Guo Xiang Tan
c6f5df4caa
SECURITY: Don't pass email backup token to sidekiq as a parameter.
...
* This exposes the token in the Sidekiq dashboard which can be
viewed by an admin and defeats the purpose of using a token
in the download backup email ink.
2017-12-18 11:32:26 +08:00
Guo Xiang Tan
fcdd8491a1
Fix broken spec.
2017-12-14 15:43:50 +08:00
Guo Xiang Tan
6d475a15a8
SECURITY: Any group can be invited into a PM.
2017-12-14 15:18:27 +08:00
Neil Lalonde
504bcf4550
SECURITY: signup without verified email using Google auth
2017-10-16 15:23:32 -04:00
Arpit Jalan
70d4c39bcd
SECURITY: do not include links from whispers in topic summary map
...
https://meta.discourse.org/t/staff-whispers-links-in-whispers-showing-up-publicly-in-topics-summary/69134?u=techapj
2017-09-01 00:25:49 +05:30
Guo Xiang Tan
5f0351348b
FIX: Group name was being reverted to non-localized version.
...
https://meta.discourse.org/t/localized-staff-group-names-changed/65360/16
2017-08-29 14:42:07 +08:00
Robin Ward
7ad2703397
SECURITY: Remove disposable invite feature
2017-07-07 20:52:21 -04:00
Arpit Jalan
6eef7417ab
FIX: include canonical meta tag on category pages
2017-07-03 14:45:16 +05:30
Guo Xiang Tan
0fc10161a5
FIX: Send request membership PM to last 5 active group owner.
2017-06-15 11:39:16 +08:00
Guo Xiang Tan
84d46bceb9
FIX: Create group membership request on behalf of user.
2017-06-14 21:10:51 +09:00
Guo Xiang Tan
69dc8188e3
UX: Don't send emails for discobot notifications.
2017-06-14 21:09:47 +09:00
Robin Ward
5d04cb4b47
FIX: Always allow the host the forum is hosted on
2017-06-13 10:55:15 -04:00
Robin Ward
4324ea024c
FIX: Don't use target=_blank
for local oneboxes
2017-06-13 10:55:10 -04:00
Robin Ward
502bca2c0d
FIX: If HEAD is not supported, try GET. Also set cookies
2017-06-13 10:54:27 -04:00
Guo Xiang Tan
b0dd05fdc6
FIX: Inherit topic auto close when changing topic's category.
2017-05-31 17:40:21 +09:00
Sam
607998af33
FEATURE: dropdown to filter staff action logs
2017-05-30 11:25:42 -04:00
Sam
0aed2533ac
Revert unread optimisation, has too many edge cases
2017-05-26 09:04:13 -04:00
Guo Xiang Tan
4d9481bf47
Fix build.
2017-05-26 16:04:59 +08:00
Guo Xiang Tan
56f98de7b2
Use webmock to stub external web requests.
2017-05-26 15:19:09 +08:00
Guo Xiang Tan
f8f1548fd4
Revert "FIX: Use Excon to do its own stubbing"
...
This reverts commit 80af54460a
.
2017-05-26 13:04:25 +08:00
Guo Xiang Tan
e57d2f5cb8
FIX: Don't do anything if avatar url returns an invalid status code.
2017-05-26 13:02:40 +08:00
Robin Ward
b584264d82
FIX: Don't show "resend email" option when user approval is on
2017-05-25 15:29:05 -04:00
Sam
29fac1ac18
PERF: improve performance of unread queries
...
Figuring out what unread topics a user has is a very expensive
operation over time.
Users can easily accumulate 10s of thousands of tracking state rows
(1 for every topic they ever visit)
When figuring out what a user has that is unread we need to join
the tracking state records to the topic table. This can very quickly
lead to cases where you need to scan through the entire topic table.
This commit optimises it so we always keep track of the "first" date
a user has unread topics. Then we can easily filter out all earlier
topics from the join.
We use pg functions, instead of nested queries here to assist the
planner.
2017-05-25 15:07:30 -04:00
Robin Ward
cdbe027c1c
Refactor FileHelper
to use keyword arguments.
2017-05-24 13:54:26 -04:00
Sam
f12490eae0
FIX: order:latest not working for search within topic
...
FEATURE: use 'l' as a shorthand for order:latest
2017-05-24 11:24:41 -04:00
Robin Ward
3b0cbf7013
FIX: Always allow downloads from CDN
2017-05-23 16:32:54 -04:00
Robin Ward
d2121ca272
FIX: Missing HTTP stub
2017-05-23 15:08:19 -04:00
Robin Ward
b81e7be9a1
FEATURE: Rate limit how often we'll crawl a destination IP
2017-05-23 15:03:04 -04:00
Robin Ward
36e477750c
FIX: Use same code path for downloading images
2017-05-23 14:51:30 -04:00
Robin Ward
e5e7a15a85
SECURITY: Never crawl by IP
2017-05-23 13:07:18 -04:00
Robin Ward
93a5fc62bf
FEATURE: A site setting to prevent crawling on private IP blocks
2017-05-23 11:56:06 -04:00
Robin Ward
80af54460a
FIX: Use Excon to do its own stubbing
2017-05-22 18:19:20 -04:00
Robin Ward
b51126dd5e
FIX: Reset the WebMock after before every test
2017-05-22 17:52:31 -04:00
Régis Hanol
9dddb81cf6
FIX: remove memoization on class method used in a job
2017-05-22 23:35:41 +02:00
Blake Erickson
4e8beda332
Merge pull request #4866 from JaredReisinger/admin-user-pagination
...
Add pagination to /admin/users/list API
2017-05-22 15:12:59 -06:00
Robin Ward
d4b16b487e
FIX: Another onebox head request
2017-05-22 17:00:19 -04:00
Robin Ward
a8d1e44943
FIX: Onebox will do a HEAD request first for redirects
2017-05-22 16:52:26 -04:00
Robin Ward
4c690f7089
Use FinalDestination
to ensure public redirects for onebox
2017-05-22 16:42:49 -04:00
Robin Ward
b23fc2bf84
Helper to find the final destination for a URL
2017-05-22 15:52:41 -04:00
Sam
6231318462
Merge pull request #4877 from rimian/plugin_helper
...
FEATURE: Require spec helpers for plugins
2017-05-22 15:22:55 -04:00
Régis Hanol
a7f337fa93
FIX: CDN wasn't properly applied to category background images when using S3
2017-05-22 18:37:01 +02:00
Guo Xiang Tan
76229535ac
Remove old test case.
2017-05-22 18:23:09 +08:00
Guo Xiang Tan
08c36fa968
REFACTOR: Clean up some code associated with topic timers.
2017-05-22 18:10:29 +08:00
Guo Xiang Tan
238a156300
FIX: TopicTimestampChanger
should not allow timestamps in the future.
2017-05-22 16:03:49 +08:00
Guo Xiang Tan
4382a0bb07
Rename PostTimestampChanger
-> TopicTimestampChanger
.
2017-05-22 15:01:33 +08:00
Rimian Perkins
2b5dfb6e8e
avoid double lookup for plugin helpers
2017-05-22 14:50:53 +10:00
Guo Xiang Tan
330338af3a
FIX: Don't hardcode text in smoke test.
2017-05-22 08:01:33 +08:00
Robin Ward
908433a7a0
SECURITY: Validate the entity
when downloading a CSV
2017-05-19 16:00:51 -04:00
Robin Ward
28f486cb7a
FIX: Regular users shouldn't be able to invite to PMs if disabled
2017-05-19 12:57:21 -04:00
Guo Xiang Tan
2b66918199
Wrong function call.
2017-05-19 22:33:06 +08:00