Commit Graph

27063 Commits

Author SHA1 Message Date
Roman Rizzi
e5691362df
DEV: add smtp_should_reject to the receive_emails api key scope (#17110) 2022-06-16 13:46:56 -03:00
David Taylor
691afa2593
DEV: Handle emoji-picker and d-editor being destroyed simultaneously (#17109) 2022-06-16 17:16:15 +01:00
David Taylor
c00205730e
FIX: Ensure presence endpoints don't break the session (#17108)
Presence endpoints are often called asynchronously at the same time as other request, and never need to modify the session. Skipping ensures that an unneeded cookie rotation doesn't race against another request and cause issues.

This change brings presence in line with message-bus's behaviour.
2022-06-16 14:38:43 +01:00
David Taylor
a4fc88ce68
FIX: Ensure emoji is inserted in the correct location (#17107)
In the specific case where you start typing an emoji, then open the full emoji picker, the chosen emoji would be inserted in the wrong place. This was an unintentional side effect of the changes in 75d9c16156

This commit updates the `emojiSelected` logic to avoid mutating the 'selected' object, and also adds a test for this specific behaviour.
2022-06-16 12:16:53 +01:00
Arpit Jalan
c39cebc161
PERF: remove server plugin outlet for post (#17105) 2022-06-16 17:21:24 +10:00
Alan Guo Xiang Tan
c625dc0adc
FEATURE: Add messages section links to experimental sidebar. (#17096) 2022-06-16 13:33:40 +08:00
Gerhard Schlager
888f50543d
DEV: Fix javascript:update rake task (#17098)
* The `javascript:update` rake task failed because recent versions of chart.js use a lowercase filename (`chart.min.js` instead of `Chart.min.js`)

* Changed `loadScript()` to use lowercase keys to lookup scripts

* `svg-arrow.css` seems to have changed slightly (linebreak at the end of file)
2022-06-15 19:49:04 +02:00
Isaac Janzen
a7034c5a14
DEV: Update create-account test to be more clear (#17102) 2022-06-15 12:47:47 -05:00
Isaac Janzen
bc0a37b642
DEV: @bind create-account actions (#17100)
DEV: @bind create-account actions

Context: https://github.com/discourse/discourse/pull/16983#discussion_r894721403
2022-06-15 12:36:04 -05:00
David Taylor
275849771f
DEV: Emit a 'change' event when PresenceChannel info changes (#17088)
e.g.

```
presenceChannel = this.presence.getChannel('/blah');
presenceChannel.subscribe();
presenceChannel.on('change', (channel) => console.log(channel.users));
```

This commit also does some refactoring to remove the use of an unnecessary EmberObject and dynamic `defineProperty` call
2022-06-15 16:13:44 +01:00
Martin Brennan
4d3c1ceb44
FEATURE: Log the SMTP response in EmailLog (#17056)
When sending emails with delivery_method_options -> return_response
set to true, the SMTP sending code inside Mail will return the SMTP
response when calling deliver! for mail within the app. This commit
ensures that Email::Sender captures this response if it is returned
and stores it against the EmailLog created for the sent email.

A follow up PR will make this visible within the admin email UI.
2022-06-15 10:28:30 +10:00
Krzysztof Kotlarek
63df2b4550
FIX: whisper available when reply to topic (#17054)
When a user is answering a whisper comment, they cannot change from whisper to regular answer.

However, user can click reply to topic. We keep `postSnapshot` so user can change mind and switch back to reply to post. In that case, a toggle whisper button should appear.

To make it happen, I am ensuring to display a toggle whisper button when user is replying to topic - `postLink` attribute is missing.
2022-06-15 09:59:57 +10:00
Jarek Radosz
39f45c701c
DEV: Mark inline styles as safe (#17093)
Fixes many Ember deprecation warnings like:

```
WARNING: Binding style attributes may introduce cross-site scripting vulnerabilities; please ensure that values being bound are properly escaped. For more information, including how to disable this warning, see https://emberjs.com/deprecations/v1.x/#toc_binding-style-attributes. Style affected: "border-color: #33B0B0; --category-color: #33B0B0;"
```
2022-06-15 01:31:21 +02:00
Jarek Radosz
348b6e848f
FIX: NavItem and Composer prop overriding was broken (#17092) 2022-06-14 21:16:33 +02:00
Alan Guo Xiang Tan
4a240f6c90
DEV: First pass at messages section experimental sidebar (#17084) 2022-06-14 15:56:20 +08:00
Alan Guo Xiang Tan
e7e23e8d9c
FIX: Remove tags from experimental sidebar on notification level changed (#17083)
As part of this commit, a bug where updating a tag's notification level on the server side does not update the state of the user's tag notification levels on the client side is fixed too.
2022-06-14 15:39:56 +08:00
Alan Guo Xiang Tan
0ae7b43018
PERF: Remove total for time to first response report. (#17082)
The query is very inefficient without any constraints on large sites and
the average of all time to first response since the beginning of time is
not useful as well.
2022-06-14 13:27:48 +10:00
Blake Erickson
ae6a907943
SECURITY: banner-info (#17071) 2022-06-13 11:10:21 -06:00
David Taylor
6650218e3d
FIX: Ensure that extract_upload_ids works with all short URLs (#17070)
We do not zero-pad our base62 short URLs, so there is no guarantee that the length is 27. Instead, let's greedily match all consecutive base62 characters and look for a matching upload.

This reverts bd32656157 and 36f5d5eada.
2022-06-13 17:01:27 +01:00
Wolftallemo
be556ef17b
FIX: Skip CSRF token check on webhook routes (#16982)
The `WebhookController` inherits directly from `ActionController::Base`. Since Rails 5.2, forgery protection has been enabled by default. When we applied those new defaults in 0403a8633b, it took effect on this controller and broke integrations.

This commit explicitly disables CSRF protection on these webhook routes, and updates the specs so they'll catch this kind of regression in future.
2022-06-13 15:36:45 +01:00
Jarek Radosz
77632d2d36
DEV: Explicitly allow NavItem customization (#17061)
Allow overriding NavItem's title and displayName. Fixes multiple instances of `computed-property.override` warnings in plugins.
2022-06-13 12:46:04 +02:00
Jarek Radosz
8d0c2cd4f8
DEV: Allow disabling composer submit (#17062)
…without overriding the computed property. Will fix warnings in discourse-perspective-api plugin.
2022-06-13 12:45:47 +02:00
Alan Guo Xiang Tan
e9a77e7f19
FEATURE: Add new/unread counts to tags section links exp sidebar (#17057) 2022-06-13 14:54:01 +08:00
Alan Guo Xiang Tan
95fa4c5d52
DEV: Ensure topic-tracking-state state change callbacks are cleaned up (#17069) 2022-06-13 14:53:02 +08:00
Alan Guo Xiang Tan
94c3bbc2d1
DEV: Centralize user updates to a single MessageBus channel. (#17058)
Introduces an interface to publish user updates on the server side and
helps to reduce the growing number of subscriptions on the client side.
2022-06-13 14:27:43 +08:00
Jarek Radosz
e245839c3c
DEV: Remove old deprecations (#14906) 2022-06-12 21:28:20 +02:00
Jeff Wong
d7d9c10c1d FIX: display translated fallback as the group name for custom emoji groups 2022-06-10 11:10:05 -10:00
Jeff Wong
9a656e18e9 DEV: add translation fallback option for i18n
Allow for a default translation string to be returned when a translation cannot
be found.

Useful in contexts where there is a known fallback, such as custom emoji group
strings.
2022-06-10 11:10:05 -10:00
Joffrey JAFFEUX
532935043c
FIX: allows image to be displayed at the right size 2022-06-10 16:28:58 +02:00
Alan Guo Xiang Tan
ced9a5ee6d
FEATURE: First pass tags section for experimental sidebar. (#17048)
Counts for the section links will be added in a follow up commit.
2022-06-10 09:49:36 +08:00
David Taylor
75d9c16156
DEV: Remove jquery from textarea-manipulation, improve undo handling (#17050)
This commit removes many uses of `this._$textarea`, and also switches us to use `document.execCommand("insertText")` for the majority of manipulations. This means that the browser undo history will be preserved when doing things like pasting rich html, using bold/italic shortcuts, etc.

These manipulations are already extensively tested. This commit extends a few of the tests to verify the undo behavior.

There are still a few cases (e.g. replacing upload placeholders with true URLs) where we don't necessarily want to bring the composer into focus. In those cases, the old history-breaking behavior remains for now.
2022-06-10 10:42:50 +10:00
David Taylor
c054a47d9a
DEV: Add escapeRegExp util (#17051)
This was re-implemented in a number of places - it makes more sense as a utility function.
2022-06-10 10:37:54 +10:00
Isaac Janzen
3ebfde5ea2
DEV: Remove jquery from create-account modal (#16983) 2022-06-09 14:59:33 -05:00
Isaac Janzen
9cd165d6b4
DEV: Add deprecation notice to discourse-common/utils/decorators (#17052) 2022-06-09 13:07:58 -05:00
Isaac Janzen
6ae761604a
FIX: Send quote notifications to correct users when prioritizing full names (#17030) 2022-06-09 11:52:28 -05:00
Penar Musaraj
3f569f1185
A11Y: Add keyboard support for do-not-disturb modal (#17043) 2022-06-09 11:05:01 -04:00
Alan Guo Xiang Tan
946f8a65fd
FEATURE: Display new/unread count for tracked categories in exp sidebar (#17046) 2022-06-09 13:43:17 +08:00
Alan Guo Xiang Tan
cd8c97debc
FEATURE: Add section links to categories section to exp sidebar (#17035)
This commit adds a section link to the categories section for each
category that is tracked by the user in the experimental sidebar.
2022-06-09 11:14:01 +08:00
Alan Guo Xiang Tan
03f674070a
DEV: Remove flaky acceptance test (#17045)
The test was un-skipped in 6f25f17360 but
has since been flaky again. Removing the test completely as it has
resulted in more pain for us than the value the test provides.
2022-06-09 09:56:05 +08:00
Bianca Nenciu
9db8f00b3d
FEATURE: Create upload_references table (#16146)
This table holds associations between uploads and other models. This can be used to prevent removing uploads that are still in use.

* DEV: Create upload_references
* DEV: Use UploadReference instead of PostUpload
* DEV: Use UploadReference for SiteSetting
* DEV: Use UploadReference for Badge
* DEV: Use UploadReference for Category
* DEV: Use UploadReference for CustomEmoji
* DEV: Use UploadReference for Group
* DEV: Use UploadReference for ThemeField
* DEV: Use UploadReference for ThemeSetting
* DEV: Use UploadReference for User
* DEV: Use UploadReference for UserAvatar
* DEV: Use UploadReference for UserExport
* DEV: Use UploadReference for UserProfile
* DEV: Add method to extract uploads from raw text
* DEV: Use UploadReference for Draft
* DEV: Use UploadReference for ReviewableQueuedPost
* DEV: Use UploadReference for UserProfile's bio_raw
* DEV: Do not copy user uploads to upload references
* DEV: Copy post uploads again after deploy
* DEV: Use created_at and updated_at from uploads table
* FIX: Check if upload site setting is empty
* DEV: Copy user uploads to upload references
* DEV: Make upload extraction less strict
2022-06-09 09:24:30 +10:00
tshenry
7fc11327b7
COPY: Use main instead of master for theme installation modal (#17044)
GitHub now uses main as the default branch so it makes sense to update the placeholder in the theme installation modal to use main instead of master.
2022-06-08 11:32:54 -07:00
Penar Musaraj
fd2dbdccdc
A11Y: Keyboard access for /u table headings (#17041) 2022-06-08 13:54:31 -04:00
Arpit Jalan
4bc2d54685
DEV: include time_left information in rate limiting error messages (#17037) 2022-06-08 14:30:41 +05:30
Blake Erickson
3941bad075
DEV: Remove this chained user scope (#17029)
This reverts one of the changes introduced just now in:

27d7b0c6de

I don't think we need this `activated_not_suspended_not_staged` scope
because we can just compose it ourselves via method chaining like
`User.activated.not_suspended.not_staged`.
2022-06-07 15:21:42 -06:00
Blake Erickson
27d7b0c6de
DEV: Add new user scopes (#17026)
Adds two new user scopes:

- `not_staged`
- `activated_not_suspended_not_staged`

This will allow us to easily grab activated users that are not suspended
or staged.

See this PR feedback:

https://github.com/discourse/discourse-chat/pull/913#discussion_r890692266
2022-06-07 12:58:58 -06:00
Isaac Janzen
de1153286d
DEV: Remove reply_as_new_topic from PM composer actions (#17023) 2022-06-07 11:06:42 -05:00
Penar Musaraj
86ab82f057
UX: Remove limit for emoji search in composer (#17014) 2022-06-07 12:00:52 -04:00
Penar Musaraj
4be67ef9a7
UX: Larger images in mobile emoji picker (#17013) 2022-06-07 12:00:09 -04:00
David Taylor
5238f6788c
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.

`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.

This implementation is purely server-side, and does not impact the composer preview.

Technically, there are two stages to this feature:

1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute

2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 15:23:04 +01:00
Joe
98671445a7
UX: hide select-kits when the parent element is outside the viewport
If the select-kit header is not in the viewport (scrolled out of view), popper adds a data-popper-reference-hidden attribute.

This PR adds the recommended styles to "hide" the select-kit body when that happens. See

https://popper.js.org/docs/v2/modifiers/hide/
2022-06-07 16:57:10 +08:00