Commit Graph

2779 Commits

Author SHA1 Message Date
Jarek Radosz
d407bcab36 FIX: Correctly escape category description text (#8107)
* FIX: Correctly escape category description text

This bug has been introduced in db14e10943.

* Remove unnecessary `html_safe`

`Theme.lookup_field` already returns html-safe strings: 7ad338e3e6/app/models/theme.rb (L237-L242)

* Rename `description` where it's acutally `descriptionText`
2019-10-01 12:04:39 -04:00
Daniel Waterworth
7f8cdea924 FIX: Cleanup DiscoursePluginRegistry state after tests that use it
This was causing some heisentests
2019-09-20 13:32:54 +01:00
Penar Musaraj
c6cfbebf1f
FIX: ignore min_trust_to_send_messages when messaging groups (#8104)
This means that TL0 users can message groups with "Who can message this
group?" set to "Everyone".

It also means that members of a group with "Who can message this
group?" set to "members, moderators and admins" can also message the
group, even when their trust level is below min_trust_to_send_messages.
2019-09-18 15:23:13 -04:00
Penar Musaraj
3debdc8131 SECURITY: XSS when oneboxing user profile location field
The XSS here is only possible if CSP is disabled. Low impact since CSP is enabled by default in SiteSettings.
2019-09-17 16:12:50 -04:00
David Taylor
081c36a459 FIX: Do not include theme variables in plugin SCSS, and fix register_css 2019-09-17 09:54:52 +01:00
Roman Rizzi
568232052e
DEV: Remove FlagQuery class and old code (#8064) 2019-09-12 13:21:33 -03:00
David Taylor
67a98946b8 FIX: Do not log 'pull_hotlinked_images' edits in the staff action log 2019-09-12 15:55:45 +01:00
Krzysztof Kotlarek
32b8a2ccff DEV: Upgrade Discourse to Rails 6 (#8083)
* Adjustments to pass specs on Rails 6.0.0
* Use classic autoloader instead of Zeitwerk
* Update Rails 6.0.0 deprecated methods
* Rails 6.0.0 not allowing column with integer name
* Drop freedom_patches/rails6.rb
* Default value for trigger_transactional_callbacks? is true
* Bump rspec-rails version to 4.0.0.beta2
2019-09-12 10:41:50 +10:00
Robin Ward
ddd45d1419 FIX: Broken spec 2019-09-09 15:07:40 -04:00
Rimian Perkins
6bbd83067d FEATURE: New post editing period for >= tl2 users (#8070)
* FEATURE: Add tl2 threshold for editing new posts

* Adds a new setting and for tl2 editing posts (30 days same as old value)
* Sets the tl0/tl1 editing period as 1 day

* FIX: Spec uses wrong setting

* Fix site setting on guardian spec

* FIX: post editing period specs

* Avoid shared examples
* Use update_columns to avoid callbacks on user during tests
2019-09-06 07:44:12 -04:00
Sam Saffron
ed00f35306 FEATURE: improve performance of anonymous cache
This commit introduces 2 features:

1. DISCOURSE_COMPRESS_ANON_CACHE (true|false, default false): this allows
you to optionally compress the anon cache body entries in Redis, can be
useful for high load sites with Redis that lives on a separate server to
to webs

2. DISCOURSE_ANON_CACHE_STORE_THRESHOLD (default 2), only pop entries into
redis if we observe them more than N times. This avoids situations where
a crawler can walk a big pile of topics and store them all in Redis never
to be used. Our default anon cache time for topics is only 60 seconds. Anon
cache is in place to avoid the "slashdot" effect where a single topic is
hit by 100s of people in one minute.
2019-09-04 17:18:32 +10:00
Sam Saffron
dc9110cc43 FEATURE: track date api key was last used
Start tracking the date an api key was last used. This has already been
the case for user_api_keys.

This information can provide us with the ability to automatically expire
unused api keys after N days.
2019-09-03 18:11:30 +10:00
Sam Saffron
b9954b53bb FIX: report cached controller and action to loggers
Previously we would treat all cached hits in anon cache as "other"

This hinders analysis of cache performance and makes logging inaccurate
2019-09-03 10:55:16 +10:00
Sam Saffron
08743e8ac0 FEATURE: anon cache reports data to loggers
This allows custom plugins such as prometheus exporter to log how many
requests are stored in the anon cache vs used by the anon cache.

This metric allows us to fine tune cache behaviors
2019-09-02 18:45:35 +10:00
David Taylor
be96c4478e
FEATURE: Login with Discord (#8053)
This migrates the functionality of discourse-plugin-discord-auth into core. 

The plugin will automatically disable itself when core is updated: fd0867844d

For setup instructions, visit https://meta.discourse.org/t/configuring-discord-login-for-discourse/127129
2019-08-30 10:54:19 +01:00
Sam Saffron
e9cf0de588 FEATURE: do not replace ↔ with an emoji
↔ technically can be an emoji, but usually will not be used in that way
2019-08-30 15:06:23 +10:00
Régis Hanol
00dbc260d3 FIX: ensure avatar sizes are integers 2019-08-27 17:03:20 +02:00
Roman Rizzi
7c741fa0d6
FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025)
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""

This reverts commit 36425eb9f0.

* Fix: Show who read only if the attribute is enabled

* PERF: Precalculate the last post  readed by a group member

* Use book-reader icon instear of far-eye

* FIX: update topic groups correctly

* DEV: Tidy up read indicator update on write
2019-08-27 09:09:00 -03:00
Sam Saffron
bd5fa1737d FIX: add_to_serializer not correctly accounting for inheritance chains
This is a very long standing bug we had, if a plugin attempted to amend a
serializer core was not "correcting" the situation for all descendant classes
this often only showed up in production cause production eager loads serializers
prior to plugins amending them.

This is a critical fix for various plugins
2019-08-27 18:21:53 +10:00
Sam Saffron
7fe6d295b8 DEV: correct regression in registry test suite
Previously we started with a non blank registry, new code blanks it out
so we need to check for nils
2019-08-22 16:22:52 +10:00
Vinoth Kannan
1c79a6cc3a SPEC: fix the discourse_plugin_registry spec.
41f22946c3
2019-08-22 11:02:18 +05:30
Vinoth Kannan
5bd6b70d98
DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
romanrizzi
36425eb9f0 Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)"
This reverts commit 5dda5c2f7c.
2019-08-20 13:29:22 -03:00
Roman Rizzi
5dda5c2f7c
FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"

This reverts commit 67f5cc1ce8.

* FIX: Read indicator only appears when the group setting is enabled
2019-08-20 11:57:25 -03:00
romanrizzi
67f5cc1ce8 Revert "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 1630dae2db.
2019-08-20 10:24:34 -03:00
Roman Rizzi
1630dae2db
FEATURE: Publish read state on group messages. (#7989)
* Enable or disable read state based on group attribute

* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post

* The option can be enabled/disabled from the UI

* The read indicator will live-updated using message bus

* Show read indicator on every post

* The read indicator now shows read count and can be expanded to see user avatars

* Read count gets updated everytime someone reads a message

* Simplify topic-list read indicator logic

* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
2019-08-20 09:46:57 -03:00
Vinoth Kannan
88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
David Taylor
5755d3886f FIX: Do not raise exception if the authenticator email is missing
Followup to 296cdc53ee
2019-08-14 12:08:59 +01:00
Blake Erickson
296cdc53ee FIX: Downcase email coming back from auth-provider 2019-08-13 10:53:50 -06:00
Vinoth Kannan
9919ee1900 FIX: remove the tmp inventory files after the s3 uploads check. 2019-08-13 11:52:57 +05:30
Dan Ungureanu
2a98becfde
FIX: Do not create a double like notification. (#7999)
When a user liked, unliked and liked again the same post, the poster
would receive a notification such as "X and X liked ...". This happened
because PostActionNotifier.post_action_created was called twice.
2019-08-12 16:22:46 +03:00
Gerhard Schlager
e4f14ca3d7 FIX: Disallow user self-delete when user posted in PMs
All posts created by the user are counted unless they are deleted,
belong to a PM sent between a non-human user and the user or belong
to a PM created by the user which doesn't have any other recipients.

It also makes the guardian prevent self-deletes when SSO is enabled.
2019-08-10 12:30:16 +02:00
Gerhard Schlager
74d78e3636 FIX: Drop readonly function when dropping table 2019-08-09 11:39:46 +02:00
Bianca Nenciu
7c83d2eeb2 FIX: Award 'First Onebox' badge just for Oneboxed URLs. (#7974) 2019-08-08 18:45:18 +02:00
David Taylor
7bd54eaceb
UX: Add login button icon to no_ember page (#7982) 2019-08-08 10:44:04 +01:00
Gerhard Schlager
24877a7b8c FIX: Correctly encode non-ASCII filenames in HTTP header
Backport of fix from Rails 6: 890485cfce
2019-08-07 19:10:50 +02:00
Arpit Jalan
b0e781e2d4 FIX: do not follow redirect on same host with path /login or /session 2019-08-07 16:26:55 +05:30
Leo McArdle
6296ae3d31 FEATURE: add setting to show content of forwarded emails in topics (#7935) 2019-08-07 12:32:19 +02:00
Joffrey JAFFEUX
5d72561f4f
FIX: allows replacement of digits and symbols emojis (#7978) 2019-08-07 11:38:58 +02:00
Daniel Waterworth
4ae8065f2c
DEV: Default to skipping creating a topic when fabricating categories (#7976)
This speeds up the test suite by 9%
2019-08-06 11:26:54 +01:00
Daniel Waterworth
9bb15efca7 DEV: Minor test clarification
Replace `(0...3)` for with `3.times`.
2019-08-05 12:16:44 +01:00
David Taylor
39e0442de9 FIX: Various watched words improvements
- Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback)
- Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins
- Censor tests are moved to ruby, to ensure everything works end-to-end
- If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
2019-08-02 15:29:12 +01:00
Daniel Waterworth
b76a1df27d FIX: Don't reuse redis connections in different threads in tests
Redis connections aren't threadsafe since they have state, (watched
keys).
2019-08-01 09:51:22 +01:00
Daniel Waterworth
20bc4a38a5
FIX: DistributedMutex (#7953) 2019-08-01 09:12:05 +01:00
David Taylor
933d279811
FIX: Support multi-file stylesheets in theme components (#7950) 2019-07-29 10:28:24 +01:00
Gerhard Schlager
fd12c414e7 DEV: Refactor helper methods for upload markdown
Follow-up to a61ff167
2019-07-25 16:36:35 +02:00
Gerhard Schlager
7e0eeed292 FEATURE: Add attachments to outgoing emails
This feature is off by default and can can be configured with the `email_total_attachment_size_limit_kb` site setting.

Co-authored-by: Maja Komel <maja.komel@gmail.com>
2019-07-25 15:57:45 +02:00
romanrizzi
c4be8541f6 FIX: use uniq instead of uniq! when checking for uncompressed root path. Use rails naming convention for ZipUtils 2019-07-23 07:57:50 -03:00
Osama Sayegh
5fc5a7f5ae FEATURE: Add search operator to see all direct messages from a user (#7913)
* FEATURE: Add search operator to see all direct messages from a user

* Only show message if related messages >= 5

* Make "all messages" the hyperlink

* Review
2019-07-22 10:55:49 -04:00
Robin Ward
e47e0af123
FEATURE: Allow viewing of raw emails for reviewable queued posts (#7910)
If a post arrives via email but must be reviewed, we now show an
icon that can be clicked to view the raw contents of the email.

This is useful if Discourse's email parser is acting odd and the user
reviewing the post wants to know what the original contents were before
approving/rejecting the post.
2019-07-19 11:56:14 -04:00