Commit Graph

43216 Commits

Author SHA1 Message Date
Roman Rizzi
df3eb93973
DEV: Sanitize HTML admin inputs (#14681)
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
Joffrey JAFFEUX
184ccf4490
DEV: nullify cachedCookFunction to prevent retains (#14737) 2021-10-27 16:29:36 +02:00
David Taylor
79ad0860a2
FIX: Cleanup PresenceChannel instances when composer closed (#14741)
I was previously relying on `this.isDestroying` returning `true` during `willDestroyElement`. This was an incorrect assumption.

This commit refactors the logic into an explicit `cleanup` function, and also adds some cleanup for empty keys in the `subscribedProxy` array
2021-10-27 15:17:10 +01:00
Kris
103de1f20d
UX: Change login tabindex, follow-up to 6aa6275 (#14734) 2021-10-27 09:15:49 -04:00
Joffrey JAFFEUX
4272eb7ffc
FIX: prevents a circular json error in tests (#14738)
The flow goes from:

- getting current user object
- creating a POJO using some of the current user keys
- passing this POJO around, which end up being used in message bus
- the processing fn associated ens up doing User.create on this object will both create a User object, but also inject store in it, store is holding a reference to currentUser Object and...

BOOM, we have an object holding a reference to the same object, which JSON.stringify used in prepareBody of pretender doesn't like.
2021-10-27 14:01:41 +01:00
Discourse Translator Bot
0f71a43434
Update translations (#14714) 2021-10-27 14:24:43 +02:00
Leonardo Mosquera
48a08cc397
FIX: Vanilla importer fixes (#14699)
Import script was out of date
2021-10-27 14:22:37 +02:00
Andrei Prigorshnev
7f79727090
DEV: rename refresh action to avoid regressions in the future (#14721) 2021-10-27 14:53:04 +04:00
Andrei Prigorshnev
19d95c64af
DEV: simplify username suggester (#14531)
This PR doesn't change any behavior, but just removes code that wasn't in use. This is a pretty dangerous place to change, since it gets called during user's registration. At the same time the refactoring is very straightforward, it's clear that this code wasn't doing any work (it still needs to be double-checked during review though). Also, the test coverage of UserNameSuggester is good.
2021-10-27 14:41:24 +04:00
Dan Ungureanu
69f0f48dc0
DEV: Fix rubocop issues (#14715) 2021-10-27 11:39:28 +03:00
Kris
6aa6275f3f
UX: change tabindex on login to skip email login link (#14732) 2021-10-26 20:46:53 -04:00
David Taylor
50f4f43825
DEV: Use double quotes for js-flags (#14693)
Single quotes seem to be raising parse errors in some CI situations. Switching to double quotes seems to fix the problem.
2021-10-27 11:09:30 +11:00
Jarek Radosz
c7768b6d16
FIX: Avoid N+1 query in Site.json_for (#14729) 2021-10-26 22:46:53 +02:00
Jean
31aa071e54
UX: Apply tags during PM creation (#14731) 2021-10-26 16:46:02 -04:00
David Taylor
e073451eae
UX: Make PresenceChannel changes more responsive (#14733)
For very fast-paced things (e.g. replying... indicators), 5s resolution is not great. This commit improves the resolution to 1 update per second.
2021-10-26 21:15:20 +01:00
Robin Ward
d067ee1c5a UX: Never show back button if less than current position 2021-10-26 15:45:55 -04:00
David Taylor
46d96c9feb
DEV: Apply rubocop to script/import_scripts/phorum.rb (#14727)
Followup to b24002018a
2021-10-26 19:16:52 +01:00
Penar Musaraj
b3f642db65
UX: Don't show anchor icon on touch devices (#14724) 2021-10-26 13:43:20 -04:00
David Taylor
495aa4752c FIX: Correctly avoid concurrent requests in PresenceChannel get
This if statement was intended to prevent concurrent `/presence/get` requests, but it was missing a critical line. Now it should function as intended.
2021-10-26 18:27:07 +01:00
David Taylor
edc1378aed DEV: Raise error when anon subscribes to PresenceChannels on login_required sites
In this situation, messagebus and the server-side Presence endpoints are unavailable, so it's better to quit early in the JS
2021-10-26 18:27:07 +01:00
David Taylor
d43b77b56b DEV: Ensure presence beforeunload event listener is cleaned up
In production, services are singletons. This logic will only affect the test environment
2021-10-26 18:27:07 +01:00
David Taylor
54ca7a9618 FIX: Do not send presence leave beacon if not present in any channels 2021-10-26 18:27:07 +01:00
Jeremy Waters
b24002018a Update phorum.rb
Add attachment/file/upload handling to bring them in from phorum to discourse
2021-10-26 12:41:50 -04:00
Bianca Nenciu
0c6f9d7c67
FIX: Show right message when permanently deleting topic (#14717) 2021-10-26 18:31:15 +03:00
Roman Rizzi
dfb7924105
DEV: Specify target browsers when running Ember CLI tests from the docker rake task (#14720) 2021-10-26 11:10:22 -03:00
Roman Rizzi
be38615afd
FEATURE: Mark omniauth failures as HTML safe. (#14713)
Plugins can add HTML elements to auth error messages.
2021-10-26 09:46:25 -03:00
David Taylor
9882aa840a
UX: Re-order auth-related site settings for clarity (#14716)
This commit groups `auth_overrides_*`, `discourse_connect_*` and `discourse_connect_provider_*` settings separately, rather than interspersing them.

There will be no functional change. This only affects the order in which they're shown in the admin panel
2021-10-26 11:24:10 +01:00
dependabot[bot]
3bae85e203
Build(deps): Bump omniauth-facebook from 8.0.0 to 9.0.0 (#14712)
Bumps [omniauth-facebook](https://github.com/simi/omniauth-facebook) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/simi/omniauth-facebook/releases)
- [Changelog](https://github.com/simi/omniauth-facebook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/simi/omniauth-facebook/compare/v8.0.0...v9.0.0)

---
updated-dependencies:
- dependency-name: omniauth-facebook
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-26 12:09:20 +02:00
dependabot[bot]
93183b18e0
Build(deps): Bump ipaddr from 1.2.2 to 1.2.3 (#14711)
Bumps [ipaddr](https://github.com/ruby/ipaddr) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/ruby/ipaddr/releases)
- [Changelog](https://github.com/ruby/ipaddr/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ruby/ipaddr/compare/v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: ipaddr
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-26 12:09:03 +02:00
Dan Ungureanu
f003e31e2f
PERF: Optimize search in private messages query (#14660)
* PERF: Remove JOIN on categories for PM search

JOIN on categories is not needed when searchin in private messages as
PMs are not categorized.

* DEV: Use == for string comparison

* PERF: Optimize query for allowed topic groups

There was a query that checked for all topics a user or their groups
were allowed to see. This used UNION between topic_allowed_users and
topic_allowed_groups which was very inefficient. That was replaced with
a OR condition that checks in either tables more efficiently.
2021-10-26 10:16:38 +03:00
Martin Brennan
f6528afa01
DEV: Add uploadHandler support to composer-upload-uppy mixin (#14692)
This commit adds uploadHandler support to composer uploads using
uppy. The only things we have that are using this are discourse-brightcove and
discourse-video, which both pop modal windows to handle the file upload and
completely leave out all the composer-type flows. This implementation simply
follows the existing one, where if a single file is uploaded and there
is a matching upload handler we take control away from uppy and hand
it off to the upload handler.

Trying to get this kind of thing working within uppy would require a few
changes because they have no way to restrict uploaders to certain file types
and with the way their uploaders are run it doesn't look like it would be easy
to add this either, so I don't think this is worth the work unless at some
point in the future we plan to have more upload handler integrations.

I also fixed an issue with `cleanUpComposerUploadHandler` which is used
in tests to reset the state of `uploadHandlers` in the composer. This
was doing `uploadHandlers = []` to clear that array, but that creates
a brand new array so anything else referencing the original array will
lose that reference. Better to set `uploadHandlers.length = 0` to
clear it. This was breaking the tests I added to see if upload handlers
were working.
2021-10-26 11:22:33 +10:00
Roman Rizzi
436edbb51a
DEV: Only set tap_failed_tests_only to true for CI. (#14710)
It may seem like the command crashed when running tests locally since we get no feedback until it finishes running all the tests.
2021-10-25 16:24:47 -03:00
janzenisaac
dd5b0543c7
FEATURE: Add fullscreen-tables to post (#14709)
Overflown tables will have a "expand table" option added to open x table in a modal
2021-10-25 14:06:28 -05:00
Penar Musaraj
116982fca9
FIX: Correct tracking context for some category routes (#14685)
We were previously showing the "n new or updated topics" alert on
category routes like `/c/category-slug/ID/none` on every new/unread
topic update. This PR looks up the category by ID, which should be more
precise.
2021-10-25 15:05:00 -04:00
Jarek Radosz
facf7d6f56
DEV: Don't leak auth methods between tests (#14708) 2021-10-25 15:25:39 +02:00
dependabot[bot]
d6c39e54cf
Build(deps): Bump rubocop from 1.22.1 to 1.22.2 (#14705)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.22.1 to 1.22.2.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.22.1...v1.22.2)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-25 14:41:45 +02:00
dependabot[bot]
b02f003c68
Build(deps): Bump json from 2.6.0 to 2.6.1 (#14704)
Bumps [json](https://github.com/flori/json) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.6.0...v2.6.1)

---
updated-dependencies:
- dependency-name: json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-10-25 14:41:12 +02:00
David Taylor
9ac6f1d3bb
FIX: Include the Vary:Accept header on all Accept-based responses (#14647)
By default, Rails only includes the Vary:Accept header in responses when the Accept: header is included in the request. This means that proxies/browsers may cache a response to a request with a missing Accept header, and then later serve that cached version for a request which **does** supply the Accept header. This can lead to some very unexpected behavior in browsers.

This commit adds the Vary:Accept header for all requests, even if the Accept header is not present in the request. If a format parameter (e.g. `.json` suffix) is included in the path, then the Accept header is still omitted. (The format parameter takes precedence over any Accept: header, so the response is no longer varies based on the Accept header)
2021-10-25 12:53:50 +01:00
Joffrey JAFFEUX
cbd7898d1d
DEV: removes jquery usage from time formatter (#14700) 2021-10-25 11:00:15 +02:00
Joffrey JAFFEUX
c7099342ff
DEV: uses vanilla js for fixture qunit helper (#14703) 2021-10-25 10:59:58 +02:00
Joffrey JAFFEUX
c0300b13e3
DEV: replaces jquery call by vanilla js in uploader tests (#14702) 2021-10-25 10:49:14 +02:00
Joffrey JAFFEUX
cc68eb825b
DEV: drops jquery usage from ajax wizards lib (#14694) 2021-10-25 10:24:53 +02:00
Joffrey JAFFEUX
05dda755ed
DEV: removes jquery usage from linkSeenMentions codepath (#14695) 2021-10-25 10:24:37 +02:00
Joffrey JAFFEUX
b18c01e3c6
DEV: prevents flakky spec when deleting plugin (#14701)
Not reseting the registry could lead to assets still being registered for example.

This flakky spec was reprdocible with this call: `bundle exec rspec --seed 9472 spec/components/discourse_plugin_registry_spec.rb spec/components/svg_sprite/svg_sprite_spec.rb`

Which would trigger the following error:

```
Failures:

  1) DiscoursePluginRegistry#register_asset registers vendored_core_pretty_text properly
     Failure/Error: expect(registry.javascripts.count).to eq(0)

       expected: 0
            got: 1

       (compared using ==)
     # ./spec/components/discourse_plugin_registry_spec.rb:248:in `block (3 levels) in <top (required)>'
     # ./spec/rails_helper.rb:280:in `block (2 levels) in <top (required)>'
     # /Users/joffreyjaffeux/.gem/ruby/2.7.3/gems/webmock-3.14.0/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
```
2021-10-25 10:24:21 +02:00
Bianca Nenciu
261edcebcb
FIX: Allow every tag for watched words (#14684)
If a watched word was restricted to a category, new rules for that
watched word could not be created.
2021-10-25 10:53:42 +03:00
Martin Brennan
2461ed303c
DEV: Move loadLibs to explicit install message in media-optimization-worker (#14707)
Previously, `loadLibs` was called inside the `optimize` function of
the media-optimization-worker, which meant that it could be hit
multiple times causing load errors (as seen in b69c2f7311)

This commit moves that call to a specific message handler (the `install` message)
for the service worker, and refactors the service for the media-optimization-worker
to wait for this installation to complete before continuing with processing
image optimizations.

This way, we know for sure based on promises and worker messages
that the worker is installed and has all required libraries
loaded before we continue on with attempting any processing. The
change made in b69c2f7311 is no
longer needed with this commit.
2021-10-25 13:17:43 +10:00
Jeff Wong
8c17f5b72c
FEATURE: include user custom fields in base exporter (#14690)
Add user custom fields in base exporter, allows Discourse->Discourse exports to
transfer user custom fields
2021-10-22 10:02:56 -07:00
Penar Musaraj
689a3711c0
DEV: Remove a few unused icons (#14696) 2021-10-22 12:03:58 -04:00
David Taylor
00c6d16dce
DEV: Make PresenceChannel timeout configurable per-channel (#14697) 2021-10-22 16:24:55 +01:00
Joffrey JAFFEUX
76a9ca99a8
DEV: removes jquery usage from onebox (#14683) 2021-10-22 13:15:46 +02:00