Guo Xiang Tan
dffd4fa9e6
Add extra protection in Upload#get_from_url
.
...
In case the extension goes missing from the URL.
2018-09-14 10:49:34 +08:00
Régis Hanol
39a2d92417
FIX: don't index urls to local files
2018-09-14 12:31:35 +10:00
Arpit Jalan
74eec1849d
FIX: ignore and log bad json values for custom fields
2018-09-13 17:42:48 +05:30
Guo Xiang Tan
f31758cc70
FIX: Uploads not being linked correctly to posts.
...
Regression due to 1f636c445b
.
2018-09-11 23:54:07 -07:00
Neil Lalonde
ea7ee8e9f7
Merge master
2018-09-10 19:39:09 -04:00
Sam
a5ae7ee8e2
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:25:19 +10:00
Sam
e64402cb3b
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:24:02 +10:00
Blake Erickson
1d41f3c3fb
Merge pull request #6380 from discourse/rake-destroy-sub-category
...
FIX: Allow `rake destroy:topics` to delete topics in sub-categories
2018-09-10 10:26:04 -06:00
Kris
2b7e50cab8
Prevent fade-out from overlapping button in admin nav
2018-09-10 11:25:41 -04:00
David Taylor
84fc7abb73
FIX: Allow rake destroy:topics
to delete topics in sub-categories
2018-09-10 12:52:14 +01:00
Joffrey JAFFEUX
d4080c020f
FIX: sets trends to 7 days instead of 3 ( #6379 )
2018-09-10 10:40:19 +02:00
Guo Xiang Tan
04d26c65e2
Refactor Upload.get_from_url
to check length of sha1.
2018-09-10 10:10:39 +08:00
Joffrey JAFFEUX
2ad882113e
FIX: corrects top-referred and trending-search dates ( #6372 )
2018-09-07 16:49:44 +02:00
Neil Lalonde
9e77fd8fc3
FIX: wrong category links on subfolder install in rss feed for a category topic list
2018-09-07 10:03:30 -04:00
Guo Xiang Tan
d788555994
DEV: Manage pretender with yarn.
2018-09-07 16:01:49 +08:00
Guo Xiang Tan
039afe0d2c
Apply prettier.
2018-09-07 15:19:34 +08:00
Sam
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653
FIX: Remove user fields when anonymizing user
2018-09-07 00:02:56 +02:00
Joffrey JAFFEUX
6c1e70d554
FIX: do no reset tags selection on category selection ( #6369 )
...
We will instead implement a server side solution to this in the future.
2018-09-06 10:35:07 +02:00
Sam
56b6a4779d
FIX: make route to tag more robust
...
There are some edge cases where code would fail here, so adding protection
2018-09-06 17:24:32 +10:00
Guo Xiang Tan
1f636c445b
PERF: Add fast path to find uploads before resorting to LIKE
query.
...
For a normal upload url
Before
```
Warming up --------------------------------------
264.000 i/100ms
Calculating -------------------------------------
2.754k (± 8.4%) i/s - 13.728k in 5.022066s
```
After
```
Warming up --------------------------------------
341.000 i/100ms
Calculating -------------------------------------
3.435k (±11.6%) i/s - 17.050k in 5.045676s
```
2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5
Always link post to uploads in post process.
...
The operation is cheap anyway so no point skipping.
2018-09-06 14:08:03 +08:00
Guo Xiang Tan
b6a139b581
Fix broken spec.
2018-09-06 12:41:43 +08:00
Guo Xiang Tan
434035f167
FIX: Link post to uploads in PostCreator
.
...
* This ensures that uploads are linked to their post on creation
instead of a background job which may be delayed if Sidekiq
is facing difficulties.
2018-09-06 11:18:11 +08:00
Sam
5bdc00c3be
FIX: do not automatically route all actions to hovered posts
...
This feature (hitting d when a post is hovered with mouse deletes) causes a lot of confusion and is very risky.
2018-09-06 10:34:58 +10:00
Kris
8cff3c9bbc
UX: Prevent long names from overflowing post
2018-09-05 17:48:31 -04:00
Joffrey JAFFEUX
e59622f2ba
FIX: deactivate chart trends for now ( #6364 )
2018-09-05 23:33:29 +02:00
Kris
1c65969bb4
post read-state icon alignment
2018-09-05 13:19:36 -04:00
Joffrey JAFFEUX
17087eff2a
FIX: Reset tags on category change ( #6363 )
2018-09-05 17:18:52 +02:00
Gerhard Schlager
3134dd4763
FIX: Wizard didn't change locale when Enter key was used in drop-down
2018-09-05 15:14:09 +02:00
Gerhard Schlager
2801376df5
FIX: Wizard didn't load translations correctly
...
* Translations from the js.* namespace were not found, because the i18n-patches were not loaded.
* The extra-locales didn't use a hash in the URL.
2018-09-05 15:14:09 +02:00
Gerhard Schlager
2c5d9269a0
FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled
2018-09-05 11:44:28 +02:00
Sam
d9c0dc8687
correct prev commit
...
s3. did not exists it is s3-
2018-09-05 16:11:44 +10:00
Sam
83e1315e42
FIX: correct urls in uploads table to point at dualstack
...
Last week we added support for dual stack urls but did not remap the
the old records in the uploads and optimized images table
This caused a few minor edge cases worst was that if you rebaked old
images S3 CDN was not repopulated.
2018-09-05 15:58:04 +10:00
Gerhard Schlager
9d35240620
Revert "FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled"
...
This reverts commit c788737eed
.
2018-09-05 01:53:22 +02:00
Gerhard Schlager
c788737eed
FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled
2018-09-05 00:47:39 +02:00
Vinoth Kannan
8a952a2cc2
Make prettier happy
2018-09-05 02:00:13 +05:30
Kris
5cf1a9a23a
UX: primary & danger buttons should lighten on hover in dark themes
2018-09-04 16:18:10 -04:00
Vinoth Kannan
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
Sam
e4498d2a8a
FIX: keep db and job correctly in multisite logs
...
This ensures we report job and db correctly, previously we were
only reporting this on default
2018-09-04 16:05:44 +10:00
Sam
ad70502ab8
FIX: ignore invalid usernames in incoming link tracker
...
If an incoming link username has NULL in it simply ignore it
2018-09-04 12:28:32 +10:00
Guo Xiang Tan
8dc1463ab3
Enable Lint/ShadowingOuterLocalVariable
for Rubocop.
2018-09-04 10:16:42 +08:00
Sam
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Sam
3748d3e281
UX: hide associate accounts if second factor is enabled
...
Once second factor is enabled all login via associated accounts is banned
showing this section just leads to confusion
2018-09-04 10:42:39 +10:00
Sam
155eb02c7e
UX: remove auth token log from user page
...
This feature is not quite ready so we are deferring on it for a few more weeks
2018-09-04 10:28:33 +10:00
Vinoth Kannan
fe6c3b7d2e
Make prettier happy
2018-09-04 00:31:41 +05:30
Vinoth Kannan
24a14af15a
FIX: Respect invalidate_oneboxes option for inline oneboxes
2018-09-03 22:33:43 +05:30
Gerhard Schlager
f33433bf9e
Validation of params should restrict to max int ( #6331 )
...
* FIX: Validation of params should restrict to max int
* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan
59c9051a2e
REFACTOR: Rescue error at the specific spot that is raising the error.
2018-09-03 11:04:58 +08:00