Commit Graph

19348 Commits

Author SHA1 Message Date
Jan Cernik
cd9d0d7c17
SECURITY: add pagination to post replies
When a post has some replies, and the user click on the button to show them, we would load ALL the replies. This could lead to DoS if there were a very large number of replies.

This adds support for pagination to these post replies.

Internal ref t/129773
2024-10-07 11:50:00 +08:00
Joffrey JAFFEUX
d3ad2ecda9
FIX: Badge image uploader (#28188) (#28521)
In the formkit conversion in 2ca06ba236
we missed setting a type for the UppyImageUploader for badges. Also,
we were not passing down the `image_url` as form data, so when we used
`data.image` for that field the badge was not updating in the UI after
page loads and the image URL was not loading for preview.

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-08-23 18:08:32 +02:00
Ted Johansson
9cb28a232e
DEV: Add plugin outlet for below wizard field (#28371) (#28384)
We changed the design of the member access wizard step to use toggle groups instead of switches. To support existing designs for notices, we need another plugin outlet.

Merged in main here. This is a backport to stable.
2024-08-15 09:44:50 +02:00
Penar Musaraj
ac30a798f0
FIX: system badges can be disabled (#28169) (#28171)
A previous commit mistakenly assumed system badges couldn't be disabled.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-31 11:53:38 -04:00
Natalie Tay
188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
Martin Brennan
2d5f323ca3
DEV: Move config area site setting fetch into new controller (#28136)
Followup 4aea12fdcb

In certain config areas (like About) we want to be able
to fetch specific site settings by name. In this case,
sometimes we need to be able to fetch hidden settings,
in cases where a config area is still experimental.

Splitting out a different endpoint for this purpose
allows us to be stricter with what we return for config
areas without affecting the main site settings UI, revealing
hidden settings before they are ready.
2024-07-30 15:41:28 +10:00
Krzysztof Kotlarek
284aa1da22
FIX: addCommunitySectionLink secondary argument (#28135)
`addCommunitySectionLink` API function accepts secondary argument to determine if the link should be added to the primary or secondary (more) section. There was a bug and all links were mounted in the secondary section.
2024-07-30 14:32:07 +10:00
David Taylor
b44190307f
UX: Avoid header topic-info flicker when using ?page= params (#28117)
In this case, there is no 'nearPost' param in the URL. Instead, the server preloads a post-stream with whichever page of posts is requested. We can check for that situation using `postStream.firstPostPresent`.

Also updates the widget-header version to fetch a value from the service on initial render, instead of relying on the observer triggering.

Followup to bdec564d14
2024-07-29 20:36:23 +01:00
Loïc Guitaut
cfa4f07378 FIX: Don't crash when MF definitions are missing
Currently, if MF definitions are missing (typically because there’s a
compilation error), `I18n.messageFormat` will try to access
`I18n._mfMessages.hasMessage` resulting in a crash that will in turn
crash Ember.

This patch addresses the issue by using the optional chaining operator
making the `I18n.messageFormat` method return a "Missing Key" message.
MF strings won’t be rendered properly, but the site will stay usable.
2024-07-29 18:13:17 +02:00
Ted Johansson
3126c50baa
DEV: Update member access wizard step to use toggle group (#28013)
We want to change the design of the "member experience" step of the wizard from using checkbox switches to using radio toggle groups.
2024-07-29 14:07:06 +08:00
Krzysztof Kotlarek
2a9dcade0a
UX: group admin new features by month (#28106)
Display new features grouped by month and show additional information about the version.
2024-07-29 14:20:12 +10:00
dependabot[bot]
22e8970629
Build(deps-dev): Bump @swc/core from 1.7.0 to 1.7.3 (#28111)
Bumps [@swc/core](https://github.com/swc-project/swc) from 1.7.0 to 1.7.3.
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.0...v1.7.3)

---
updated-dependencies:
- dependency-name: "@swc/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:43:48 +08:00
Jarek Radosz
f14cf4f8a9
DEV: Fix random typos (#28103)
July 2024 edition
2024-07-26 23:13:12 +02:00
Jarek Radosz
e627d24c3b
FIX: Bulk (glimmer) topic selection on mobile (#28100)
`/t/-/134051`
2024-07-26 21:16:19 +02:00
marstall
b55f2a6270
needed () to work (#28099) 2024-07-26 14:00:10 -04:00
chapoi
3e6b5a16a6
UX: restyle main nav on mobile (#28094) 2024-07-26 19:54:09 +02:00
David Taylor
d141adb872
FIX: Adjust swc minify options for Safari 15 support (#28098)
By default, the swc minifier seems to unwrap 'unneeded' IIFE. That means it was undoing the 'bugfix' transformation we have for class fields in Safari 15. Disabling the 'inline' and 'reduce_funcs' options seems to stop this behavior.
2024-07-26 17:46:31 +01:00
dependabot[bot]
56ecbcb8c9
Build(deps-dev): Bump ember-test-selectors from 6.0.0 to 7.0.0 (#28092)
Bumps [ember-test-selectors](https://github.com/mainmatter/ember-test-selectors) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/mainmatter/ember-test-selectors/releases)
- [Changelog](https://github.com/mainmatter/ember-test-selectors/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mainmatter/ember-test-selectors/compare/v6.0.0...v7.0.0)

---
updated-dependencies:
- dependency-name: ember-test-selectors
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-26 14:49:45 +02:00
carson chang
f169985fce
UX: Fix button syntax in preferences (#28074)
* UX: Fix button syntax in preferences

* linting
2024-07-25 14:46:30 -07:00
Penar Musaraj
5958ad89f2
DEV: Fix flakey user tips test (#28087)
When we show user tips, we immediately send an AJAX request to mark the
tiup as seen. This is done in the background. However, when system tests
are run, sometimes that request is not completed before the test ends.
This causes the test to be flakey.

One way to fix this is to force the system test run to wait for the AJAX
request to complete. However, this is not ideal because it makes the
test suite slower on each run.

Instead, this commit removes the flakey assertion and adds an alternative
assertion in the frontend tests that ensures the background request is
sent when the user tip is shown.
2024-07-25 16:39:30 -04:00
Renato Atilio
75e4b8f330
UX: limit "outputs HTML" watched word option to replacements (#28063)
We were displaying the "outputs HTML" option in all watched word actions, while it's only supposed to be used in the Replace action.
2024-07-25 16:25:56 -03:00
Osama Sayegh
7cc0f26292
DEV: Migrate about config area to Form Kit (#28021)
Form Kit is our new form library/framework for unifying the way forms look across Discourse. The admin config area for the /about page is a new form that isn't currently used, so it makes sense for it to be one of the first forms to be migrated to Form Kit to test the library.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-25 19:07:38 +03:00
Jan Cernik
40bc0bcf98
FIX: Render the bottom topic map only if all posts are loaded (#28078) 2024-07-25 10:48:54 -03:00
Jan Cernik
f7d1b9cf67
UX: Allow adding content inline to the topic map (#28053) 2024-07-25 10:46:52 -03:00
Jarek Radosz
038e5deb2a
DEV: Clean up imports (#28060)
* `@ember/owner` instead of `@ember/application`
* `discourse-i18n` instead of `I18n`
* `{ service } from "@ember/service"` instead of `inject as service`
2024-07-25 15:09:06 +02:00
dependabot[bot]
07ef3b759e
Build(deps-dev): Bump @ember/test-helpers from 3.3.0 to 3.3.1 (#28067)
Bumps [@ember/test-helpers](https://github.com/emberjs/ember-test-helpers) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/emberjs/ember-test-helpers/releases)
- [Changelog](https://github.com/emberjs/ember-test-helpers/blob/master/CHANGELOG.md)
- [Commits](https://github.com/emberjs/ember-test-helpers/commits)

---
updated-dependencies:
- dependency-name: "@ember/test-helpers"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-25 13:23:04 +02:00
David Taylor
5b056b9ab4
PERF: Restore minimization of all JS assets (#28077)
In an attempt to improve build performance, 9db5eafb mistakenly removed minimization for some of our JS assets, leading to a significant increase in the size of some files.

This commit restores minimization to those files. To avoid regressing on the build time improvements, this commit switches to using the `webpack-terser-plugin`'s "swcMinify" option. On an entry-level 1CPU/1GB-ram/2GB-swap DO droplet, this commit increases build time from ~16 minutes to ~18 minutes.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2024-07-25 11:41:20 +01:00
锦心
5b05cdfbd9
FIX: Add post id to the anchor to prevent two identical anchors (#28070)
* FIX: Add post id to the anchor to prevent two identical anchors

We generate anchors for headings in posts. This works fine if there is
only one post in a topic with anchors. The problem comes when you have
two or more posts with the same heading. PrettyText generates anchors
based on the heading text using the raw context of each post, so it is
entirely possible to generate the same anchor for two posts in the same
topic, especially for topics with template replies

    Post1:
    # heading
    context
    Post2:
    # heading
    context

When both posts are on the page at the same time, the anchor will only
work for the first post, according to the [HTML specification](https://html.spec.whatwg.org/multipage/browsing-the-web.html#scroll-to-the-fragment-identifier).

> If there is an a element in the document tree whose root is document
> that has a name attribute whose value is equal to fragment, then
> return the *first* such element in tree order.

This bug is particularly serious in forums with non-Latin languages,
such as Chinese. We do not generate slugs for Chinese, which results in
the heading anchors being completely dependent on their order.

```ruby
[2] pry(main)> PrettyText.cook("# 中文")
=> "<h1><a name=\"h-1\" class=\"anchor\" href=\"#h-1\"></a>中文</h1>"
```

Therefore, the anchors in the two posts must be in exactly the same by
order, causing almost all of the anchors in the second post to be
invalid.

This commit solves this problem by adding the `post_id` to the anchor.
The new anchor generation method will add `p-{post_id}` as a prefix when
post_id is available:

```ruby
[3] pry(main)> PrettyText.cook("# 中文", post_id: 1234)
=> "<h1><a name=\"p-1234-h-1\" class=\"anchor\" href=\"#p-1234-h-1\"></a>中文</h1>"
```

This way we can ensure that each anchor name only appears once on the
same topic. Using post id also prevents the potential possibility of the
same anchor name when splitting/merging topics.
2024-07-25 13:50:30 +08:00
Krzysztof Kotlarek
205a2bf0d6
DEV: show admin moderation flags UI (#28071)
The page was hidden behind a feature flag in this PR https://github.com/discourse/discourse/pull/27756

It is now in a shippable state.
2024-07-25 15:24:17 +10:00
Martin Brennan
31d3984e50
UX: Remove bookmark menu title on mobile (#28069)
We don't show this when editing on desktop,
so no need to show on mobile (also the label
is wrong)
2024-07-25 13:05:02 +10:00
Alan Guo Xiang Tan
c7911441fa
DEV: Add DISCOURSE_WEBPACK_MINIMIZE to reenable webpack minimize. (#28066)
Disabling webpack minimize is a bug we are working to resolve but we
have to consider self-hosters that deploy on low cost hardware
and reenabling this for them drastically increases the build time.
For now, add a  `DISCOURSE_WEBPACK_MINIMIZE` env to allow sites to opt
back in.
2024-07-25 06:55:29 +08:00
Joffrey JAFFEUX
7a7cc815be
DEV: removes legacy modal code (#28047) 2024-07-24 18:07:17 +02:00
Meghna
ff7892a3f8
DEV: update the plugin outlet to be available just after name and badge (#28058) 2024-07-24 10:55:23 -04:00
Joffrey JAFFEUX
0fbce0aa85
DEV: adds a way to set a title/description to a radio (#28049)
Usage:

```
<Form as |form|>
  <form.Field @name="foo" @title="Foo" as |field|>
    <field.RadioGroup as |RadioGroup|>
      <RadioGroup.Radio @value="one" as |radio|>
        <radio.Title>One title</radio.Title>
        <radio.Description>One description</radio.Description>
      </RadioGroup.Radio>
    </field.RadioGroup>
  </form.Field>
</Form>
```
2024-07-24 14:25:34 +02:00
Joffrey JAFFEUX
c393c56e5a
UX: do not show footer nav if not actions (#28059) 2024-07-24 11:16:05 +02:00
Joffrey JAFFEUX
0c13c91f84
DEV: migrates footer-nav from widget to gjs (#28024)
This commit also attempts to promote more declarative patterns. The route history logic has been replaced by using the history-store service.

---------

Co-authored-by: Jarek Radosz <jarek@cvx.dev>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-24 07:54:15 +02:00
Martin Brennan
db8c1f20ed
DEV: Convert group SMTP settings form to FormKit (#27965)
This commit changes the group SMTP settings form (at
`/g/:name/manage/email`) to use
FormKit, our magical new form component system  

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-24 09:52:52 +10:00
David Taylor
c333e9d6e6
FIX: Improve topic/header integration when navigating away (#28040)
- Ensure main title is set as 'not visible' when removed from DOM

- `deactivate` -> `willTransition` to ensure proper behavior when navigating between multiple topics

Followup to bdec564d14
2024-07-23 14:57:15 +01:00
dependabot[bot]
424a67778e
Build(deps-dev): Bump @floating-ui/dom from 1.6.7 to 1.6.8 (#28027)
Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.6.7 to 1.6.8.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.6.8/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-23 14:21:57 +02:00
dependabot[bot]
989dec421d
Build(deps): Bump ace-builds from 1.35.3 to 1.35.4 (#28029)
Bumps [ace-builds](https://github.com/ajaxorg/ace-builds) from 1.35.3 to 1.35.4.
- [Release notes](https://github.com/ajaxorg/ace-builds/releases)
- [Changelog](https://github.com/ajaxorg/ace-builds/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ajaxorg/ace-builds/compare/v1.35.3...v1.35.4)

---
updated-dependencies:
- dependency-name: ace-builds
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-23 14:21:11 +02:00
David Taylor
bdec564d14
DEV: Refactor header topic-info handling (#27989)
- Move topic-title on-screen detection to intersection-observer (via new modifier), and add a boolean to header service which indicates whether it's on-screen

- Move scroll-direction from Mixin to dedicated service. Teach it to pause scroll monitoring while transitions are in progress, to avoid reporting false changes in scroll direction. Also resets to a 'neutral' state after each navigation, which indicates the the user has not yet scrolled

- When entering a topic view, notify the header service which post is being targeted. It can then make an educated guess about whether the topic title is likely to be in-view

- Update header service `topicInfoVisible` to be a declarative getter, based on the three refactored sources of truth mentioned above

- Update legacy widget header to use the header service for topic info

All of these changes mean that the header no longer 'flickers' when navigating into topics on mobile. As well as the improved UX, this should also improve our Cumulative Layout Shift (CLS) web vital metrics.
2024-07-23 10:24:44 +01:00
Martin Brennan
129eb4ba59
FIX: Missing model return in admin-backups route (#28035)
Followup dd30463276

We missed the explicit `return` when we changed to
async/await, so the model ends up being null on admin
backups.

This means we also have no tests for the backup UI, that
will be fixed in a subsequent PR.
2024-07-23 16:24:29 +10:00
Jan Cernik
a4692609e4
FIX: Ensure topic steam is loaded before rendering the map (#28031) 2024-07-23 01:16:58 -03:00
Martin Brennan
0b413e2aa1
FEATURE: Use new topic bulk actions menu for all sites (#28003)
This commit promotes the new topic bulk action
menu introduced in 89883b2f51
to the main method of bulk selecting and performing
actions on topics. The site setting flag gating this
feature is deleted, and the old bulk select code is
deleted as well.

The new modal shows a loading spinner while operations
are taking place, allows selecting the action from a dropdown
instead of having a 2-step modal flow,
and also supports additional options for some operations, e.g.
allowing Close silently.
2024-07-23 11:39:27 +10:00
Jan Cernik
a027ec4663
UX: Merge the simplified topic map (#27964)
Replaces the existing topic map with the experimental-topic-map made by @awesomerobot.

---------

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2024-07-22 19:42:29 -03:00
Osama Sayegh
6039b513fe
DEV: Initial parts for a redesigned /about page (#27996)
This commit introduces the foundation for a new design for the /about page that we're currently working on.  The current version will remain available and still be the default until we finish the new version and are ready to roll out. To opt into the new version right now, add one or more group to the `experimental_redesigned_about_page_groups` site setting and members in those groups will get the new version.

Internal topic: t/128545.
2024-07-23 01:35:18 +03:00
Sérgio Saquetim
8ef69f4c56
DEV: Added enter hints for the quick search and sidebar filter (#28022) 2024-07-22 15:33:50 -03:00
David Taylor
a267c0727d
Revert "DEV: Defer button actions with layout change to the next frame paint (#27967)" (#28020)
This is causing issues with some buttons on iOS. Reverting while we investigate.

This reverts commit 352d6f9dfb.
2024-07-22 17:35:23 +01:00
carson chang
747fe63db3
UX: Remove automatic composer prompt when draft exists (#28017) 2024-07-22 09:16:37 -07:00
dependabot[bot]
53ae390835
Build(deps-dev): Bump qunit from 2.21.0 to 2.21.1 (#27998)
Bumps [qunit](https://github.com/qunitjs/qunit) from 2.21.0 to 2.21.1.
- [Release notes](https://github.com/qunitjs/qunit/releases)
- [Changelog](https://github.com/qunitjs/qunit/blob/main/History.md)
- [Commits](https://github.com/qunitjs/qunit/compare/2.21.0...2.21.1)

---
updated-dependencies:
- dependency-name: qunit
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-22 16:34:44 +02:00