github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-15 09:33:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
30,027 Commits 214 Branches 500 Tags 960 MiB
d72d51711e
Commit Graph

17843 Commits

Author SHA1 Message Date
Sam
69bc8f526a SECURITY: only allow picking of avatars created by self (#6417) 
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
 2018-12-18 13:57:49 +08:00
David Taylor
62ec0f92ea FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:49:05 +00:00
Sam
d535e1ce6d SECURITY: do not delete avatars uploads when deleting accounts 
We rely on the clean up uploads job to do this safely
 2018-12-13 16:32:35 +11:00
Sam
1b34a8b48a FIX: remove slow platform detection from server side 
Historically due to https://meta.discourse.org/t/why-is-discourse-so-slow-on-android/8823
we decreased page sizes of both home page and topic page on android by half.

This was done on the server side and as a side effect and caused page sizes on android
to mismatch between Android and non Android.

Unfortunately about a year ago googlebot started pretending it is Android,
this cause Google to start indexing pages as what android would see. So
it saw double the amount of pages in the index as what exists on desktop.
This in turn caused double the amount of indexing work and a large amount
of broken links on long topics.

This fix removes all special behavior which is no longer needed due to
other performance work in Discourse including raw handlebars on home page
and virtual dom on topic pages.

I tested we do not need this on Blu Advance 5.0 it has 1.3 GHZ mediatec mt6580
This phone retails for around $50 USD.

If we decide long term that we want any hacks like this we will shift them
to the client side. It can just hold data in memory without rendering.
 2018-12-13 16:14:37 +11:00
David Taylor
7828c1156c FIX: Do not serialize user fields unless they are specified for display (#6736) 2018-12-07 11:08:59 +00:00
Guo Xiang Tan
cffb3d7976 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-07 15:54:53 +08:00
Joffrey JAFFEUX
d37e8e17ef UX: bumps the user-api-key version to 3 (#6526) 
* UX: bumps the user-api-key version to 3

* fix spec
 2018-11-01 21:29:29 +01:00
Joffrey JAFFEUX
5a114df088 FEATURE: adds latest to user-api-key session scope 2018-11-01 21:29:19 +01:00
Joffrey JAFFEUX
b8aec7777c FEATURE: adds list#(unread|new) to user api key routes (#6494) 2018-11-01 21:29:13 +01:00
Joffrey JAFFEUX
38ad1b96cb FEATURE: adds header text/background color to site (#6462) 2018-11-01 21:29:04 +01:00
Guo Xiang Tan
05fe5c9188 Fix onceoff job in cfa7173da3 not running. 2018-10-01 18:37:05 +08:00
Guo Xiang Tan
cf60ae32ea FIX: Onceoff job to fix missing user profile backgrounds. 2018-10-01 18:31:09 +08:00
Sam
abc39c492a FIX: in redis readonly raise an exception from DistributedMutex 
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
 2018-09-19 15:49:18 +10:00
Sam
7b70a208ba SECURITY: correct XSS on long topic titles 2018-09-18 08:56:10 +10:00
Sam
c662e0918f SECURITY: remove admin memory diagnostics routes 2018-09-18 08:36:24 +10:00
Guo Xiang Tan
8ddcb6564e FIX: Onceoff job to recover missing post uploads. 
This fixes the regression due to 1f636c445b
 2018-09-14 10:52:33 +08:00
Guo Xiang Tan
9d81a6cc72 DEV: Avoid using send and make the method public instead. 2018-09-14 10:52:16 +08:00
Guo Xiang Tan
dffd4fa9e6 Add extra protection in Upload#get_from_url. 
In case the extension goes missing from the URL.
 2018-09-14 10:49:34 +08:00
Régis Hanol
39a2d92417 FIX: don't index urls to local files 2018-09-14 12:31:35 +10:00
Arpit Jalan
74eec1849d FIX: ignore and log bad json values for custom fields 2018-09-13 17:42:48 +05:30
Guo Xiang Tan
f31758cc70 FIX: Uploads not being linked correctly to posts. 
Regression due to 1f636c445b.
 2018-09-11 23:54:07 -07:00
Neil Lalonde
ea7ee8e9f7 Merge master 2018-09-10 19:39:09 -04:00
Sam
a5ae7ee8e2 SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:25:19 +10:00
Sam
e64402cb3b SECURITY: correct edge case when SSO provides unvalidated emails 2018-09-11 08:24:02 +10:00
Blake Erickson
1d41f3c3fb
Merge pull request #6380 from discourse/rake-destroy-sub-category 
FIX: Allow `rake destroy:topics` to delete topics in sub-categories
 2018-09-10 10:26:04 -06:00
Kris
2b7e50cab8 Prevent fade-out from overlapping button in admin nav 2018-09-10 11:25:41 -04:00
David Taylor
84fc7abb73 FIX: Allow rake destroy:topics to delete topics in sub-categories 2018-09-10 12:52:14 +01:00
Joffrey JAFFEUX
d4080c020f
FIX: sets trends to 7 days instead of 3 (#6379) 2018-09-10 10:40:19 +02:00
Guo Xiang Tan
04d26c65e2 Refactor Upload.get_from_url to check length of sha1. 2018-09-10 10:10:39 +08:00
Joffrey JAFFEUX
2ad882113e
FIX: corrects top-referred and trending-search dates (#6372) 2018-09-07 16:49:44 +02:00
Neil Lalonde
9e77fd8fc3 FIX: wrong category links on subfolder install in rss feed for a category topic list 2018-09-07 10:03:30 -04:00
Guo Xiang Tan
d788555994 DEV: Manage pretender with yarn. 2018-09-07 16:01:49 +08:00
Guo Xiang Tan
039afe0d2c Apply prettier. 2018-09-07 15:19:34 +08:00
Sam
879067d000 FIX: check admin theme cookie against user selectable 
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable

this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
 2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653 FIX: Remove user fields when anonymizing user 2018-09-07 00:02:56 +02:00
Joffrey JAFFEUX
6c1e70d554
FIX: do no reset tags selection on category selection (#6369) 
We will instead implement a server side solution to this in the future.
 2018-09-06 10:35:07 +02:00
Sam
56b6a4779d FIX: make route to tag more robust 
There are some edge cases where code would fail here, so adding protection
 2018-09-06 17:24:32 +10:00
Guo Xiang Tan
1f636c445b PERF: Add fast path to find uploads before resorting to LIKE query. 
For a normal upload url

Before

```
Warming up --------------------------------------
                       264.000  i/100ms
Calculating -------------------------------------
                          2.754k (± 8.4%) i/s -     13.728k in   5.022066s
```

After

```
Warming up --------------------------------------
                       341.000  i/100ms
Calculating -------------------------------------
                          3.435k (±11.6%) i/s -     17.050k in   5.045676s
```
 2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5 Always link post to uploads in post process. 
The operation is cheap anyway so no point skipping.
 2018-09-06 14:08:03 +08:00
Guo Xiang Tan
b6a139b581 Fix broken spec. 2018-09-06 12:41:43 +08:00
Guo Xiang Tan
434035f167 FIX: Link post to uploads in PostCreator. 
* This ensures that uploads are linked to their post on creation
  instead of a background job which may be delayed if Sidekiq
  is facing difficulties.
 2018-09-06 11:18:11 +08:00
Sam
5bdc00c3be FIX: do not automatically route all actions to hovered posts 
This feature (hitting d when a post is hovered with mouse deletes) causes a lot of confusion and is very risky.
 2018-09-06 10:34:58 +10:00
Kris
8cff3c9bbc UX: Prevent long names from overflowing post 2018-09-05 17:48:31 -04:00
Joffrey JAFFEUX
e59622f2ba
FIX: deactivate chart trends for now (#6364) 2018-09-05 23:33:29 +02:00
Kris
1c65969bb4 post read-state icon alignment 2018-09-05 13:19:36 -04:00
Joffrey JAFFEUX
17087eff2a
FIX: Reset tags on category change (#6363) 2018-09-05 17:18:52 +02:00
Gerhard Schlager
3134dd4763 FIX: Wizard didn't change locale when Enter key was used in drop-down 2018-09-05 15:14:09 +02:00
Gerhard Schlager
2801376df5 FIX: Wizard didn't load translations correctly 
* Translations from the js.* namespace were not found, because the i18n-patches were not loaded.
* The extra-locales didn't use a hash in the URL.
 2018-09-05 15:14:09 +02:00
Gerhard Schlager
2c5d9269a0 FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled 2018-09-05 11:44:28 +02:00
Sam
d9c0dc8687 correct prev commit 
s3. did not exists it is s3-
 2018-09-05 16:11:44 +10:00