Guo Xiang Tan
e6f06f020d
Version bump to v1.7.6
2017-03-23 10:43:43 +08:00
Guo Xiang Tan
db41af1c3c
SECURITY: CSRF vulnerabilities in Admin::BackupsController
.
2017-03-23 10:42:21 +08:00
Neil Lalonde
15b0a9a16f
Version bump to v1.7.5
2017-03-20 11:59:53 -04:00
Guo Xiang Tan
2daed01070
SECURITY: Disallow symlinks when restoring uploads.
2017-03-17 14:29:37 +08:00
Robin Ward
c14d98354b
SECURITY: Don't use backticks for exporting your archive
2017-03-16 16:27:52 -04:00
Sam
0f6a2b912a
SECURITY: always allow staff to resend activation mails
2017-03-13 10:33:21 -04:00
Guo Xiang Tan
1c44c87945
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:57:21 +08:00
Guo Xiang Tan
8c5e13afd6
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 20:57:17 +08:00
Guo Xiang Tan
395f43d92f
FIX: Don't mark user as active
if verified email is different.
2017-03-13 20:57:02 +08:00
Neil Lalonde
f6b43f987c
Version bump to v1.7.4
2017-03-08 12:18:34 -05:00
Robin Ward
2c9a43e4fd
Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
...
This reverts commit 1060239e2d
.
2017-02-27 13:37:08 -05:00
Guo Xiang Tan
415bad645e
FIX: Mobile topic timeline broken on Chrome 56.
...
* See https://developers.google.com/web/updates/2017/01/scrolling-intervention .
From Chrome 56 onwards, `touchstart` event listeners are treated as passive
by default which does not call `preventDefault` resulting in the page
scrolling when topic timeline handle is being dragged.
2017-02-27 13:21:41 +08:00
Guo Xiang Tan
5cd680b0be
SECURITY: Ensure oAuth authenticated email is the same as created user's email.
2017-02-24 15:40:31 +08:00
Guo Xiang Tan
465660bdfc
Revert "SECURITY: Ensure that user has been authenticated."
...
This reverts commit d1091f7f57
.
2017-02-24 15:39:56 +08:00
Guo Xiang Tan
d1091f7f57
SECURITY: Ensure that user has been authenticated.
2017-02-24 11:46:59 +08:00
Sam
7912966209
SECURITY: inactive/suspended accounts should be banned from api
...
Also fixes edge cases around users presenting multiple credentials
2017-02-17 11:09:08 -05:00
Neil Lalonde
a86807b39b
Version bump to v1.7.3
2017-02-13 16:45:01 -05:00
Sam
47b9eb6dbb
new: server plugin outlet for indexable robots.txt
2017-02-13 14:05:08 -05:00
Sam
1d3f04d4bb
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:48 -05:00
Sam
5fc70471be
UX: less restrictive selector to allow for plugin outlets
...
Currently plugin outlets in LIs will generate a wrapping SPAN,
this makes an allowence in core for nave extenstions (like solved does)
2017-02-02 12:18:22 -05:00
Neil Lalonde
839a5e6e42
Version bump to v1.7.2
2017-01-26 13:32:57 -05:00
Robin Ward
2f78facb48
SECURITY: Prevent large onebox downloads, better timeout support
2017-01-25 14:59:35 -05:00
Guo Xiang Tan
d4ca8ea617
Fix broken emojis.
2017-01-24 16:18:39 +08:00
Régis Hanol
f49c9f6c43
FIX: log backups download/destroy staff action
...
FIX: clean up junk left by the specs
RENAME: 'backup_operation' to 'backup_create' to match other backup log types
2017-01-16 19:58:04 +01:00
Robin Ward
8f34c2332d
Version bump to v1.7.1
2017-01-13 11:08:58 -05:00
Régis Hanol
9f3c38832e
FIX: don't onebox to IP addresses
2017-01-12 22:36:59 +01:00
Arpit Jalan
1570c4e4a7
Update Translations
2017-01-12 13:26:45 +05:30
Guo Xiang Tan
0f574f641e
UX: Truncate topic link title/URL on desktop to prevent overflow.
2017-01-12 12:24:39 +08:00
Guo Xiang Tan
38496985ef
Fix syntax error.
2017-01-12 10:03:37 +08:00
Guo Xiang Tan
23d4435af1
Oops.
2017-01-12 09:56:20 +08:00
Guo Xiang Tan
79c80f9974
Make mention bot assign reviewers for collaborators as well.
2017-01-12 09:44:22 +08:00
Guo Xiang Tan
d0e3312d92
Merge pull request #4646 from tgxworld/log_readonly_mode_changes
...
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:43:51 +08:00
Guo Xiang Tan
515f50e42e
FEATURE: Log admin action when readonly mode is changed.
2017-01-12 09:41:02 +08:00
Jeff Atwood
240c4870cf
FIX: add noopener to website field in user profile
2017-01-11 15:38:37 -08:00
Régis Hanol
887e9af84f
FEATURE: new 'max_image_megapixels' site setting
2017-01-11 23:37:12 +01:00
Régis Hanol
fee5f082b8
Merge pull request #4647 from pfaffman/bbpress-missing-display-name
...
Bbpress missing display name
2017-01-11 21:57:44 +01:00
Régis Hanol
f3a325ac0f
bump onebox
2017-01-11 21:55:31 +01:00
Jay Pfaffman
ffbaf374c8
use .presence rather than DIY checking
2017-01-11 12:55:25 -08:00
Jay Pfaffman
e307bbccf9
Merge branch 'master' of github.com:discourse/discourse into bbpress-missing-display-name
2017-01-11 11:28:38 -08:00
Jay Pfaffman
c5d6bfe7e2
bbpress: Use nicename if display_name is missing
2017-01-11 11:26:55 -08:00
Neil Lalonde
b177827841
more specs for staff action logging
2017-01-11 11:41:21 -05:00
Robin Ward
6c3426d266
Let's not notify for trust levels on Staff, either
2017-01-11 11:25:04 -05:00
Rafael dos Santos Silva
3a3a464a32
Merge pull request #4642 from miromichalicka/master
...
Add support for import from Drupal 6
2017-01-11 12:56:52 -02:00
Arpit Jalan
e793caf3e3
FIX: only allow CSV file to be uploaded for bulk invite
2017-01-11 16:26:01 +05:30
Régis Hanol
dfb633fde3
remove 'already initialized constant' warning
2017-01-11 11:03:36 +01:00
Guo Xiang Tan
d6bf5b0e78
Use any
orientation for web app manifest.
2017-01-11 17:32:24 +08:00
Guo Xiang Tan
1758af9a1d
FIX: Perform emoji unescape for topic titles in quotes.
2017-01-11 17:23:13 +08:00
Guo Xiang Tan
cdd550e947
Use a different Redis key when PG failover sets site to readonly mode.
2017-01-11 16:38:49 +08:00
Guo Xiang Tan
77045eb1f1
Merge pull request #4644 from olach/tab-size
...
Display tabs with smaller widths for code blocks
2017-01-11 14:49:16 +08:00
Jeff Atwood
9103ba30ad
switch from "API Requests" to "Pageviews"
2017-01-10 17:02:23 -08:00