Commit Graph

32813 Commits

Author SHA1 Message Date
Roman Rizzi
d51a9373b4
FIX: Ensure normalized_email gets anonymized (#29720) 2024-11-12 15:41:11 -03:00
Jan Cernik
cd9d0d7c17
SECURITY: add pagination to post replies
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies.

This adds support for pagination to these post replies.

Internal ref t/129773
2024-10-07 11:50:00 +08:00
Ted Johansson
25514419e0
FIX: Fix incorrect check for required custom fields (#28541) (#28939)
This check was checking the wrong scope, causing problems in certain edge conditions, for example:

1. Admin adds an "on signup" field that isn't editable after signup.
2. Admin adds a "for all users" field.
3. User goes and fills up the "for all users" field from 2.
4. User is now stuck on the required fields page without any fields showing.

With this change, we only consider "for all users" fields when asking if required custom fields are filled in.
2024-09-17 13:32:26 +08:00
Bianca Nenciu
15f036bafa
DEV: Migrate notifications#id and related columns to bigint (#28584)
* DEV: Migrate notifications#id to bigint (#28444)

The `notifications.id` column is the most probable column to run out of
values. This is because it is an `int` column that has only 2147483647
values and many notifications are generated on a regular basis in an
active community. This commit migrates the column to `bigint`.

These migrations do not use `ALTER TABLE ... COLUMN ... TYPE` in order
to avoid the `ACCESS EXCLUSIVE` lock on the entire table. Instead, they
create a new `bigint` column, copy the values to the new column and
then sets the new column as primary key.

Related columns (see `user_badges`, `shelved_notifications`) will
be migrated in a follow-up commit.

* DEV: Fix bigint notifications id migration to deal with public schema (#28538)

Follow up to 799a45a291

* DEV: Migrate shelved_notifications#notification_id to bigint (#28549)

DEV: Migrate shelved_notifications#notification_id to bigint

The `notifications.id` has been migrated to `bigint` in previous commit
799a45a291.

* DEV: Fix annotations (#28569)

Follow-up to ec8ba5a0b9

* DEV: Migrate user_badges#notification_id to bigint (#28546)

The `notifications.id` has been migrated to bigint in previous commit
799a45a291. This commit migrates one of
the related columns, `user_badges.notification_id`, to `bigint`.

* DEV: Migrate `User#seen_notification_id` to `bigint` (#28572)

`Notification#id` was migrated to `bigint` in 799a45a291

* DEV: Migrate `Chat::NotificationMention#notification_id` to `bigint` (#28571)

`Notification#id` was migrated to `bigint` in 799a45a291

---------

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-08-29 18:06:55 +03:00
Joffrey JAFFEUX
d3ad2ecda9
FIX: Badge image uploader (#28188) (#28521)
In the formkit conversion in 2ca06ba236
we missed setting a type for the UppyImageUploader for badges. Also,
we were not passing down the `image_url` as form data, so when we used
`data.image` for that field the badge was not updating in the UI after
page loads and the image URL was not loading for preview.

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-08-23 18:08:32 +02:00
Ted Johansson
eaa40bb179
DEV: Allow disabling problem checks programatically (#28440) (#28441)
We need a way to disable certain checks programatically, e.g. on Discourse hosting. This PR adds a configuration option for this, and makes it so that disabled checks aren't run as part of #run_all.
2024-08-20 17:14:46 +02:00
Ted Johansson
9cb28a232e
DEV: Add plugin outlet for below wizard field (#28371) (#28384)
We changed the design of the member access wizard step to use toggle groups instead of switches. To support existing designs for notices, we need another plugin outlet.

Merged in main here. This is a backport to stable.
2024-08-15 09:44:50 +02:00
Loïc Guitaut
c500dbdaaf FIX: Return additional message types properly
Following a recent refactor, some methods from `FlagSettings` have been
renamed (`custom_types` -> `additional_message_types`). The
`PostActionType` model was using `custom_types` but when the renaming
was done, it was renamed to `with_additional_message` instead of
`additional_message_types`, which under the right circumstances will
raise an error.
2024-08-06 16:44:05 +02:00
Penar Musaraj
ac30a798f0
FIX: system badges can be disabled (#28169) (#28171)
A previous commit mistakenly assumed system badges couldn't be disabled.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-31 11:53:38 -04:00
Natalie Tay
188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
Martin Brennan
2d5f323ca3
DEV: Move config area site setting fetch into new controller (#28136)
Followup 4aea12fdcb

In certain config areas (like About) we want to be able
to fetch specific site settings by name. In this case,
sometimes we need to be able to fetch hidden settings,
in cases where a config area is still experimental.

Splitting out a different endpoint for this purpose
allows us to be stricter with what we return for config
areas without affecting the main site settings UI, revealing
hidden settings before they are ready.
2024-07-30 15:41:28 +10:00
Krzysztof Kotlarek
284aa1da22
FIX: addCommunitySectionLink secondary argument (#28135)
`addCommunitySectionLink` API function accepts secondary argument to determine if the link should be added to the primary or secondary (more) section. There was a bug and all links were mounted in the secondary section.
2024-07-30 14:32:07 +10:00
Loïc Guitaut
1f5cbb9a44
DEV: Refactor translation overrides a bit (#28125)
This is a small followup of
https://github.com/discourse/discourse/pull/28037.
2024-07-30 09:56:46 +08:00
Osama Sayegh
e9aa2c96e1
FIX: Add new/missing email templates to the email templates editor (#28075)
We have a dedicated admin page (`/admin/customize/email_templates`) that lets admins customize all emails that Discourse sends to users. The way this page works is that it lists all translations strings that are used for emails, and the list of translation strings is currently hardcoded and hasn't been updated in years. We've had a number of new emails that Discourse sends, so we should add those templates to the list to let admins easily customize those templates.

Meta topic: https://meta.discourse.org/t/3-2-x-still-ignores-some-custom-email-templates/308203.
2024-07-30 00:27:41 +03:00
David Taylor
b44190307f
UX: Avoid header topic-info flicker when using ?page= params (#28117)
In this case, there is no 'nearPost' param in the URL. Instead, the server preloads a post-stream with whichever page of posts is requested. We can check for that situation using `postStream.firstPostPresent`.

Also updates the widget-header version to fetch a value from the service on initial render, instead of relying on the observer triggering.

Followup to bdec564d14
2024-07-29 20:36:23 +01:00
Loïc Guitaut
cfa4f07378 FIX: Don't crash when MF definitions are missing
Currently, if MF definitions are missing (typically because there’s a
compilation error), `I18n.messageFormat` will try to access
`I18n._mfMessages.hasMessage` resulting in a crash that will in turn
crash Ember.

This patch addresses the issue by using the optional chaining operator
making the `I18n.messageFormat` method return a "Missing Key" message.
MF strings won’t be rendered properly, but the site will stay usable.
2024-07-29 18:13:17 +02:00
锦心
319075e4dd
FIX: Ensure JsLocaleHelper to not output deprecated translations (#28037)
* FIX: Ensure JsLocaleHelper to obly outputs up-to-date translations

The old implementation forgot to filter out deprecated
translations, causing these translations to incorrectly override the new
locale in the frontend.

This commit fills in the forgotten where clause, filtering only the
up-to-date part.

Related meta topic: https://meta.discourse.org/t/outdated-translation-replacement-causing-missing-translation/314352
2024-07-29 15:21:25 +08:00
Ted Johansson
3126c50baa
DEV: Update member access wizard step to use toggle group (#28013)
We want to change the design of the "member experience" step of the wizard from using checkbox switches to using radio toggle groups.
2024-07-29 14:07:06 +08:00
Krzysztof Kotlarek
2a9dcade0a
UX: group admin new features by month (#28106)
Display new features grouped by month and show additional information about the version.
2024-07-29 14:20:12 +10:00
dependabot[bot]
22e8970629
Build(deps-dev): Bump @swc/core from 1.7.0 to 1.7.3 (#28111)
Bumps [@swc/core](https://github.com/swc-project/swc) from 1.7.0 to 1.7.3.
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.0...v1.7.3)

---
updated-dependencies:
- dependency-name: "@swc/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:43:48 +08:00
Jarek Radosz
f14cf4f8a9
DEV: Fix random typos (#28103)
July 2024 edition
2024-07-26 23:13:12 +02:00
Jarek Radosz
e627d24c3b
FIX: Bulk (glimmer) topic selection on mobile (#28100)
`/t/-/134051`
2024-07-26 21:16:19 +02:00
marstall
b55f2a6270
needed () to work (#28099) 2024-07-26 14:00:10 -04:00
chapoi
3e6b5a16a6
UX: restyle main nav on mobile (#28094) 2024-07-26 19:54:09 +02:00
David Taylor
d141adb872
FIX: Adjust swc minify options for Safari 15 support (#28098)
By default, the swc minifier seems to unwrap 'unneeded' IIFE. That means it was undoing the 'bugfix' transformation we have for class fields in Safari 15. Disabling the 'inline' and 'reduce_funcs' options seems to stop this behavior.
2024-07-26 17:46:31 +01:00
dependabot[bot]
56ecbcb8c9
Build(deps-dev): Bump ember-test-selectors from 6.0.0 to 7.0.0 (#28092)
Bumps [ember-test-selectors](https://github.com/mainmatter/ember-test-selectors) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/mainmatter/ember-test-selectors/releases)
- [Changelog](https://github.com/mainmatter/ember-test-selectors/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mainmatter/ember-test-selectors/compare/v6.0.0...v7.0.0)

---
updated-dependencies:
- dependency-name: ember-test-selectors
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-26 14:49:45 +02:00
Loïc Guitaut
ebde13a527 WIP: extract outdated/up-to-date logic in model 2024-07-26 12:20:00 +02:00
Loïc Guitaut
53210841c8 FIX: Validate MF strings when adding overrides
Currently, when adding translation overrides, values aren’t validated
for MF strings. This results in being able to add invalid plural keys or
even strings containing invalid syntax.

This patch addresses this issue by compiling the string when saving an
override if the key is detected as an MF one.

If there’s an error from the compiler, it’s added to the model errors,
which in turn is displayed to the user in the admin UI, helping them to
understand what went wrong.
2024-07-26 12:20:00 +02:00
carson chang
f169985fce
UX: Fix button syntax in preferences (#28074)
* UX: Fix button syntax in preferences

* linting
2024-07-25 14:46:30 -07:00
Penar Musaraj
5958ad89f2
DEV: Fix flakey user tips test (#28087)
When we show user tips, we immediately send an AJAX request to mark the
tiup as seen. This is done in the background. However, when system tests
are run, sometimes that request is not completed before the test ends.
This causes the test to be flakey.

One way to fix this is to force the system test run to wait for the AJAX
request to complete. However, this is not ideal because it makes the
test suite slower on each run.

Instead, this commit removes the flakey assertion and adds an alternative
assertion in the frontend tests that ensures the background request is
sent when the user tip is shown.
2024-07-25 16:39:30 -04:00
Renato Atilio
75e4b8f330
UX: limit "outputs HTML" watched word option to replacements (#28063)
We were displaying the "outputs HTML" option in all watched word actions, while it's only supposed to be used in the Replace action.
2024-07-25 16:25:56 -03:00
Penar Musaraj
3195d692a1
FIX: Restore missing modal scss (#28085)
Regressed in https://github.com/discourse/discourse/pull/28047

Should fix issue reported in https://meta.discourse.org/t/broken-password-confirmation-box-on-registration/318386
2024-07-25 15:20:52 -04:00
Jan Cernik
9b3f7d2b99
FIX: Topic map styling for PMs (#28084) 2024-07-25 16:10:17 -03:00
Osama Sayegh
7cc0f26292
DEV: Migrate about config area to Form Kit (#28021)
Form Kit is our new form library/framework for unifying the way forms look across Discourse. The admin config area for the /about page is a new form that isn't currently used, so it makes sense for it to be one of the first forms to be migrated to Form Kit to test the library.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-25 19:07:38 +03:00
Jarek Radosz
4c7470d5cb
DEV: Don't try to update child themes in tests (#28080) 2024-07-25 19:40:51 +05:30
Jan Cernik
40bc0bcf98
FIX: Render the bottom topic map only if all posts are loaded (#28078) 2024-07-25 10:48:54 -03:00
Jan Cernik
f7d1b9cf67
UX: Allow adding content inline to the topic map (#28053) 2024-07-25 10:46:52 -03:00
Jarek Radosz
038e5deb2a
DEV: Clean up imports (#28060)
* `@ember/owner` instead of `@ember/application`
* `discourse-i18n` instead of `I18n`
* `{ service } from "@ember/service"` instead of `inject as service`
2024-07-25 15:09:06 +02:00
dependabot[bot]
07ef3b759e
Build(deps-dev): Bump @ember/test-helpers from 3.3.0 to 3.3.1 (#28067)
Bumps [@ember/test-helpers](https://github.com/emberjs/ember-test-helpers) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/emberjs/ember-test-helpers/releases)
- [Changelog](https://github.com/emberjs/ember-test-helpers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember-test-helpers/commits)

---
updated-dependencies:
- dependency-name: "@ember/test-helpers"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-25 13:23:04 +02:00
David Taylor
5b056b9ab4
PERF: Restore minimization of all JS assets (#28077)
In an attempt to improve build performance, 9db5eafb mistakenly removed minimization for some of our JS assets, leading to a significant increase in the size of some files.

This commit restores minimization to those files. To avoid regressing on the build time improvements, this commit switches to using the `webpack-terser-plugin`'s "swcMinify" option. On an entry-level 1CPU/1GB-ram/2GB-swap DO droplet, this commit increases build time from ~16 minutes to ~18 minutes.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-07-25 11:41:20 +01:00
Osama Sayegh
596a93d2cd
FIX: Perform topics bulk action in a background thread (#28061)
Performing a bulk action on many topics can exceed the 30 seconds timeout that Unicorn workers have which results in the request failing and the operation getting aborted. To get around this 30 seconds timeout, we can push the operation into a background thread using the rack `hijack` API.

Internal topic: t/133779.
2024-07-25 11:43:00 +03:00
Alan Guo Xiang Tan
5a37fa3760
FIX: Fix Jobs::Onceoff.enqueue_all undefined method for nilClass error (#28073)
In development, classes are lazy loaded so `Jobs::Onceoff.onceoff_job_klasses`
may not have been set. This is not a problem in production cause stuff
is eager loaded.

Follow-up to f4d06f195d
2024-07-25 15:52:42 +08:00
锦心
5b05cdfbd9
FIX: Add post id to the anchor to prevent two identical anchors (#28070)
* FIX: Add post id to the anchor to prevent two identical anchors

We generate anchors for headings in posts. This works fine if there is
only one post in a topic with anchors. The problem comes when you have
two or more posts with the same heading. PrettyText generates anchors
based on the heading text using the raw context of each post, so it is
entirely possible to generate the same anchor for two posts in the same
topic, especially for topics with template replies

    Post1:
    # heading
    context
    Post2:
    # heading
    context

When both posts are on the page at the same time, the anchor will only
work for the first post, according to the [HTML specification](https://html.spec.whatwg.org/multipage/browsing-the-web.html#scroll-to-the-fragment-identifier).

> If there is an a element in the document tree whose root is document
> that has a name attribute whose value is equal to fragment, then
> return the *first* such element in tree order.

This bug is particularly serious in forums with non-Latin languages,
such as Chinese. We do not generate slugs for Chinese, which results in
the heading anchors being completely dependent on their order.

```ruby
[2] pry(main)> PrettyText.cook("# 中文")
=> "<h1><a name=\"h-1\" class=\"anchor\" href=\"#h-1\"></a>中文</h1>"
```

Therefore, the anchors in the two posts must be in exactly the same by
order, causing almost all of the anchors in the second post to be
invalid.

This commit solves this problem by adding the `post_id` to the anchor.
The new anchor generation method will add `p-{post_id}` as a prefix when
post_id is available:

```ruby
[3] pry(main)> PrettyText.cook("# 中文", post_id: 1234)
=> "<h1><a name=\"p-1234-h-1\" class=\"anchor\" href=\"#p-1234-h-1\"></a>中文</h1>"
```

This way we can ensure that each anchor name only appears once on the
same topic. Using post id also prevents the potential possibility of the
same anchor name when splitting/merging topics.
2024-07-25 13:50:30 +08:00
Alan Guo Xiang Tan
f4d06f195d
PERF: Avoid using ObjectSpace.each_object in Jobs::Onceoff.enqueue_all (#28072)
We are investigating a memory leak in Sidekiq and saw the following line
when comparing heap dumps over time.

`Allocated IMEMO 14775 objects of size 591000/7389528 (in bytes) at:
/var/www/discourse/app/jobs/onceoff/onceoff.rb:36`

That line in question was doing a `.select { |klass| klass < self  }` on
`ObjectSpace.each_object(Class)`. This for some reason is allocating a
whole bunch of `IMEMO` objects which are instruction sequence objects.

Instead of diving deeper into why this might be leaking, we can just
save our time by switching to an implementation that is more efficient
and does not require looping through a ton of objects.
2024-07-25 13:30:56 +08:00
Krzysztof Kotlarek
205a2bf0d6
DEV: show admin moderation flags UI (#28071)
The page was hidden behind a feature flag in this PR https://github.com/discourse/discourse/pull/27756

It is now in a shippable state.
2024-07-25 15:24:17 +10:00
Martin Brennan
31d3984e50
UX: Remove bookmark menu title on mobile (#28069)
We don't show this when editing on desktop,
so no need to show on mobile (also the label
is wrong)
2024-07-25 13:05:02 +10:00
Alan Guo Xiang Tan
c7911441fa
DEV: Add DISCOURSE_WEBPACK_MINIMIZE to reenable webpack minimize. (#28066)
Disabling webpack minimize is a bug we are working to resolve but we
have to consider self-hosters that deploy on low cost hardware
and reenabling this for them drastically increases the build time.
For now, add a  `DISCOURSE_WEBPACK_MINIMIZE` env to allow sites to opt
back in.
2024-07-25 06:55:29 +08:00
Joffrey JAFFEUX
7a7cc815be
DEV: removes legacy modal code (#28047) 2024-07-24 18:07:17 +02:00
Meghna
ff7892a3f8
DEV: update the plugin outlet to be available just after name and badge (#28058) 2024-07-24 10:55:23 -04:00
Joffrey JAFFEUX
0fbce0aa85
DEV: adds a way to set a title/description to a radio (#28049)
Usage:

```
<Form as |form|>
  <form.Field @name="foo" @title="Foo" as |field|>
    <field.RadioGroup as |RadioGroup|>
      <RadioGroup.Radio @value="one" as |radio|>
        <radio.Title>One title</radio.Title>
        <radio.Description>One description</radio.Description>
      </RadioGroup.Radio>
    </field.RadioGroup>
  </form.Field>
</Form>
```
2024-07-24 14:25:34 +02:00