Commit Graph

20228 Commits

Author SHA1 Message Date
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Arpit Jalan
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Arpit Jalan
102be5a9e3 DEV: optimize fix for sub-categories not getting pre-filled. 2019-06-17 13:28:08 +05:30
tshenry
c909033f2b Add plugin outlets to login/create-account modals (#7770) 2019-06-17 16:22:00 +10:00
Sam Saffron
704c579550 FIX: do not allow unbound membership lookups
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
Sam Saffron
fe4f0a4369 FIX: staged users should not be included in TL groups
staged users should not be included in any automatic groups cause for all
purposes they do not exist.
2019-06-17 15:10:47 +10:00
Arpit Jalan
48b9e0d749 FIX: sub-categories was not getting selected for pre-filled topics 2019-06-15 13:46:15 +05:30
Kris
9cb656250d FIX: Allow tall tables to scroll vertically on iOS 2019-06-14 14:26:59 -04:00
Guo Xiang Tan
77c06384c0 Fix the build. 2019-06-14 13:56:35 +08:00
Guo Xiang Tan
5d16d10a9e DEV: Fix edge case for InlineUploads. 2019-06-14 13:48:03 +08:00
Guo Xiang Tan
befb074c98 DEV: InlineUploads should process CDN upload URLs as well. 2019-06-14 13:14:37 +08:00
Guo Xiang Tan
41abebcbce DEV: Support both http and https for InlineUploads. 2019-06-14 12:48:31 +08:00
Guo Xiang Tan
c9db897777 FIX: Remove onebox src from Jobs::PullHotlinkedImages.
The test that was added is incorrect because the post was not cooked.
2019-06-14 09:21:25 +08:00
Sam Saffron
457be89445 DEV: only skip migration if a non seeded upload exists
Followup to 667b9801
2019-06-14 09:52:02 +10:00
Sam Saffron
667b98017a FIX: do not attempt to migrate pre-existing uploads
This makes this job re-runnable just in case cause it will skip creation
of new uploads if an upload already exists
2019-06-14 09:39:22 +10:00
Arpit Jalan
efc05e7224 FIX: remove topic timer info on completion 2019-06-13 17:01:43 +05:30
Joffrey JAFFEUX
fbbce235ce
UX: improves change-timestamp modal (#7766) 2019-06-13 13:30:33 +02:00
Guo Xiang Tan
9daed05ad0 Fix the build. 2019-06-13 13:53:43 +08:00
Guo Xiang Tan
7a0d031bc4 FIX: InlineUploads matching on external bbcode img url. 2019-06-13 13:47:36 +08:00
Guo Xiang Tan
782e583844 FIX: Edge cases with markdown references for InlineUploads. 2019-06-13 12:08:01 +08:00
Guo Xiang Tan
93c552afda FIX: InlineUploads does not correct urls with uppercase extension. 2019-06-13 11:19:33 +08:00
Sam
fa2a5f6f56
FEATURE: SKIP_DB_AND_REDIS env var (#7756)
Sometimes we would like to create a base image without any DB access, this
assists in creating custom base images with custom plugins that already
includes `public/assets`

Following this change set you can run:

```
SPROCKETS_CONCURRENT=1 DONT_PRECOMPILE_CSS=1 SKIP_DB_AND_REDIS=1 RAILS_ENV=production bin/rake assets:precompile
```

Then it is straight forward to create a base image without needing a DB or
Redis.
2019-06-13 12:58:27 +10:00
Joffrey JAFFEUX
19ca2d4772
DEV: reset widget clean callback between tests (#7761) 2019-06-12 17:49:02 +02:00
Robin Ward
13b979cb71 FIX: Performing actions on a particular reviewable was displaying an error
It was expecting a method to remove the reviewable from the current
list, only we were not displaying a list.

Instead, we refresh the reviewable model with the latest result.
2019-06-12 10:56:30 -04:00
Arpit Jalan
36e53db300 Fix the build. 2019-06-12 16:44:17 +05:30
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Guo Xiang Tan
f0846ea7cf DEV: Remove unused line. 2019-06-12 17:38:30 +08:00
Guo Xiang Tan
641521896c FIX: Cover more edge cases in InlineUploads. 2019-06-12 17:06:58 +08:00
Maja Komel
0a1b16bb16 FIX: clean up cooked group bio when bio is removed (#7745) 2019-06-12 16:18:38 +10:00
Guo Xiang Tan
73bf880f74 FIX: Correct more edge cases with InlineUploads. 2019-06-12 10:44:25 +08:00
Guo Xiang Tan
ff48fbdfda FIX: InlineUploads raises an error when img tag is invalid. 2019-06-12 10:31:00 +08:00
David Taylor
0ebe5ec1f8 FIX: Check postStream.gaps exists before trying postSteam.gaps.after 2019-06-11 23:48:21 +01:00
Robin Ward
f6e0c79742 FIX: Trigger change event when inserting text
This would normally not fire and result in odd behavior in the review
queue when inserting links.
2019-06-11 17:27:34 -04:00
Robin Ward
3d7c26c15e FIX: Memory Leaks w/ Container (#7750)
Gives instance initializers the ability to add a `teardown` method that
will be called between tests to clean up after themselves.
2019-06-11 18:41:27 +02:00
Robin Ward
47095a7fa1 FIX: Memory leak when adding ajax prefilter repeatedly. 2019-06-11 11:50:35 -04:00
Robin Ward
c322cccd53 FIX: Memory Leaks when decorating posts (#7749)
* Remove long-deprecated method

* FIX: Memory Leaks when decorating posts

Previously we'd keep creating mixins dynamically when decorating the
same class.

This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
Bianca Nenciu
934adb14d2
FIX: On tag change notify only users watching the tag. (#7707) 2019-06-11 18:06:54 +03:00
Vinoth Kannan
788f995f30 FIX: skip external urls which has upload url in query string.
Add spec tests for post.each_upload_url method. e8fafbc123
2019-06-11 19:55:02 +05:30
Arpit Jalan
e2636f0ec7 FIX: handle array in redirect param 2019-06-11 17:49:09 +05:30
David Taylor
f4fd75aea4 DEV: Rename variable to avoid conflict 2019-06-11 13:02:40 +01:00
David Taylor
f1d5b992bf DEV: Correct linting error 2019-06-11 12:51:18 +01:00
Joffrey JAFFEUX
dc15486f0a Revert "DEV: resets csrf ajax prefilter only if present (#7747)"
This reverts commit 6612218a4e.
2019-06-11 13:34:25 +02:00
David Taylor
61b587f66e
FIX: Mark ignored posts as 'read', if last visible post is read (#7739) 2019-06-11 12:16:28 +01:00
David Taylor
000a35b219 FIX: Do not live-load posts from ignored users 2019-06-11 12:07:14 +01:00
Joffrey JAFFEUX
6612218a4e
DEV: resets csrf ajax prefilter only if present (#7747) 2019-06-11 12:50:20 +02:00
Joffrey JAFFEUX
ebf77f74b7 Revert "DEV: prevents csrf token to leak state between tests (#7746)"
This reverts commit b29d63a52d.
2019-06-11 12:19:49 +02:00
Joffrey JAFFEUX
b29d63a52d
DEV: prevents csrf token to leak state between tests (#7746) 2019-06-11 11:54:23 +02:00
Joffrey JAFFEUX
e6714d3531 Revert "DEV: attempts to prevent session object to be retain in csrf init (#7743)"
This reverts commit 62c56b6e59.
2019-06-11 10:58:32 +02:00
Joffrey JAFFEUX
4deb0f6d59
DEV: prevents post-cooked decorators to leak between tests (#7744) 2019-06-11 10:02:10 +02:00
Joffrey JAFFEUX
62c56b6e59
DEV: attempts to prevent session object to be retain in csrf init (#7743) 2019-06-11 09:59:14 +02:00
Joffrey JAFFEUX
c407e32368
DEV: should check on object and not length (#7742) 2019-06-11 09:45:45 +02:00
Guo Xiang Tan
e5cace9185 FIX: File size text should not be part of link. 2019-06-11 15:21:06 +08:00
Guo Xiang Tan
fb0a655e8a FEATURE: Update pull hotlinked images to use Upload#short_url. 2019-06-11 15:17:29 +08:00
Guo Xiang Tan
9d0fba64c0 FIX: Use attachment format in user export system post take 2. 2019-06-11 12:15:11 +08:00
Dan Ungureanu
a046f6ced5 FEATURE: Trigger Discourse events from authenticators. (#7724) 2019-06-11 11:28:42 +10:00
Daniel Waterworth
d073a7d5a8 DEV: Added commit approved notification type for discourse-code-review
We need to reserve ids in core so plugins do not clash.
2019-06-11 11:17:23 +10:00
Guo Xiang Tan
06d974d55c FEATURE: Add base62 sha1 to cooked data attribute
* FEATURE: Add base62 sha1 to data attribute in `Post#cooked`.

* FIX: Use `Upload#short_url` when quoting an image.
2019-06-11 11:15:45 +10:00
Guo Xiang Tan
bd538f7437 FIX: Composer preview not caching inline onebox. 2019-06-11 09:14:53 +08:00
Bianca Nenciu
9168ffc201 PERF: Use already loaded post when quoting or opening draft. 2019-06-11 08:21:38 +08:00
Sam Saffron
7b17eb06da FEATURE: ban any SSO attempts with invalid external id
We now treat any external_id of blank string (" " or "     " or "", etc) or a
invalid word (none, nil, blank, null) - case insensitive - as invalid.

In this case the client will see "please contact admin" the logs will explain
the reason clearly.
2019-06-11 10:04:26 +10:00
Robin Ward
ecebff5060 Only show deprecation warning if the webhook is active 2019-06-10 16:23:12 -04:00
Roman Rizzi
ace6ce0462
FIX: Add 'deleted' to the list of status filters (#7738) 2019-06-10 15:43:49 -03:00
Robin Ward
bdfa55ee5d UX: Copyedits on reviewable filters 2019-06-10 13:45:38 -04:00
Robin Ward
86f3e74799 DEV: Allow {{d-button}} to include a href 2019-06-10 13:24:40 -04:00
Robin Ward
8b31b812f8 UX: Use a glyph to indicate a new topic instead of "New Topic:"
In the review queue it was easy to miss "New Topic:" so let's try a font
awesome glyph instead.
2019-06-10 12:43:20 -04:00
Robin Ward
8c4e16eafd FIX: In reply to would sometimes have a broken link 2019-06-10 11:33:10 -04:00
Joffrey JAFFEUX
af08ab5b7b Revert "DEV: prevents csrf-token initializer to leak session object (#7730)"
This reverts commit da5255e560.
2019-06-07 18:31:16 +02:00
Joffrey JAFFEUX
ebecd0b7d1 Revert "fix tests, crsf token meta is not present on tests (#7733)"
This reverts commit 240b61e844.
2019-06-07 18:31:13 +02:00
Gerhard Schlager
bae7b75e23 FIX: Updating a user profile as admin shouldn't change the user's locale 2019-06-07 17:53:46 +02:00
Joffrey JAFFEUX
2dce650b72
FIX: prevents screen-track from leaking object (#7734) 2019-06-07 17:18:27 +02:00
Joffrey JAFFEUX
240b61e844
fix tests, crsf token meta is not present on tests (#7733) 2019-06-07 17:11:16 +02:00
Joffrey JAFFEUX
dfb66334c1
DEV: prevents global-notice events to leak (#7732) 2019-06-07 16:49:59 +02:00
Joffrey JAFFEUX
55325679ac
DEV: prevents share-popup to leak events (#7731) 2019-06-07 16:48:45 +02:00
Joffrey JAFFEUX
da5255e560
DEV: prevents csrf-token initializer to leak session object (#7730) 2019-06-07 16:46:55 +02:00
Joffrey JAFFEUX
df01249db4
FIX: removes leaking handler in select-kit (#7729) 2019-06-07 16:12:22 +02:00
Joffrey JAFFEUX
fca90106b9
FIX: select-kit events were sometimes not cleaned up (#7728) 2019-06-07 15:20:01 +02:00
David Taylor
54afa314fb FIX: Do not download emojis in pull_hotlinked_images 2019-06-07 13:00:52 +01:00
Gerhard Schlager
d1228f47bb FIX: Handle missing plural keys on client 2019-06-07 10:24:17 +02:00
Sam Saffron
cbd4d06da0 PERF: only check for totp record on current user at when needed
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
2019-06-07 16:25:04 +10:00
Joffrey JAFFEUX
a652d620f6 FIX: safari desktop doesnt support input[time] (#7719)
This commit attempts to improve the experience by:
- showing time input as disabled on any platform if date hasn't been set
- showing a placeholder --:-- to emphasize the expected format
2019-06-07 15:50:43 +10:00
Sam Saffron
a0474a0774 FIX: always take the first post in the RSS fee
`.posts.first` may be the first post and may not, depending on luck

Also add protection for corrupt topics
2019-06-07 14:57:56 +10:00
Sam Saffron
ff3a1eae3a FIX: ensure consistency should handle cases where a topic trashed
Followup to c05b6170
2019-06-07 14:57:56 +10:00
Guo Xiang Tan
ee142c2173 DEV: More improvements to InlineUploads.
* Convert inline links to short path

```
<link> <link>
<link>
```

to

```
<short_path> <short_path>
<short_path>
```
2019-06-07 11:49:30 +08:00
Sam Saffron
c05b617067 FIX: ensure_consistency was able to create corrupt category topics
- Correct create_category_definition to skip validations and use a
transaction, no longer able to create corrupt topics

- ensure_consistency now clears topic_id if pointing at deleted or missing
topic_id

- Stop creating category definition topics for uncategorized
2019-06-07 11:20:13 +10:00
Maja Komel
9db1fef4e3 FIX: add support for custom/plugin notification title attribute 2019-06-07 09:09:16 +08:00
Neil Lalonde
1f73a3ba6d FIX: round the calculated heat values
Views heats like 12135 will become 12000, like ratios like
1.666666666667 will become 1.67.
2019-06-06 15:44:55 -04:00
Bianca Nenciu
35da531f1d FIX: Do not resize images in Onebox while lazy loading.
Follow-up to 35d0fd0.
2019-06-06 18:36:18 +03:00
Arpit Jalan
9acd851b9a FIX: correct link to list of watched words 2019-06-06 20:21:54 +05:30
Joffrey JAFFEUX
48b6391777
FIX: s/thumb-tack/thumbtack (#7718) 2019-06-06 14:43:16 +02:00
Joffrey JAFFEUX
c462c2f271
FIX: prevents appEvents to leak (#7714) 2019-06-06 12:33:52 +02:00
Bianca Nenciu
5377d1672f DEV: Fix linting issue. 2019-06-06 13:20:16 +03:00
Bianca Nenciu
f63b8bb79d FIX: Periodically ensure consistency of categories. (#7663) 2019-06-06 11:30:52 +02:00
Guo Xiang Tan
782da448a2 FIX: Missing title attribute when quoting an image. 2019-06-06 16:45:12 +08:00
Guo Xiang Tan
2265c5102f DEV: Remove unnecessary condition.
Follow up to 21876d46d6.
2019-06-06 15:55:49 +08:00
Guo Xiang Tan
95db609586 DEV: Support more formats of inline images. 2019-06-06 15:50:56 +08:00
Guo Xiang Tan
21876d46d6 DEV: Missing loading spinner for staff action logs.
Follow up to e0c821ebb0.
2019-06-06 15:41:55 +08:00
Penar Musaraj
f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677)
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
Bianca Nenciu
e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00