Sam Saffron
f09ca88c47
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:09:55 -04:00
Sam Saffron
e5c6d0ea65
SECURITY: do not send push notifications to suspended users
2017-04-05 08:29:43 -04:00
Guo Xiang Tan
db41af1c3c
SECURITY: CSRF vulnerabilities in Admin::BackupsController
.
2017-03-23 10:42:21 +08:00
Robin Ward
c14d98354b
SECURITY: Don't use backticks for exporting your archive
2017-03-16 16:27:52 -04:00
Sam
0f6a2b912a
SECURITY: always allow staff to resend activation mails
2017-03-13 10:33:21 -04:00
Guo Xiang Tan
1c44c87945
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:57:21 +08:00
Guo Xiang Tan
8c5e13afd6
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 20:57:17 +08:00
Guo Xiang Tan
395f43d92f
FIX: Don't mark user as active
if verified email is different.
2017-03-13 20:57:02 +08:00
Robin Ward
2c9a43e4fd
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
.
2017-02-27 13:37:08 -05:00
Guo Xiang Tan
415bad645e
FIX: Mobile topic timeline broken on Chrome 56.
...
* See https://developers.google.com/web/updates/2017/01/scrolling-intervention .
From Chrome 56 onwards, `touchstart` event listeners are treated as passive
by default which does not call `preventDefault` resulting in the page
scrolling when topic timeline handle is being dragged.
2017-02-27 13:21:41 +08:00
Guo Xiang Tan
5cd680b0be
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 15:40:31 +08:00
Guo Xiang Tan
465660bdfc
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit d1091f7f57
.
2017-02-24 15:39:56 +08:00
Guo Xiang Tan
d1091f7f57
SECURITY: Ensure that user has been authenticated.
2017-02-24 11:46:59 +08:00
Sam
47b9eb6dbb
new: server plugin outlet for indexable robots.txt
2017-02-13 14:05:08 -05:00
Sam
1d3f04d4bb
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:48 -05:00
Sam
5fc70471be
UX: less restrictive selector to allow for plugin outlets
...
Currently plugin outlets in LIs will generate a wrapping SPAN,
this makes an allowence in core for nave extenstions (like solved does)
2017-02-02 12:18:22 -05:00
Régis Hanol
f49c9f6c43
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:58:04 +01:00
Robin Ward
8f34c2332d
Version bump to v1.7.1
2017-01-13 11:08:58 -05:00
Guo Xiang Tan
0f574f641e
UX: Truncate topic link title/URL on desktop to prevent overflow.
2017-01-12 12:24:39 +08:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Jeff Atwood
240c4870cf
FIX: add noopener to website field in user profile
2017-01-11 15:38:37 -08:00
Régis Hanol
887e9af84f
FEATURE: new 'max_image_megapixels' site setting
2017-01-11 23:37:12 +01:00
Robin Ward
6c3426d266
Let's not notify for trust levels on Staff, either
2017-01-11 11:25:04 -05:00
Arpit Jalan
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
Guo Xiang Tan
d6bf5b0e78
Use any
orientation for web app manifest.
2017-01-11 17:32:24 +08:00
Guo Xiang Tan
1758af9a1d
FIX: Perform emoji unescape for topic titles in quotes.
2017-01-11 17:23:13 +08:00
Guo Xiang Tan
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
Guo Xiang Tan
77045eb1f1
Merge pull request #4644 from olach/tab-size
...
Display tabs with smaller widths for code blocks
2017-01-11 14:49:16 +08:00
Neil Lalonde
98bd58df61
Don't show email of deleted users in staff action logs
2017-01-10 17:25:36 -05:00
Neil Lalonde
fc0a0a76a4
Add more info in staff action logs for blocking a user, and add logging for lock trust level, activate, and deactive user
2017-01-10 17:25:36 -05:00
Robin Ward
7341b0d03c
Don't give notifications to admins for trust level notifications
2017-01-10 12:18:48 -05:00
Ola Christensson
82fab2343f
Display tabs with smaller widths for code blocks
...
The default browser behavior is a tab width of 8 characters. This changes the width to 4 characters.
2017-01-10 10:06:53 +01:00
Robin Ward
b60bc47a4c
Plugins can register providers for global settings
2017-01-09 17:18:58 -05:00
Neil Lalonde
d9146de080
FIX: an image can be shown twice in summary emails
2017-01-09 13:27:43 -05:00
Guo Xiang Tan
3d21ccd4a5
FIX: Add validation to disallow censored words in topic title.
2017-01-09 16:55:41 +08:00
Guo Xiang Tan
cbc6aee137
UX: Display large numbers with delimiters.
2017-01-09 15:56:02 +08:00
Guo Xiang Tan
aa9ac0d8b2
Make eslint happy.
2017-01-09 13:59:00 +08:00
Guo Xiang Tan
fed7218deb
UX: Observe changes to plugin to hide/show plugin admin link without refresh.
2017-01-09 13:56:15 +08:00
Guo Xiang Tan
e721e31699
FIX: Login modal on mobile does not submit on enter.
2017-01-09 13:20:53 +08:00
Guo Xiang Tan
98df6db0eb
FIX: Respect site setting to hide username in mailing list summary.
2017-01-09 12:18:30 +08:00
Guo Xiang Tan
4a7d6ea751
Make eslint happy.
2017-01-09 11:24:55 +08:00
Guo Xiang Tan
c260a4e34d
FIX: Can't add categories when creating a new web hook.
2017-01-09 11:22:35 +08:00
Neil Lalonde
be2fa971df
Merge master
2017-01-06 15:56:48 -05:00
Arpit Jalan
c834d591a3
use Ember.set() to set the dasherized_name
property
2017-01-06 23:13:31 +05:30
Robin Ward
1b92d44fb2
FIX: A component referenced the controller
2017-01-06 10:45:48 -05:00
Guo Xiang Tan
389e1d0bd5
Add acceptance JS tests for group membership button.
2017-01-06 11:56:10 +08:00
Guo Xiang Tan
a4e7657bbf
FIX: Missing action to show login modal on group page.
2017-01-06 11:40:32 +08:00
Guo Xiang Tan
68300f515c
FIX: Return 404 if id is not valid.
2017-01-06 10:39:44 +08:00
Guo Xiang Tan
d10fe51b72
Fix broken specs since all urls will be oneboxed.
2017-01-06 10:05:51 +08:00
Neil Lalonde
685e6bdbab
FIX: tags canonical url can raise error or be wrong
2017-01-05 15:17:23 -05:00