David Taylor
52387be4a4
SECURITY: Add confirmation screen when logging in via email link
2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080
Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
...
This reverts commit b8340c6c8e
.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
...
* SECURITY: Add confirmation screen when logging in via email link
* SECURITY: Add confirmation screen when logging in via user-api OTP
* FIX: Correct translation key in session controller specs
* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Arpit Jalan
863d8014d0
FIX: respond with 400 error on invalid redirect param
2019-06-17 16:44:30 +05:30
Arpit Jalan
102be5a9e3
DEV: optimize fix for sub-categories not getting pre-filled.
2019-06-17 13:28:08 +05:30
tshenry
c909033f2b
Add plugin outlets to login/create-account modals ( #7770 )
2019-06-17 16:22:00 +10:00
Sam Saffron
704c579550
FIX: do not allow unbound membership lookups
...
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
Sam Saffron
fe4f0a4369
FIX: staged users should not be included in TL groups
...
staged users should not be included in any automatic groups cause for all
purposes they do not exist.
2019-06-17 15:10:47 +10:00
Arpit Jalan
48b9e0d749
FIX: sub-categories was not getting selected for pre-filled topics
2019-06-15 13:46:15 +05:30
Kris
9cb656250d
FIX: Allow tall tables to scroll vertically on iOS
2019-06-14 14:26:59 -04:00
Guo Xiang Tan
77c06384c0
Fix the build.
2019-06-14 13:56:35 +08:00
Guo Xiang Tan
5d16d10a9e
DEV: Fix edge case for InlineUploads
.
2019-06-14 13:48:03 +08:00
Guo Xiang Tan
befb074c98
DEV: InlineUploads
should process CDN upload URLs as well.
2019-06-14 13:14:37 +08:00
Guo Xiang Tan
41abebcbce
DEV: Support both http
and https
for InlineUploads
.
2019-06-14 12:48:31 +08:00
Guo Xiang Tan
c9db897777
FIX: Remove onebox src from Jobs::PullHotlinkedImages
.
...
The test that was added is incorrect because the post was not cooked.
2019-06-14 09:21:25 +08:00
Sam Saffron
457be89445
DEV: only skip migration if a non seeded upload exists
...
Followup to 667b9801
2019-06-14 09:52:02 +10:00
Sam Saffron
667b98017a
FIX: do not attempt to migrate pre-existing uploads
...
This makes this job re-runnable just in case cause it will skip creation
of new uploads if an upload already exists
2019-06-14 09:39:22 +10:00
Arpit Jalan
efc05e7224
FIX: remove topic timer info on completion
2019-06-13 17:01:43 +05:30
Joffrey JAFFEUX
fbbce235ce
UX: improves change-timestamp modal ( #7766 )
2019-06-13 13:30:33 +02:00
Guo Xiang Tan
9daed05ad0
Fix the build.
2019-06-13 13:53:43 +08:00
Guo Xiang Tan
7a0d031bc4
FIX: InlineUploads
matching on external bbcode img url.
2019-06-13 13:47:36 +08:00
Guo Xiang Tan
782e583844
FIX: Edge cases with markdown references for InlineUploads
.
2019-06-13 12:08:01 +08:00
Guo Xiang Tan
93c552afda
FIX: InlineUploads
does not correct urls with uppercase extension.
2019-06-13 11:19:33 +08:00
Sam
fa2a5f6f56
FEATURE: SKIP_DB_AND_REDIS env var ( #7756 )
...
Sometimes we would like to create a base image without any DB access, this
assists in creating custom base images with custom plugins that already
includes `public/assets`
Following this change set you can run:
```
SPROCKETS_CONCURRENT=1 DONT_PRECOMPILE_CSS=1 SKIP_DB_AND_REDIS=1 RAILS_ENV=production bin/rake assets:precompile
```
Then it is straight forward to create a base image without needing a DB or
Redis.
2019-06-13 12:58:27 +10:00
Joffrey JAFFEUX
19ca2d4772
DEV: reset widget clean callback between tests ( #7761 )
2019-06-12 17:49:02 +02:00
Robin Ward
13b979cb71
FIX: Performing actions on a particular reviewable was displaying an error
...
It was expecting a method to remove the reviewable from the current
list, only we were not displaying a list.
Instead, we refresh the reviewable model with the latest result.
2019-06-12 10:56:30 -04:00
Arpit Jalan
36e53db300
Fix the build.
2019-06-12 16:44:17 +05:30
Arpit Jalan
7b66f8fb46
DEV: optimize bulk invite process
2019-06-12 16:33:19 +05:30
Guo Xiang Tan
f0846ea7cf
DEV: Remove unused line.
2019-06-12 17:38:30 +08:00
Guo Xiang Tan
641521896c
FIX: Cover more edge cases in InlineUploads
.
2019-06-12 17:06:58 +08:00
Maja Komel
0a1b16bb16
FIX: clean up cooked group bio when bio is removed ( #7745 )
2019-06-12 16:18:38 +10:00
Guo Xiang Tan
73bf880f74
FIX: Correct more edge cases with InlineUploads
.
2019-06-12 10:44:25 +08:00
Guo Xiang Tan
ff48fbdfda
FIX: InlineUploads
raises an error when img tag is invalid.
2019-06-12 10:31:00 +08:00
David Taylor
0ebe5ec1f8
FIX: Check postStream.gaps
exists before trying postSteam.gaps.after
2019-06-11 23:48:21 +01:00
Robin Ward
f6e0c79742
FIX: Trigger change event when inserting text
...
This would normally not fire and result in odd behavior in the review
queue when inserting links.
2019-06-11 17:27:34 -04:00
Robin Ward
3d7c26c15e
FIX: Memory Leaks w/ Container ( #7750 )
...
Gives instance initializers the ability to add a `teardown` method that
will be called between tests to clean up after themselves.
2019-06-11 18:41:27 +02:00
Robin Ward
47095a7fa1
FIX: Memory leak when adding ajax prefilter repeatedly.
2019-06-11 11:50:35 -04:00
Robin Ward
c322cccd53
FIX: Memory Leaks when decorating posts ( #7749 )
...
* Remove long-deprecated method
* FIX: Memory Leaks when decorating posts
Previously we'd keep creating mixins dynamically when decorating the
same class.
This code changes the API to recommend an `id` parameter for each
decorator which will avoid leaks. All plugins should be updated to
include this parameter, although if they don't in the meantime it'll
just mean a warning in the console (and a continued leak.)
2019-06-11 17:21:23 +02:00
Bianca Nenciu
934adb14d2
FIX: On tag change notify only users watching the tag. ( #7707 )
2019-06-11 18:06:54 +03:00
Vinoth Kannan
788f995f30
FIX: skip external urls which has upload url in query string.
...
Add spec tests for post.each_upload_url method. e8fafbc123
2019-06-11 19:55:02 +05:30
Arpit Jalan
e2636f0ec7
FIX: handle array in redirect param
2019-06-11 17:49:09 +05:30
David Taylor
f4fd75aea4
DEV: Rename variable to avoid conflict
2019-06-11 13:02:40 +01:00
David Taylor
f1d5b992bf
DEV: Correct linting error
2019-06-11 12:51:18 +01:00
Joffrey JAFFEUX
dc15486f0a
Revert "DEV: resets csrf ajax prefilter only if present ( #7747 )"
...
This reverts commit 6612218a4e
.
2019-06-11 13:34:25 +02:00
David Taylor
61b587f66e
FIX: Mark ignored posts as 'read', if last visible post is read ( #7739 )
2019-06-11 12:16:28 +01:00
David Taylor
000a35b219
FIX: Do not live-load posts from ignored users
2019-06-11 12:07:14 +01:00
Joffrey JAFFEUX
6612218a4e
DEV: resets csrf ajax prefilter only if present ( #7747 )
2019-06-11 12:50:20 +02:00
Joffrey JAFFEUX
ebf77f74b7
Revert "DEV: prevents csrf token to leak state between tests ( #7746 )"
...
This reverts commit b29d63a52d
.
2019-06-11 12:19:49 +02:00
Joffrey JAFFEUX
b29d63a52d
DEV: prevents csrf token to leak state between tests ( #7746 )
2019-06-11 11:54:23 +02:00
Joffrey JAFFEUX
e6714d3531
Revert "DEV: attempts to prevent session object to be retain in csrf init ( #7743 )"
...
This reverts commit 62c56b6e59
.
2019-06-11 10:58:32 +02:00
Joffrey JAFFEUX
4deb0f6d59
DEV: prevents post-cooked decorators to leak between tests ( #7744 )
2019-06-11 10:02:10 +02:00
Joffrey JAFFEUX
62c56b6e59
DEV: attempts to prevent session object to be retain in csrf init ( #7743 )
2019-06-11 09:59:14 +02:00
Joffrey JAFFEUX
c407e32368
DEV: should check on object and not length ( #7742 )
2019-06-11 09:45:45 +02:00
Guo Xiang Tan
e5cace9185
FIX: File size text should not be part of link.
2019-06-11 15:21:06 +08:00
Guo Xiang Tan
fb0a655e8a
FEATURE: Update pull hotlinked images to use Upload#short_url
.
2019-06-11 15:17:29 +08:00
Guo Xiang Tan
9d0fba64c0
FIX: Use attachment format in user export system post take 2.
2019-06-11 12:15:11 +08:00
Dan Ungureanu
a046f6ced5
FEATURE: Trigger Discourse events from authenticators. ( #7724 )
2019-06-11 11:28:42 +10:00
Daniel Waterworth
d073a7d5a8
DEV: Added commit approved notification type for discourse-code-review
...
We need to reserve ids in core so plugins do not clash.
2019-06-11 11:17:23 +10:00
Guo Xiang Tan
06d974d55c
FEATURE: Add base62 sha1 to cooked data attribute
...
* FEATURE: Add base62 sha1 to data attribute in `Post#cooked`.
* FIX: Use `Upload#short_url` when quoting an image.
2019-06-11 11:15:45 +10:00
Guo Xiang Tan
bd538f7437
FIX: Composer preview not caching inline onebox.
2019-06-11 09:14:53 +08:00
Bianca Nenciu
9168ffc201
PERF: Use already loaded post when quoting or opening draft.
2019-06-11 08:21:38 +08:00
Sam Saffron
7b17eb06da
FEATURE: ban any SSO attempts with invalid external id
...
We now treat any external_id of blank string (" " or " " or "", etc) or a
invalid word (none, nil, blank, null) - case insensitive - as invalid.
In this case the client will see "please contact admin" the logs will explain
the reason clearly.
2019-06-11 10:04:26 +10:00
Robin Ward
ecebff5060
Only show deprecation warning if the webhook is active
2019-06-10 16:23:12 -04:00
Roman Rizzi
ace6ce0462
FIX: Add 'deleted' to the list of status filters ( #7738 )
2019-06-10 15:43:49 -03:00
Robin Ward
bdfa55ee5d
UX: Copyedits on reviewable filters
2019-06-10 13:45:38 -04:00
Robin Ward
86f3e74799
DEV: Allow {{d-button}}
to include a href
2019-06-10 13:24:40 -04:00
Robin Ward
8b31b812f8
UX: Use a glyph to indicate a new topic instead of "New Topic:"
...
In the review queue it was easy to miss "New Topic:" so let's try a font
awesome glyph instead.
2019-06-10 12:43:20 -04:00
Robin Ward
8c4e16eafd
FIX: In reply to would sometimes have a broken link
2019-06-10 11:33:10 -04:00
Joffrey JAFFEUX
af08ab5b7b
Revert "DEV: prevents csrf-token initializer to leak session object ( #7730 )"
...
This reverts commit da5255e560
.
2019-06-07 18:31:16 +02:00
Joffrey JAFFEUX
ebecd0b7d1
Revert "fix tests, crsf token meta is not present on tests ( #7733 )"
...
This reverts commit 240b61e844
.
2019-06-07 18:31:13 +02:00
Gerhard Schlager
bae7b75e23
FIX: Updating a user profile as admin shouldn't change the user's locale
2019-06-07 17:53:46 +02:00
Joffrey JAFFEUX
2dce650b72
FIX: prevents screen-track from leaking object ( #7734 )
2019-06-07 17:18:27 +02:00
Joffrey JAFFEUX
240b61e844
fix tests, crsf token meta is not present on tests ( #7733 )
2019-06-07 17:11:16 +02:00
Joffrey JAFFEUX
dfb66334c1
DEV: prevents global-notice events to leak ( #7732 )
2019-06-07 16:49:59 +02:00
Joffrey JAFFEUX
55325679ac
DEV: prevents share-popup to leak events ( #7731 )
2019-06-07 16:48:45 +02:00
Joffrey JAFFEUX
da5255e560
DEV: prevents csrf-token initializer to leak session object ( #7730 )
2019-06-07 16:46:55 +02:00
Joffrey JAFFEUX
df01249db4
FIX: removes leaking handler in select-kit ( #7729 )
2019-06-07 16:12:22 +02:00
Joffrey JAFFEUX
fca90106b9
FIX: select-kit events were sometimes not cleaned up ( #7728 )
2019-06-07 15:20:01 +02:00
David Taylor
54afa314fb
FIX: Do not download emojis in pull_hotlinked_images
2019-06-07 13:00:52 +01:00
Gerhard Schlager
d1228f47bb
FIX: Handle missing plural keys on client
2019-06-07 10:24:17 +02:00
Sam Saffron
cbd4d06da0
PERF: only check for totp record on current user at when needed
...
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
2019-06-07 16:25:04 +10:00
Joffrey JAFFEUX
a652d620f6
FIX: safari desktop doesnt support input[time] ( #7719 )
...
This commit attempts to improve the experience by:
- showing time input as disabled on any platform if date hasn't been set
- showing a placeholder --:-- to emphasize the expected format
2019-06-07 15:50:43 +10:00
Sam Saffron
a0474a0774
FIX: always take the first post in the RSS fee
...
`.posts.first` may be the first post and may not, depending on luck
Also add protection for corrupt topics
2019-06-07 14:57:56 +10:00
Sam Saffron
ff3a1eae3a
FIX: ensure consistency should handle cases where a topic trashed
...
Followup to c05b6170
2019-06-07 14:57:56 +10:00
Guo Xiang Tan
ee142c2173
DEV: More improvements to InlineUploads
.
...
* Convert inline links to short path
```
<link> <link>
<link>
```
to
```
<short_path> <short_path>
<short_path>
```
2019-06-07 11:49:30 +08:00
Sam Saffron
c05b617067
FIX: ensure_consistency was able to create corrupt category topics
...
- Correct create_category_definition to skip validations and use a
transaction, no longer able to create corrupt topics
- ensure_consistency now clears topic_id if pointing at deleted or missing
topic_id
- Stop creating category definition topics for uncategorized
2019-06-07 11:20:13 +10:00
Maja Komel
9db1fef4e3
FIX: add support for custom/plugin notification title attribute
2019-06-07 09:09:16 +08:00
Neil Lalonde
1f73a3ba6d
FIX: round the calculated heat values
...
Views heats like 12135 will become 12000, like ratios like
1.666666666667 will become 1.67.
2019-06-06 15:44:55 -04:00
Bianca Nenciu
35da531f1d
FIX: Do not resize images in Onebox while lazy loading.
...
Follow-up to 35d0fd0
.
2019-06-06 18:36:18 +03:00
Arpit Jalan
9acd851b9a
FIX: correct link to list of watched words
2019-06-06 20:21:54 +05:30
Joffrey JAFFEUX
48b6391777
FIX: s/thumb-tack/thumbtack ( #7718 )
2019-06-06 14:43:16 +02:00
Joffrey JAFFEUX
c462c2f271
FIX: prevents appEvents to leak ( #7714 )
2019-06-06 12:33:52 +02:00
Bianca Nenciu
5377d1672f
DEV: Fix linting issue.
2019-06-06 13:20:16 +03:00
Bianca Nenciu
f63b8bb79d
FIX: Periodically ensure consistency of categories. ( #7663 )
2019-06-06 11:30:52 +02:00
Guo Xiang Tan
782da448a2
FIX: Missing title
attribute when quoting an image.
2019-06-06 16:45:12 +08:00
Guo Xiang Tan
2265c5102f
DEV: Remove unnecessary condition.
...
Follow up to 21876d46d6
.
2019-06-06 15:55:49 +08:00
Guo Xiang Tan
95db609586
DEV: Support more formats of inline images.
2019-06-06 15:50:56 +08:00
Guo Xiang Tan
21876d46d6
DEV: Missing loading spinner for staff action logs.
...
Follow up to e0c821ebb0
.
2019-06-06 15:41:55 +08:00
Penar Musaraj
f00275ded3
FEATURE: Support private attachments when using S3 storage ( #7677 )
...
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
Bianca Nenciu
e0c821ebb0
FEATURE: Make staff action logs page support infinite loading
2019-06-06 13:02:53 +10:00