github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-16 00:40:39 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
34,214 Commits 214 Branches 500 Tags 960 MiB
cd20d0fdfd
Commit Graph

615 Commits

Author SHA1 Message Date
Roman Rizzi
fd1a2a4c07 FIX: Improve protection against problematic usernames (#8097) 2019-09-13 15:52:05 -03:00
David Taylor
f80f8a34c0 SECURITY: Reset password when activating an account via auth provider 
Followup to d693b4e35fe0e58c5578eae4a56c06dff4756ba2
 2019-08-28 14:08:55 +01:00
Arpit Jalan
aea541d037 SECURITY: don't reveal category details to users that do not have access 2019-08-19 12:51:15 +05:30
Sam Saffron
c587df7e2a Revert "FEATURE: add Noindex to robots.txt for disallowed routes" 
This reverts commit d84256a876.

This is not supported by Google and causes robots.txt to be flagged as
invalid

Removing Noindex
 2019-07-30 11:37:00 +10:00
David Taylor
c4ff66e1a5 DEV: Correct merge conflicts for 9cfe3f99 2019-07-24 13:31:16 +01:00
David Taylor
9cfe3f9948 SECURITY: Add confirmation screen when connecting associated accounts 2019-07-24 13:29:59 +01:00
Gerhard Schlager
90a1aa5536 SECURITY: Validate backup chunk identifier 2019-07-22 08:44:38 +02:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9" 
This reverts commit b8340c6c8e.
 2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9 
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
 2019-06-17 15:59:41 +01:00
Arpit Jalan
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Sam Saffron
704c579550 FIX: do not allow unbound membership lookups 
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
 2019-06-17 15:32:06 +10:00
Arpit Jalan
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
Sam Saffron
89c4332ac1 DEV: correct spec making bad assumptions 
bio_cooked is not meant to be touched directly, on save we "cook" the raw
bio.
 2019-06-12 16:31:50 +10:00
Arpit Jalan
e2636f0ec7 FIX: handle array in redirect param 2019-06-11 17:49:09 +05:30
Sam Saffron
7b17eb06da FEATURE: ban any SSO attempts with invalid external id 
We now treat any external_id of blank string (" " or "     " or "", etc) or a
invalid word (none, nil, blank, null) - case insensitive - as invalid.

In this case the client will see "please contact admin" the logs will explain
the reason clearly.
 2019-06-11 10:04:26 +10:00
Gerhard Schlager
bae7b75e23 FIX: Updating a user profile as admin shouldn't change the user's locale 2019-06-07 17:53:46 +02:00
Penar Musaraj
f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677) 
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
 2019-06-06 13:27:24 +10:00
Bianca Nenciu
e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00
Roman Rizzi
c3a38d2304 DEV: Make groups/new extensible by plugins (#7642) 
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
 2019-06-06 12:05:33 +10:00
Robin Ward
f1d547c301 FEATURE: Show "in reply to" on the review queue 
We now show if a queued or flagged post is a reply to another when in
the review queue. It's especially helpful for queued posts where
normally they are linked to the topic where they are created, and you
have no context about the reply.

Note that this will only apply to new queued posts going forward.
Previously queued posts will not show the "in reply to"
 2019-06-05 12:34:41 -04:00
Sam Saffron
78509eacb7 DEV: lint file 
followup to 9779307e
 2019-06-05 11:32:47 +10:00
Maja Komel
9779307efc DEV: simpler spec for wayback machine crawler layout (#7696) 
follow-up on 42809f4d
 2019-06-05 11:24:52 +10:00
Régis Hanol
33bc8c276d FIX: default top timeframe was overriding best_periods_for 2019-06-04 10:57:50 +02:00
Maja Komel
7da875f52a FIX: trigger user_updated webhook when avatar changes 2019-06-04 16:46:46 +08:00
Maja Komel
42809f4d69 FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
Sam Saffron
f415712269 DEV: avoid double sign-in which can lead to flaky tests 
We should not be signing in twice in tests, it is both wasteful and risky
 2019-06-03 10:15:49 +10:00
Robin Ward
2e0a40007b FIX: Category topics should not be deletable via review queue 2019-05-30 16:43:23 -04:00
romanrizzi
e7ee556e87 Support multi-group user search 2019-05-30 08:45:20 +08:00
Sam Saffron
b114bcd294 DEV: switch message bus backend to memory for tests 
This backend is a bit faster and well tested, this is part of a longer
term plan to have a `backend: :memory, threaded: false` type config for
message bus which we can use in test.

The threading in message bus causes all sorts of surprises in test, it will
be nice not to be beholden to them.
 2019-05-29 16:34:55 +10:00
Guo Xiang Tan
f0620e7118 FEATURE: Support [description|attachment](upload://<short-sha>) in MD take 2. 
Previous attempt was missing `post_uploads` records.
 2019-05-29 09:26:32 +08:00
Penar Musaraj
7c9fb95c15 Temporarily revert "FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603)" 
This reverts commit b1d3c678ca.

We need to make sure post_upload records are correctly stored.
 2019-05-28 16:37:01 -04:00
Guo Xiang Tan
b1d3c678ca FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603) 2019-05-28 11:18:21 -04:00
Bianca Nenciu
07b80d491b FIX: Refresh automatic groups after inviting moderators. 2019-05-28 17:19:34 +08:00
Robin Ward
d95a68b837 FEATURE: When suspending a user, allow the Delete + Replies action 
Previously you could only delete the post
 2019-05-27 12:27:16 -04:00
Robin Ward
89b84651c3 Migrate score settings to use sensitivities 
We hide scores so these settings no longer made sense.
 2019-05-24 15:44:24 -04:00
Gerhard Schlager
f4a471f0eb FIX: Correctly cache hash of extra translations 2019-05-24 11:38:26 +02:00
Gerhard Schlager
c1e9a70d59 FIX: Fallback locale was not available for extra translations 
Translations from fallback locales were not sent to the client
for admin_js and wizard_js.
 2019-05-24 11:38:26 +02:00
Robin Ward
e74cd54fc6 REFACTOR: Replace score bonuses with low/med/high priorities 
We removed score from the UX so it makes more sense to have sites set
priorities instead of score bonuses.
 2019-05-23 11:54:45 -04:00
Gerhard Schlager
58f72cd439 Remove duplicate translations 2019-05-22 16:15:22 +02:00
Sam Saffron
307c526840 DEV: correct test that assumed group 123 did not exist 
This is an incorrect assumption leading to a flaky test, cause for all we
know, since sequences do not reset every test, group 123 could exist.
 2019-05-21 12:57:14 +10:00
Gerhard Schlager
b788948985 FEATURE: English locale with international date formats 
Makes en_US the new default locale
 2019-05-20 13:47:20 +02:00
Guo Xiang Tan
148bfc9be5 DEV: Simplify client and server side code to support removing tags. 
Follow up to 834c86678f.
 2019-05-17 16:39:20 +08:00
Guo Xiang Tan
834c86678f FIX: Missing post revision when editing the first post. 2019-05-17 12:54:27 +08:00
Guo Xiang Tan
e2444e0d31 DEV: Fix another frozen string error. 2019-05-17 10:07:37 +08:00
David Taylor
1299c94a52 FIX: Make serverside and clientside omniauth origin redirects consistent 
Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
 2019-05-15 12:40:51 +01:00
Guo Xiang Tan
ab1684999c DEV: Improve specs to use upload_s3 fabricator. 2019-05-15 08:42:17 +08:00
Vinoth Kannan
42b10a646d FIX: return 404 only if upload url also not internal. 2019-05-15 02:06:54 +05:30
Gerhard Schlager
81c329fbb8 FIX: Customizing missing pluralized translations didn't work 2019-05-13 09:36:05 +02:00