Commit Graph

33897 Commits

Author SHA1 Message Date
Bianca Nenciu
c4d1833588 FIX: Do not show bootbox if post has no replies. (#7866)
When we delete a post that has replies, we show a modal asking if the user wants to delete the post, the post and its direct replies or the post and all its replies.

If replies are deleted before a post, that modal would ask the user if they want to delete the post and 0 replies.

That commit ensure we skip the modal and directly delete the post in this case.
2019-07-12 11:42:57 +02:00
Jeff Atwood
22e2631f29 copyedit on "get this discussion started" 2019-07-11 17:06:16 -07:00
Gerhard Schlager
4a095b286b Follow-up for 9a11a8b3 to fix qunit tests 2019-07-11 23:56:22 +02:00
Gerhard Schlager
9a11a8b33b FEATURE: Site setting for typographic quotation marks
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
Robin Ward
1d38040579 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
Joffrey JAFFEUX
afe922c30b
DEV: updates lodash to 4.17.13 (#7883) 2019-07-11 18:30:17 +02:00
Joffrey JAFFEUX
c584a4569b
DEV: pulls lodash-cli from git, package is not pushed to npm (#7882) 2019-07-11 18:27:58 +02:00
Joffrey JAFFEUX
550e811652
DEV: allows lodash to be updated with rake javascript:update (#7881) 2019-07-11 16:57:03 +02:00
Robin Ward
9b0be303b4 SECURITY: Upgrade lodash
There is a security hole in lodash with prototype pollution. It's not
clear if Discourse is affected but to be on the safe side we will
upgrade right away.

Note that the front end Discourse does not appear to use `defaultsDeep`
in our custom build and should be protected.
2019-07-11 10:50:30 -04:00
Robin Ward
2e548d3e7f Revert "Build(deps): Bump lodash from 4.17.11 to 4.17.14 (#7880)"
This reverts commit 5224abee94.

- In retrospect a bot cannot sign the CLA. I will create a similar
commit
2019-07-11 10:37:18 -04:00
dependabot[bot]
5224abee94 Build(deps): Bump lodash from 4.17.11 to 4.17.14 (#7880)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.11...4.17.14)

Signed-off-by: dependabot[bot] <support@github.com>
2019-07-11 10:35:15 -04:00
Joe
fd4557a9ef UX: Mobile editor style fixes (#7878) 2019-07-11 09:57:53 -04:00
Arpit Jalan
25830c73be Bump onebox version.
- use custom placeholder HTML for generic whitelisted oneboxes
- optimize usage of custom placeholder HTML
2019-07-11 18:31:51 +05:30
Arpit Jalan
e0562a8172 UX: update placeholder for Tags Groups 2019-07-11 12:34:11 +05:30
Kris
aa7181820c UX: Add title attribute and aria-label to PM icon link 2019-07-10 23:05:57 -04:00
Kris
bdaf07adcf Hide empty anchor tag from screen readers 2019-07-10 22:39:25 -04:00
Kris
1983f0d06e Don't load PM icon in title unless topic is a PM 2019-07-10 22:38:32 -04:00
Kris
b848bd4ddc True should be a string to display properly in aria-haspopup 2019-07-10 22:02:21 -04:00
Blake Erickson
c76732722a FIX: Turn off search logging when read-only (#7877)
If `SiteSetting.log_search_queries` is enabled 500 errors will occur
when searching if the master db is down. This fix allows searching to
still work under these conditions.
2019-07-10 17:05:31 -07:00
Jeff Atwood
a49aa895d6 copyedit to shorten customize pills 2019-07-10 13:22:32 -07:00
Joffrey JAFFEUX
bd35a8f334
FIX: ensures spinner is showing on tags/show when loading more (#7876)
Context: https://meta.discourse.org/t/issue-while-scrolling-down-after-selecting-a-tag-on-the-home-page/122542
2019-07-10 21:37:31 +02:00
Joffrey JAFFEUX
142344e45d
FIX: ensures routing with hash doesn't stuck history (#7872)
* FIX: ensures routin with hash doesnt stuck history

Original issue: https://meta.discourse.org/t/hash-anchor-in-url-prevents-further-url-updates/122068/4

Basically when the path has a hash, state would be null, and nothing would happen.

* Update app/assets/javascripts/discourse/lib/discourse-location.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-10 20:43:03 +02:00
romanrizzi
f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Dan Ungureanu
90fcdad3cd UX: Discard selected post if it is not in viewport. (#7869)
This way, users can combine keyboard shortcuts with mouse scrolling.
2019-07-10 10:22:09 -04:00
Roman Rizzi
8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Gerhard Schlager
f0fea5991f FIX: Latest Selenium gem broke Google Groups import script
Selenium uses Keep-Alive since version 3.141, so the net-http-persistent gem shouldn't be needed anymore.
2019-07-10 09:45:33 +02:00
Robin Ward
629bb8adf2 SECURITY: XSS with title selector on preferences page
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 15:49:24 -04:00
Neil Lalonde
6e22499e5f Remove unused file resubscribe.html.erb 2019-07-09 15:17:33 -04:00
Dan Ungureanu
ab6ad220c7
DEV: Fix user simulator script. 2019-07-09 18:52:08 +03:00
Gerhard Schlager
5f0d38341e FIX: Remapping during restore was wrong for CDN URLs 2019-07-09 17:34:41 +02:00
Gerhard Schlager
4c1b8c7559 FIX: Remap differently when backup comes from multisite 2019-07-09 16:11:32 +02:00
Gerhard Schlager
a65a9a85d5 FEATURE: Remap uploads during restore when S3 or CDN changes
In order for this to work the Backuper stores a couple of site settings
in the new backup_metadata table, because the old setting values might
not be available on restore anymore.
2019-07-09 14:04:16 +02:00
Gerhard Schlager
5ffb722999 DEV: Less verbose remapping
It's hard to see which columns have been remapped when remapping prints
lots of "0 rows affected" lines. This changes it to output the row count
only for affected columns.
2019-07-09 14:04:16 +02:00
Gerhard Schlager
f2dc59d61f FEATURE: Add hidden setting to include S3 uploads in backups 2019-07-09 14:04:16 +02:00
Dan Ungureanu
9f5cfa192e
FEATURE: Allow Markdown in post notices. (#7864) 2019-07-09 14:42:02 +03:00
Daniel Waterworth
6b0cc9e22e Marked flaky test 2019-07-09 10:45:11 +01:00
Daniel Waterworth
c3db5925a8 FIX: Turbo tests exit codes 2019-07-09 08:51:23 +01:00
Arpit Jalan
f0f271cd5f Bump onebox version.
- remove additional whitespace from Twitter onebox
2019-07-09 13:12:03 +05:30
Penar Musaraj
f4dc6de9f1 FIX: Clear theme editor content on switching tabs
Issue happens when sending a null value to ACE Editor.
Fixed by sending an empty string to ACE instead of null.
2019-07-08 20:06:56 -04:00
Arpit Jalan
324e182842
FEATURE: show login and signup button on no-ember layout (#7867) 2019-07-09 04:51:19 +05:30
Penar Musaraj
7b0517895e FEATURE: Add "Group owners" to posting options for groups
Context: https://meta.discourse.org/t/121589

This new setting option lets group owners message/mention large groups
without granting that privilege to all members.
2019-07-08 17:14:11 -04:00
Neil Lalonde
9cd3f96dee FIX: Remap shouldn't try to change read-only columns
Read-only columns are obsolete and not used in the code anymore.
Previously, remap would fail when trying to update a read-only column.
2019-07-08 16:52:52 -04:00
Penar Musaraj
b690fc3d98
FEATURE: Add new group visibility option for "logged on users" (#7814)
Groups can now be marked as visible to "logged on users". All automatic groups (except `everyone`) are now visible to "logged on users", previously they were marked as public but suppressed in the group page for non-staff.
2019-07-08 15:09:50 -04:00
Penar Musaraj
befcf67c90 DEV: run db:create and db:migrate on turbo specs
This ensures multisite specs run correctly when running ./bin/turbo_rspec
2019-07-08 14:27:51 -04:00
Arpit Jalan
bb8cf81089 Bump onebox version.
- better placeholders for audio/video/trello/typeform oneboxes
- added CSS for audio/video/trello/typeform onebox placeholders
2019-07-08 21:40:33 +05:30
Joe
e49b5fa30c
UX: expand-post button alignment fix (#7865) 2019-07-08 14:36:15 +08:00
Arpit Jalan
2cd4e95d82 FIX: show category name in title for crawler view
Show category name in title for crawler view despite presence of `short_site_description`.

Bug reported here: https://meta.discourse.org/t/short-site-description-break-category-title-for-crawler-or-its-the-expected-behavior/122109/
2019-07-08 11:42:39 +05:30
Robin Ward
3132a9007b FIX: Use correct timezone for manual SQL 2019-07-06 15:14:07 -04:00
Robin Ward
a075fd46fd FIX: Don't use exceptions to catch conflicts
If a database exception is raised ActiveRecord will always rollback
even if caught.

Instead we build the query in manual SQL and DO NOTHING when there's a
conflict. If we detect nothing was done, perform an update.
2019-07-06 14:43:56 -04:00
Arpit Jalan
feb828172b Bump onebox version.
- improved spacing for quoted twitter onebox
2019-07-06 09:41:01 +05:30