Sam
402f06de27
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:18:32 +11:00
Guo Xiang Tan
2c86c202e5
FIX: Randomly failing specs try 2.
2016-09-23 15:05:03 +08:00
cpradio
69691fa7a6
FIX: Backup validation wasn't escaping hyphens
...
Conflicts:
spec/controllers/admin/backups_controller_spec.rb
2016-09-19 08:53:54 +08:00
Guo Xiang Tan
82fe884a7f
SECURITY: Add filename validation for backup uploads.
2016-09-16 12:50:59 +08:00
Neil Lalonde
2499b56594
Merge master
2016-08-05 15:13:33 -04:00
Robin Ward
a139e469a7
SECURITY: Avoid mass assignment on user create
2016-08-05 12:43:50 -04:00
Robin Ward
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
Neil Lalonde
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
Régis Hanol
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
Neil Lalonde
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
Robin Ward
90a3cc7f18
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 15:29:05 -04:00
Robin Ward
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
Sam
f319923753
SECURITY: limit route access when using external avatars
2016-07-28 09:04:32 +10:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
Arpit Jalan
c626558d36
UX: group pages should not show Messages tab to unauthorised users ( #4318 )
2016-07-09 00:50:04 +05:30
Robin Ward
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
Robin Ward
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Sam
8866169879
FEATURE: can invite/revoke groups on private messages
2016-06-20 16:29:27 +10:00
Sam
dd1a184955
Correct mailing list mode unsubscribe
2016-06-17 11:57:23 +10:00
Sam
852860de66
FEATURE: simpler and friendlier unsubscribe workflow
...
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Régis Hanol
49f8a2baa7
FEATURE: support for mandrill webhooks
2016-06-13 12:32:14 +02:00
Sam
3015030fe2
FIX: unlisted topics do not get "slug auto correct" logic
2016-06-10 10:53:26 +10:00
Régis Hanol
214e25f1b5
use proper 'Message-Id' field
2016-06-09 00:33:13 +02:00
Régis Hanol
3e3538d603
loosen security a bit on mailgun's webhook
2016-06-08 22:38:38 +02:00
Robin Ward
431179dd25
FEATURE: Prompt users when they are entering duplicate links
2016-06-07 14:47:22 -04:00
Robin Ward
6aaa484baa
REFACTOR: Move composer messages to store
2016-06-07 14:47:22 -04:00
Jeff Atwood
cc66bff730
we forgot to update the mailgun tests
2016-06-06 16:55:24 -07:00
Régis Hanol
fe595f1653
FEATURE: mailjet webhook
2016-06-06 19:47:45 +02:00
Régis Hanol
9704603fab
FEATURE: sendgrid webhooks
2016-06-01 21:48:06 +02:00
Régis Hanol
116efffdaa
FEATURE: webhooks support for mailgun
2016-05-30 17:11:17 +02:00
Guo Xiang Tan
cb5be1fe8f
Upgrade rspec to 3.4.0.
2016-05-30 11:38:38 +08:00
Arpit Jalan
f387dfe226
FIX: mixed case group mentions were not getting highligted in composer
2016-05-22 18:32:49 +05:30
Robin Ward
49a6d0b789
FIX: Don't bother with negative offsets
2016-05-09 16:33:55 -04:00
Arpit Jalan
82daf93eb3
Merge pull request #4206 from techAPJ/convert-topic
...
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
Robin Ward
b061ba5c52
FIX: Broken spec. Stupid mocking.
2016-05-03 15:30:48 -04:00
Arpit Jalan
acfb540952
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-02 21:34:05 +05:30
Arpit Jalan
74b3807f60
FEATURE: new bootstrap mode settings for brand new Discourse community ( #4193 )
...
* FEATURE: new bootstrap mode settings for brand new Discourse community
* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Sam
9e50f36c50
Merge pull request #4137 from cpradio/add-warning-to-flag
...
FEATURE: Add warning input to flag dialog when notifying a user
2016-04-15 16:23:22 +10:00
Régis Hanol
379bfac36d
Merge pull request #4010 from riking/patch-sitelinks
...
FEATURE: Add /search discovery
2016-04-14 10:35:13 +02:00
Sam
22b2f5285c
FIX: extract links in post processor
...
when oneboxes are not cached or are refreshed they can introduce new
links, these links must be extracted otherwise you can not follow them
2016-04-12 12:28:18 +10:00
Neil Lalonde
01b6bc08ba
Merge fixes from master
2016-04-07 13:51:05 -04:00
cpradio
a5cd557906
Simplify setting the top_page_default_timeframe SiteSetting ( #4149 )
2016-04-07 18:06:54 +02:00
Sam
a130cb8305
FEATURE: move more urgent emails notifications to critical queue
...
Move signup, admin login and password change email notifications
to critical queue
2016-04-07 14:39:01 +10:00
Sam
8ec7fd84fd
FEATURE: prioritize sidekiq jobs
...
This commit introduces 3 queues for sidekiq
"critical" for urgent jobs (weighted at 4x weight)
"default" for standard jobs(weighted at 2x weight)
"low" for less important jobs
"critical jobs"
Reset Password emails has been seperated to its own job
Heartbeat which is required to keep sidekiq running
Test email which needs to return real quick
"low priority jobs"
Notify mailing list
Pull hotlinked images
Update gravatar
"default"
All the rest
Note: for people running sidekiq from command line use
bin/sidekiq -q critical,4 -q default,2 -q low
2016-04-07 12:56:43 +10:00
Régis Hanol
2b9e8e5a7d
Merge pull request #4147 from cpradio/default_top_timeframe
...
FIX: Use default top setting when user is return or enough data exists for Top Page Results
2016-04-06 18:33:56 +02:00
cpradio
c5bb1d1cfe
Return default top setting as part of best_periods_for to see if it can be used
2016-04-05 14:27:18 -04:00
Régis Hanol
d402a45781
FIX: hitting '/t/:id/posts.json' should return the first page of posts
2016-04-05 19:12:14 +02:00
cpradio
95fa340601
Added spec tests
2016-04-03 19:44:14 -04:00
Neil Lalonde
01d0aeb5a9
merge master
2016-03-31 17:40:54 -04:00