github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-24 21:50:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
32,944 Commits 190 Branches 500 Tags 938 MiB
d110f252bb
Commit Graph

2640 Commits

Author SHA1 Message Date
Sam
5302709343 FIX: in redis readonly raise an exception from DistributedMutex 
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
 2018-09-19 15:50:58 +10:00
Arpit Jalan
fadcd36f92 FIX: do not treat ignore_redirects domains as blacklisted 
This fix prevents domains present in `ignore_redirects` to be treated as
blacklisted domains and makes sure that onboxing happens for those domains.
Issue reported here: https://meta.discourse.org/t/steam-store-oneboxing-no-longer-works/97266
 2018-09-18 10:38:02 +05:30
Guo Xiang Tan
ce6a0a5e9e FIX: Moving upload to tombstone should update modification time. 
A upload created a long time ago will be nuked from the tombstone
immediately if it gets deleted.
 2018-09-18 10:48:29 +08:00
Sam
37c5280f73 correct spec 2018-09-17 11:37:01 +10:00
Rishabh
4f46aa1ba3 FEATURE: Add SiteSetting for s3_configure_tombstone_policy 
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
 2018-09-17 10:57:50 +10:00
Neil Lalonde
526ffc4966 FIX: error in response body to blocked crawlers, showing 500 Internal Server Error with status of 403 2018-09-14 15:40:20 -04:00
Neil Lalonde
b87a089822 FIX: don't block api requests when whitelisted_crawler_user_agents is set 2018-09-14 15:40:20 -04:00
Guo Xiang Tan
c3f6b4d966 DEV: Test against real Upload#url format. 2018-09-14 13:43:33 +08:00
Arpit Jalan
d288462abf
Merge pull request #6393 from techAPJ/bad-json 
FIX: ignore and log bad json values for custom fields
 2018-09-13 15:54:01 +05:30
Arpit Jalan
e364547ff7 FIX: ignore and log bad json values for custom fields 2018-09-13 14:26:30 +05:30
Guo Xiang Tan
6c65718301 Include response body when raising an error in FileHelper#download. 2018-09-13 15:43:58 +08:00
Gerhard Schlager
1a01385e88 FIX: "false" didn't work as locale_default 2018-09-11 13:42:10 +02:00
Rishabh Nambiar
81c87df18a FIX: don't raise an error on integer usernames 2018-09-10 22:17:56 +05:30
Guo Xiang Tan
df04e69cde FIX: S3Helper#list creates incorrect prefix. 2018-09-10 16:34:40 +08:00
Sam
879067d000 FIX: check admin theme cookie against user selectable 
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
 2018-09-07 10:47:28 +10:00
Guo Xiang Tan
d4b05d7bc5 Always link post to uploads in post process. 
The operation is cheap anyway so no point skipping.
 2018-09-06 14:08:03 +08:00
Guo Xiang Tan
434035f167 FIX: Link post to uploads in PostCreator. 
* This ensures that uploads are linked to their post on creation
  instead of a background job which may be delayed if Sidekiq
  is facing difficulties.
 2018-09-06 11:18:11 +08:00
Guo Xiang Tan
f3aef2cc83 FIX: Incorrect/missing extension in short_url fails to map to upload. 
`Hash#invert` causes us to lose keys if the hash contains similar
values.
 2018-09-05 21:48:58 +08:00
Guo Xiang Tan
3b337bfc6b Revert "FIX: Don't rate limit admin and staff constraints when matching routes." 
This reverts commit 651b50b1a1.
 2018-09-04 14:27:21 +08:00
Guo Xiang Tan
19182c0c8f DEV: Skip fragile tests for now. 2018-09-04 13:58:09 +08:00
Guo Xiang Tan
651b50b1a1 FIX: Don't rate limit admin and staff constraints when matching routes. 
* When an error is raised when checking route constraints, we
  can only return true/false which either lets the request
  through or return a 404 error. Therefore, we just skip
  rate limiting here and let the controller handle the
  rate limiting.
 2018-09-04 13:52:58 +08:00
Guo Xiang Tan
08b268c5bc Be more forceful in disconnecting connections during failover. 2018-09-04 10:32:43 +08:00
Gerhard Schlager
eeedc3901e FIX: Replying to deleted post via email should create new reply to topic 2018-09-03 23:06:40 +02:00
Vinoth Kannan
24a14af15a FIX: Respect invalidate_oneboxes option for inline oneboxes 2018-09-03 22:33:43 +05:30
Guo Xiang Tan
ecf60c0c33 DEV: More attempts at stablizing specs in Travis. 
Re-enable skipped test because it doesn't fail locally
for me to debug it.
 2018-09-03 14:52:15 +08:00
Guo Xiang Tan
747c9bb47f
Merge pull request #6317 from nbianca/ignore_blacklisted_domains 
FIX: Ignore OneBox blacklisted domains.
 2018-09-03 11:10:52 +08:00
Guo Xiang Tan
0fac6cdba9 DEV: Better debugging information when test fails. 2018-09-03 10:55:25 +08:00
Maja Komel
182d9a4666 FIX: escape regex chars when searching site texts 2018-09-02 17:25:57 +10:00
Osama Sayegh
60eff9421a FIX: precompile desktop_theme and mobile_theme stylesheets 
required for environments that pre stage docker images and keep old image running during the deploy
 2018-08-31 21:23:55 +10:00
Guo Xiang Tan
ae2f00ee73 DEV: Include the thread in the error message. 2018-08-31 17:14:19 +08:00
Sam
9b7cab589a FIX: revert diacritic stripping 
See more details in test case and at: https://meta.discourse.org/t/discourse-should-ignore-if-a-character-is-accented-when-doing-a-search/90198/16?u=sam
 2018-08-31 11:46:55 +10:00
Guo Xiang Tan
81b99efc68 DEV: Raise an error if thread doesn't return within expected time. 2018-08-31 09:26:28 +08:00
Vinoth Kannan
297e8aaf2e FIX: Escape regex pattern variable before using it 2018-08-31 03:02:24 +05:30
Osama Sayegh
9efbf2c49f FIX: changing component settings should trigger refresh for parent theme CSS (#6340) 2018-08-30 20:53:03 +10:00
Sam
44cf3cf975 FIX: queue heartbeats in readonly modes 
If sidekiq is paused or Discourse is in readonly continue to queue
heartbeats

If we do not do that then a master process can end up reaping sidekiq
workers and causing various badness

This also impacts restore which can do weird stuff TM in cases like this
 2018-08-29 12:36:59 +10:00
Davide Porrovecchio
1826626272 FEATURE: Add Content-Type header to CORS 
- add Content-Type to Access-Control-Allow-Headers
- update test accordingly
 2018-08-28 11:19:38 +10:00
Neil Lalonde
ebe7835316 FIX: links in rss feeds are sometimes wrong on subfolder installs 2018-08-27 18:05:15 -04:00
Bianca Nenciu
b6963b8ffb FIX: Ignore OneBox blacklisted domains. 2018-08-27 20:40:55 +02:00
Sam
dc17ae3b2f correct specs 2018-08-27 14:50:56 +10:00
Sam
4205c528d0 FEATURE: hide enable_personal_email_messages and min_trust_to_send_email_messages 
These site settings are very hard to explain and only applicable for very
specific Discourse setups.

If an admin "enables staged users" which is used in support scenarios then
all staff can send "messages" directly to an "email".

The setting allows you to extend this to TL4 or any trust level.

Actual use case would be a support type setup with restricted staff. It is
quite rare so hiding this for now and re-evaluate keeping the setting in
2019
 2018-08-27 11:38:22 +10:00
Raul Tambre
2271918be2 FEATURE: Use S3 dualstack endpoints 
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
 2018-08-27 11:22:46 +10:00
Maja Komel
020eba4623 FIX: find tags with non-latin names (#6312) 2018-08-27 11:05:28 +10:00
Osama Sayegh
e0cc29d658 FEATURE: themes and components split 
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
 2018-08-24 11:30:00 +10:00
Sam
ac11f8df52 correct regression searching with diacritics 2018-08-24 10:00:51 +10:00
Arpit Jalan
7a91df3248
Merge pull request #6290 from techAPJ/latest-full-name 
UX: show full name on /latest page
 2018-08-23 17:34:54 +05:30
Arpit Jalan
1a7cd6648b UX: show full name on /latest page 2018-08-23 14:41:06 +05:30
Guo Xiang Tan
dd810b8b05
Merge pull request #6304 from tgxworld/create_functions_in_different_schema 
FIX: Create `BaseDropper` functions in a different schema.
 2018-08-23 15:01:41 +08:00
Guo Xiang Tan
212ee15804 FIX: Create BaseDropper functions in a different schema. 
https://meta.discourse.org/t/error-when-restore-db-backup/93145/25?u=tgxworld
 2018-08-23 12:52:21 +08:00
Osama Sayegh
2711f173dc FIX: don't allow inviting more than max_allowed_message_recipients 
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
 2018-08-23 14:36:49 +10:00
Guo Xiang Tan
36a7028f19 FEATURE: Clean up PostReplyKey records. 
* Default retention of 90 days.
 2018-08-23 10:40:02 +08:00
Régis Hanol
f01169d6ff FIX: don't send email when the post was deleted 2018-08-22 13:13:58 +02:00
Sam
272de95175 FIX: client duplicate registration should be cleaned up 
If for any reason we are unable to correct client id on a user api key
invalidate old keys for client/user
 2018-08-22 12:56:49 +10:00
Sam
5d96809abd FIX: improve support for subfolder S3 CDN 2018-08-22 12:31:13 +10:00
Sam
f5142861e5 Revert "Revert "FIX: upload URLs from S3 on subfolder installs"" 
This reverts commit 26c96e97e5.

We have no choice but to run this code
 2018-08-22 11:31:33 +10:00
Sam
26c96e97e5 Revert "FIX: upload URLs from S3 on subfolder installs" 
This reverts commit 357df2ff4f.
 2018-08-22 10:51:40 +10:00
Neil Lalonde
357df2ff4f FIX: upload URLs from S3 on subfolder installs 2018-08-21 14:58:55 -04:00
Guo Xiang Tan
7dcc69aef4 DEV: Refactor test to not call private method. 2018-08-21 14:29:58 +08:00
Guo Xiang Tan
48f499b324 DEV: Refactor some mail receiver related specs. 2018-08-21 14:00:45 +08:00
Guo Xiang Tan
d104de2a09 Remove line that is no longer required. 2018-08-21 11:48:58 +08:00
Robin Ward
a83f662492 FIX: Allow silenced users to like / bookmark, just not flag. 2018-08-17 11:06:18 -04:00
Guo Xiang Tan
010fe479cb Fix linting. 2018-08-17 17:34:25 +08:00
Guo Xiang Tan
16c0ebe8a8 Fix the build. 2018-08-17 16:53:07 +08:00
Guo Xiang Tan
a26ef7738f FIX: FileHelper#download should return nil if max size is exceeded. 2018-08-17 16:19:59 +08:00
Guo Xiang Tan
fae8757cd4 FIX: Guardian#post_can_act? shouldn't raise an error if user of post has been deleted. 2018-08-17 15:11:30 +08:00
Joffrey JAFFEUX
10a3499d68
uses emoji versions for specs (#6276) 2018-08-16 13:45:30 +02:00
Sam
91e0a77a60 FEATURE: silenced users should not be allowed to edit posts 2018-08-15 14:29:36 +10:00
Robin Ward
87fa26b6c8 FIX: Silenced users shouldn't be able to act on posts 2018-08-14 11:43:39 -04:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Neil Lalonde
d77dccc636 FIX: user-deleted posts with deferred flags can be destroyed 2018-08-09 14:54:31 -04:00
Guo Xiang Tan
1ea23b1eae FIX: Wrong order for S3Helper#copy_file. 2018-08-08 15:58:54 +08:00
Sam
a35f2984e9 FIX: support Arrays with Marshal dump in distributed cache 
Theme cache uses arrays here
 2018-08-08 16:44:56 +10:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components 
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
 2018-08-08 14:46:34 +10:00
Guo Xiang Tan
aafff740d2 Add FileStore::S3Store#copy_file. 2018-08-08 11:30:34 +08:00
Guo Xiang Tan
d1860a4f7d DEV: Fix test to use an actual PNG instead of a GIF. 2018-08-07 12:02:35 +08:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer. 
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
 2018-08-06 09:25:48 +01:00
Régis Hanol
bf4d98e89d FIX: always store topic links using the upload url 2018-08-04 01:29:32 +02:00
Joffrey JAFFEUX
066010db7d
FEATURE: introduces list/compact_list components 2018-08-03 16:41:37 -04:00
Régis Hanol
ac2513b0f2 FEATURE: automatic PM when a user's email is revoked 2018-08-03 16:39:22 +02:00
Sam
280c318c49 FEATURE: allow ruby tags in Markdown 2018-08-03 11:47:36 +10:00
Jeff Atwood
c81bad3232
Merge pull request #6232 from OsamaSayegh/message-email-short-reply 
UX: better rejection message when reply via email is too short
 2018-08-02 14:25:04 -07:00
OsamaSayegh
a157dfd418 UX: better rejection message when reply via email is too short 2018-08-02 22:43:53 +03:00
Sam
0b3d51a8bc FEATURE: whitelist lang attribute 2018-08-02 16:53:08 +10:00
Penar Musaraj
4a872823e7 Improvements to user drafts (#6226) 
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels

* use JSON when testing Draft.stream
 2018-08-02 07:41:27 +10:00
Neil Lalonde
b829452c75
Merge pull request #6209 from discourse/mini_scheduler 
REFACTOR: extract scheduler to the mini_scheduler gem
 2018-08-01 10:28:24 -04:00
Penar Musaraj
1f45215537 FEATURE: Drafts view in user profile 
* add drafts.json endpoint, user profile tab with drafts stream

* improve drafts stream display in user profile

* truncate excerpts in drafts list, better handling for resume draft action

* improve draft stream SQL query, add rspec tests

* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)

* cleanup

* linting fixes

* apply prettier styling to modified files

* add client tests for drafts, includes a fixture for drafts.json

* improvements to code following review

* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix

* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed

* prettier, eslint fixes

* use "username_lower" from users table, added error handling for rejected promises

* adds guardian spec for can_see_drafts, adds improvements following code review

* move DraftsController spec to its own file

* fix failing drafts qunit test, use getOwner instead of deprecated this.container

* limit test fixture for draft.json testing to new_topic request only
 2018-08-01 16:34:54 +10:00
Vinoth Kannan
6aee22b88f FIX: Onebox images are not downloaded locally without css class 2018-08-01 02:51:02 +05:30
Neil Lalonde
4ad7ce70ce REFACTOR: extract scheduler to the mini_scheduler gem 2018-07-31 17:12:55 -04:00
Arpit Jalan
afe3b00c0f FIX: use hidden setting for max export file size 2018-07-31 11:25:28 +05:30
Guo Xiang Tan
b94633e844 FIX: FileHelper should prioritize response content-type. 
Request to a URL with `.png` extension may return a jpg
instead causing us to attach the wrong extension to an
upload.
 2018-07-30 10:54:36 +08:00
David Taylor
5f1fd0019b FEATURE: Allow revoke and connect for GitHub logins 2018-07-27 17:18:53 +01:00
David Taylor
6296f63804 FEATURE: Revoke and connect for Yahoo logins 2018-07-27 16:20:47 +01:00
David Taylor
9c72c00206 FEATURE: Revoke and reconnect for Twitter logins 2018-07-27 12:28:51 +01:00
Neil Lalonde
135c803f49 FIX: don't send PM if flagged post is deleted but flags were deferred or cleared 2018-07-26 15:12:31 -04:00
David Taylor
fa399ce1c5 FEATURE: Add revoke and reconnect functionality for google logins 2018-07-25 16:03:14 +01:00
Gerhard Schlager
84d14fd8a0 FIX: Don't rely on setting data type read from database 2018-07-25 11:40:59 +02:00
Neil Lalonde
417bcf7d2e add checks for staff and system user before sending flags_agreed_and_post_deleted message 2018-07-24 19:25:11 -04:00
Neil Lalonde
fe39cdc90a FEATURE: when a post is deleted because a moderator agreed with flags, send a message to the post author 2018-07-24 17:17:56 -04:00
Robin Ward
7058205f70 FIX: Broken specs 2018-07-24 12:00:34 -04:00
Robin Ward
236243f38a SECURITY: Consider 0.0.0.0 a private IP 2018-07-24 11:16:27 -04:00
Joffrey JAFFEUX
7a3c541077
UX: Preview multiple color schemes in wizard (#6151) 
It was a dropdown to provide choices of color schemes,
and only one scheme could be shown.
With this commit, multiple color scheme previews can be displayed on
one page at the same time, making admins choose color schemes more
easily.

Theme preview windows are shrinked.

Imported default color schemes.

Co-Authored-By: Misaka 0x4e21 <misaka4e21@gmail.com>
 2018-07-24 09:00:20 -04:00
Guo Xiang Tan
fad9c2b971 PERF: Move EmailLog#reply_key into new post_reply_keys table. 2018-07-24 13:51:53 +08:00
Davide Porrovecchio
dd9d815178 FIX: Add User Api Key headers to CORS 
- add User-Api-Key and User-Api-Client-Id to Access-Control-Allow-Headers
- update test
 2018-07-24 10:28:23 +10:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099) 
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
 2018-07-23 16:51:57 +01:00
David Taylor
2dc3a50dac FIX: Do not update last seen time for suspended users 2018-07-18 16:04:57 +01:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Sam
379384ae1e FIX: never block /srv/status which is used for health checks 
This route is also very cheap so blocking it is not required

It is still rate limited and so on elsewhere
 2018-07-18 12:37:01 +10:00
Guo Xiang Tan
3874d40910 Prepare to drop EmailLog#topic_id. 2018-07-18 10:22:24 +08:00
Leo McArdle
21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Arpit Jalan
b1082924b9 FIX: do not validate topic deletions 2018-07-13 22:53:36 +05:30
Guo Xiang Tan
c722b07057 FIX: /t/:topic_id/last route did not return any posts. 2018-07-13 14:26:10 +08:00
Kyle Zhao
2901691e87 FEATURE: per-category approval settings (#5778) 
- disallow moving topics to a category that requires topic approval
 2018-07-13 12:51:08 +10:00
Guo Xiang Tan
79ba418edd DEV: Don't join on a thread forever. 2018-07-12 15:46:07 +08:00
Guo Xiang Tan
258e9e35ca PERF: Make mega topics work without a stream. 
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld.
 2018-07-12 12:46:12 +08:00
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components 
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
 2018-07-12 14:18:21 +10:00
Guo Xiang Tan
4163f9e61e DEV: Better clean up for PostgreSQL failover test. 2018-07-10 09:53:25 +08:00
Guo Xiang Tan
96aca6d7e6
Remove legacy vote post action code. (#6009) 2018-07-09 16:54:18 +08:00
Andrew Schleifer
dba22bbde2 rollback changes 
This reverts:
* 1baba84c438e "fix s3 subfolders harder"
* ea5e57938edf "fix test for absolute_base_url change"
 2018-07-06 17:16:40 -05:00
Andrew Schleifer
f8b90226cb fix test for absolute_base_url change 2018-07-06 17:08:18 -05:00
Andrew Schleifer
52e9f49ec1 fix s3 subfolders harder 
specifically, include the folder in absolute_base_url
 2018-07-06 16:28:40 -05:00
Neil Lalonde
211981ef23 add specs for min_trust_to_create_tag set to staff and admin 2018-07-05 11:39:32 -04:00
Patrick Gansterer
28dd7fb562 FEATURE: Create hidden posts for received spam emails (#6010) 
* Add possibility to add hidden posts with PostCreator

* FEATURE: Create hidden posts for received spam emails

Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
 2018-07-05 11:07:46 +02:00
Sam
0408e87e00 remove uneeded specs 2018-07-05 15:34:58 +10:00
Sam
b54ba4c952 FIX: mentions broken after adding an <abbr> tag 
A previous shortcut used was not allowing for <abbr and other tags starting with a

If <abbr> appeared anywhere in the text all mentions would fail to link
 2018-07-05 09:27:11 +10:00
Régis Hanol
272646c1df FIX: only show the sequential replies warning for regular posts 2018-07-04 22:51:19 +02:00
Neil Lalonde
24882ce1a5 make rubocop happy 2018-07-04 09:42:31 -04:00
Neil Lalonde
f134701c7b FIX: user topic and post counts can become negative when staff deletes posts in personal messages 2018-07-04 09:31:16 -04:00
Sam
e72fd7ae4e FIX: move crawler blocking into anon cache 
This refinement of previous fix moves the crawler blocking into
anonymous cache

This ensures we never poison the cache incorrectly when blocking crawlers
 2018-07-04 11:14:43 +10:00
Neil Lalonde
e8a6323bea remove crawler blocking until multisite support 2018-07-03 17:54:45 -04:00
Kasia Bułat
b71cf6d422 FEATURE: Add search not operator for tags. 2018-07-03 15:57:34 +08:00
Jeff Wong
d7f6d37a98 refactor: promotion spec 2018-07-02 16:23:45 -07:00
hellekin
25cfc98b67 Fix 'asscoiated' typo 
I know that **Naming is CRITICAL** and that **Refactoring only NOT welcome**.

But since I spotted this (consistent) typo and the change does not affect any
functionality -- I checked the presence of "asscoiated" in the code base, I
guess the first rule trumps the second one.

It also gave me a false pretext to bypass my reluctance to use Google forms and
sign de CLA. Typos hurt the eye.
 2018-06-29 11:10:05 +10:00
Sam
db14e10943 SECURITY: category badges should HTML escape names 2018-06-28 18:15:07 +10:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Guo Xiang Tan
cfa7898c2d Rename TopicView#last_read_post_id to TopicView#filtered_post_id. 2018-06-27 12:33:57 +08:00
Guo Xiang Tan
cb69888758 PERF: Don't pluck all the columns just to retrieve a single value. 2018-06-27 11:41:35 +08:00
Arpit Jalan
6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Guo Xiang Tan
49ffc1eb61 Revert "PERF: Send down gaps as the relevant posts load instead of front loading." 
This reverts commit 4c3352528e.
 2018-06-26 12:54:14 +08:00
Guo Xiang Tan
4c3352528e PERF: Send down gaps as the relevant posts load instead of front loading. 2018-06-26 12:49:06 +08:00
Guo Xiang Tan
0b6a2e9d1f Remove force summary mode for megatopics for now. 
The logic is too hairy and we can't reliably determine
when to force summary mode. Work is underway to improve
perf for megatopics so this will not be required
eventually.
 2018-06-26 12:49:06 +08:00
Jeff Wong
41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Guo Xiang Tan
f69356e628 FIX: Users can't "show all posts" in forced summary topics. 2018-06-22 11:32:45 +08:00
Guo Xiang Tan
9a7a079f4d Force summary mode when user enters at the top of megalodoon topics. 2018-06-21 15:18:52 +08:00
Guo Xiang Tan
f7d22bad90 FEATURE: Forced summary mode for megalodon topics. 
This is mainly done for performance reasons and megalodon
topics are usually a byproduct of imports where site setting
limits are not respected.
 2018-06-21 14:00:20 +08:00
Sam
f66efc601d FIX: cubot android devices were detected as crawlers 2018-06-21 10:56:46 +10:00
Guo Xiang Tan
ff5fc3cb08 Use a fixed limit for mega topic posts count. 2018-06-20 16:58:52 +08:00
Guo Xiang Tan
9c925a66ff PERF: Don't display days ago on timeline for megatopics. 
Analysis using `pg_stat_statements` showed this query
to be eating up a significant portion of CPU.
 2018-06-20 16:25:54 +08:00
Sam
44091f20c6 DEV: allow for method deprecation using Discourse.deprecate 
New method deprecator will ensure one log message an hour happens
for all deprecated method calls per call site

Also removes unused monkey patches to ActiveRecord::Base
 2018-06-20 17:53:49 +10:00
Sam
cb824a6b33 DEV: remove all calls to SqlBuilder use DB.build instead 
This is part of the migration to mini_sql, SqlBuilder.new is being
deprecated and replaced with DB.build
 2018-06-20 17:53:49 +10:00
Guo Xiang Tan
806f0ca19d FIX: URL with params for svg images should not be light boxed. 2018-06-20 10:47:14 +08:00
Sam
94124ee2a6 skip erratic spec 2018-06-20 10:08:06 +10:00
Sam
4d984a5a63 extra diagnostics for thread issues 2018-06-20 09:19:16 +10:00
Arpit Jalan
aedc61a3b4 FEATURE: allow large icon to be uploaded in wizard 2018-06-19 21:08:02 +05:30
Michael Brown
ae5d255f83 FIX: Reference example.com instead of somesite.com in examples 
* somesite.com actually exists...
* example.com should be used in examples and is harmless to visit
 2018-06-19 10:37:24 -04:00
Joffrey JAFFEUX
24c27b5321
FEATURE: adds a add_report method accessible in plugin.rb 2018-06-19 15:00:11 +02:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql 
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
 2018-06-19 16:13:36 +10:00
Guo Xiang Tan
630b4570ef Add specs for RateLimiter::LimitExceeded#description. 2018-06-19 07:48:03 +08:00
Guo Xiang Tan
c18b86d9b2 UX: Don't add light box for SVG images. 2018-06-18 17:11:06 +08:00
Arpit Jalan
c7ee70941e FEATURE: show category page options on wizard 'homepage' step 2018-06-15 19:11:41 +05:30
OsamaSayegh
2427c0a17c FIX: theme CSS should recompile when theme uploads change 2018-06-15 13:12:09 +10:00
Sam
87fabdc2f3 FIX: correct pool reaper 
This removes a freedom patch and replaces with a custom reaper thread
it also captures an issue where reaper would fail when connections where
empty
 2018-06-14 18:22:02 +10:00
Sam
71aa20bd30 FIX: pool drainer to use Rails 5.2 implementation 
old implementation did not reap abandoned connections
 2018-06-14 15:54:48 +10:00
Robin Ward
fd54c92a52 FEATURE: New site setting, whitelisted_link_domains 
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
 2018-06-13 16:11:22 -04:00
Guo Xiang Tan
7c173265d5 FIX: Don't clear connections on the same process. 2018-06-12 13:06:25 +08:00
Guo Xiang Tan
646ed87aba Clear all connections once master recovers. 2018-06-12 12:13:59 +08:00
Guo Xiang Tan
fd75e54793 Disconnect the pool during failover and fallback. 2018-06-12 11:09:19 +08:00
Jeff Wong
4599cc8435 FIX: PM participants listed inline 2018-06-11 18:14:25 -07:00
Guo Xiang Tan
bfa0f71e2b FIX: Discouse.keep_readonly_mode incorrect extends expiry. 2018-06-12 00:21:29 +08:00
Guo Xiang Tan
204db00563 Skip postgres failover tests until we figure out why. 2018-06-11 15:51:16 +08:00
Guo Xiang Tan
f9761c41a9 DEV: Stablize postgresql fallback adapter spec. 2018-06-11 13:58:04 +08:00
Guo Xiang Tan
91557063d8 Fix the build. 2018-06-11 13:39:52 +08:00
Guo Xiang Tan
5656e8f366 FIX: Can't boot Discourse with a read-only PG connection. 2018-06-11 12:29:23 +08:00
Neil Lalonde
b8cf0788c6 FIX: broken mailto href's in emails 2018-06-08 13:11:58 -04:00
Guo Xiang Tan
8e0c1c8782 Re-enable skipped specs. 2018-06-08 10:04:06 +08:00
Arpit Jalan
f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Sam
945cb90e7e update specs 2018-06-07 20:55:42 +10:00
Sam
f331d2603d DEV: improve design of site setting default provider 
This refactors it so "Defaults provider" is only responsible for "defaults"

Locale handling and management of locale settings is moved back into
SiteSettingExtension

This eliminates complex state management using DistributedCache and makes
it way easier to test SiteSettingExtension
 2018-06-07 14:33:41 +10:00
Sam
89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade 
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
 2018-06-07 14:21:33 +10:00
Arpit Jalan
46fc57222f FEATURE: improve handling of site setting secrets 2018-06-04 21:31:34 +05:30
Blake Erickson
7750b30016 FIX: Allow a user to remove their title 
Somewhere there was a regression and a user couldn't remove their own
title. If they selected '(none)' in the UI it would say it was saved,
but it would not actually be updated in the db.
 2018-05-31 17:16:52 -06:00
Guo Xiang Tan
7fc8a36529 DEV: Take 2 Queue jobs in tests by default. 
On my machine this cuts the time taken to run our test suite
from ~11mins to ~9mins.
 2018-05-31 16:23:23 +08:00
Guo Xiang Tan
56e9ff6853 Revert "DEV: Queue jobs in tests by default." 
Too risky for now

This reverts commit be28154d3b.
 2018-05-31 15:34:46 +08:00
Sam
5086fdc76d FIX: add protection for scss removal during upgrade 
In some cases plugins would remove scss files or change them, but CSS
was still calculated based off stale data in old instance cache
 2018-05-31 17:02:48 +10:00
Guo Xiang Tan
be28154d3b DEV: Queue jobs in tests by default. 2018-05-31 14:45:47 +08:00
Guo Xiang Tan
f623740ffc DEV: Stablize DiscourseRedis tests. 2018-05-30 14:45:19 +08:00
Guo Xiang Tan
543b7cddfb FIX: Extra comma resulted in Github auth email result being an array. 
https://meta.discourse.org/t/github-2fa-flow-broken/88674
 2018-05-30 12:15:12 +08:00
Guo Xiang Tan
81b5d61fa7 FIX: topic_destroyed web hook couldn't find topic. 2018-05-28 17:38:02 +08:00
Sam
e501936405 FIX: search server side error in rare condition 2018-05-28 15:28:18 +10:00
Sam
9c91c2509e improve spec stability 2018-05-25 15:16:40 +10:00
Sam
610bfec73e DEV: correct fragile spec 2018-05-25 14:29:11 +10:00
Sam
80adc1ee80 DEV: stabilize site setting spec 
side effects could cause specs to fail in rare conditions
 2018-05-25 12:16:00 +10:00
Sam
d366f8d888 remove hack that destabliazed tese suite 2018-05-24 10:48:16 +10:00
Andrew Schleifer
4be0e31459 fix s3_cdn_url when the s3 bucket contains a folder 2018-05-23 15:51:02 -05:00
Ryan Mulligan
fac4bf2f85 ignore emails that are from the reply by email addresses (#5843) 2018-05-23 10:04:45 +02:00
Guo Xiang Tan
ad9e0d6bea
Merge pull request #5848 from OsamaSayegh/fix-social-login-groups 
FIX: apply automatic group rules when using social login providers
 2018-05-23 08:17:42 +08:00
OsamaSayegh
f6d412465b FIX: apply automatic group rules when using social login providers 2018-05-23 02:26:07 +03:00
Sam
1ac1ee4287 FEATURE: allow registration of an array custom field 2018-05-22 16:48:39 +10:00
Sam
bcfd9cf8b5 attempt to stabilize spec 2018-05-22 16:15:24 +10:00
Guo Xiang Tan
f21a47eadd Improve specs to assert for the right record instead of just a count. 2018-05-17 08:47:24 +08:00
Régis Hanol
a9ebde5111 FEATURE: new 'staged' users list for admins 2018-05-17 01:52:49 +02:00
Arpit Jalan
abcb6af8f9 FIX: scrub secret setting values from logs 2018-05-15 09:19:26 +05:30
Régis Hanol
2cf6fb7359 FIX: always unstage users when they log in 2018-05-13 17:00:02 +02:00
Régis Hanol
86eb3528ec FEATURE: clearer error message when receiving a reply to an old notification 2018-05-09 18:51:01 +02:00
Régis Hanol
6b1ff0edd3 FIX: always update bounce score (instead of doing it once per day) 2018-05-09 16:40:52 +02:00
Robin Ward
8262fc5d15
Merge pull request #5807 from discourse/min-flags-by-topic 
FEATURE: New site setting `min_flags_staff_visibility`
 2018-05-08 09:17:29 -04:00
Sam
858a266031 FIX: exact matching should also match on title 2018-05-08 15:59:03 +10:00
Guo Xiang Tan
8cf0f51eb2 UX: Display site settings shortcut for poll and discourse-nginx-performance-report. 
https://meta.discourse.org/t/improving-admin-plugins/84585/29?u=tgxworld
 2018-05-08 10:34:32 +08:00
Robin Ward
ac60a84329 FEATURE: New site setting min_flags_staff_visibility 
When set higher than 1, flags won't show up for staff in the admin
section unless the minimum threshold of flags on a post is reached.
 2018-05-07 16:05:13 -04:00
Régis Hanol
a98aae3bcd FIX: topic search wasn't working for unlisted topics 2018-05-07 11:43:55 +02:00
Sam
3a06cb461e FEATURE: remove support for legacy auth tokens 2018-05-04 10:12:10 +10:00
Jeff Wong
62a8904729
Feature: Include participants at the bottom of PM emails (#5797) 
* Feature: Include participants at the bottom of PM emails

... as undecorated links.

https://meta.discourse.org/t/email-notification-recipients-unclear-when-pm-is-sent-to-multiple-users/26934/13?u=featheredtoast

Fix: missing translation for PM mentions

* display membership count as `group (count)`
 2018-05-03 15:50:06 -07:00
Joffrey JAFFEUX
980972182f
dashboard next: caching, mobile support and new charts 2018-05-03 15:41:41 +02:00
Sam
a0cd54750c FIX: inline [code] not handled properly 
The text

a
[code]test[/code]

Would eat up the `test` text cause translation from inline to block
for replace rule was not properly handled
 2018-04-26 15:18:22 +10:00
Régis Hanol
ddb092f397 FIX: update mail gem to fix UTF-8 parsing issue 2018-04-25 21:53:37 +02:00
Robin Ward
a5172a37e0 Allow staff members to enable safe mode, even if disabled 2018-04-25 11:49:57 -04:00
Sam
035312d501 FIX: specify path for dosp cookie 2018-04-24 11:07:58 -04:00
Guo Xiang Tan
c148500d51 FIX: Deadlock when topic with auto close topic timers exceeds auto_close_topics_post_count. 2018-04-23 13:34:24 +08:00
Sam
ded84a4b58 PERF: improve performance once logged in rate limiter hits 
If "logged in" is being forced anonymous on certain routes, trigger
the protection for any requests that spend 50ms queueing

This means that ...

1. You need to trip it by having 3 requests take longer than 1 second in 10 second interval
2. Once tripped, if your route is still spending 50m queueuing it will continue to be protected

This means that site will continue to function with almost no delays while it is scaling up to handle the new load
 2018-04-23 11:55:25 +10:00
Neil Lalonde
70f2c5d3fd FEATURE: move staff tags setting to tag group settings 2018-04-20 15:34:23 -04:00
Guo Xiang Tan
98d880b67a Missed a spot in 45fe5dc793 2018-04-20 13:59:19 +08:00
Arpit Jalan
9a912b9b35 fix the build 2018-04-20 00:39:12 +05:30
Arpit Jalan
91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Neil Lalonde
5b93d69939 FIX: error when non-staff user edits their topic after a hidden tag is added to it 2018-04-18 12:51:25 -04:00
Arpit Jalan
c61ce66411 fix the build 2018-04-18 13:38:45 +05:30
Sam
59cd7894d9 FEATURE: if site is under extreme load show anon view 
If a particular path is being hit extremely hard by logged on users,
revert to anonymous cached view.

This will only come into effect if 3 requests queue for longer than 2 seconds
on a *single* path.

This can happen if a URL is shared with the entire forum base and everyone
is logged on
 2018-04-18 16:58:57 +10:00
Arpit Jalan
3566c6f02b FIX: strip emoji string from slug 2018-04-18 11:32:32 +05:30
Neil Lalonde
b87fa6d749 FIX: blacklisted crawlers could get through by omitting the accept header 2018-04-17 12:39:30 -04:00
Régis Hanol
2585ada5ca FIX: don't allow spaces in 'reply_by_email_address' site setting 2018-04-17 17:08:12 +02:00
Sam
9980f18d86 FEATURE: track request queueing as early as possible 2018-04-17 18:06:17 +10:00
Guo Xiang Tan
828bfd9d27 Add specs for c74c933996. 2018-04-17 10:08:39 +08:00
Arpit Jalan
0183656631 FIX: verify filtered tags when checking for category minimum required tags 2018-04-14 23:20:43 +05:30
Régis Hanol
a0a06492d8 FIX: make get_hostname more lenient to user input 2018-04-12 17:09:09 +02:00
Régis Hanol
3c8b43bb01 FIX: non-oneboxed links on separate lines should stay on separate lines 2018-04-11 21:33:45 +02:00
Arpit Jalan
48d43b33cc add client side validation for category minimum_required_tags 2018-04-11 07:17:52 +05:30
Arpit Jalan
9ca6ebe8fe FEATURE: enforce tagging on categories 2018-04-11 07:15:24 +05:30
Joffrey JAFFEUX
45f657336e
FEATURE: adds support for loading existing core asset in pretty text 2018-04-10 08:37:16 +02:00
Neil Lalonde
f6cfff3cea UX: user preferences allows users to choose which title to use from their badges and groups 2018-04-06 14:34:36 -04:00
jose-hms
b87205831b FEATURE: Staged user moderation (#5721) 2018-04-06 11:41:25 +02:00
Gerhard Schlager
f2d00e5eff FEATURE: Use Message-ID for detecting email replies to group 
Ignores the site setting "find_related_post_with_key" and always tries to honor the `In-Reply-To` and `References` header for emails sent to a group.

The senders email address must be included in the `To` or `CC` header of a previous email sent to the group and the `Message-ID` of that email must be included in the current email's `In-Reply-To` or `References` header.
 2018-04-05 11:00:38 +02:00
Arpit Jalan
10759677db FIX: when uploading image newuser restrictions should not apply to staff 2018-04-05 09:51:03 +05:30
Robin Ward
d690ae0281 FIX: Broken specs too. Quotes are fragile! 2018-04-02 14:23:10 -04:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil. 
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
 2018-04-02 13:52:51 +08:00
Neil Lalonde
7311023a52
Merge pull request #5700 from discourse/crawl-block 
FEATURE: control web crawlers access with white/blacklist
 2018-03-27 15:06:03 -04:00
Neil Lalonde
4d12ff2e8a when writing cache, remove elements from the user agents list. also return a message and content type when blocking a crawler. 2018-03-27 13:44:14 -04:00
Gerhard Schlager
fcd352e089 FIX: Try fixing unparsable email addresses 
The mail gem returns `UnstructuredField` when it fails to parse email addresses, but the `Receiver` always expects an `AddressList`.
 2018-03-27 18:28:54 +02:00
Sam
31dea5d5fc correct flaky spec 2018-03-27 17:57:19 +11:00
Gerhard Schlager
b945a2dc39 Call on_drop only when tables/columns are dropped 2018-03-27 13:18:13 +11:00
Gerhard Schlager
4ad401bac5 Ignore delay when first migration was < 10min ago 2018-03-27 13:18:13 +11:00
Gerhard Schlager
cd17f60952 Improve specs for accidental table/column drops and renames 2018-03-27 13:18:13 +11:00
Gerhard Schlager
19c5afc69d Protect against accidental table renames 2018-03-27 13:18:13 +11:00
Neil Lalonde
f2c060bdf2 FEATURE: option for tags in a tag group to be visible only to staff 2018-03-26 17:05:09 -04:00
Robin Ward
f03b6bd8c9 FIX: Update last_version_at when publishing 2018-03-26 16:06:20 -04:00
Robin Ward
d4296f33ff FIX: Publishing should update the public_version too 2018-03-26 15:46:25 -04:00
Robin Ward
2b161a2391 FIX: Don't include shared drafts in global latest 2018-03-26 10:43:55 -04:00
Arpit Jalan
b75b6de982 FIX: respect nofollow settings for onebox links 2018-03-26 18:21:16 +05:30
Neil Lalonde
a84bb81ab5 only applies to get html requests 2018-03-22 17:57:44 -04:00
Neil Lalonde
ced7e9a691 FEATURE: control which web crawlers can access using a whitelist or blacklist 2018-03-22 15:41:02 -04:00
Gerhard Schlager
eebe1d8c56 Allow delayed dropping and renaming of tables 2018-03-21 12:05:12 +01:00
Sam
6a3c8fe69c FEATURE: protect against accidental column or table drops 
Often we need to amend our schema, it is tempting to use
drop_table, rename_column and drop_column to amned schema
trouble though is that existing code that is running in production
can depend on the existance of previous schema leading to application
breaking until new code base is deployed.

The commit enforces new rules to ensure we can never drop tables or
columns in migrations and instead use Migration::ColumnDropper and
Migration::TableDropper to defer drop the db objects
 2018-03-21 15:43:32 +11:00
Robin Ward
b9abd7dc9e FEATURE: Shared Drafts 
This feature can be enabled by choosing a destination for the
`shared drafts category` site setting.

* Staff members can create shared drafts, choosing a destination
category for the topic when it is published.

* Shared Drafts can be viewed in their category, or above the
topic list for the destination category where it will end up.

* When the shared draft is ready, it can be published to the
appropriate category by clicking a button on the topic view.

* When published, Drafts change their timestamps to the current
time, and any edits to the original post are removed.
 2018-03-20 17:15:26 -04:00
Vinoth Kannan
c5d26992d4 Prefer to use primary email for new user creation over other available emails 2018-03-19 17:10:35 +05:30
Guo Xiang Tan
ec57ca54b5 FEATURE: Admins should be able to view PMs of any group. 2018-03-19 14:12:01 +08:00
Guo Xiang Tan
7fad30dacc Refactor test case. 2018-03-19 13:39:29 +08:00
Guo Xiang Tan
aa91bd61a7 Improve specs for TopicQuery#list_group_topics. 2018-03-16 16:18:26 +08:00
Vinoth Kannan
58bb3967e5 SECURITY: Oneboxer should escape the URL before processing 2018-03-15 19:57:55 +05:30
Guo Xiang Tan
a35227918f UX: Display group topics in a topic list. 2018-03-15 11:37:55 +08:00
Robin Ward
135195363b FIX: Not logging old post contents properly 2018-03-14 15:01:36 -04:00
Neil Lalonde
58508e553d FIX: tag input should not include tags you've already chosen in the search results 2018-03-13 17:17:16 -04:00
Robin Ward
31a0c4a9be FEATURE: Add quote-modified class if a quote has been modified 2018-03-13 13:41:06 -04:00
Robin Ward
65ac80b014 FEATURE: Log Staff edits in Staff Action Logs 
Why? Some edits by staff are not tracked. For example, during the grace
period, or via the flags/silence dialog.

If a staff member is editing someone else's post, it now goes into the
Staff Action Logs so it can be audited by other staff members.
 2018-03-12 13:51:40 -04:00
Gerhard Schlager
d243b82fb3 FIX: Calculation of text length for <details> in excerpt was wrong 2018-03-12 16:55:23 +01:00
Sam
758b9a7dda FEATURE: prototype of local theme directory watcher 
(note this will be documented a bit late)
 2018-03-12 18:36:06 +11:00
Arpit Jalan
f862122978 FIX: do not log personal message view if there exists a similar log in previous hour 2018-03-11 09:23:32 +05:30
Sam
5b6e49ae1d FEATURE: split out max diff to 2 settings 
We trust staff + tl2 and up to perform edits in grace period.
Allow them significantly more edit room in grace period prior to storing
a revision.

editing_grace_period_max_diff_high_trust applies to users with tl2 and up.

So

tl0 / 1 : we store an extra revision if more than 100 chars change
tl2 and up : we store an extra revision if more than 400 chars change

We may tweak these numbers as we go.
 2018-03-09 11:58:50 +11:00
Arpit Jalan
a8149f8969 FIX: user should not be able to invite to PM if trust level requirment not met 
FIX: when personal messages are disabled let user invite to a public topic
 2018-03-08 14:59:04 +05:30
Sam
e162cd16b6 FEATURE: editing_grace_period_max_diff to force revisions in grace period 
If a user performs a substantive edit of 20 chars or more during grace period
we will store a revision to track the change

This allows for better auditing of changes that happen during the grace period
 2018-03-07 18:34:34 +11:00
Sam
f0d5f83424 FEATURE: limit assets less that non asset paths 
By default assets can be requested up to 200 times per 10 seconds
from the app, this includes CSS and avatars
 2018-03-06 15:20:39 +11:00
Robin Ward
17a615165c FIX: Don't lock wiki posts when they're edited 2018-03-05 14:50:06 -05:00
Arpit Jalan
003b03d939 allow staff to delete user if posts are 5 or less irrespective of delete_user_max_post_age 2018-03-05 23:31:29 +05:30
Joffrey JAFFEUX
ce1994beea FIX: do not treat :: as a valid emoji 2018-03-05 15:35:24 +01:00
OsamaSayegh
282f53f0cd FEATURE: Theme settings (2) (#5611) 
Allows theme authors to specify custom theme settings for the theme. 

Centralizes the theme/site settings into a single construct
 2018-03-04 19:04:23 -05:00
Robin Ward
cd6c5fc5fb FIX: Disable "Make Personal Message" if they are disabled 2018-03-02 20:28:39 -05:00
Robin Ward
730201d423 New interface to upsert custom fields 2018-03-02 12:45:52 -05:00
Régis Hanol
6a78669ca3 FIX: 'reply by email addresses' site settings should allow email addresses without a 'reply_key' when 'find related post with key' is disabled 2018-03-02 17:53:18 +01:00
Sam
d39d2b9352 FEATURE: whitelist data for themes 2018-03-02 14:52:09 +11:00
Guo Xiang Tan
939180efa8 FIX: Missing 2FA guards when sso is enabled or when local login is disabled. 2018-03-02 10:39:10 +08:00
Guo Xiang Tan
4f301905b6 Make rubocop happy. 2018-03-02 10:15:53 +08:00
Robin Ward
b3883f5c32 FIX: Don't lock a post on edit unless the raw changes 2018-03-01 20:40:19 -05:00
Sam
75172024ca SECURITY: ensure users have permission when moving categories 2018-03-02 12:13:27 +11:00
Guo Xiang Tan
81ca3677f7 Add guard for nil in our RateLimiter. 2018-03-01 13:20:42 +08:00
Guo Xiang Tan
5d9f9c2614 FIX: RateLimiter max of zero or less should raise rate limit exceeded. 2018-03-01 13:14:46 +08:00
Guo Xiang Tan
e7a7356986 Remove ancient votes code that is no longer used. 2018-02-28 14:37:22 +08:00
Guo Xiang Tan
902c5d11cf FIX: Don't allow other flag actions after notify_moderator has happened. 
https://meta.discourse.org/t/receiving-sorry-an-error-has-occurred-during-flagging-step-of-discobot-tutorial/77233/5
 2018-02-28 11:27:56 +08:00
Sam
f295a18e94 FIX: stop double counting net calls in logs 2018-02-28 10:45:11 +11:00
Régis Hanol
fd33090646 FEATURE: automatically elides gmail quotes 2018-02-26 23:54:02 +01:00
Régis Hanol
26d5ae61dd FIX: handle <pre> inside <blockquote> in html_to_markdown 2018-02-26 23:28:02 +01:00
Neil Lalonde
3313072957 Remove censored_pattern site setting, which is replaced by watched words 2018-02-26 16:29:27 -05:00
Régis Hanol
3be0294465 FIX: local post onebox was always pointing to 1st post 2018-02-26 16:05:35 +01:00
Régis Hanol
7d7f6faf40 FIX: properly render emojis in local oneboxes 2018-02-26 11:16:53 +01:00
Arpit Jalan
b9a669ba32 FIX: do not log personal message view if user can't see the message 2018-02-25 22:39:25 +05:30
Régis Hanol
0559a4736a FIX: don't double request when downloading a file 2018-02-24 12:35:57 +01:00
Robin Ward
69af881f7f New site setting trusted_users_can_edit_others 
The default is true to keep with previous discourse behavior. If
disabled, high trust level users cannot edit the topics or posts of
other users.
 2018-02-22 20:39:24 -05:00
Guo Xiang Tan
dd26bbe868
Merge pull request #5610 from discourse/pm-tags 
FEATURE: Allow staffs to tag PMs
 2018-02-23 07:07:41 +08:00
Vinoth Kannan
7cbda949f1 REFACTOR: New spec tests and code improvement 2018-02-22 20:27:02 +05:30
Régis Hanol
7a13e50aa6 fix build 2018-02-22 11:17:49 +01:00
Gerhard Schlager
97e19a7d02 Fix the build 2018-02-21 11:26:41 +01:00
Guo Xiang Tan
8964e75ad6
Merge pull request #5612 from discourse/featheredtoast-two-factor-login 
Featheredtoast two factor login
 2018-02-21 15:00:10 +08:00
Guo Xiang Tan
14f3594f9f Review Changes for f4f8a293e7. 2018-02-21 14:55:49 +08:00
Arpit Jalan
94fb8094c6 further optimize spec 
thanks @tgxworld for the review.
 2018-02-21 11:32:40 +05:30
Régis Hanol
0799831dbe FIX: use the avatar of the post rather than the topic in local oneboxes 2018-02-20 19:49:39 +01:00
Arpit Jalan
a4bc54a686 FIX: strip zero width spaces from topic title 2018-02-21 00:12:39 +05:30
Arpit Jalan
ed422285f0 optimize spec 2018-02-20 22:03:13 +05:30
Sam
86d12bd44b FEATURE: search within title using in:title 
Also

- Significantly improved search ranking, title is treated most strongly
- Adds tag names to the index
- Run search re-indexer more aggressively
- Re-index topic and all posts on category change
 2018-02-20 14:41:21 +11:00
Régis Hanol
60ec483caa FIX: include title in local onebox when linking to a different topic 2018-02-19 22:40:14 +01:00
Arpit Jalan
c419c26f56 FEATURE: new site setting 'max_emojis_in_title' 2018-02-19 18:15:26 +05:30
Gerhard Schlager
b6277e208b FIX: Cookies header didn't have the right format 2018-02-19 12:46:57 +01:00
Régis Hanol
61930e092a FIX: support incoming emails with just an attachment 2018-02-16 18:14:56 +01:00
Sam
94b2c70c0d PERF: remove oga gem 
oga gem is automatically required by the aws gem
the oga gem retains about 1mb of memory, aws now uses nokogiri

This also removes the html normalize from the pretty text specs that was
a fair bit buggy as the polls test shows.
 2018-02-15 14:36:40 +11:00
Robin Ward
b4aa0b096e FIX: Couldn't like staff when allow_flagging_staff was set 2018-02-14 15:46:04 -05:00
Sam
f028ffaf29 SECURITY: correct local onebox category checks 
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
 2018-02-14 10:40:46 +11:00
Erick Guan
03b3e57a44 FEATURE: login by a link from email 
Co-authored-by: tgxworld <tgx@discourse.org>
 2018-02-13 16:14:39 +08:00
Robin Ward
4dfe659189 Rename allow staff flags to allow flagging staff 2018-02-12 15:27:26 -05:00
Robin Ward
6287631745 FEATURE: New site setting, allow staff flags, false by default 
For some large communities, it makes sense to disable flagging of
staff posts.
 2018-02-12 14:56:21 -05:00
Robin Ward
dedeb2deb8 FIX: Don't show the link button in the composer if linking is disabled 2018-02-08 12:56:10 -05:00
Robin Ward
1bab15c757 FEATURE: A site setting for a minimum TL to post links 2018-02-06 18:07:58 -05:00
Robin Ward
b2b6dc68a6 FEATURE: a setting to customize the minimum TL to flag a post 2018-02-06 17:12:27 -05:00
Sam Saffron
df8e43abdd use lazy & instead of try 
unregister ip skipper in test
raise if called when a skipper is in play
 2018-02-06 10:38:15 +11:00
Robin Ward
eefd226611 Add extensibility point to request_tracker to skip IP addresses 
This is useful if you want to run a per IP rate limiter but want to be
able to skip some IPs with custom logic.
 2018-02-05 17:49:40 -05:00
Arpit Jalan
7e48c47d37 rename 'enable_private_email_messages' to 'enable_personal_email_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
ff0376a80b rename 'enable_private_messages' to 'enable_personal_messages' 2018-02-01 13:25:29 +05:30
Arpit Jalan
25ec077eca rename 'min_private_message_{post/title}_length' to 'min_personal_message_{post/title}_length' 2018-02-01 13:25:29 +05:30
Sam
ee0d3f15c1 FEATURE: allow better fidelity for auto linkify, disable most tlds based linkify 
New site settings:

enable_markdown_linkify: which is default on, auto links https:// and http:// and mail://

markdown_linkify_tlds: which allows control of what tlds get autolinked for cases such as www.site.com, default is com|net|gov
 2018-02-01 13:22:38 +11:00
Régis Hanol
7d2283167a UX: only crops images taller than 18:9 instead of 16:9 2018-01-31 22:31:16 +01:00
Régis Hanol
b2f18fc98f FIX: system user edits should not generate notifications 2018-01-30 22:21:07 +01:00
Maja Komel
018cb7f36b add a custom user onebox (#5542) 
* add custom user onebox

* add specs
 2018-01-30 11:03:08 +01:00
Maja Komel
330912e1e5 FIX: allowed href scheme link can start with a + (#5537) 
* allowed href scheme link can start with a +

* allow tel:// links only to start with +

* add missing semicolon

* add test
 2018-01-30 11:02:23 +11:00
Sam
f3502853fa correct spec regression 2018-01-30 08:54:37 +11:00
Sam
f946db4afe FIX: inline oneboxer min title length of 2 
also: cache mini onebox misses as well to cut down traffic
 2018-01-30 08:40:04 +11:00
Arpit Jalan
8ab585e25f add more tests for 'log private message views' feature 2018-01-29 13:11:20 +05:30
Sam
fa5880e04f PERF: ability to crawl for titles without extra HEAD req 
Also, introduces a much more aggressive timeout for title crawling
and introduces gzip to body that is crawled
 2018-01-29 15:40:12 +11:00
Arpit Jalan
1f6adbea5c FEATURE: log private message views 2018-01-29 08:08:08 +05:30
Robin Ward
44e2038b53 Setting to automatically lock posts when edited by staff 2018-01-26 14:01:30 -05:00
Robin Ward
6b04967e2f FEATURE: Staff members can lock posts 
Locking a post prevents it from being edited. This is useful if the user
has posted something which has been edited out, and the staff members don't
want them to be able to edit it back in again.
 2018-01-26 14:01:30 -05:00
Arpit Jalan
7b4e6d508b improve reviving_old_topic education message 2018-01-26 00:06:53 +05:30
Gerhard Schlager
eb52c5469e FEATURE: Allow plugins to register a new locale 2018-01-25 14:57:41 +01:00
Gerhard Schlager
ce060e2b86 FIX: Server didn't use default_locale as fallback locale 2018-01-25 14:57:41 +01:00
Sam
adae963751 ensure we do not override charset for content type 2018-01-25 18:43:42 +11:00
Sam
3492a91056 FEATURE: allow site operators to disable emoji shortcuts 2018-01-24 12:21:44 +11:00
Robin Ward
782d75069e FIX: UX improvements for system messages when PMs are disabled 2018-01-23 13:12:11 -05:00
Robin Ward
17ebfd1715 FIX: Don't show suggested messages if private messages are disabled 2018-01-23 12:05:44 -05:00
Régis Hanol
cbb321658f FIX: support for generating excerpt when nesting <details> blocks 2018-01-22 19:17:35 +01:00
Sam
f26ff290c3 FEATURE: Shorten setting name to max_reqs 
So it is consistent with other settings
 2018-01-22 13:18:30 +11:00
Sam
fc36f095a7 FIX: ensure proper header transfer (except for cache control) 
allows discourse special headers to be visible on hijacked reqs
 2018-01-21 14:26:42 +11:00
Sam
12872d03be PERF: run post timings in background 
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
 2018-01-19 08:27:29 +11:00
Gerhard Schlager
2a22b90538 SECURITY: email domain whitelist could be bypassed 2018-01-17 21:45:32 +01:00
Robin Ward
34ed6088b9 FEATURE: New modal to show flags received for a user 2018-01-17 15:08:08 -05:00
Arpit Jalan
e04fb9a877 fix the build 2018-01-17 12:57:33 +05:30
Arpit Jalan
79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Arpit Jalan
1208254961 FIX: validate presence of 'top menu' setting 2018-01-17 01:43:53 +05:30
Sam
d7657d8e47 correct specs, ensure crawler layout only applies to html 2018-01-16 16:28:11 +11:00
Sam
7b562d2f46 FEATURE: much improved and simplified crawler detection 
- phase one does it match 'trident|webkit|gecko|chrome|safari|msie|opera'
    yes- well it is possibly a browser

- phase two does it match 'rss|bot|spider|crawler|facebook|archive|wayback|ping|monitor'
    probably a crawler then

Based off: https://gist.github.com/SamSaffron/6cfad7ea3e6df321ffb7a84f93720a53
 2018-01-16 15:41:45 +11:00
Sam
215c0d5569 FEATURE: allow system api to target users via external id or user id 
usage ?api_key=XYZ&api_user_external_id=ABC
usage ?api_key=XYZ&api_user_id=123
 2018-01-12 17:40:18 +11:00
Vinoth Kannan
988b13ac77 FIX: GitHub auth always asking to verify email for new users (#5487) 2018-01-12 15:17:29 +11:00
Gerhard Schlager
9f7ae908d8 Add specs to check email domain whitelist/blacklist for To and Cc 2018-01-10 16:57:26 +01:00
Sam
cecd7d0d07 FEATURE: global rate limiter can bypass local IPs 2018-01-08 08:39:17 +11:00
Gerhard Schlager
f086d28b30 FIX: Do not validate messages sent to mailing list mirror 2018-01-05 11:21:53 +01:00
Gerhard Schlager
e0d73a957d FEATURE: Allow posting via email to read-only mailing list mirror category 2018-01-05 11:21:53 +01:00
Gerhard Schlager
d7cd7e4dc7 FIX: Never mark emails sent to mailing list mirror as auto-generated 2018-01-05 11:21:53 +01:00
Gerhard Schlager
ceb7590bcb FIX: bounced email can contain multiple status codes 2018-01-03 17:59:20 +01:00
Guo Xiang Tan
805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid 
Treat non-ascii URLs in `UrlValidator`.
 2017-12-27 14:14:20 +08:00
Sam
a9e2fc59c4 FIX: [constructor] bbcode would cause markdown crash 2017-12-27 16:11:30 +11:00
Arpit Jalan
ef4c6c67ba fix the build 2017-12-23 14:42:40 +05:30
Arpit Jalan
0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Régis Hanol
d6b22e6cc1 FIX: whitelist oneboxed iframes 2017-12-23 01:56:33 +01:00
Guo Xiang Tan
4b51871f6a Treat non-ascii URLs in UrlValidator. 2017-12-21 14:22:55 +08:00
Guo Xiang Tan
6ecf37c482 Improve URL validation to check for a valid host. 
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:

URI.parse("http://https://google.com")
=> #<URI::HTTP http://https//google.com>
 2017-12-21 13:50:15 +08:00
Robin Ward
21e1b05c7e FIX: Don't disable details when below truncate limit 2017-12-20 15:45:00 -05:00
Robin Ward
a0aca83c12 FIX: Broken spec 2017-12-19 17:55:41 -05:00
Robin Ward
b3fda0ea86 FIX: details tags broke excerpts 2017-12-19 17:28:55 -05:00
Sam
57a1190b07 FIX: correct issue with search omitting words with multiple dots 
Previously we used to break up words with dots incorrectly leading to
missing search terms
 2017-12-19 16:04:24 +11:00
Sam
81b3a4a3da improve spec 2017-12-15 11:42:51 +11:00
Guo Xiang Tan
f2565f6c7e SECURITY: Any group can be invited into a PM. 2017-12-14 14:57:48 +08:00
Sam
67aecff59c FEATURE: store twitter supplied email for auditing 2017-12-14 15:54:32 +11:00
Gerhard Schlager
e30851e45a Move escape_uri method to a more suitable place 2017-12-12 20:17:46 +01:00
Guo Xiang Tan
6ade508f39 FIX: Prevent 'rack.input' missing error. 2017-12-12 16:40:35 +08:00
Arpit Jalan
ff6dda85b7 FIX: replace curly quotes to regular quotes in search terms 2017-12-12 11:17:28 +05:30
Sam
4986ebcf24 FEATURE: optional default off global per ip rate limiter 2017-12-11 17:52:57 +11:00
Sam
68d3c2c74f FEATURE: add global rate limiter for admin api 60 per minute 
Also move configuration of admin and user api rate limiting into global
settings. This is not intended to be configurable per site
 2017-12-11 11:07:22 +11:00
Sam
90a55d6f7c FIX: handle CORS in hijacked requests 2017-12-07 10:31:04 +11:00
Gerhard Schlager
16738cfb1b FEATURE: convert plain text emails to markdown 2017-12-06 01:47:51 +01:00
Kyle Zhao
5f318a5241 FEATURE: Replace SimpleRSS with Ruby RSS module (#5311) 
* SPEC: PollFeedJob parsing atom feed

* add FeedItemAccessor

It is to provide a consistent interface to access a feed item's tag
content.

* add FeedElementInstaller

to install non-standard and non-namespaced feed elements

* FEATURE: replace SimpleRSS with Ruby RSS module

* get FinalDestination and download with Excon

* support namespaced element with FeedElementInstaller
 2017-12-06 10:45:09 +11:00
Sam
995bf3c84e correct spec on Ruby 2.3 2017-12-05 07:04:41 +11:00
Sam
5a9622163d FIX: regression around rate limiter 2017-12-04 21:44:16 +11:00
Sam
dd70ef3abf Revert "Revert "PERF: improve speed of rate limiter"" 
This reverts commit 2373d85239.
 2017-12-04 21:23:11 +11:00
Sam
2373d85239 Revert "PERF: improve speed of rate limiter" 
This reverts commit a9bcdd7f27.
 2017-12-04 21:19:28 +11:00
Sam
d041377ccf correct test that does not work with discobot 2017-12-04 18:20:05 +11:00
Sam
a9bcdd7f27 PERF: improve speed of rate limiter 
Also

- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime
 2017-12-04 18:17:30 +11:00
Guo Xiang Tan
b18cc81609 Make rubocop happy. 2017-12-04 10:55:31 +08:00
Guo Xiang Tan
22140efa70 Tests are still leaking connection after skipping. 
* Could be in the setup.
 2017-12-04 10:46:30 +08:00
Guo Xiang Tan
4c8402c50f Skip test that is leaking connections. 2017-12-04 09:26:51 +08:00
Vinoth Kannan
7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00