Sam
64d9be726f
the protection I placed was in the wrong path moved to /session/sso
...
correct previous commit
2018-11-09 17:18:01 +11:00
Sam
3ae4fcd1f7
Improve redirect avoidance for /sso paths
...
e6b3310577
was missing an ege case
where return url included current_hostname
2018-11-09 17:03:58 +11:00
Sam
7d52f5869d
Revert "FIX: Don't enqueue topics if the user can't create them"
...
This reverts commit 515e103db6
.
2018-11-09 15:25:38 +11:00
Sam
e6b3310577
FIX: never redirect back to /sso
it will cause a loop
...
If for any reason our return url is set to `/sso` bypass using it
for login redirect
2018-11-09 14:27:36 +11:00
Vinoth Kannan
515e103db6
FIX: Don't enqueue topics if the user can't create them
2018-11-09 06:10:23 +05:30
Sam
15991677d4
FIX: ensure we never cache login redirects by mistake
2018-11-09 11:14:35 +11:00
Gerhard Schlager
24e5be3f0c
FIX: Relative links in translations should work with subfolder
2018-11-08 23:31:05 +00:00
Guo Xiang Tan
57f92ac808
Revert "Swtich to regexp for DbHelper.remap
."
...
Regexp is so much slower.
This reverts commit c3f89e3cd7
.
2018-11-08 14:20:09 +08:00
Guo Xiang Tan
c3f89e3cd7
Swtich to regexp for DbHelper.remap
.
2018-11-08 14:08:38 +08:00
Sam
42572ff138
Revert font awesome 5 changes
...
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Guo Xiang Tan
9737938a4a
Add option to skip tabels when using DbHelper.remap
.
2018-11-08 12:29:37 +08:00
Penar Musaraj
09dc922b3b
Fix several FontAwesome 5 issues
...
add missing icons, update SvgSprite methods (to fix ruby 2.4 issues), update whisper icon in composer, fix alignment issues
2018-11-07 22:20:53 -05:00
Guo Xiang Tan
3365753bd0
PERF: Reduce number of database queries for DbHelper.remap
...
* Cuts number of queries from 273 to 89
* Add some specs
* For a table with 500 posts, benchmarks locally shows a runtime
reduction from 0.046929135 to 0.032694705.
2018-11-08 10:54:39 +08:00
Gerhard Schlager
0122b8cd8b
Fix random build error
...
Request specs could poison the cache since clear_cache! deletes only today and yesterday from the cache.
2018-11-08 02:51:42 +01:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs ( #6557 )
...
* First take on subsetting svg icons
* FontAwesome 5 svg subset WIP
* Include icons from plugins/badges into svg sprite subset
* add svg icon support to themes
* Add spec for SvgSprite
* Misc. SVG icon fixes
* Use FA5 svgs in local-dates plugin
* CSS adjustments, fix SVG icons in group flair
* Use SVG icons in poll plugin
* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Guo Xiang Tan
1e64658c25
Fix brittle specs.
2018-11-07 15:02:53 +08:00
Sam
0a442e319c
FIX: correct svg handling for images
...
We regressed and optimized images no longer worked with svg
The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Bianca Nenciu
2070edf889
FIX: Clarify User.group_locked_trust_level.
...
* Rename User.group_locked_trust_level to User.group_granted_trust_level.
* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Guo Xiang Tan
bdb8e9efdb
DEV: Remove mocks from specs.
2018-11-07 09:55:58 +08:00
Sam
06b9d8223a
FIX: search within topic not working correctly in CJK
...
We were splitting the term prior to search causing everything to miss
2018-11-07 09:41:55 +11:00
Jeff Atwood
afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post
...
FIX: disable flagging hidden posts
2018-11-05 11:05:32 -08:00
Penar Musaraj
7b3432f711
Enforce disabling flagging hidden posts server-side
2018-11-05 10:00:59 -05:00
Joffrey JAFFEUX
78954672f9
FIX: uses hex to compare images
...
It prevents some terminals from crashing in case of errors and dumping the whole file content into the terminal.
2018-11-05 09:47:15 -05:00
Maja Komel
1ac3e5473a
FIX: don't strip eml attachments from received emails
2018-11-05 09:35:22 +01:00
Sam
d84256a876
FEATURE: add Noindex to robots.txt for disallowed routes
...
This strips pages out of indexes that should not exist see:
https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Kyle Zhao
f9b36820ef
FIX: only extract script tags with certain types ( #6553 )
...
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
2018-11-01 16:01:46 -04:00
Robin Ward
ec91450aae
FEATURE: Track how many user flags are agreed/disagreed/ignored
...
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
ceafcbc898
FEATURE: show added date when looking at group members
2018-11-01 15:33:28 +11:00
Sam
aa044623bd
FIX: do not create superflous sessions when logged on
...
In some SSO implementations we may want to issue SSO pipelines for
already logged on users
In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
Sam
23423ba112
correct spec and error reporting
...
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Bianca Nenciu
e0ccd36dbe
FEATURE: Suspicious logins report. ( #6544 )
2018-10-30 22:51:58 +00:00
Bianca Nenciu
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Sam
9933059426
FEATURE: push related PMs to take first 3 slots
...
Previously the related PMs were last meaning you would have to work through
all unread to see them.
Also amends it so it either asks for related by group OR user not both.
2018-10-29 10:47:59 +11:00
Rafael dos Santos Silva
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report
2018-10-26 15:59:04 +02:00
Penar Musaraj
ed9c21e42c
FEATURE: hide muted categories from /categories list ( #6531 )
2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926
Only check for suspicious login for staff members
2018-10-26 00:29:28 +02:00
Régis Hanol
306d77b54f
FIX: don't use srcset on cropped thumbnails
2018-10-25 16:08:10 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts ( #6528 )
...
* wizard page inline js
* print topic inline js
* drop JS for preventing double submission
this is the default behavior with Rails' UJS `disable_with` helper
* omniauth complete redirect JS
* account activate inline js
2018-10-25 09:52:01 -04:00
David Taylor
56e0f47bcd
FIX: Do not update last_seen
for API access
...
This regressed in 2dc3a50
. I have now added tests for the behavior.
2018-10-25 13:38:57 +01:00
Bianca Nenciu
effbef7d0b
UX: Use user locale for locations. ( #6527 )
...
* UX: Use user locale for locations.
* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Régis Hanol
addf6f6d17
FIX: support comma in 'sso_provider_secrets' site setting
2018-10-24 21:23:18 +02:00
Sam
e955a7b49d
Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )""
...
This reverts commit 322b27b6dc
.
Oops rushed on the revert here... should be good
2018-10-24 15:14:01 +11:00
Sam
322b27b6dc
Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )"
...
This reverts commit 63356d883e
.
This caused an outage, got to revert
2018-10-24 15:03:58 +11:00
Kyle Zhao
63356d883e
FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder ( #6523 )
2018-10-24 14:34:10 +11:00
Sam
5fd94d3211
PERF: limit unread count to 99 in blue circle
...
This revises: e605542c4e
Previous commit was faulty
2018-10-24 12:10:27 +11:00