Commit Graph

3883 Commits

Author SHA1 Message Date
Guo Xiang Tan
c6f5df4caa SECURITY: Don't pass email backup token to sidekiq as a parameter.
* This exposes the token in the Sidekiq dashboard which can be
  viewed by an admin and defeats the purpose of using a token
  in the download backup email ink.
2017-12-18 11:32:26 +08:00
Guo Xiang Tan
fcdd8491a1 Fix broken spec. 2017-12-14 15:43:50 +08:00
Guo Xiang Tan
6d475a15a8 SECURITY: Any group can be invited into a PM. 2017-12-14 15:18:27 +08:00
Neil Lalonde
504bcf4550 SECURITY: signup without verified email using Google auth 2017-10-16 15:23:32 -04:00
Arpit Jalan
70d4c39bcd SECURITY: do not include links from whispers in topic summary map
https://meta.discourse.org/t/staff-whispers-links-in-whispers-showing-up-publicly-in-topics-summary/69134?u=techapj
2017-09-01 00:25:49 +05:30
Guo Xiang Tan
5f0351348b FIX: Group name was being reverted to non-localized version.
https://meta.discourse.org/t/localized-staff-group-names-changed/65360/16
2017-08-29 14:42:07 +08:00
Robin Ward
7ad2703397 SECURITY: Remove disposable invite feature 2017-07-07 20:52:21 -04:00
Arpit Jalan
6eef7417ab FIX: include canonical meta tag on category pages 2017-07-03 14:45:16 +05:30
Guo Xiang Tan
0fc10161a5 FIX: Send request membership PM to last 5 active group owner. 2017-06-15 11:39:16 +08:00
Guo Xiang Tan
84d46bceb9 FIX: Create group membership request on behalf of user. 2017-06-14 21:10:51 +09:00
Guo Xiang Tan
69dc8188e3 UX: Don't send emails for discobot notifications. 2017-06-14 21:09:47 +09:00
Robin Ward
5d04cb4b47 FIX: Always allow the host the forum is hosted on 2017-06-13 10:55:15 -04:00
Robin Ward
4324ea024c FIX: Don't use target=_blank for local oneboxes 2017-06-13 10:55:10 -04:00
Robin Ward
502bca2c0d FIX: If HEAD is not supported, try GET. Also set cookies 2017-06-13 10:54:27 -04:00
Guo Xiang Tan
b0dd05fdc6 FIX: Inherit topic auto close when changing topic's category. 2017-05-31 17:40:21 +09:00
Sam
607998af33 FEATURE: dropdown to filter staff action logs 2017-05-30 11:25:42 -04:00
Sam
0aed2533ac Revert unread optimisation, has too many edge cases 2017-05-26 09:04:13 -04:00
Guo Xiang Tan
4d9481bf47 Fix build. 2017-05-26 16:04:59 +08:00
Guo Xiang Tan
56f98de7b2 Use webmock to stub external web requests. 2017-05-26 15:19:09 +08:00
Guo Xiang Tan
f8f1548fd4 Revert "FIX: Use Excon to do its own stubbing"
This reverts commit 80af54460a.
2017-05-26 13:04:25 +08:00
Guo Xiang Tan
e57d2f5cb8 FIX: Don't do anything if avatar url returns an invalid status code. 2017-05-26 13:02:40 +08:00
Robin Ward
b584264d82 FIX: Don't show "resend email" option when user approval is on 2017-05-25 15:29:05 -04:00
Sam
29fac1ac18 PERF: improve performance of unread queries
Figuring out what unread topics a user has is a very expensive
operation over time.

Users can easily accumulate 10s of thousands of tracking state rows
(1 for every topic they ever visit)

When figuring out what a user has that is unread we need to join
the tracking state records to the topic table. This can very quickly
lead to cases where you need to scan through the entire topic table.

This commit optimises it so we always keep track of the "first" date
a user has unread topics. Then we can easily filter out all earlier
topics from the join.

We use pg functions, instead of nested queries here to assist the
planner.
2017-05-25 15:07:30 -04:00
Robin Ward
cdbe027c1c Refactor FileHelper to use keyword arguments. 2017-05-24 13:54:26 -04:00
Sam
f12490eae0 FIX: order:latest not working for search within topic
FEATURE: use 'l' as a shorthand for order:latest
2017-05-24 11:24:41 -04:00
Robin Ward
3b0cbf7013 FIX: Always allow downloads from CDN 2017-05-23 16:32:54 -04:00
Robin Ward
d2121ca272 FIX: Missing HTTP stub 2017-05-23 15:08:19 -04:00
Robin Ward
b81e7be9a1 FEATURE: Rate limit how often we'll crawl a destination IP 2017-05-23 15:03:04 -04:00
Robin Ward
36e477750c FIX: Use same code path for downloading images 2017-05-23 14:51:30 -04:00
Robin Ward
e5e7a15a85 SECURITY: Never crawl by IP 2017-05-23 13:07:18 -04:00
Robin Ward
93a5fc62bf FEATURE: A site setting to prevent crawling on private IP blocks 2017-05-23 11:56:06 -04:00
Robin Ward
80af54460a FIX: Use Excon to do its own stubbing 2017-05-22 18:19:20 -04:00
Robin Ward
b51126dd5e FIX: Reset the WebMock after before every test 2017-05-22 17:52:31 -04:00
Régis Hanol
9dddb81cf6 FIX: remove memoization on class method used in a job 2017-05-22 23:35:41 +02:00
Blake Erickson
4e8beda332 Merge pull request #4866 from JaredReisinger/admin-user-pagination
Add pagination to /admin/users/list API
2017-05-22 15:12:59 -06:00
Robin Ward
d4b16b487e FIX: Another onebox head request 2017-05-22 17:00:19 -04:00
Robin Ward
a8d1e44943 FIX: Onebox will do a HEAD request first for redirects 2017-05-22 16:52:26 -04:00
Robin Ward
4c690f7089 Use FinalDestination to ensure public redirects for onebox 2017-05-22 16:42:49 -04:00
Robin Ward
b23fc2bf84 Helper to find the final destination for a URL 2017-05-22 15:52:41 -04:00
Sam
6231318462 Merge pull request #4877 from rimian/plugin_helper
FEATURE: Require spec helpers for plugins
2017-05-22 15:22:55 -04:00
Régis Hanol
a7f337fa93 FIX: CDN wasn't properly applied to category background images when using S3 2017-05-22 18:37:01 +02:00
Guo Xiang Tan
76229535ac Remove old test case. 2017-05-22 18:23:09 +08:00
Guo Xiang Tan
08c36fa968 REFACTOR: Clean up some code associated with topic timers. 2017-05-22 18:10:29 +08:00
Guo Xiang Tan
238a156300 FIX: TopicTimestampChanger should not allow timestamps in the future. 2017-05-22 16:03:49 +08:00
Guo Xiang Tan
4382a0bb07 Rename PostTimestampChanger -> TopicTimestampChanger. 2017-05-22 15:01:33 +08:00
Rimian Perkins
2b5dfb6e8e avoid double lookup for plugin helpers 2017-05-22 14:50:53 +10:00
Guo Xiang Tan
330338af3a FIX: Don't hardcode text in smoke test. 2017-05-22 08:01:33 +08:00
Robin Ward
908433a7a0 SECURITY: Validate the entity when downloading a CSV 2017-05-19 16:00:51 -04:00
Robin Ward
28f486cb7a FIX: Regular users shouldn't be able to invite to PMs if disabled 2017-05-19 12:57:21 -04:00
Guo Xiang Tan
2b66918199 Wrong function call. 2017-05-19 22:33:06 +08:00