore_blacklisted_domains
...
FIX: Ignore OneBox blacklisted domains.
2018-09-03 11:10:52 +08:00
Guo Xiang Tan
0fac6cdba9
DEV: Better debugging information when test fails.
2018-09-03 10:55:25 +08:00
Maja Komel
182d9a4666
FIX: escape regex chars when searching site texts
2018-09-02 17:25:57 +10:00
Bianca Nenciu
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
Osama Sayegh
60eff9421a
FIX: precompile desktop_theme
and mobile_theme
stylesheets
...
required for environments that pre stage docker images and keep old image running during the deploy
2018-08-31 21:23:55 +10:00
Guo Xiang Tan
5a214a687c
FIX: Exclude UserAuthToken
and UserAuthTokenLog
in user webhook.
2018-08-31 17:25:56 +08:00
Guo Xiang Tan
ae2f00ee73
DEV: Include the thread in the error message.
2018-08-31 17:14:19 +08:00
Bianca Nenciu
931cffcebe
FEATURE: Let users see their user auth tokens. ( #6313 )
2018-08-31 10:18:06 +02:00
Sam
b3aab1770f
FIX: set old last modified date for invalid avatars
...
In some cases Akami was holding tight to these invalid avatars,
to avoid this happening we explain the avatar image is ancient
then when a new upload is added it automatically is older than
this.
2018-08-31 17:07:31 +10:00
Sam
1866a8e8da
correct invalid spec
2018-08-31 15:06:30 +10:00
Sam
e1975e293f
FIX: when uploads are destroyed clear up avatar refs in user table
...
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
Sam
9b7cab589a
FIX: revert diacritic stripping
...
See more details in test case and at: https://meta.discourse.org/t/discourse-should-ignore-if-a-character-is-accented-when-doing-a-search/90198/16?u=sam
2018-08-31 11:46:55 +10:00
Guo Xiang Tan
81b99efc68
DEV: Raise an error if thread doesn't return within expected time.
2018-08-31 09:26:28 +08:00
Vinoth Kannan
297e8aaf2e
FIX: Escape regex pattern variable before using it
2018-08-31 03:02:24 +05:30
Blake Erickson
c6f339a0b5
format json better with spaces in my test
2018-08-30 14:39:40 -06:00
Blake Erickson
ae532f8548
FIX: return 422 for an invalid group name on category create
2018-08-30 14:28:55 -06:00
David Taylor
825dee5598
SECURITY: Prevent users from modifying custom fields
2018-08-30 13:00:51 +01:00
David Taylor
103509b9dd
SECURITY: Prevent users from modifying custom fields
2018-08-30 12:59:36 +01:00
Osama Sayegh
9efbf2c49f
FIX: changing component settings should trigger refresh for parent theme CSS ( #6340 )
2018-08-30 20:53:03 +10:00
Guo Xiang Tan
9c7e029d01
DEV: Attempt to stablize multisite tests.
2018-08-30 17:31:17 +08:00
Guo Xiang Tan
c4de36624f
Skip imagemagick tests on Travis.
2018-08-30 16:07:00 +08:00
David Taylor
f0abb4d09a
FIX: Allow user actions to be saved even if the post has nil user
...
This issue made it impossible to delete users if they had flagged a post with nil user
2018-08-30 01:03:32 +01:00
Sam
e6970151a6
FEATURE: allow specifying locale via SSO
...
Use:
locale
locale_force_update
To force user locale on users where SiteSetting.allow_user_locale is enabled
Note: If an invalid locale is specified no action will occur
2018-08-30 09:58:03 +10:00
Bianca Nenciu
72ffabf619
UX: Improve email testing admin tool. ( #6308 )
2018-08-29 23:14:16 +02:00
Gerhard Schlager
b2cf725700
FIX: Don't try to send invite email when invite was deleted
2018-08-29 12:43:12 +02:00
Sam
44cf3cf975
FIX: queue heartbeats in readonly modes
...
If sidekiq is paused or Discourse is in readonly continue to queue
heartbeats
If we do not do that then a master process can end up reaping sidekiq
workers and causing various badness
This also impacts restore which can do weird stuff TM in cases like this
2018-08-29 12:36:59 +10:00
Sam
740308675b
FEATURE: erode bounce score every time an email is sent
...
Introduces a hidden setting (default is 0.1) that erodes bounce score
every time we send an email. This means that erratic failures are less
painful cause system auto corrects
2018-08-28 17:02:12 +10:00
Guo Xiang Tan
032f860c86
Fix brittle spec.
2018-08-28 14:29:38 +08:00
Robin Ward
52ca0893e1
FIX: Broken specs
2018-08-28 14:29:38 +08:00
Kyle Zhao
e25a6e085e
FIX: drop title updates through RSS feeds
...
can create an update loop
2018-08-28 16:25:04 +10:00
Sam
9ab1fb7dfc
FEATURE: correctly store width and height on uploads
...
Previously we used width and height for thumbnails, new code ensures
1. We auto correct width and height
2. We added extra columns for thumbnail_width and height, this is determined
by actual upload and no longer passed in as a side effect
3. Optimized Image now stores filesize which can be used for analysis, decisions
Also
- fixes Android image manifest as a side effect
- fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 12:59:22 +10:00
Davide Porrovecchio
1826626272
FEATURE: Add Content-Type header to CORS
...
- add Content-Type to Access-Control-Allow-Headers
- update test accordingly
2018-08-28 11:19:38 +10:00
Neil Lalonde
ebe7835316
FIX: links in rss feeds are sometimes wrong on subfolder installs
2018-08-27 18:05:15 -04:00
Bianca Nenciu
b6963b8ffb
FIX: Ignore OneBox blacklisted domains.
2018-08-27 20:40:55 +02:00
Sam
dc17ae3b2f
correct specs
2018-08-27 14:50:56 +10:00
Sam
4205c528d0
FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages
...
These site settings are very hard to explain and only applicable for very
specific Discourse setups.
If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".
The setting allows you to extend this to TL4 or any trust level.
Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
2018-08-27 11:38:22 +10:00
Raul Tambre
2271918be2
FEATURE: Use S3 dualstack endpoints
...
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
2018-08-27 11:22:46 +10:00
Maja Komel
020eba4623
FIX: find tags with non-latin names ( #6312 )
2018-08-27 11:05:28 +10:00
Kris
faf09bb8c8
Replacing default brown category color
2018-08-24 14:18:14 -04:00
Joffrey JAFFEUX
82dcc5cbfa
FEATURE: makes reports loadable in bulk ( #6309 )
2018-08-24 15:28:01 +02:00
James Kiesel
a4001c1ea0
FEATURE: Pop revise modal on post edited notification ( #6287 )
...
* Add revision number to notification url
* Pop modal on route change
* Add semicolon
* Ensure modal pops even when navigating within a topic
* Ensure modal pops when visiting from other page
* Fix eslint errors
* Fix prettier errors
* Add callback for notification item click
* Remove stray revisionUrl function
* Rename to afterRouteComplete
2018-08-24 09:13:07 -04:00
Guo Xiang Tan
932195d828
DEV: Update test case for TopicEmbed
.
2018-08-24 09:42:12 +08:00
Guo Xiang Tan
1ba24496ab
Merge pull request #6261 from xrav3nz/fix/topic-embed-import-updates
...
FIX: update TopicEmbed's title and user correctly
2018-08-24 09:32:03 +08:00
Osama Sayegh
e0cc29d658
FEATURE: themes and components split
...
* FEATURE: themes and components split
* two seperate methods to switch theme type
* use strict equality operator
2018-08-24 11:30:00 +10:00
Guo Xiang Tan
4a552fb967
Merge pull request #6303 from nbianca/user_serializer_spec
...
Add spec for UserSerializer and UserApiKey.
2018-08-24 08:16:11 +08:00
Sam
ac11f8df52
correct regression searching with diacritics
2018-08-24 10:00:51 +10:00
Sam
29315b73c2
FIX: improve last_modified date returned for avatars
...
instead of hard coding a date:
1. For optimized images use the upload date when on s3
2. For not-found use 10 minutes ago to match the expiry
2018-08-24 09:36:11 +10:00
Régis Hanol
bc7b530b0a
FIX: remove diacritics instead of transliterating
2018-08-24 00:38:44 +02:00
Bianca Nenciu
ff441bc4ca
Add spec for UserSerializer and UserApiKey.
2018-08-23 19:01:02 +02:00
Régis Hanol
2fcf2b899e
FIX: remove diacritics when tokenizing html for search
2018-08-23 17:13:52 +02:00
Arpit Jalan
7a91df3248
Merge pull request #6290 from techAPJ/latest-full-name
...
UX: show full name on /latest page
2018-08-23 17:34:54 +05:30
Arpit Jalan
1a7cd6648b
UX: show full name on /latest page
2018-08-23 14:41:06 +05:30
Guo Xiang Tan
dd810b8b05
Merge pull request #6304 from tgxworld/create_functions_in_different_schema
...
FIX: Create `BaseDropper` functions in a different schema.
2018-08-23 15:01:41 +08:00
Guo Xiang Tan
212ee15804
FIX: Create BaseDropper
functions in a different schema.
...
https://meta.discourse.org/t/error-when-restore-db-backup/93145/25?u=tgxworld
2018-08-23 12:52:21 +08:00
Osama Sayegh
2711f173dc
FIX: don't allow inviting more than max_allowed_message_recipients
...
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows
* add specs for guardian
* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)
Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences
* groups take only 1 slot in PM
* just return if topic is a PM
2018-08-23 14:36:49 +10:00
Guo Xiang Tan
36a7028f19
FEATURE: Clean up PostReplyKey
records.
...
* Default retention of 90 days.
2018-08-23 10:40:02 +08:00
Régis Hanol
f01169d6ff
FIX: don't send email when the post was deleted
2018-08-22 13:13:58 +02:00
James Kiesel
cdea969c6a
FEATURE: Make initial admins TL1
...
* Match register controller TL to rake admin:create
* Don't promote if trust_level > 1
2018-08-22 15:45:24 +10:00