Commit Graph

4144 Commits

Author SHA1 Message Date
Sam
9c91e68351 PERF: remove image optimization throttling from Sidekiq
Previously we only allowed one image optimization per machine, this meant there
was cross talk between avatar resizing and Sidekiq. This could lead to large
amounts of starvation when optimized image version changed which in turn could
block the Sidekiq queue.

This increases amount of allowed load on machines but this is preferable to
having crosstalk between avatar resizing and Sidekiq.
2019-01-04 18:44:44 +11:00
Vinoth Kannan
75dbb98cca FEATURE: Add S3 etag value to uploads table (#6795) 2019-01-04 14:16:22 +08:00
Sam
8b7a2d1cb7 FEATURE: add setting to bypass sending redis CLIENT commands
Some cloud providers (Google Memorystore) do not support any CLIENT commands

By setting :id to nil in the redis config hash we can avoid these commands.

This adds a special global setting GCE users can enable:
`DISCOURSE_REDIS_SKIP_CLIENT_COMMANDS = true`
2019-01-04 15:08:33 +11:00
Sam
70269c7c97 FEATURE: tighter limits on per cluster post rebakes
We have the periodical job that regularly will rebake old posts. This is
used to trickle in update to cooked markdown. The problem is that each rebake
can issue multiple background jobs (post process and pull hotlinked images)

Previously we had no per-cluster limit so cluster running 100s of sites could
flood the sidekiq queue with rebake related jobs.

New system introduces a hard limit of 300 rebakes per 15 minutes across a
cluster to ensure the sidekiq job is not dominated by this.

We also reduced `rebake_old_posts_count` to 80, which is a safer default.
2019-01-04 09:24:46 +11:00
Arpit Jalan
d1597683f3 Revert "FIX: trim trailing slash from topic links"
This reverts commit 993f847a2c.

There is an edge case where the link click redirect fails when the URL has trailing slash. Need to figure out a better fix for this.
2019-01-03 17:29:22 +05:30
Arpit Jalan
993f847a2c FIX: trim trailing slash from topic links 2019-01-03 12:38:36 +05:30
Sam
570877da3c FEATURE: store thumbnail algorithm version in optimized image table
Previously we had no idea what algorithm generated thumbnails, this starts tracking the version.

We also bumped up the version to force all optimized images to be generated. This is important cause we recently introduced pngquant which results in much smaller images.
2019-01-03 17:07:30 +11:00
Gerhard Schlager
e8053d6e7d FIX: Polls didn't work in imported posts
Imports skip validation of posts, but polls are only created during the validation phase.
2019-01-02 15:26:57 +01:00
Sam
766e67ce57 FEATURE: introduce lossy color optimization on resized pngs
This feature ensures optimized images run via pngquant, this results extreme amounts of savings for resized images. Effectively the only impact is that the color palette on small resized images is reduced to 256.

To ensure safety we only apply this optimisation to images smaller than 500k.

This commit also makes a bunch of image specs less fragile.
2019-01-02 17:20:02 +11:00
Arpit Jalan
70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Joffrey JAFFEUX
f1269fa807
FEATURE: Add Top Uploads report (#6825)
Co-Authored-By: I am very Pro-Grammer. <khalilovcmded@users.noreply.github.com>
2018-12-28 20:48:54 +01:00
Vinoth Kannan
2b006c0429 FEATURE: Invalidate broken images cache on Rebuild HTML action 2018-12-26 23:22:07 +05:30
Régis Hanol
5381096bfd PERF: new 'migrate_to_s3' rake task 2018-12-26 17:34:49 +01:00
Sam Saffron
303a535dba PERF: automatic upload size calculation not persisted
Previously if upload had missing width and height we would calculate
on first use BUT we (me) forgot to save this to the database

This was particularly bad on home page cause category images (when old)
miss dimensions.
2018-12-26 17:19:29 +02:00
Joffrey JAFFEUX
f637286db5
UX: improves flags-status report (#6773)
- link to post
- cover more post action types
2018-12-26 10:29:33 +01:00
Joffrey JAFFEUX
0402f0f357
UX: new site setting to define activity metrics displayed on dashboard 2018-12-26 10:29:07 +01:00
Kyle Zhao
61dcd7c52c FIX: validate YAML before save to avoid race condition 2018-12-25 15:08:17 +02:00
Vinoth Kannan
a16bb32865 FIX: Do not raise error if most liked user is deleted 2018-12-25 01:04:55 +05:30
Gerhard Schlager
126be6c478 FIX: Resetting bump date shouldn't fail when first post is hidden 2018-12-21 17:43:52 +01:00
David Taylor
7feabd9e49 PERF: Eradicate N+1 queries from the theme admin page 2018-12-21 11:03:58 +02:00
Vinoth Kannan
2909e7fbdf FIX: Subfolder path is missing in category permalinks after slug update 2018-12-21 09:29:54 +05:30
Arpit Jalan
bb67ca9d21 FIX: use correct post object when logging exception 2018-12-19 22:17:37 +05:30
Bianca Nenciu
2eefe6d5d6 FIX: Use CDN for logos and icons. (#6698) 2018-12-19 10:20:48 +01:00
Vinoth Kannan
9c6f77f9da DEV: Remove the unique_searches column from select query 2018-12-19 02:45:48 +05:30
Robin Ward
6080e3a2c0 FIX: Broken spec 2018-12-18 14:55:09 -05:00
Robin Ward
662cfc416b FEATURE: Show a blurry preview when lazy loading images
This generates a 10x10 PNG thumbnail for each lightboxed image.
If Image Lazy Loading is enabled (IntersectionObserver API) then
we'll load the low res version when offscreen. As the image scrolls
in we'll swap it for the high res version.

We use a WeakMap to track the old image attributes. It's much less
memory than storing them as `data-*` attributes and swapping them
back and forth all the time.
2018-12-19 01:57:30 +08:00
Robin Ward
e593d68beb Use an options hash instead of boolean parameters 2018-12-19 01:57:30 +08:00
Vinoth Kannan
341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column (#6791) 2018-12-18 19:13:46 +05:30
Maja Komel
98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
Bianca Nenciu
1023003eba FIX: Strip remote url before import. (#6762) 2018-12-17 15:27:49 +01:00
Gerhard Schlager
1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Guo Xiang Tan
c0aae16f6b FIX: Clear anon cache when disabling readonly mode.
`SiteSerializer#is_readonly` is cached for an anonymous user so we have
to clear the cache when disabling readonly mode. Otherwise, the site may
appear to be in readonly mode for an extended period of time.
2018-12-17 17:27:44 +08:00
Neil Lalonde
ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
David Taylor
1960236822
FIX: Suspicious login detection (#6772) 2018-12-14 16:30:34 +00:00
Joffrey JAFFEUX
03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel
9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Sam
7ee9a6a7ec SECURITY: do not delete avatars uploads when deleting accounts
We rely on the clean up uploads job to do this safely
2018-12-13 16:26:07 +11:00
Gerhard Schlager
688755baf2 DEV: Improve specs and handle invalid email token
Follow-up to 7977b09025
2018-12-11 18:04:10 +01:00
David Taylor
3fedb2ad20 DEV: Style and performance improvements
Follow-up from 9db8291
2018-12-11 09:58:20 +00:00
Sam
671469bcc7 FIX: URLs containing two # would fail to work
Some URLs in browsers are non compliant and contain twos `#` this commit adds
special handling for this edge case by auto encoding any fragments containing `#`
2018-12-11 18:03:13 +11:00
Gerhard Schlager
7977b09025 FEATURE: Activate users invited via email when invite is redeemed
Do not send an activation email to users invited via email. They
already confirmed their email address by clicking the invite link.
Users invited via link will need to confirm their email address before
they can login.
2018-12-11 00:09:53 +01:00
David Taylor
9db829134c
FIX: Use database to persist metadata during social registration (#6750)
Previously was using the cookie_store, which is limited to 4kb. This caused issues for providers sending large volumes of metadata about a user.
2018-12-10 15:10:06 +00:00
David Taylor
160d29b18a
REFACTOR: Migrate TwitterAuthenticator to use ManagedAuthenticator (#6739)
No changes to functionality. TwitterAuthenticator goes from 136 lines to 24, and all twitter-specific logic elsewhere has been deleted 🎉
2018-12-07 15:39:06 +00:00
Saurabh Patel
9e3143445b DEV:add uploaded_meta option in category for category meta image (#6724) 2018-12-07 16:24:07 +01:00
Guo Xiang Tan
dcf9c6da59 DEV: Don't publish post messages to non-human users. 2018-12-06 08:24:13 +08:00
Régis Hanol
aea2d8bbeb FIX: properly secure poll message bus
Co-authored-by: Sam <sam.saffron@gmail.com>
2018-12-05 21:27:49 +01:00
David Taylor
a1d9aeda8b REFACTOR: split TopicLink#extract_from into multiple methods
Also rename some confusing variables
2018-12-05 18:54:30 +01:00
David Taylor
37249c9a32 FIX: Do not reset link counts when post is rebaked
This was an indentation mistake introduced in 44eba0b. Pretty understandable, considering we are indented 8 levels deep in this method. Will follow-up with a refactor to improve this.
2018-12-05 18:54:30 +01:00
Guo Xiang Tan
978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Vinoth Kannan
57ba4b7cb2
DEV: remove unnecessary safe nav operators (#6730) 2018-12-05 20:07:18 +05:30
Vinoth Kannan
fb78414229 Add missing safe navigation operator 2018-12-05 16:23:43 +05:30
Vinoth Kannan
d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Régis Hanol
3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Sam
aa97f6fdba FEATURE: disable notifications for small actions that are whispers
Previously we would notify on small actions if they were whispers
this inconsistently lead to all sorts of problems including

- collapsed "N replies" after assign
- empty push notifications

New behavior adds an api to explicitly send push notifications as well
if needed: create_notification_alert
2018-12-04 17:54:42 +11:00
David Taylor
9248ad1905 DEV: Enable Style/SingleLineMethods and Style/Semicolon in Rubocop (#6717) 2018-12-04 11:48:13 +08:00
Penar Musaraj
f8e6a37858 FIX: raise exception when getting dimensions of missing image
- follow-up on 0eacd45ab1
2018-12-03 10:19:49 -05:00
Guo Xiang Tan
125bb46052 Remove unused constant in the codebase. 2018-12-03 11:04:47 +08:00
Sam
236c755d62 FIX: do not store key tracking last seen time indefinitely
UserStat has some special logic to keep adding time read if repeat calls
are made in intervals less than 100 seconds. This is called regularly
when we update read timings on a topic.

We only need to cache this key in redis for 100 seconds, however previously
we would keep it forever, 1 key per user. This has potential of bloating
a very large amount of keys for no longer active users in redis.
2018-12-03 08:35:26 +11:00
Kyle Zhao
488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
David Taylor
208005f9c9 REFACTOR: Migrate FacebookAuthenticator to use ManagedAuthenticator
Changes to functionality
  - Removed syncing of user metadata including gender, location etc.
    These are no longer available to standard Facebook applications.
  - Removed the remote 'revoke' functionality. No other providers have
    it, and it does not appear to be standard practice in other apps.
  - The 'facebook_no_email' event is no longer logged. The system can
    cope fine with a missing email address.

Data is migrated to the new user_associated_accounts table.
facebook_user_infos can be dropped once we are confident the data has
been migrated successfully.
2018-11-30 11:18:11 +00:00
David Taylor
534e1b1b18 DEV: Introduce Auth::ManagedAuthenticator
A generic implementation of Auth::Authenticator which stores data in the
new UserAssociatedAccount model. This should help significantly reduce the duplicated
logic across different auth providers.
2018-11-30 11:18:11 +00:00
Penar Musaraj
0eacd45ab1 FIX: refactor ImageSizer.resize
reverts 140d9c2
2018-11-29 15:28:45 -05:00
Penar Musaraj
140d9c2910 FIX: call ImageSizer only if width/height are available 2018-11-29 15:03:02 -05:00
Penar Musaraj
03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Bianca Nenciu
172b3bf4d3 FIX: Fix broken theme field URLs. (#6622) 2018-11-23 16:11:05 +01:00
Guo Xiang Tan
3f636b2d19 FIX: Check whether group is mentionable by user when cooking post. 2018-11-22 16:16:33 +08:00
Saurabh Patel
d984323e23 FEATURE: Show change name of user in staff logs (#6647)
https://meta.discourse.org/t/admins-changing-users-name-not-username-should-be-logged/99511
2018-11-22 10:13:02 +08:00
Joffrey JAFFEUX
e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Joffrey JAFFEUX
078705bcc0
minor refactoring (#6615) 2018-11-15 21:41:05 +01:00
Joffrey JAFFEUX
761003c8bd
FIX: makes sure an hex is always at 6 chars (#6608)
eg: #aaa should be converted to #aaaaaa
2018-11-15 00:52:47 +01:00
Maja Komel
c701036034 FIX: reset bump date resets bumped_at to the last regular post in topic (#6605) 2018-11-14 18:56:22 +01:00
Régis Hanol
c78dcde973 FIX: only send originalText when we need to 2018-11-14 17:47:59 +01:00
Bianca Nenciu
fce0a0ccc8 FEATURE: Compute distance between logins to generate login alerts. (#6562) 2018-11-14 13:26:47 +01:00
Guo Xiang Tan
2220345a8b Fix the build. 2018-11-14 17:32:32 +08:00
Guo Xiang Tan
72370b9c36 Add deprecation warnings for url based site settings. 2018-11-14 16:09:26 +08:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
David Taylor
17bc82765b FEATURE: Log password changes in UserHistory (#6600) 2018-11-14 08:32:42 +08:00
Kyle Zhao
38a9bc740d FIX: change title when primary group changes (#6602) 2018-11-14 08:28:41 +08:00
Sam
80ceb57c76 DEV: add API endpoint to destroy_timings only of last post
Previously API only allowed you to nuke all timings from a topic,
new API is less punishing and allows you just to remove 1 post.
2018-11-13 16:07:48 +11:00
Robin Ward
0cb33d2b52 UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio" 2018-11-12 16:23:37 -05:00
David Taylor
d89ffbeffd
FEATURE: Add button to delete unused tags (#6587)
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Bianca Nenciu
5af9a69a3b FIX: Do not check for suspicious login when impersonating. (#6534)
* FIX: Do not check for suspicious login when impersonating.

* DEV: Add 'impersonate' parameter to log_on_user.
2018-11-12 15:34:12 +01:00
Maja Komel
012da86a07 FIX user directory time period count (#6586) 2018-11-12 15:30:05 +01:00
Sam
d1684a1652 PERF: avoid left joins and distinct on posts_for query
Previously this was extremely expensive due to the `distict` and
`left join` clauses, this eliminates it and makes query much faster
2018-11-12 13:26:41 +11:00
David Taylor
c3c9299c44 FIX: Improve performance for Group.posts_for (#6588) 2018-11-12 08:44:20 +08:00
Joffrey JAFFEUX
f8838ac9cd
FIX: fix/removes broken elements of old dashboard 2018-11-09 17:18:19 +01:00
Gerhard Schlager
24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Sam
42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj
005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Sam
0a442e319c FIX: correct svg handling for images
We regressed and optimized images no longer worked with svg

The following adds the correct logic to simply copy file for svgs
and bypasses resizing for svg avatars
2018-11-07 15:29:26 +11:00
Guo Xiang Tan
7534042427 DEV: Update annotations. 2018-11-07 11:11:19 +08:00
Bianca Nenciu
2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Joffrey JAFFEUX
8067f8a32c
FIX: disables dates filtering on most_disagreed_flags report (#6556) 2018-11-02 14:42:52 +01:00
Joffrey JAFFEUX
4e0f033fae
FEATURE: adds ignored flags to most_disagreed_flags report (#6554) 2018-11-02 11:08:00 +01:00
Kyle Zhao
f9b36820ef
FIX: only extract script tags with certain types (#6553)
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
2018-11-01 16:01:46 -04:00
Robin Ward
ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam
23423ba112 correct spec and error reporting
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Bianca Nenciu
e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
Penar Musaraj
ed9c21e42c FEATURE: hide muted categories from /categories list (#6531) 2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Bianca Nenciu
6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Jeff Wong
0ead513fb0 PERF: remove total unread notifications from message bus (#6529) 2018-10-25 12:14:34 +11:00
Sam
5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Sam
e605542c4e PERF: limit unread count to 99 in the blue circle
This safeguard is in place to avoid very expensive queries on the server
side
2018-10-24 11:53:28 +11:00
Sam
b74dd7d379 FIX: stop logging every 404 error when searching for gravatars 2018-10-23 11:43:14 +11:00
Bianca Nenciu
b69652278f FEATURE: Add Wiki Editor badge. (#6511) 2018-10-19 15:30:27 +02:00
Joffrey JAFFEUX
5f86564da1
FEATURE: adds latest to user-api-key session scope 2018-10-19 09:54:06 +02:00
Sam
9bfc939692 cleanup so gravatar download failures are consistent
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Robin Ward
f0af61da41
FIX: User AvatarLookup for looking up avatar details (#6508)
This allows plugins with their own avatar logic to work in the user
summary sections.
2018-10-18 15:49:34 -04:00
Régis Hanol
3973823a33 FIX: always update 'last_gravatar_download_attempt' when updating gravatar 2018-10-18 11:02:54 +02:00
Kyle Zhao
0f1afad6da FIX: extracted theme JavaScripts for multisite (#6502)
* FIX: extracted theme javascripts for multisite

* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Guo Xiang Tan
22408f93c9 FIX: Wrap custom fields database statements in a transaction.
Kind of strange that we don't do it because a database statement
may fail and leave us in a weird state.
2018-10-18 12:23:04 +08:00
Guo Xiang Tan
44eba0bb60 FIX: Don't rescue PG::UniqueViolation within a transaction.
Also acquire a transaction per link instead of failing when
any of the links can't be processed.

This prevents ActiveRecord from rolling back the transaction
and the next SQL statement sent to PG will fail. This is
however hard to test as it only happens when there are
two competing process trying to process this method at the
same time.
2018-10-18 10:54:30 +08:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Sam
19d7543004 FIX: clear color scheme cache when clearing theme cache 2018-10-16 12:00:46 +11:00
Kyle Zhao
99d1ded3b3
rename route /javascripts to /theme-javascripts (#6495) 2018-10-15 11:32:52 -04:00
Joffrey JAFFEUX
f6eff38c0e
FEATURE: adds list#(unread|new) to user api key routes (#6494) 2018-10-15 15:48:35 +02:00
Kyle Zhao
6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan
84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Neil Lalonde
12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Vinoth Kannan
6a444eee56
Merge pull request #6476 from vinothkannans/tl4-flag
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:13:26 +05:30
Vinoth Kannan
227a49bb32 FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user 2018-10-11 17:11:46 +05:30
Jeff Wong
b5b382dcd6 Feature: add boxes with subcategories option for desktop categories page (#6471)
* Feature: add boxes with subcategories option for desktop categories page

* only add subclass div when subclasses exist
2018-10-11 15:59:37 +08:00
Guo Xiang Tan
3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager
c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Guo Xiang Tan
ae6a5419e0 DEV: Report the backtrace as well. 2018-10-10 17:43:42 +08:00
Erin Kosewic
51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Jeff Wong
e55f220b33 add category style boxes with featured topics option 2018-10-08 16:19:54 -07:00
Gerhard Schlager
eb3ed7f6fd Add missing annotations 2018-10-08 18:01:21 +02:00
David Taylor
9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Vinoth Kannan
8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Penar Musaraj
34516c72bd
FIX: Recover public actions (likes) when recovering a post (#6412) 2018-10-02 11:25:08 -04:00
Joffrey JAFFEUX
a515ba8612 FIX: corrects typo and adds a spec for likes report (#6439)
* FIX: corrects typo and adds a spec for likes report

* save!
2018-10-02 02:27:43 -07:00
Maja Komel
1add11d8c9 FIX: don't send multiple requests when changing category notification (#6435) 2018-10-01 23:41:23 +08:00
David Taylor
19c9a6699a FIX: Validate auto_close_hours category setting
This prevents server errors when the value is set too high
2018-09-26 16:04:49 +01:00
David Taylor
84f5448a92
FEATURE: Display trust level descriptions in site settings (#6421) 2018-09-21 15:10:38 +01:00
Kyle Zhao
e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Arpit Jalan
3e17ef0507
Merge pull request #6414 from techAPJ/user-field-unique-key
FEATURE: add external details to user fields
2018-09-20 22:29:39 +05:30
Sam
df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Guo Xiang Tan
195bd02fce FIX: Avoid race condition when enqueuing job. 2018-09-20 11:24:01 +08:00
Arpit Jalan
72be638728 FEATURE: add external details to user fields 2018-09-20 08:10:51 +05:30
Sam
e0e6dae6a7 minor cleanup to previous commit from code review 2018-09-19 16:07:29 +10:00
Sam
5302709343 FIX: in redis readonly raise an exception from DistributedMutex
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
2018-09-19 15:50:58 +10:00
Guo Xiang Tan
4a92c5b2d6 UploadRecovery should recover attachments too. 2018-09-19 10:44:36 +08:00
Vinoth Kannan
9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Sam
7d6b348d0b SECURITY: correct XSS on long topic titles 2018-09-18 08:54:44 +10:00
Kyle Zhao
6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Sam
33541c4096 FEATURE: unconditionally omit no-follow for staff
Previously TL2 and below staff would have links
no-followed which was never intended
2018-09-17 12:02:20 +10:00
Joffrey JAFFEUX
e51c676135 refactors trending search report to use SearchLog 2018-09-17 10:19:40 +10:00
OsamaSayegh
5625461c05 clear error if you can contact theme repo again 2018-09-17 09:49:53 +10:00
OsamaSayegh
c7d81e2682 FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard 2018-09-17 09:49:53 +10:00
Sam
419b14e58b FIX: correctly keep stylesheet cache entries
The intent from day one was to keep MAX_TO_KEEP stylesheets per target
however the DELETE statement did not perform target filtering

This meant we often deleted the wrong stylesheets from the cache
2018-09-14 12:54:11 +10:00
Joffrey JAFFEUX
a6502ce879
FIX: ensures errors in report initialization fail nicely (#6392) 2018-09-13 17:36:55 +02:00
Joffrey JAFFEUX
18fcd483f2
FIX: ensures we have a color for reports (#6396) 2018-09-13 17:36:39 +02:00
Joffrey JAFFEUX
7bf8b0d305
FIX: treats users_(by_type|tl) as other reports (#6391) 2018-09-13 17:35:54 +02:00
Arpit Jalan
d288462abf
Merge pull request #6393 from techAPJ/bad-json
FIX: ignore and log bad json values for custom fields
2018-09-13 15:54:01 +05:30
Arpit Jalan
e364547ff7 FIX: ignore and log bad json values for custom fields 2018-09-13 14:26:30 +05:30
Guo Xiang Tan
529e4018f0 DEV: Avoid using send and make the method public instead. 2018-09-13 16:34:32 +08:00
Guo Xiang Tan
3884e99e88 Add extra protection in Upload#get_from_url.
In case the extension goes missing from the URL.
2018-09-12 00:12:14 -07:00
Guo Xiang Tan
b3469bea2d FIX: Uploads not being linked correctly to posts.
Regression due to 1f636c445b.
2018-09-11 23:50:23 -07:00
Sam
d1984a0b4d FIX: display a correct error when attempting to agree on a deferred flag
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.

This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Guo Xiang Tan
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
Guo Xiang Tan
e1b16e445e Rename FileHelper.is_image? -> FileHelper.is_supported_image?. 2018-09-12 09:22:28 +08:00
Osama Sayegh
16bd3f2cf2 FIX: use current user color scheme when filling theme-color attribute (#6384)
* FIX: use current user color scheme when filling `meta` attribute `theme-color`

* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Sam
e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Guo Xiang Tan
04d26c65e2 Refactor Upload.get_from_url to check length of sha1. 2018-09-10 10:10:39 +08:00
Gerhard Schlager
797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
Guo Xiang Tan
1f636c445b PERF: Add fast path to find uploads before resorting to LIKE query.
For a normal upload url

Before

```
Warming up --------------------------------------
                       264.000  i/100ms
Calculating -------------------------------------
                          2.754k (± 8.4%) i/s -     13.728k in   5.022066s
```

After

```
Warming up --------------------------------------
                       341.000  i/100ms
Calculating -------------------------------------
                          3.435k (±11.6%) i/s -     17.050k in   5.045676s
```
2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5 Always link post to uploads in post process.
The operation is cheap anyway so no point skipping.
2018-09-06 14:08:03 +08:00
Guo Xiang Tan
434035f167 FIX: Link post to uploads in PostCreator.
* This ensures that uploads are linked to their post on creation
  instead of a background job which may be delayed if Sidekiq
  is facing difficulties.
2018-09-06 11:18:11 +08:00
Joffrey JAFFEUX
e59622f2ba
FIX: deactivate chart trends for now (#6364) 2018-09-05 23:33:29 +02:00
David Taylor
4382fb5fac DEV: Allow plugins to whitelist specific user custom_fields for editing (#6358) 2018-09-04 20:45:36 +10:00
Sam
ad70502ab8 FIX: ignore invalid usernames in incoming link tracker
If an incoming link username has NULL in it simply ignore it
2018-09-04 12:28:32 +10:00
Guo Xiang Tan
8dc1463ab3 Enable Lint/ShadowingOuterLocalVariable for Rubocop. 2018-09-04 10:16:42 +08:00
Bianca Nenciu
931cffcebe FEATURE: Let users see their user auth tokens. (#6313) 2018-08-31 10:18:06 +02:00
Sam
e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
Joffrey JAFFEUX
bb93179609
FEATURE: charts will now use tertiary color (#6342) 2018-08-30 14:56:11 +02:00
David Taylor
f0abb4d09a FIX: Allow user actions to be saved even if the post has nil user
This issue made it impossible to delete users if they had flagged a post with nil user
2018-08-30 01:03:32 +01:00
Sam
e6970151a6 FEATURE: allow specifying locale via SSO
Use:

locale
locale_force_update

To force user locale on users where SiteSetting.allow_user_locale is enabled

Note: If an invalid locale is specified no action will occur
2018-08-30 09:58:03 +10:00
Kyle Zhao
e25a6e085e FIX: drop title updates through RSS feeds
can create an update loop
2018-08-28 16:25:04 +10:00
Sam
9ab1fb7dfc FEATURE: correctly store width and height on uploads
Previously we used width and height for thumbnails, new code ensures

1. We auto correct width and height
2. We added extra columns for thumbnail_width and height, this is determined
 by actual upload and no longer passed in as a side effect
3. Optimized Image now stores filesize which can be used for analysis, decisions

Also

- fixes Android image manifest as a side effect
- fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 12:59:22 +10:00
Joffrey JAFFEUX
c8ffe0fda3
FIX: term should be handled as text (#6321) 2018-08-27 11:58:46 +02:00
Raul Tambre
2271918be2 FEATURE: Use S3 dualstack endpoints
Allows S3 without a CDN to serve images from dualstack domains that also support ipv6
2018-08-27 11:22:46 +10:00
Kris
faf09bb8c8 Replacing default brown category color 2018-08-24 14:18:14 -04:00
Guo Xiang Tan
932195d828 DEV: Update test case for TopicEmbed. 2018-08-24 09:42:12 +08:00
Guo Xiang Tan
1ba24496ab
Merge pull request #6261 from xrav3nz/fix/topic-embed-import-updates
FIX: update TopicEmbed's title and user correctly
2018-08-24 09:32:03 +08:00
Osama Sayegh
e0cc29d658 FEATURE: themes and components split
* FEATURE: themes and components split

* two seperate methods to switch theme type

* use strict equality operator
2018-08-24 11:30:00 +10:00
Gerhard Schlager
409ee66839 Add optional "ignore_case" parameter to posts:remap rake task 2018-08-23 14:49:17 +02:00
Gerhard Schlager
3d176d9984 Add missing copy 2018-08-23 09:44:15 +02:00
Guo Xiang Tan
72ed6ae951 Raise an error if update fails. 2018-08-23 15:40:21 +08:00
Osama Sayegh
2711f173dc FIX: don't allow inviting more than max_allowed_message_recipients
* FIX: don't allow inviting more than `max_allowed_message_recipients` setting allows

* add specs for guardian

* user preferences for auto track shouldn't be applicable to PMs (it auto watches on visit)

Execlude PMs from "Automatically track topics I enter..." and "When I post in a topic, set that topic to..." user preferences

* groups take only 1 slot in PM

* just return if topic is a PM
2018-08-23 14:36:49 +10:00
Joffrey JAFFEUX
c08dea386b
FIX: better handling of no prev30Days (#6301) 2018-08-22 18:00:11 +02:00
Régis Hanol
f01169d6ff FIX: don't send email when the post was deleted 2018-08-22 13:13:58 +02:00
Kyle Zhao
baf413d527 FIX: update TopicEmbed's title and user correctly 2018-08-21 18:31:01 +08:00
Guo Xiang Tan
7c69fa8cfd PERF: Memoize SkippedEmailLog.reason_types. 2018-08-21 10:25:06 +08:00
Bianca Nenciu
860c1c3dcd FEATURE: Automatically expire keys if not used for a configurable amount of time. (#6264) 2018-08-20 17:36:14 +02:00
Gerhard Schlager
14af90df5b UX: Stop putting usernames in edit reason when changing post owner 2018-08-20 12:28:04 +02:00
Sam
8b5e42ea16 FIX: always test and coerce to image on upload
In the past the filename of the origin was used as the source
for the extension of the file when optimizing on upload.

We now use the actual calculated extension based on upload data.
2018-08-20 12:18:59 +10:00
Joffrey JAFFEUX
37d4f27c44
FIX: quality/bugfix dashboard/reports pass (#6283) 2018-08-17 16:19:25 +02:00
Sam
9628c3cf97 FEATURE: automatically correct extension for bad uploads
This fixes with post thumbnails on the fly
2018-08-17 14:00:27 +10:00
Régis Hanol
93201d8dbe FIX: don't trigger 'flag_reviewed' when no flags were reviewed 2018-08-16 18:11:29 +02:00
Joffrey JAFFEUX
3fbf7b164d
FEATURE: emoji 11.0 "recently added" update (#6275)
Adds support for emojis in the http://www.unicode.org/emoji/charts-11.0/emoji-released.html list
2018-08-16 11:59:45 +02:00
Sam
f62073a22a correct regression uploading images 2018-08-16 18:49:08 +10:00
Sam
796164b58c FIX: automatically correct bad avatars on access
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
Sam
243fc9d0f9 FIX: refreshing auto groups when min_username_length is long 2018-08-15 16:59:56 +10:00
Sam
33b5cc6bbd FIX: Add gif to list of allowed decoders 2018-08-15 13:56:57 +10:00
Sam
cf788582cc DEV: split optimize image failure warnings in logs 2018-08-15 13:27:24 +10:00
Gerhard Schlager
c358421ca5 FIX: Bulk updating category failed when topic title was too short 2018-08-14 16:37:52 +02:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Sam
83fd308963 FEATURE: group error message regarding image optimization failures 2018-08-13 14:48:25 +10:00
Gerhard Schlager
6d813c2b52 FIX: Importers failed to import avatars 2018-08-12 22:02:17 +02:00
Simon Cossar
093c3510e6 Rework moderators activity query (#6230)
* Order rows in query

* Don't increment revisions when moderator revises their own post
2018-08-10 10:51:31 +10:00
Gerhard Schlager
b9072e8292 FEATURE: Add "Reset Bump Date" action to topic admin wrench (#6246) 2018-08-10 10:51:03 +10:00
Misaka 0x4e21
6db623ef6b UX: Improve category filtering and include subcategories
* category_filtering
  1. report_top_referred_topics
  2. report_top_traffic_sources
  3. report_post_edit
* category_filtering with subcategory topics
  1. report_top_referred_topics
  2. report_top_traffic_sources
  3. report_post_edit
  4. report_posts
  5. report_topics
  6. report_topics_with_no_response
* category_filtering tests (without subcategory topics)
  1. report_posts
  2. report_topics_with_no_response
* subcategory topics tests `in_category_and_subcategories` in `topic_spec.rb`
  1. `in_category_and_subcategories` in `topic_spec.rb`
  2. topics, posts, flags and topics_with_no_response in `report_spec.rb`
2018-08-10 10:50:05 +10:00
Kris
b53d3457c8 updating color scheme attribution 2018-08-08 16:01:21 -04:00
Osama Sayegh
0b7ed8ffaf FEATURE: backend support for user-selectable components
* FEATURE: backend support for user-selectable components

* fix problems with previewing default theme

* rename preview_key => preview_theme_id

* omit default theme from child themes dropdown and try a different fix

* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
David Taylor
aa9a9a5a72 FIX: Include auth_providers for anonymous users when login_required 2018-08-07 09:24:16 +01:00
Joffrey JAFFEUX
7f2f3b8b22
FIX: improves reports resilience (#6239)
This commit makes most of the reports now lazy loaded, and making them benefits from graceful failures.
2018-08-06 16:57:40 -04:00
David Taylor
812add18bd REFACTOR: Serve auth provider information in the site serializer.
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Guo Xiang Tan
4e11811321 FIX: UserAvatar#update_gravatar! does not update User#uploaded_avatar.
https://meta.discourse.org/t/missing-user-profile-pictures/93844/4
2018-08-06 13:29:44 +08:00
Osama Sayegh
18b396ad56 FEATURE: add link to see new commits when updates are available for themes (#6233)
* FEATURE: add link to see new commits when updates are available for themes

* shorten regexp
2018-08-06 15:29:15 +10:00
Régis Hanol
0cd9e2acb9 fix build 2018-08-04 01:56:26 +02:00
Régis Hanol
bf4d98e89d FIX: always store topic links using the upload url 2018-08-04 01:29:32 +02:00
Osama Sayegh
880462a41c FEATURE: display out of date themes on admin dashboard
* FEATURE: disaply out of date themes on admin dashboard

* Update copy
2018-08-03 09:53:48 +10:00
Joffrey JAFFEUX
9073e11943
FIX: improves number/percent support in reports 2018-08-01 18:40:59 -04:00
Penar Musaraj
4a872823e7 Improvements to user drafts (#6226)
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels

* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
Dan Ungureanu
1a0ffc5ace FEATURE: Added method to get multiple values at once from PluginStore. (#6225) 2018-08-01 18:42:40 +02:00
Gerhard Schlager
f4ca105498 FIX: Moving posts to existing topic didn't update topic metadata 2018-08-01 18:05:43 +02:00
Joffrey JAFFEUX
0b9437cee7
FIX: more resilient/consistent dashboard caching (#6223) 2018-08-01 09:45:50 -04:00
Joffrey JAFFEUX
7c7dfa4e5e
FIX: wraps any query with the slow query guard (#6222) 2018-08-01 07:39:57 -04:00
Penar Musaraj
1f45215537 FEATURE: Drafts view in user profile
* add drafts.json endpoint, user profile tab with drafts stream

* improve drafts stream display in user profile

* truncate excerpts in drafts list, better handling for resume draft action

* improve draft stream SQL query, add rspec tests

* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)

* cleanup

* linting fixes

* apply prettier styling to modified files

* add client tests for drafts, includes a fixture for drafts.json

* improvements to code following review

* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix

* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed

* prettier, eslint fixes

* use "username_lower" from users table, added error handling for rejected promises

* adds guardian spec for can_see_drafts, adds improvements following code review

* move DraftsController spec to its own file

* fix failing drafts qunit test, use getOwner instead of deprecated this.container

* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
Joffrey JAFFEUX
5febe71baa
FIX: prevents crash if flagger doesn’t exist (#6219) 2018-07-31 23:48:54 -04:00
Joffrey JAFFEUX
849f0d00f6
FEATURE: adds revision_count to moderators_activity (#6218)
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-31 23:40:45 -04:00
Guo Xiang Tan
919e8db686 FIX: Check for group name availability should skip reserved usernames. 2018-08-01 11:09:33 +08:00
Joffrey JAFFEUX
2b2a506a7b
FIX: makes dashboard more resilient to errors (#6217)
This commit is an attempt to limit cases where the dashboard will generate a full exception page and also make it easier to track the error.
2018-07-31 21:23:28 -04:00
Joffrey JAFFEUX
37252c1a5e
UI: improves dashboard table reports
- support for avatars
- support for topic/post/user type in reports
- improved totals row UI
- minor css tweaks
2018-07-31 17:35:13 -04:00
Neil Lalonde
fd29ecb91a UX: include a flag reason in the post-deleted-by-staff-because-of-flags message 2018-07-30 16:45:46 -04:00
Guo Xiang Tan
87537b679c Drop reply_key, skipped and skipped_reason from email_logs. 2018-07-30 11:39:28 +08:00
Guo Xiang Tan
b94633e844 FIX: FileHelper should prioritize response content-type.
Request to a URL with `.png` extension may return a jpg
instead causing us to attach the wrong extension to an
upload.
2018-07-30 10:54:36 +08:00
Guo Xiang Tan
6f9a91cbd5
Merge pull request #6175 from vinothkannans/post_approval_webhook
FEATURE: Webhook for post approval events
2018-07-27 10:50:49 +08:00
Vinoth Kannan
af5b88f8e2 Rename approval web hook event type to queued post 2018-07-26 10:29:38 +05:30
Guo Xiang Tan
f8b367cc9c Fix the build. 2018-07-26 10:17:51 +08:00
Guo Xiang Tan
30242972d3 Add spec for 4bf3bf6786. 2018-07-26 09:16:14 +08:00
Régis Hanol
f94aeaf6cf SECURITY: force IM decoder based on file extension - part 3 2018-07-25 23:55:06 +02:00
Régis Hanol
800c57c6ab SECURITY: force IM decoder based on file extension - part 2 2018-07-25 23:08:02 +02:00
Régis Hanol
4bf3bf6786 SECURITY: force IM decoder based on file extension 2018-07-25 22:00:04 +02:00
Kris
3fd2571abc Fix typo in color scheme 2018-07-25 15:12:01 -04:00
Vinoth Kannan
5059dad8f0 FEATURE: Webhook for post approval events 2018-07-25 23:43:19 +05:30
David Taylor
0d0d78841b
FIX: Remove plugin.enabled? checks at initialization time (#6166)
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
Joffrey JAFFEUX
578c8e861b
FIX: refreshes disk_space on backup create/destroy (#6169) 2018-07-25 08:26:30 -04:00
Joffrey JAFFEUX
7a3c541077
UX: Preview multiple color schemes in wizard (#6151)
It was a dropdown to provide choices of color schemes,
and only one scheme could be shown.
With this commit, multiple color scheme previews can be displayed on
one page at the same time, making admins choose color schemes more
easily.

Theme preview windows are shrinked.

Imported default color schemes.

Co-Authored-By: Misaka 0x4e21 <misaka4e21@gmail.com>
2018-07-24 09:00:20 -04:00
Guo Xiang Tan
fa19d3a53c
Merge pull request #6108 from discourse/transaction-sidekiq-fix
Fix notifications for topics moved between categories
2018-07-24 17:44:03 +08:00
David Taylor
20a21b1240 Move into MiniSQLMultisiteConnection, and add test for rollback 2018-07-24 09:41:55 +01:00
Guo Xiang Tan
98f84d1a4e Update annotations. 2018-07-24 15:49:55 +08:00
Guo Xiang Tan
7a2bf8e368 Fix invalid query syntax when CategoryCustomField#value is blank. 2018-07-24 14:48:27 +08:00
Guo Xiang Tan
fad9c2b971 PERF: Move EmailLog#reply_key into new post_reply_keys table. 2018-07-24 13:51:53 +08:00
Guo Xiang Tan
ae8b0a517f PERF: Split skipped email logs into a seperate table. 2018-07-24 13:14:37 +08:00
Guo Xiang Tan
9b84e78fdf Update annotations. 2018-07-24 11:14:19 +08:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 (#6099)
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Joffrey JAFFEUX
32062864d3
FIX: removes system from user to user report (#6144) 2018-07-23 10:33:12 -04:00
Vinoth Kannan
84ab825e41
FEATURE: Webhook for user destroyed event (#6124) 2018-07-23 13:19:49 +05:30
Guo Xiang Tan
5c1bd38d84
Merge pull request #6131 from jjaffeux/lazy-load-reports
FIX: lazy load more reports in dashboard
2018-07-21 17:24:17 +08:00
Simon Cossar
d705f859db Exclude System user from post_edits report (#6130) 2018-07-21 11:17:25 +02:00
Joffrey JAFFEUX
1d5096eb46 FIX: lazy load more reports in dashboard 2018-07-20 23:35:53 -04:00
Guo Xiang Tan
7cf6c2825e
Merge pull request #6106 from OsamaSayegh/watch-when-splitting
FIX: topic owner should watch the new topic when moving posts to a new topic
2018-07-20 15:18:59 +08:00
OsamaSayegh
69450750d1 shorter method name and better specs 2018-07-20 10:13:27 +03:00
Joffrey JAFFEUX
64f0cf425b
FIX: removes uncessary reports loading (#6119) 2018-07-19 19:30:13 -04:00
Joffrey JAFFEUX
a0793387cf
FEATURE: differentiates pms in moderators activity report (#6117)
Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 19:29:42 -04:00
Joffrey JAFFEUX
1a78e12f4e
FEATURE: part 2 of dashboard improvements
- moderation tab
- sorting/pagination
- improved third party reports support
- trending charts
- better perf
- many fixes
- refactoring
- new reports

Co-Authored-By: Simon Cossar <scossar@users.noreply.github.com>
2018-07-19 14:33:11 -04:00
Guo Xiang Tan
4765507585 Remove code that is no longer required. 2018-07-19 16:56:53 +08:00
Sam
a755ff7b35 FIX: not checking for 0 correctly
0.blank? == false
2018-07-19 07:45:26 +10:00
Maja Komel
a9ebad3f6c FIX: do not add a moderator post when post is flagged via direct message (#6100) 2018-07-18 23:18:14 +02:00
David Taylor
32db976156 FIX: Stop race condition when topic notification jobs are scheduled during a database transaction
This was not picked up by tests because scheduled jobs are run immediately
and in the current thread (and therefore the current database transaction).

This particular case sometimes occurs inside multiple nested transactions,
so simply moving the offending line outside of the transaction is not enough.

Implemented TransactionHelper, which allows us to use `TransactionHelper.after_commit`
to define code to be run after the current transaction has been committed.
2018-07-18 22:04:43 +01:00
Neil Lalonde
afc94ac9e4 FEATURE: add a Top Categories section to the user summary page, showing the categories in which a user has the most activity 2018-07-18 16:39:16 -04:00
OsamaSayegh
547b571d84 FIX: topic owner should watch the new topic when moving posts to a new topic 2018-07-18 15:23:32 +03:00
Régis Hanol
6d6e026e3c FEATURE: selectable avatars 2018-07-18 12:57:43 +02:00
Guo Xiang Tan
487ef9773f Better logging when optimizing image fails. 2018-07-18 14:11:23 +08:00
Guo Xiang Tan
b068a8a771 Fix the build. 2018-07-18 14:03:27 +08:00
Guo Xiang Tan
be71f9ff82 REFACTOR: Don't load entire AR object just to get a column. 2018-07-18 13:53:57 +08:00
Arpit Jalan
7da22e395b FIX: do not show links with 0 click on topic map 2018-07-18 10:50:01 +05:30
OsamaSayegh
281538ae61 FIX: theme JS should only run when needed global objects exist (#6098) 2018-07-18 15:13:47 +10:00
Guo Xiang Tan
3874d40910 Prepare to drop EmailLog#topic_id. 2018-07-18 10:22:24 +08:00
Sam
5adf5b527d FEATURE: support filter_auto_bump_topics event
Use this event to filter the list of auto bumped topics.

EG:

  on(:filter_auto_bump_topics) do |_category, filters|
    filters.push(->(r) { r.where(<<~SQL)
        NOT EXISTS(
          SELECT 1 FROM topic_custom_fields
          WHERE topic_id = topics.id
          AND name = 'accepted_answer_post_id'
        )
      SQL
    })
  end
2018-07-18 10:56:09 +10:00
Sam
02628883d2 FEATURE: adjust autobump system
- We spread out bumping through the day, if you are bumping
 4 topics then a topic will be bumped every 6 hours

- We add a small, bumping action at the bottom of the post to
 denote a topic got bumped
2018-07-18 10:17:33 +10:00
Guo Xiang Tan
3553375dd2 PERF: Store EmailLog#reply_key as uuid data type. 2018-07-17 17:05:42 +08:00
Guo Xiang Tan
1d74ccaaf8 Add compatibility for ImageMagick7. 2018-07-17 15:50:58 +08:00
Guo Xiang Tan
fe230f29cd Update annotations. 2018-07-17 13:11:45 +08:00
Sam
91266cdabb correct auto bump topic logic 2018-07-17 09:33:33 +10:00
Guo Xiang Tan
c0c263405a
PERF: Store EmailLog#bounce_key as uuid data type. (#6093)
PERF: Store `EmailLog#bounce_key` as `uuid` data type.
2018-07-16 20:05:54 +08:00
Sam
ac0053f491 FEATURE: navigate to first post and auto bump category settings
### navigate_to_first_post_after_read setting for categories

When enabled on categories logged on users will return to OP after
reading the entire category. (useful for documentation categories)

### num_auto_bump_daily

Set a number of topics that will automatically bump daily on a category.

- Every 15 minutes we will check if any category has this setting
- Categories with the setting are shuffled
- We exclude pinned, closed, category description and archived topics
- Maximum of 1 topic for the list of categories is bumped till limit reached per category
- We always try to bump oldest first
- Limit is elastic using a RateLimiter that ensures that we only bump N per day

Also some minor organisation on category settings

Froze strings on category.rb
2018-07-16 18:10:35 +10:00
Guo Xiang Tan
6761f8ecbf PERF: Add missing index on user_id for user_second_factors table. 2018-07-16 14:21:07 +08:00
Guo Xiang Tan
214dac05de Update annotations. 2018-07-16 14:19:07 +08:00
Rishabh
a6c589d882 FEATURE: Add custom S3 Endpoint and DigitalOcean Spaces/Minio support for Backups (#6045)
- Add custom S3 Endpoints and DigitalOcean Spaces support
- Add Minio support using 'force_path_style' option and fix uploads to custom endpoint
2018-07-16 14:44:55 +10:00
Leo McArdle
21ebb1cd54 FEATURE: Secondary emails support. 2018-07-16 11:09:49 +08:00
Guo Xiang Tan
50e59fb9bd Fix the build. 2018-07-16 10:12:19 +08:00
Jay Pfaffman
0ed2834c2d FEATURE: Add users:disable_2factor rake task
https://meta.discourse.org/t/admin-locked-out-of-2fa/92156/2?u=pfaffman
2018-07-16 09:56:55 +08:00
Kyle Zhao
2901691e87 FEATURE: per-category approval settings (#5778)
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
Arpit Jalan
db67c87916 fix purge unactivated users subquery 2018-07-13 07:58:58 +05:30
OsamaSayegh
decf1f27cf FEATURE: Groundwork for user-selectable theme components
* Phase 0 for user-selectable theme components

- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
Sam
574d447254 FIX: don't attempt to bump draft sequence if no editor
Rare case on old installs
2018-07-11 17:06:49 +10:00
Guo Xiang Tan
a17f5052a3 FIX: ignored_columns was called twice. 2018-07-11 09:52:37 +08:00
OsamaSayegh
f2cc05c6c6 FIX: ignore self-quotes from the same post when saving (#6082) 2018-07-10 16:17:28 +08:00
Guo Xiang Tan
5374a0e720 Fix the build. 2018-07-10 09:48:57 +08:00
Jordan Seanor
10bc69a62f FEATURE: Event on topic merge (#6057) 2018-07-10 09:28:57 +08:00
Guo Xiang Tan
96aca6d7e6
Remove legacy vote post action code. (#6009) 2018-07-09 16:54:18 +08:00
Sam
330e848d4a FIX: if s3 set via global setting bypass config check in UI 2018-07-09 15:38:06 +10:00
michael@discoursehosting.com
81188060d6 Add S3 region eu-west-3 (Paris) 2018-07-09 14:18:35 +10:00
Andrew Schleifer
dba22bbde2 rollback changes
This reverts:
* 1baba84c438e "fix s3 subfolders harder"
* ea5e57938edf "fix test for absolute_base_url change"
2018-07-06 17:16:40 -05:00
Andrew Schleifer
52e9f49ec1 fix s3 subfolders harder
specifically, include the folder in absolute_base_url
2018-07-06 16:28:40 -05:00
Maja Komel
18f5f646b1 FEATURE: allow selecting a tag when moving posts to a new topic (#6072) 2018-07-06 18:21:32 +02:00
Guo Xiang Tan
875008522d FIX: Discourse.S3BaseUrl did not account for subfolder bucket names. 2018-07-06 15:53:57 +08:00
Guo Xiang Tan
7163bf9323 FIX: Upload.get_from_url not respective subfolder in s3 bucket names. 2018-07-06 11:37:11 +08:00
Neil Lalonde
eabc8f7fbd
Merge pull request #6023 from misaka4e21/only-staff-can-create-tag
FEATURE: Support disabling tag creation for non-staff users.
2018-07-05 11:12:44 -04:00
Patrick Gansterer
28dd7fb562 FEATURE: Create hidden posts for received spam emails (#6010)
* Add possibility to add hidden posts with PostCreator

* FEATURE: Create hidden posts for received spam emails

Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
2018-07-05 11:07:46 +02:00
Sam
7b26f5086b PERF: we have no use for topic percent rank
Prepare to remove this column
2018-07-05 15:10:19 +10:00
Maja Komel
cb89797e9a FEATURE: shows remaining backup codes in user preferences 2018-07-04 10:45:42 +02:00
Leo McArdle
c3129444ea FIX: allow multiple secondary emails 2018-07-03 18:21:35 +08:00
Arpit Jalan
7550e9ff95 FIX: purge unactivated users with a message from non-human users 2018-06-29 13:03:04 +05:30
hellekin
25cfc98b67 Fix 'asscoiated' typo
I know that **Naming is CRITICAL** and that **Refactoring only NOT welcome**.

But since I spotted this (consistent) typo and the change does not affect any
functionality -- I checked the presence of "asscoiated" in the code base, I
guess the first rule trumps the second one.

It also gave me a false pretext to bypass my reluctance to use Google forms and
sign de CLA. Typos hurt the eye.
2018-06-29 11:10:05 +10:00
Sam
e0bc6590fd minor cleanup 2018-06-29 10:30:22 +10:00
Robin Ward
5d1d7e0e7d PERF: Scanning the id for this is signficantly slower in production 2018-06-28 11:04:40 -04:00
Sam
db14e10943 SECURITY: category badges should HTML escape names 2018-06-28 18:15:07 +10:00
Maja Komel
ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
misaka4e21
47cb46671a FEATURE: Support disabling tag creation for non-staff users. 2018-06-27 07:15:02 +08:00
David Lee
4644d777bd FEATURE: add website field to SSO 2018-06-25 16:09:39 +10:00
Jeff Wong
41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Jeff Wong
bc52bdfa12 Feature: unconditionally consider TL0 users as "first day" users 2018-06-21 10:53:08 -07:00
Guo Xiang Tan
f7d22bad90 FEATURE: Forced summary mode for megalodon topics.
This is mainly done for performance reasons and megalodon
topics are usually a byproduct of imports where site setting
limits are not respected.
2018-06-21 14:00:20 +08:00
Guo Xiang Tan
ac80360bea PERF: Help postgres make use of index in Post.summary. 2018-06-21 13:29:16 +08:00
Guo Xiang Tan
6ddd214476 FIX: Post#summary returning posts from other topics. 2018-06-21 12:00:54 +08:00
Joffrey JAFFEUX
50d11fd582
FIX: improves durability display check 2018-06-20 23:15:11 +02:00
Guo Xiang Tan
0365806b93 FIX: Properly display error when post action fails to create. 2018-06-20 21:20:23 +08:00
Joffrey JAFFEUX
fa43969fe2
FIX: crashes with date conversion in reports 2018-06-20 14:42:15 +02:00
Sam
35e0ccfc84 make linter happy 2018-06-20 18:03:27 +10:00
Sam
cb824a6b33 DEV: remove all calls to SqlBuilder use DB.build instead
This is part of the migration to mini_sql, SqlBuilder.new is being
deprecated and replaced with DB.build
2018-06-20 17:53:49 +10:00
riking
7f37ee9152 SearchLog: fix specs 2018-06-20 10:44:11 +10:00
riking
38a8e52ca4 FIX: Add time retention limit to search logs
3 years is a very conservative limit that allows for a very wide buffer
for year-over-year analysis. The max is set to 5 years because that is
the policy listed for logging in hosted Discourse.
2018-06-20 10:44:11 +10:00
riking
1de0ef137e FIX: SearchLog: Do not store IP of logged in users 2018-06-20 10:44:11 +10:00
Jeff Wong
2ff226e509 FIX: consider staged users mature (no spam checks) after 1 day 2018-06-19 09:41:10 -07:00
Sam
5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Jeff Wong
68e4e6a575 FIX: staged users are still tl0 but do not trigger spam if 1 week old. 2018-06-18 17:20:04 -07:00
Jeff Wong
9e55767f6a FIX: don't punish a user for being previously staged for spam flags. 2018-06-15 12:25:25 -07:00
Régis Hanol
ff06ce4cce fix the build 2018-06-13 23:05:23 +02:00
Régis Hanol
051d1a3c36 PERF: faster Screened IP Address roll up 2018-06-13 22:47:23 +02:00
Robin Ward
fd54c92a52 FEATURE: New site setting, whitelisted_link_domains
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
2018-06-13 16:11:22 -04:00
Maja Komel
6c9190357c fix get from url for external uploads without CDN 2018-06-13 16:21:28 +10:00
riking
94f70c7b5c FIX: TopicViewItem: do not store IP of logged in users 2018-06-12 12:43:56 +10:00
riking
4b2e2ea8ef Change TopicViewItem to allow null IP address 2018-06-12 12:43:56 +10:00
Gerhard Schlager
150ae21489 FEATURE: Log user merge in staff logs 2018-06-11 18:43:56 +02:00