Commit Graph

425 Commits

Author SHA1 Message Date
Guo Xiang Tan
db41af1c3c SECURITY: CSRF vulnerabilities in Admin::BackupsController. 2017-03-23 10:42:21 +08:00
Robin Ward
41307c3d1c SECURITY: Moderators should not be able to access customizations 2017-01-06 14:42:53 -05:00
Guo Xiang Tan
ad4a96d387 FIX: Only send membership request to the last 5 active group owners. 2017-01-03 15:33:57 +08:00
Guo Xiang Tan
a5fead3857 UX: Redesign group page to follow user page. 2016-12-22 13:08:59 +08:00
Arpit Jalan
563bcfb705 FIX: make upload extension optional in route 2016-12-19 15:06:03 +05:30
Arpit Jalan
ab6843dcde FIX: username route was broken 2016-12-16 23:56:22 +05:30
Guo Xiang Tan
d8541c589a FIX: Incorrect route for updating username. 2016-12-17 00:23:12 +08:00
Régis Hanol
197517d55e FIX: locally uploaded audio & video files should onebox even when the extension is uppercase 2016-12-15 23:21:44 +01:00
Guo Xiang Tan
8bd1ac53f1 FIX: Don't include format in route ids. 2016-12-14 13:57:51 +08:00
Guo Xiang Tan
05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Arpit Jalan
ce974da9e5 FIX: simplify CSV file upload 2016-12-05 14:09:08 +05:30
Sam
39a524aac8 FEATURE: brotli cdn bypass for assets
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Guo Xiang Tan
559918c6c6 PERF: Add endpoint to check if a group can be mentioned by user. 2016-11-26 02:20:46 +08:00
Guo Xiang Tan
5794f1619d PERF: Fix N+1 queries when loading groups. 2016-11-26 02:20:26 +08:00
Sam
88a46be051 FEATURE: display text excerpts when scrolling on mobile 2016-11-25 11:35:29 +11:00
Guo Xiang Tan
0b28075c00 Revert "REFACTOR: ajax defaults to json data type for GET requests."
This reverts commit af0b6ce53d.
2016-11-24 16:47:18 +08:00
Guo Xiang Tan
af0b6ce53d REFACTOR: ajax defaults to json data type for GET requests. 2016-11-24 16:20:17 +08:00
Neil Lalonde
47aa3d94aa FEATURE: send digest preview to an email address 2016-11-23 17:51:57 -05:00
Sam
e2c87da42a FEATURE: Add basic support for Safe Mode
In Safe Mode all JS extensions and site customizations are disabled.

To access Safe Mode visit `sitename.org/safe-mode`
2016-11-21 16:46:14 +11:00
Dmitry Demenchuk
6df6b59259 Remove useless routing for ForumsController 2016-10-27 15:25:16 +01:00
Robin Ward
19e2eec219 Allow step 0 to resend the confirmation email 2016-10-21 11:34:19 -04:00
Robin Ward
c03d25f170 FEATURE: Configure Admin Account
Adds a "Step 0" to the wizard if the site has no admin accounts where
the user is prompted to finish setting up their admin account from the
list of acceptable email addresses.

Once confirmed, the wizard begins.
2016-10-19 11:27:56 -04:00
Arpit Jalan
12894a4876 FIX: dots in group name was breaking route 2016-10-12 23:36:10 +05:30
Sam
6031e692f0 Merge pull request #4366 from xfalcox/print
Print Support
2016-10-11 11:47:20 +11:00
Sam
3e513f5c05 Merge pull request #4459 from vibol/master
FEATURE: sparkpost webhook
2016-10-10 17:17:17 +11:00
Blake Erickson
5c131d3e10 Remove route to action that doesn't exist
Removed the `post "t"` route from the routes file because the
`topics#create` action doesn't exist in the topics controller. New
topics are created in the posts controller.
2016-10-03 07:17:13 -06:00
Vibol Hou
34af73c7cb FEATURE: sparkpost webhook 2016-09-26 22:13:34 -07:00
Rafael dos Santos Silva
c12e533273 Feature: Adds a button to print a topic 2016-09-26 20:44:50 -03:00
Robin Ward
c94e6f1b96 Add locale step 2016-09-22 09:52:19 -04:00
Robin Ward
3a4615c205 Wizard: Step 1 2016-09-22 09:48:58 -04:00
Robin Ward
0471ad393c Scaffold for new Wizard - Rails / Ember / Tests 2016-09-22 09:48:58 -04:00
Robin Ward
6070939daa Support for other i18n bundles 2016-09-22 09:48:58 -04:00
Guo Xiang Tan
547750e9dd Unify API keys and web hooks into a single admin nav header. 2016-09-20 05:22:03 +08:00
Erick Guan
00d5facf36 FEATURE: prompts new webhook events 2016-09-19 12:07:17 +08:00
Sam
75f3f7fcbd FEATURE: clean API method for reading a single notification 2016-09-16 16:14:15 +10:00
Erick Guan
9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Régis Hanol
e064e6f7a3 FEATURE: new 'categories_and_latest' endpoint 2016-08-29 22:47:44 +02:00
Sam
416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Sam
b7cea24d76 FEATURE: more user API flow, support key creation 2016-08-16 17:06:52 +10:00
Neil Lalonde
3b792054f2 Merge pull request #4387 from gdpelican/feature/tags-intersection
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel
037e9bb7b8 Support any number of tag intersections 2016-08-15 15:30:17 -04:00
Sam
fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel
7e73b933c7 First pass 2016-08-12 15:28:46 -04:00
Sam
7e4503dd99 FEATURE: basic info route for all sites, even ones that require login
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam
afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Guo Xiang Tan
0a942dbc73 FEATURE: Avoid creating an archive for database only backups. 2016-08-03 16:23:46 +08:00
Régis Hanol
c4b52b1a19 GET is a more RESTy verb for '/users/:username/emails' 2016-07-27 20:15:28 +02:00
Andre Pereira
8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Neil Lalonde
11b3b5e30a FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter 2016-07-25 16:16:18 -04:00
Sam
8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00