Commit Graph

13414 Commits

Author SHA1 Message Date
Roman Rizzi
e4570ffb78 DEV: Bump uglifyjs (#7834)
* Rewrite uglifyjs command to work with 3.x

* Use ES5 syntax in plain JS files

* Use the older command if uglifyJS V2.x is installed
2019-10-09 10:36:15 -03:00
David Taylor
68fc799380 DEV: Allow specifying button class in reviewable action definitions (#8093)
This avoids the need for using `@extend` in SCSS, which can be problematic in plugins

For context, see https://review.discourse.org/t/fix-make-compatible-with-debundled-plugin-css-assets-feature/5297/7
2019-10-08 15:06:15 -03:00
Sam Saffron
67e8fbc480 FIX: change focus when application resumes in android
Per new lifecycle https://developers.google.com/web/updates/2018/07/page-lifecycle-api

On Android and latest Chrome when an app transitions from "frozen" to
active the new "resume" event fires with no accompanying "visibilitychange"
event.

This means that often background tabs may be stuck thinking that discourse
has no focus when, indeed, it has.

This leads to cases where no posts are marked read anymore.
2019-10-08 00:04:54 +02:00
Penar Musaraj
051462cbe2 FIX: IE grid layout issue on user's own activity page 2019-09-12 11:15:47 -04:00
Nick Quaranto
21c11c2bb2 Use Discourse.getURL for /clicks/track so clicks can be tracked on relative URLs (#8079) 2019-09-09 23:17:43 -07:00
Jeff Wong
b72dbb0be0 FEATURE: add before-topic-progress plugin outlet 2019-09-04 11:29:05 -07:00
Sam Saffron
6477531098 SECURITY: add rate limiting to anon JS error reporting
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.

This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
2019-08-20 11:31:58 +10:00
David Taylor
d237da16c5 SECURITY: Restrict message-bus access on login_required sites 2019-08-14 10:11:28 +01:00
Gerhard Schlager
ab3e18090f FIX: Disallow user self-delete when user posted in PMs
All posts created by the user are counted unless they are deleted,
belong to a PM sent between a non-human user and the user or belong
to a PM created by the user which doesn't have any other recipients.

It also makes the guardian prevent self-deletes when SSO is enabled.
2019-08-10 12:06:40 +02:00
Roman Rizzi
0be47023d4 FIX: Use unescaped title as combo-box id (#7979) 2019-08-08 12:52:34 -03:00
David Taylor
b1d2e4daf3 FIX: Composer preview on IE11 (#7970)
Add the Array.from polyfill for IE11. This is required to support the transpiled ES6 spread syntex generated by babel: https://babeljs.io/docs/en/caveats/
2019-08-05 14:44:13 +01:00
David Taylor
85cdf213e1 FIX: Hide live-loaded posts from ignored users 2019-07-27 14:00:34 +01:00
David Taylor
c4ff66e1a5 DEV: Correct merge conflicts for 9cfe3f99 2019-07-24 13:31:16 +01:00
David Taylor
9cfe3f9948 SECURITY: Add confirmation screen when connecting associated accounts 2019-07-24 13:29:59 +01:00
Guo Xiang Tan
477bacb3ae SECURITY: XSS when displaying watched words in admin panel.
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:58:52 +08:00
Robin Ward
d1c12539dd SECURITY: XSS with title selector on preferences page
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 17:35:26 -04:00
romanrizzi
2a7d270fd6 Revert "FIX: remove misplaced save button"
This reverts commit f1381a274b.
2019-07-03 10:58:33 -03:00
romanrizzi
f1381a274b FIX: remove misplaced save button 2019-07-03 10:47:54 -03:00
romanrizzi
34d548dbd3 FIX: Remove misplaced outlet 2019-07-03 10:47:43 -03:00
Arpit Jalan
867eebb55e FIX: creating new badge is failing on empty SQL query (#7837) 2019-07-02 15:17:32 +05:30
Sam Saffron
467e03a2ec DEV: lint file
We no longer need that isAppleDevice require
2019-06-27 11:29:51 +02:00
Joffrey JAFFEUX
a91881280d FIX: closes search-menu on escape (#7804) 2019-06-27 09:34:34 +02:00
Joffrey JAFFEUX
690fb5c4fb FIX: prevents failure when TL was mutated on internal object (#7808) 2019-06-27 09:34:31 +02:00
Gerhard Schlager
9c8aa0a906 SECURITY: XSS in routes
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2019-06-26 16:45:33 +02:00
Penar Musaraj
8b963bce37 FIX: Do not refresh all settings on save for all settings, limit to only a few
- Followup to 0e303c7f5d

- Automatically reloads site settings after saving only for the logo, logo_small and large_icon settings.
2019-06-25 11:49:09 -04:00
Penar Musaraj
e1822034dc FIX: use correct name for selectable_avatars_enabled site setting 2019-06-25 11:48:56 -04:00
Maja Komel
faf059e018 FIX: remove temporary hack for fixed iOS bug (#7773)
A bug where input focus is displaced on modals was fixed in iOS 11.3 update. This hack was causing problems on topic page since hiding main-outlet results in lost read position after opening and closing a modal.
2019-06-25 11:48:42 -04:00
Joffrey JAFFEUX
f2d5cde24c FIX: category-chooser search should be scoped to category (#7794) 2019-06-24 11:31:41 +02:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Arpit Jalan
102be5a9e3 DEV: optimize fix for sub-categories not getting pre-filled. 2019-06-17 13:28:08 +05:30
tshenry
c909033f2b Add plugin outlets to login/create-account modals (#7770) 2019-06-17 16:22:00 +10:00
Arpit Jalan
48b9e0d749 FIX: sub-categories was not getting selected for pre-filled topics 2019-06-15 13:46:15 +05:30
Kris
9cb656250d FIX: Allow tall tables to scroll vertically on iOS 2019-06-14 14:26:59 -04:00
Arpit Jalan
efc05e7224 FIX: remove topic timer info on completion 2019-06-13 17:01:43 +05:30
Joffrey JAFFEUX
fbbce235ce
UX: improves change-timestamp modal (#7766) 2019-06-13 13:30:33 +02:00
Joffrey JAFFEUX
19ca2d4772
DEV: reset widget clean callback between tests (#7761) 2019-06-12 17:49:02 +02:00
Robin Ward
13b979cb71 FIX: Performing actions on a particular reviewable was displaying an error
It was expecting a method to remove the reviewable from the current
list, only we were not displaying a list.

Instead, we refresh the reviewable model with the latest result.
2019-06-12 10:56:30 -04:00
David Taylor
0ebe5ec1f8 FIX: Check postStream.gaps exists before trying postSteam.gaps.after 2019-06-11 23:48:21 +01:00
Robin Ward
f6e0c79742 FIX: Trigger change event when inserting text
This would normally not fire and result in odd behavior in the review
queue when inserting links.
2019-06-11 17:27:34 -04:00
Robin Ward
3d7c26c15e FIX: Memory Leaks w/ Container (#7750)
Gives instance initializers the ability to add a `teardown` method that
will be called between tests to clean up after themselves.
2019-06-11 18:41:27 +02:00
Robin Ward
47095a7fa1 FIX: Memory leak when adding ajax prefilter repeatedly. 2019-06-11 11:50:35 -04:00
Robin Ward
c322cccd53 FIX: Memory Leaks when decorating posts (#7749)
* Remove long-deprecated method

* FIX: Memory Leaks when decorating posts

Previously we'd keep creating mixins dynamically when decorating the
same class.

This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
David Taylor
f4fd75aea4 DEV: Rename variable to avoid conflict 2019-06-11 13:02:40 +01:00
David Taylor
f1d5b992bf DEV: Correct linting error 2019-06-11 12:51:18 +01:00
Joffrey JAFFEUX
dc15486f0a Revert "DEV: resets csrf ajax prefilter only if present (#7747)"
This reverts commit 6612218a4e.
2019-06-11 13:34:25 +02:00
David Taylor
61b587f66e
FIX: Mark ignored posts as 'read', if last visible post is read (#7739) 2019-06-11 12:16:28 +01:00
David Taylor
000a35b219 FIX: Do not live-load posts from ignored users 2019-06-11 12:07:14 +01:00
Joffrey JAFFEUX
6612218a4e
DEV: resets csrf ajax prefilter only if present (#7747) 2019-06-11 12:50:20 +02:00