Commit Graph

34230 Commits

Author SHA1 Message Date
Jeff Wong
a7a7afdb27 FIX: iterate when clearing watched words cache 2019-07-04 08:59:01 -07:00
romanrizzi
2a7d270fd6 Revert "FIX: remove misplaced save button"
This reverts commit f1381a274b.
2019-07-03 10:58:33 -03:00
romanrizzi
f1381a274b FIX: remove misplaced save button 2019-07-03 10:47:54 -03:00
romanrizzi
34d548dbd3 FIX: Remove misplaced outlet 2019-07-03 10:47:43 -03:00
Arpit Jalan
867eebb55e FIX: creating new badge is failing on empty SQL query (#7837) 2019-07-02 15:17:32 +05:30
Gerhard Schlager
b549cab2ad FIX: Don't send notification email when user isn't allowed to see topic 2019-07-02 09:05:36 +10:00
Gerhard Schlager
5b91182985 DEV: Respond with error 400 to uploads requested via XHR
follow-up to 13f38055
2019-06-27 11:30:05 +02:00
Sam Saffron
467e03a2ec DEV: lint file
We no longer need that isAppleDevice require
2019-06-27 11:29:51 +02:00
Joffrey JAFFEUX
a91881280d FIX: closes search-menu on escape (#7804) 2019-06-27 09:34:34 +02:00
Joffrey JAFFEUX
690fb5c4fb FIX: prevents failure when TL was mutated on internal object (#7808) 2019-06-27 09:34:31 +02:00
Gerhard Schlager
9c8aa0a906 SECURITY: XSS in routes
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2019-06-26 16:45:33 +02:00
Bianca Nenciu
3503271959 SECURITY: Escape email text for posts containing [details]. 2019-06-26 16:45:25 +02:00
Neil Lalonde
2c26998f86 Version bump to v2.3.1 2019-06-25 12:26:20 -04:00
Neil Lalonde
6411810630 Update translations 2019-06-25 11:50:50 -04:00
Sam Saffron
0fa02274c2 DEV: bump version on mini_scheduler
This corrects a catastrophic state that can ensue if redis becomes readonly

It also adds support for multiple queues and minor cleanup
2019-06-25 11:50:19 -04:00
Penar Musaraj
8b963bce37 FIX: Do not refresh all settings on save for all settings, limit to only a few
- Followup to 0e303c7f5d

- Automatically reloads site settings after saving only for the logo, logo_small and large_icon settings.
2019-06-25 11:49:09 -04:00
Penar Musaraj
e1822034dc FIX: use correct name for selectable_avatars_enabled site setting 2019-06-25 11:48:56 -04:00
Maja Komel
faf059e018 FIX: remove temporary hack for fixed iOS bug (#7773)
A bug where input focus is displaced on modals was fixed in iOS 11.3 update. This hack was causing problems on topic page since hiding main-outlet results in lost read position after opening and closing a modal.
2019-06-25 11:48:42 -04:00
Joffrey JAFFEUX
f2d5cde24c FIX: category-chooser search should be scoped to category (#7794) 2019-06-24 11:31:41 +02:00
Neil Lalonde
0bcb62fc2d Version bump to v2.3.0 2019-06-17 20:47:22 -04:00
Neil Lalonde
04be572a92 Merge diffs from master 2019-06-17 20:07:19 -04:00
Neil Lalonde
a4308fdd43 Merge master 2019-06-17 20:04:04 -04:00
Jeff Wong
893b50031d
replace subfolder on cdn url conversion between general cdn and s3 (#7764)
When both a cdn URL and an s3 cdn URL defined, subfolder paths were leaking
through to the s3 cdn URL. If we are replacing the cdn url with the s3_cdn url,
we also need to make sure that the subpath is removed as well, as it appears in
the original cdn url.

The test should give a fairly good gist of the situations - in subfolder
situations where s3_cdn and a cdn is defined:
`asset_path` returns the asset with a subfolder, in the form `{cdn_url}/{subfolder}/{asset_path}`

Currently this is being replaced to `{s3_cdn_url}/{subfolder}/{asset_path}`
I am proposing we change this to: `{s3_cdn_url}/{asset_path}` as it seems like
for s3_cdn urls we should not be carrying around app subfolder pathing anywhere
we are looking up s3 paths.
2019-06-17 11:51:17 -07:00
Neil Lalonde
dbc59cfe61 Update translations 2019-06-17 13:25:37 -04:00
David Taylor
40cbcc7720 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 18:20:48 +01:00
David Taylor
e6e47f2fb2 SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
David Taylor
52387be4a4 SECURITY: Add confirmation screen when logging in via email link 2019-06-17 16:18:37 +01:00
David Taylor
5f6f707080 Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
This reverts commit b8340c6c8e.
2019-06-17 16:17:10 +01:00
David Taylor
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
Robin Ward
89e0d8c521 FIX: There is new behavior on a live site, staff are granted access. 2019-06-17 08:17:39 -04:00
Arpit Jalan
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
Joffrey JAFFEUX
59e84e8e05
DEV: skip tests instead of commenting them (#7774) 2019-06-17 10:24:20 +02:00
Arpit Jalan
102be5a9e3 DEV: optimize fix for sub-categories not getting pre-filled. 2019-06-17 13:28:08 +05:30
tshenry
c909033f2b Add plugin outlets to login/create-account modals (#7770) 2019-06-17 16:22:00 +10:00
Sam Saffron
10b94e4530 Attempt to get travis to run tests correctly 2019-06-17 16:14:26 +10:00
Sam Saffron
704c579550 FIX: do not allow unbound membership lookups
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
Sam Saffron
fe4f0a4369 FIX: staged users should not be included in TL groups
staged users should not be included in any automatic groups cause for all
purposes they do not exist.
2019-06-17 15:10:47 +10:00
Joffrey JAFFEUX
32cd9ba59b
FIX: ensures local-dates modal is not taking full height on mobile (#7772) 2019-06-16 08:48:07 +02:00
Arpit Jalan
48b9e0d749 FIX: sub-categories was not getting selected for pre-filled topics 2019-06-15 13:46:15 +05:30
Kris
9cb656250d FIX: Allow tall tables to scroll vertically on iOS 2019-06-14 14:26:59 -04:00
Penar Musaraj
4bbb43cb2b DEV: pull plugin repos before linting them 2019-06-14 13:50:15 -04:00
Robin Ward
035e63c81f FIX: Allow the clear callbacks to execute in acceptance tests 2019-06-14 13:29:13 -04:00
Penar Musaraj
73bce82c82 Exclude plugins from RuboCop checks
Since official plugins are now in the discourse_test image, rubocop catches issues in plugins.

This is a temporary measure.
2019-06-14 10:06:26 -04:00
Robin Ward
a8793d0d9a REFACTOR: Test Memory Usage Fixes (#7769)
* Calling `Discourse.reset()` creates a new container
We should run our de-initializers only after acceptance tests,
since initializers are not run outside of acceptance tests anyway,
and the container at this point can be passed properly to the
`teardown()` method.

* Remove `Discourse.reset` from tests
This would cause a new container to be created which leaks many objects.

* `updateCurrentUser` is more accurate than `replaceCurrentUser`
2019-06-14 14:54:20 +02:00
Guo Xiang Tan
c3381b845b DEV: Install diffy in production for rake posts:inline_uploads task. 2019-06-14 14:42:53 +08:00
Guo Xiang Tan
77c06384c0 Fix the build. 2019-06-14 13:56:35 +08:00
Guo Xiang Tan
5d16d10a9e DEV: Fix edge case for InlineUploads. 2019-06-14 13:48:03 +08:00
Sam Saffron
ecb2fd8222 DEV: improve db:create to catch all cases
- No RAILS_ENV - create multisite / dev / test
- `test` RAILS_ENV - create multisite / test
2019-06-14 15:47:05 +10:00
Guo Xiang Tan
befb074c98 DEV: InlineUploads should process CDN upload URLs as well. 2019-06-14 13:14:37 +08:00
Sam Saffron
a01488ae67 DEV: improve on rake db:create
Followup on 3af00a65 which broke build
2019-06-14 15:06:07 +10:00