github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-30 10:53:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
47,813 Commits 214 Branches 500 Tags 960 MiB
eee97ad29a
Commit Graph

47813 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Taylor
eee97ad29a
DEV: Patch capybara to ignore client-triggered errors (#19972) 
In dev/prod, these are absorbed by unicorn. Most commonly, they occur when a client interrupts a message-bus long-polling request.

Also reverts the EPIPE workaround introduced in 011c9b9973
 2023-01-24 11:07:29 +00:00
David Taylor
e2db764cdd
DEV: Remove older ruby version logic (#19971) 
Discourse no longer boots on anything less than 3.1, so these code paths will never be used
 2023-01-24 10:42:56 +00:00
David Taylor
48713653df
DEV: Add failing test for api.modifyClass with native getters (#19911) 
https://meta.discourse.org/t/251793/8
 2023-01-24 10:41:48 +00:00
Martin Brennan
63fdb6dd65
FIX: Do not add empty use/svg tags in ExcerptParser (#19969) 
There was an issue where if hashtag-cooked HTML was sent
to the ExcerptParser without the keep_svg option, we would
end up with empty </use> and </svg> tags on the parts of the
excerpt where the hashtag was, in this case when a post
push notification was sent.

Fixed this, and also added a way to only display a plaintext
version of the hashtag for cases like this via PrettyText#excerpt.
 2023-01-24 14:40:24 +10:00
Vinoth Kannan
799202d50b
FIX: skip email if blank while syncing SSO attributes. (#19939) 
Also, return email blank error in `EmailValidator`  when the email is blank.
 2023-01-24 09:10:24 +05:30
Martin Brennan
0924f874bd
DEV: Use UploadReference instead of ChatUpload in chat (#19947) 
We've had the UploadReference table for some time now in core,
but it was added after ChatUpload was and chat was just never
moved over to this new system.

This commit changes all chat code dealing with uploads to create/
update/delete/query UploadReference records instead of ChatUpload
records for consistency. At a later date we will drop the ChatUpload
table, but for now keeping it for data backup.

The migration + post migration are the same, we need both in case
any chat uploads are added/removed during deploy.
 2023-01-24 13:28:21 +10:00
Krzysztof Kotlarek
ac4ee1a3d4
FIX: TL4 user is not redirected to latest when delete topic (#19967) 
Continue of https://github.com/discourse/discourse/pull/19766

When TL4 is allowed to delete topic, they should not be redirected to / after that action.
 2023-01-24 11:28:04 +11:00
Martin Brennan
110c96e6d7
FIX: Do not count deleted post for upload ref security (#19949) 
When checking whether an existing upload should be secure
based on upload references, do not count deleted posts, since
there is still a reference attached to them. This can lead to
issues where e.g. an upload is used for a post then later on
a custom emoji.
 2023-01-24 10:01:48 +10:00
Blake Erickson
a6291cd854
FEATURE: Add api scope for suspending users (#19965) 
See: https://meta.discourse.org/t/request-separate-api-granular-api-scope-for-suspend-user/249928/5
 2023-01-23 16:20:49 -07:00
Blake Erickson
774feb6614
FEATURE: Add api scope for create invite endpoint (#19964) 
Adds an api scope for the POST /invite endpoint.
 2023-01-23 16:20:22 -07:00
dependabot[bot]
73deb31e3e
Build(deps-dev): Bump selenium-webdriver from 4.7.1 to 4.8.0 (#19959) 2023-01-23 23:53:52 +01:00
dependabot[bot]
d76a30f6a1
Build(deps): Bump rubocop from 1.43.0 to 1.44.0 (#19961) 2023-01-23 23:52:59 +01:00
dependabot[bot]
bc9874033f
Build(deps): Bump qunit from 2.19.3 to 2.19.4 in /app/assets/javascripts (#19962) 2023-01-23 23:52:22 +01:00
dependabot[bot]
b95c301a74
Build(deps): Bump concurrent-ruby from 1.1.10 to 1.2.0 (#19960) 2023-01-23 23:49:46 +01:00
Blake Erickson
09f5235538
FEATURE: Add api scope for search endpoint (#19955) 
Adds two new api scopes for the /search endpoints:

- `/search.json?q=term`
- `/search/query.json?term=term`

see: https://meta.discourse.org/t/search-api-key-permissions/227244
 2023-01-23 14:06:57 -07:00
Joffrey JAFFEUX
ad70a72de9
FIX: adds negative skidding to popper offset (#19958) 
Learn more about skidding here: https://popper.js.org/docs/v2/modifiers/offset/#skidding-1

This change has two goals:
- Fixes an issue when the user had zoomed the viewport and the popper would position on the opposite side
- Makes msg actions arguably more pleasant to the eye by preventing it to be right aligned with the message container
 2023-01-23 16:04:14 -05:00
David Taylor
87316d7a10
SECURITY: Bump Rails to v7.0.4.1 (#19956) 2023-01-23 15:38:49 -05:00
Kris
239815c4a4
UX: fixes and adjustments for user nav (#19954) 2023-01-23 14:28:55 -05:00
Kris
e3a48d2681
FIX: data-popper-reference-hidden too broad (#19937) 2023-01-23 14:28:48 -05:00
Jordan Vidrine
1d7b50a0d3
FIX: Fix margin on mini-tag-chooser (#19953) 2023-01-23 10:39:57 -06:00
Joffrey JAFFEUX
ffd222e883
FIX: prevents msg-actions to show hover text (#19952) 
This case was possible in restrained space when the top of the message was not visible in the viewport.
 2023-01-23 15:59:12 +01:00
Joffrey JAFFEUX
34d158c4aa
FIX: generates automatic slug for trashed channels (#19908) 
Prior to this fix trashed channels would still prevent a channel with the same slug to be created. This commit generates a new slug on trash and frees the slug for future usage.

The format used for the slug is: `YYYYMMDD-HHMM-OLD_SLUG-deleted` truncated to the max length of a channel name.
 2023-01-23 15:05:47 +01:00
Jordan Vidrine
b26e0dcf35
UX: Set penalty history to sticky (#19933) 2023-01-23 07:14:23 -06:00
Jan Cernik
d0c820e816
FEATURE: Add better TikTok onebox support (#19934) 2023-01-23 09:49:02 -03:00
Martin Brennan
641e94fc3c
FEATURE: Allow changing slug on create channel (#19928) 
This commit allows us to set the channel slug when creating new chat
channels. As well as this, it introduces a new `SlugsController` which can
generate a slug using `Slug.for` and a name string for input. We call this
after the user finishes typing the channel name (debounced) and fill in
the autogenerated slug in the background, and update the slug input
placeholder.

This autogenerated slug is used by default, but if the user writes anything
else in the input it will be used instead.
 2023-01-23 14:48:33 +10:00
Krzysztof Kotlarek
ae20ce8654
FIX: TL4 user can see deleted topics (#19946) 
New feature that TL4 users can delete/recover topics and post was introduced https://github.com/discourse/discourse/pull/19766

One guardian was missed to ensure that can see deleted topics
 2023-01-23 12:02:47 +11:00
dependabot[bot]
264f219fba
Build(deps): Bump net-imap from 0.3.1 to 0.3.4 (#19613) 
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.3.1 to 0.3.4.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.3.1...v0.3.4)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:37:00 +01:00
dependabot[bot]
54e5a2e4c4
Build(deps): Bump sass from 1.57.0 to 1.57.1 in /app/assets/javascripts (#19538) 
Bumps [sass](https://github.com/sass/dart-sass) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.57.0...1.57.1)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:36:16 +01:00
dependabot[bot]
8a595c4f5e
Build(deps): Bump erubi from 1.11.0 to 1.12.0 (#19591) 
Bumps [erubi](https://github.com/jeremyevans/erubi) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/jeremyevans/erubi/releases)
- [Changelog](https://github.com/jeremyevans/erubi/blob/master/CHANGELOG)
- [Commits](https://github.com/jeremyevans/erubi/compare/1.11.0...1.12.0)

---
updated-dependencies:
- dependency-name: erubi
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:35:58 +01:00
dependabot[bot]
81721ea0ce
Build(deps): Bump redis-namespace from 1.9.0 to 1.10.0 (#19589) 
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/resque/redis-namespace/releases)
- [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/redis-namespace/compare/v1.9...v1.10.0)

---
updated-dependencies:
- dependency-name: redis-namespace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:18:55 +01:00
dependabot[bot]
87fdbf3d6b
Build(deps): Bump excon from 0.96.0 to 0.97.2 (#19940) 
Bumps [excon](https://github.com/excon/excon) from 0.96.0 to 0.97.2.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.96.0...v0.97.2)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:18:25 +01:00
dependabot[bot]
9bfb942b77
Build(deps): Bump css_parser from 1.13.0 to 1.14.0 (#19804) 
Bumps [css_parser](https://github.com/premailer/css_parser) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/premailer/css_parser/releases)
- [Changelog](https://github.com/premailer/css_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/premailer/css_parser/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: css_parser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:56:29 +01:00
dependabot[bot]
f81c94637a
Build(deps): Bump ember-rfc176-data in /app/assets/javascripts (#19925) 
Bumps [ember-rfc176-data](https://github.com/ember-cli/ember-rfc176-data) from 0.3.17 to 0.3.18.
- [Release notes](https://github.com/ember-cli/ember-rfc176-data/releases)
- [Changelog](https://github.com/ember-cli/ember-rfc176-data/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ember-cli/ember-rfc176-data/compare/v0.3.17...v0.3.18)

---
updated-dependencies:
- dependency-name: ember-rfc176-data
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:56:17 +01:00
dependabot[bot]
1000090fa8
Build(deps): Bump rails-html-sanitizer from 1.4.4 to 1.5.0 (#19943) 
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.4 to 1.5.0.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.4.4...v1.5.0)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:55:35 +01:00
dependabot[bot]
9be9f97373
Build(deps): Bump @babel/standalone in /app/assets/javascripts (#19945) 
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.20.12 to 7.20.13.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.13/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:53:57 +01:00
dependabot[bot]
876688b2f8
Build(deps): Bump regexp_parser from 2.6.1 to 2.6.2 (#19942) 
Bumps [regexp_parser](https://github.com/ammar/regexp_parser) from 2.6.1 to 2.6.2.
- [Release notes](https://github.com/ammar/regexp_parser/releases)
- [Changelog](https://github.com/ammar/regexp_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ammar/regexp_parser/compare/v2.6.1...v2.6.2)

---
updated-dependencies:
- dependency-name: regexp_parser
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:52:30 +01:00
dependabot[bot]
698cfff530
Build(deps): Bump faraday from 2.7.3 to 2.7.4 (#19941) 
Bumps [faraday](https://github.com/lostisland/faraday) from 2.7.3 to 2.7.4.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/compare/v2.7.3...v2.7.4)

---
updated-dependencies:
- dependency-name: faraday
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:52:03 +01:00
dependabot[bot]
36447fb043
Build(deps): Bump jsdom from 21.0.0 to 21.1.0 in /app/assets/javascripts (#19944) 
Bumps [jsdom](https://github.com/jsdom/jsdom) from 21.0.0 to 21.1.0.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/21.0.0...21.1.0)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:39:36 +01:00
Daniel Waterworth
666536cbd1
DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
Kris
f7907a3645
A11Y: remove heading tags from user profile (#19935) 2023-01-20 12:27:07 -05:00
Kris
1521bace4f
A11Y: add secondary skip link to user profiles (#19926) 2023-01-20 10:30:57 -05:00
Kris
7ebd8a44f5
UX: hide date in timeline when wrapping (#19912) 2023-01-20 10:05:16 -05:00
Jordan Vidrine
b412f03b29
UX: Remove left margin (#19932) 2023-01-20 07:59:25 -06:00
Jordan Vidrine
62aa2adc74
UX: Add margin to search keyword (#19931) 2023-01-20 07:40:48 -06:00
Osama Sayegh
0c30f31f17
FIX: Allow modals to scroll on mobile when keyboard is open (#19930) 
Meta topic: https://meta.discourse.org/t/android-keyboard-overlaps-text-when-flagging-with-something-else/249687?u=osama

On Android, it's currently not possible to scroll modals that take input from the user (such as the flagging modal) when the keyboard is open which means that the keyboard can cover up part of the modal with no way for the user to see the covered part without closing the keyboard. This commit adds some CSS to make these modals scrollable when the keyboard is open.
 2023-01-20 14:23:19 +03:00
Ted Johansson
90d452ab6c
FIX: Don't display staff-only options to non-staff in group member bulk menu (#19907) 
In the group member bulk edit menu we are displaying staff-only options
to non-staff. The requests are blocked by the back-end, so there is no
harm other than to the user experience.

Notably the individual user edit menu is correctly filtering out
unavailable options. This change brings the bulk edit menu in line with
that.
 2023-01-20 11:16:04 +08:00
Krzysztof Kotlarek
019ec74076
FEATURE: setting which allows TL4 users to deleted posts (#19766) 
New setting which allows TL4 users to delete/view/recover posts and topics
 2023-01-20 13:31:51 +11:00
Krzysztof Kotlarek
b05f193cf0
FIX: move min tag setting to tags section in edit category (#19789) 
`Minimum number of tags required in a topic` should be in `Tags` panel instead of `Settings`
 2023-01-20 13:30:39 +11:00
Krzysztof Kotlarek
f409e977a9
FIX: deleted misconfigured embeddable hosts (#19833) 
When EmbeddableHost is configured for a specific category and that category is deleted, then EmbeddableHost should be deleted as well.

In addition, migration was added to fix existing data.
 2023-01-20 13:29:49 +11:00
Alan Guo Xiang Tan
f122f24b35
SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 
Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information. 
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope. 
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.
 2023-01-20 09:50:24 +08:00