Commit Graph

45828 Commits

Author SHA1 Message Date
Sam
d716e32a32
FIX: bots could generate errors when slug generation method is encoded (#17224)
* FIX: bots could generate errors when slug generation method is encoded

When slug generation method is encoded (non default) then bots could
cause errors in the logs for urls containing special chars.

ó for example in a URL can be requested in a valid ASCII-8BIT string, and
later when joined to UTF-8 would result in encoding issues.

Fix here ensures we force encoding correctly for outlier cases.

Browser tend to always encode these chars, hence we did not notice this.


Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-07-29 16:27:52 +10:00
Wolftallemo
f590b62a31
FIX: Accept HEAD requests for mandrill webhook (#17180)
Madrill uses a HEAD request for validation, accept it.
2022-07-29 16:26:31 +10:00
Alan Guo Xiang Tan
c9a3aba5a2
DEV: Use toggle event for sidebar more-section-links component (#17729)
A click event is trigger on a link click as well which is not what we
want. This caused the links to trigger a full reload instead of an Ember
transition for some reason.
2022-07-29 13:09:32 +08:00
Alan Guo Xiang Tan
a6e815f243
UX: Only set user bookmarks loading state when loading (#17728)
Follow-up to 6bb77d3055
2022-07-29 13:11:01 +10:00
Martin Brennan
6bb77d3055
FIX: Show bookmarks loading spinner correctly (#17726)
There was a minor issue where the bookmark loading
spinner would not show correctly because of how
the route was handling the setting of loading,
this fixes the issue.
2022-07-29 12:31:53 +10:00
Jarek Radosz
6849775a2d
Revert "DEV: Minor topic-tracking-state refactor (#17707)" (#17724)
This reverts commit 8d613e0b85.
2022-07-29 09:36:14 +10:00
David Taylor
497d9849d3
FIX: Ensure all public topic-query options can be used via Ember (#17706) 2022-07-29 09:03:53 +10:00
dependabot[bot]
119fad5e14
Build(deps-dev): Bump faker from 2.21.0 to 2.22.0 (#17721)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.21.0 to 2.22.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.21.0...v2.22.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-29 00:23:16 +02:00
dependabot[bot]
ff3f99b08f
Build(deps): Bump bootsnap from 1.12.0 to 1.13.0 (#17720)
Bumps [bootsnap](https://github.com/Shopify/bootsnap) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/Shopify/bootsnap/releases)
- [Changelog](https://github.com/Shopify/bootsnap/blob/main/CHANGELOG.md)
- [Commits](https://github.com/Shopify/bootsnap/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: bootsnap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-29 00:23:05 +02:00
Jarek Radosz
8d613e0b85
DEV: Minor topic-tracking-state refactor (#17707)
* Use `Set` instead of `Array` for `this.newIncoming`
* Remove `isUnseen()`
* Use array spread instead of `Array.from()`
* Don't use `@on()`
* Fix typos
* Make sure `this.incomingCount` is always a Number
2022-07-28 23:46:30 +02:00
David Taylor
9d753cb89e
FIX: Ensure theme_uploads_local only has one / at beginning (#17719)
Followup to c7dfb1c549
2022-07-28 22:20:52 +01:00
David Taylor
c7dfb1c549
DEV: Use relative URLs for theme_uploads_local (#17715)
Relative URLs will work just fine for Web Workers, which were the original reason for introducing the `theme_uploads_local` feature

Making them relative will mean that `loadScript()` automatically uses the CDN (when enabled), which is doubly important because our CSP doesn't allow loading theme-javascripts from the host domain when the CDN is enabled.
2022-07-28 20:38:22 +01:00
Kris
a737195687
UX: sidebar appearance shouldn't shrink fonts (#17714) 2022-07-28 14:18:27 -04:00
Andrei Prigorshnev
2cb97d8de4
FEATURE: show user status on the user profile page (#17712) 2022-07-28 21:12:48 +04:00
Kris
391c687afb
UX: sidebar focus styles, remove hover for touch (#17713) 2022-07-28 13:04:00 -04:00
Blake Erickson
53d861414d
DEV: Fix group create response api response (#17711) 2022-07-28 16:49:33 +01:00
Andrei Prigorshnev
023835cdad
DEV: a new d-tooltip component (#17513) 2022-07-28 18:33:20 +04:00
Kris
a23e934730
FIX: show button bar overflow on iPad & mobile (#17708) 2022-07-28 09:26:06 -04:00
Gerhard Schlager
010bb20f53
DEV: Workaround for licensed gem incompatibility with latest Bundler (#17704) 2022-07-28 12:26:24 +02:00
Alan Guo Xiang Tan
9efeaf2ae3
UX: Reduce number of links displayed in Community by default (#17703)
Additional links are hidden by default and can be accessed via the
"more..." link.
2022-07-28 16:46:46 +08:00
Osama Sayegh
988a175e94
DEV: Add reviewables tab to the new user menu (#17630)
This commit is a subset of the changes proposed in https://github.com/discourse/discourse/pull/17379.
2022-07-28 11:16:33 +03:00
Martin Brennan
f4b45df83f
FIX: UserCommScreener filter acting user ID from target user IDs (#17702)
Fixes edge case from fa5f3e228c.
In case the acting user is sent in with the target_user_ids,
we do not need to load those preferences, because even if the
acting user is preventing PMs or muting etc they need to always be able to
send themselves messages.
2022-07-28 13:04:24 +10:00
Phil Pirozhkov
493d437e79
Add RSpec 4 compatibility (#17652)
* Remove outdated option

04078317ba

* Use the non-globally exposed RSpec syntax

https://github.com/rspec/rspec-core/pull/2803

* Use the non-globally exposed RSpec syntax, cont

https://github.com/rspec/rspec-core/pull/2803

* Comply to strict predicate matchers

See:
 - https://github.com/rspec/rspec-expectations/pull/1195
 - https://github.com/rspec/rspec-expectations/pull/1196
 - https://github.com/rspec/rspec-expectations/pull/1277
2022-07-28 10:27:38 +08:00
Vinoth Kannan
72b24f3fb9
FIX: allow array values for custom fields in category params. (#17692)
Previously, when we used `params[:custom_fields].try(:keys)` code it worked for all the custom fields unless it's an array. It created the problem in the discourse-restricted-replies plugin.

https://github.com/discourse/discourse-restricted-replies/pull/37#issuecomment-1194207693
2022-07-28 07:53:35 +05:30
Gerhard Schlager
ff78a1eca7
DEV: Remove workaround for advisory lock (#17689)
This reverts f08d440ea0 because the issue has been resolved in Rails 6.1.0 and later.
2022-07-28 09:17:25 +08:00
dependabot[bot]
1f1acdb19b
Build(deps): Bump pg from 1.4.1 to 1.4.2 (#17701)
Bumps [pg](https://github.com/ged/ruby-pg) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/ged/ruby-pg/releases)
- [Changelog](https://github.com/ged/ruby-pg/blob/master/History.rdoc)
- [Commits](https://github.com/ged/ruby-pg/compare/v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: pg
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-28 09:15:27 +08:00
David Taylor
d3751c70c9
FIX: Ensure error handlers render correctly without preload_json (#17696)
Some errors (e.g. InvalidAccess) are rendered with `include_ember: true`. Booting the ember app requires that the 'preload' data is rendered in the HTML.

If a particular route was configured to `skip_before_action :preload_json`, and then went on to raise an InvalidAccess error, then we'd attempt to render the Ember app without the preload json. This led to a blank screen and a client-side error.

This commit ensures that error pages will fallback to the no_ember view if there is no preload data. It also adds a sanity check in `discourse-bootstrap` so that it's easier for us to identify similar errors in future.
2022-07-27 22:29:13 +01:00
Jarek Radosz
7980c41832
DEV: Fix fake-timer issues (#17681)
Occasionally some code (e.g. live-reload) would try to clear a timer that was set up before fake timers were installed. That would lead to issues and warnings. Enabling `shouldClearNativeTimers` option fixes it.
2022-07-27 22:54:22 +02:00
Roman Rizzi
4e7bd43d17
Version bump to v2.9.0.beta8 (#17697) 2022-07-27 17:11:58 -03:00
Roman Rizzi
7c73e896ce
SECURITY: Prevent abuse of the update_activation_email route (#17694) 2022-07-27 17:04:42 -03:00
Roman Rizzi
7b1ff41716
SECURITY: Do not cache error responses for static assets (#17693) 2022-07-27 16:41:44 -03:00
chapoi
47e664e3b1
UX: copy change (#17690) 2022-07-27 18:55:24 +02:00
David Taylor
96abd72387
DEV: Replace message-bus:main with service:message-bus (#17691)
This will allow consumers to inject it using `messageBus: service()` in preparation for the removal of implicit injections in Ember 4.0. `message-bus:main` is still available and will print a deprecation notice.

The MessageBus library is not en ember object, and doesn't need access to any of our injections. Therefore, we can set up a simple class which defines itself as a 'Service Factory', and returns the MessageBus library in the `create` method.
2022-07-27 17:15:58 +01:00
Loïc Guitaut
296aad430a DEV: Use describe for methods in specs 2022-07-27 16:35:27 +02:00
Roman Rizzi
f1c3670d74
FIX: Publish membership update events when refreshing automatic groups. (#17668)
Adding or removing users from automatic groups is now consistent with `Group#add` and `Group#remove`.
2022-07-27 11:34:08 -03:00
Loïc Guitaut
c9d22b643f DEV: Fix flaky FinalDestination specs 2022-07-27 14:52:55 +02:00
Bianca Nenciu
bc476978e8
FIX: Support for group everyone in tag setting (#17669)
The "everyone" group is an automatic group and GroupUser records do not
exist for it. This commit allows all users if the group everyone is one
of the groups in the setting "pm_tags_allowed_for_groups".
2022-07-27 15:44:41 +03:00
David Taylor
a00b5a6aca
DEV: Convert pm-topic-tracking-state to Ember Service (#17688)
This will allow consumers to inject it using `pmTopicTrackingState: service()` in preparation for the removal of implicit injections in Ember 4.0. `pm-topic-tracking-state:main` is still available and will print a deprecation notice.
2022-07-27 13:00:43 +01:00
David Taylor
51957c07f1
DEV: Convert key-value-store:main to service:key-value-store (#17676)
This will allow consumers to inject it using `keyValueStore: service()` in preparation for the removal of implicit injections in Ember 4.0. `key-value-store:main` is still available and will print a deprecation notice.

To make this conversion possible, we have to bypass the `app.inject` logic which blocks injecting services into services. This is not ideal, but there is no other way for us to do this in a way that is backwards-compatible, and will still print a useful deprecation message when we eventually turn on the implicit-injections deprecation notice.
2022-07-27 11:38:33 +01:00
Joffrey JAFFEUX
9a55c9c433
DEV: fully rely on resize observer for resizing (#17685)
Not only is the current code not needed but it's also creating invalid values on safari if the header goes out of viewport with negative values.

This commit also adds a missing test for `--header-offset` property.
2022-07-27 11:32:42 +02:00
Krzysztof Kotlarek
fd6fabc83c
DEV: remove sidebar outlet (#17683)
That outlet was a temporary solution and is not used anymore
2022-07-27 16:42:34 +08:00
Alan Guo Xiang Tan
c787254427
DEV: Remove code that is no longer used (#17684) 2022-07-27 16:42:16 +08:00
Alan Guo Xiang Tan
dcf84fce7b
PERF: Add index for TopicTimer#topic_id (#17680)
When viewing a topic, we execute two queries to fetch the topic's
public topic timer and slow mode timer. The former query happens to be
able to use a unique index but the latter has to do a seq scan which is
slow. The query itself is not expensive but since viewing a topic is a
hot path, the little cuts add up overtime and the query itself
contributes significantly to the load of the database.
2022-07-27 16:21:11 +08:00
Alan Guo Xiang Tan
3682513475
FIX: Sidebar is always disabled on wizard route (#17682) 2022-07-27 15:17:20 +08:00
Blake Erickson
8b08b9a763
FIX: Rejected emails should not be cleaned up before their logs (#17648)
* FIX: Rejected emails should not be cleaned up before their logs

If we delete the rejected emails before we delete their associated logs
we will receive 404 errors trying to inspect an email message for that
log.

* don't add a blank line

* test for max value as well

* pr cleanup and add migration

* Fix failing test
2022-07-27 07:28:44 +01:00
Alan Guo Xiang Tan
3bd5f2d411
DEV: Introduce SiteSetting to enable/disable Sidebar. (#17662)
This commit removes the ability to enable/disable the Sidebar on a per
user basis and introduces a site wide setting. For testing purposes, sidebar can be enabled/disabled via the `enable_sidebar=1` or `enable_sidebar=0` query param.
2022-07-27 13:42:26 +08:00
dependabot[bot]
83f4e45664
Build(deps): Bump rqrcode from 2.1.1 to 2.1.2 (#17674)
Bumps [rqrcode](https://github.com/whomwah/rqrcode) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/whomwah/rqrcode/releases)
- [Changelog](https://github.com/whomwah/rqrcode/blob/master/CHANGELOG.md)
- [Commits](https://github.com/whomwah/rqrcode/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: rqrcode
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 12:41:19 +08:00
dependabot[bot]
0123dbdffd
Build(deps): Bump stackprof from 0.2.19 to 0.2.20 (#17675)
Bumps [stackprof](https://github.com/tmm1/stackprof) from 0.2.19 to 0.2.20.
- [Release notes](https://github.com/tmm1/stackprof/releases)
- [Changelog](https://github.com/tmm1/stackprof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/tmm1/stackprof/compare/v0.2.19...v0.2.20)

---
updated-dependencies:
- dependency-name: stackprof
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-27 12:27:50 +08:00
Alan Guo Xiang Tan
41aa7fa4ef
DEV: Fix mini profiler queries bg covering results (#17679) 2022-07-27 11:41:13 +08:00
Kris
126266863d
UX: sidebar transition and styling adjustments (#17678) 2022-07-26 23:16:34 -04:00