Sam
ad5f502332
FIX: add a basic validator for topic params
...
This cuts down on log noise when people try out sql injection
2018-08-14 17:01:04 +10:00
Sam
6cae47aa53
collect extra environment correctly
2018-08-13 16:33:28 +10:00
Sam
168ffd8384
FEATURE: group warnings about IP level rate limiting
2018-08-13 14:38:20 +10:00
Guo Xiang Tan
d10c9d7d75
FIX: Missing extensions for non-image uploads due to 2b57239389
.
2018-08-13 10:58:55 +08:00
Jay Pfaffman
71a1d75d7e
FIX: disable_2fa fix method selection
...
The previous code resulted in
NameError: undefined local variable or method `totp' for main:Object
I now understand what @tgxworld meant about we should only disable totp when I submitted this before.
This is the kind of Ruby stuff that I still don't understand well,(perhaps this isn't the most Ruby way to do this?) but this does what I think is supposed to happen. And it worked just now.
2018-08-10 14:45:40 -07:00
Osama Sayegh
865cb3feb9
FIX: allow selecting site's default theme from preference
2018-08-10 14:12:02 +03:00
Sam
ea8394b080
typo in error message
2018-08-10 11:34:01 +10:00
Sam
1fc2597626
better error handling for upload extension fixer
2018-08-10 11:28:22 +10:00
Gerhard Schlager
b9072e8292
FEATURE: Add "Reset Bump Date" action to topic admin wrench ( #6246 )
2018-08-10 10:51:03 +10:00
Gerhard Schlager
ef4b9f98c1
FEATURE: Allow admins to reply without topic bump
2018-08-10 10:48:30 +10:00
Neil Lalonde
d77dccc636
FIX: user-deleted posts with deferred flags can be destroyed
2018-08-09 14:54:31 -04:00
Gerhard Schlager
6ddf7fcd1f
Fix warnings about already initialized constants
2018-08-09 17:29:02 +02:00
Robin Ward
5895507153
FEATURE: Ability for plugins to whitelist custom fields for flags
...
You can now call `whitelist_flag_post_custom_field` from your plugins
and those custom fields will be available on the flagged posts
area of the admin section.
2018-08-09 10:49:14 -04:00
Sam
ed4c0f256e
FIX: check permalinks for deleted topics
...
- allow to specify 410 vs 404 in Discourse::NotFound exception
- remove unused `permalink_redirect_or_not_found` which
- handle JS side links to topics via Discourse-Xhr-Redirect mechanism
2018-08-09 15:05:12 +10:00
Guo Xiang Tan
1ea23b1eae
FIX: Wrong order for S3Helper#copy_file
.
2018-08-08 15:58:54 +08:00
Guo Xiang Tan
0879610ffd
Add missing require in uploads:fix_incorrect_extensions
.
2018-08-08 15:39:37 +08:00
Sam
a35f2984e9
FIX: support Arrays with Marshal dump in distributed cache
...
Theme cache uses arrays here
2018-08-08 16:44:56 +10:00
Guo Xiang Tan
17047806b9
Add a rake task to fix uploads with wrong extension.
2018-08-08 13:15:17 +08:00
Osama Sayegh
0b7ed8ffaf
FEATURE: backend support for user-selectable components
...
* FEATURE: backend support for user-selectable components
* fix problems with previewing default theme
* rename preview_key => preview_theme_id
* omit default theme from child themes dropdown and try a different fix
* cache & freeze stylesheets arrays
2018-08-08 14:46:34 +10:00
Guo Xiang Tan
aafff740d2
Add FileStore::S3Store#copy_file
.
2018-08-08 11:30:34 +08:00
Neil Lalonde
4e6e4a83df
FIX: subfolder digest emails have incorrect URLs
2018-08-07 16:38:17 -04:00
Neil Lalonde
1fcb5c1b6d
Version bump to v2.1.0.beta4
2018-08-07 12:32:57 -04:00
Guo Xiang Tan
2b57239389
FIX: Upload's content is the only source of truth for the file type.
2018-08-07 13:15:00 +08:00
Sam
4b000f5d12
FIX: do not use lib
for requires
...
this breaks loading the app from arbitrary dirs
2018-08-07 11:04:29 +10:00
Arpit Jalan
ffc8c52bf5
FIX: store welcome topic id in custom field
2018-08-06 23:46:03 +05:30
David Taylor
812add18bd
REFACTOR: Serve auth provider information in the site serializer.
...
At the moment core providers are hard-coded in Javascript, and plugin providers get added to the JS payload at compile time. This refactor means that we only ship enabled providers to the client.
2018-08-06 09:25:48 +01:00
Régis Hanol
0cd9e2acb9
fix build
2018-08-04 01:56:26 +02:00
Joffrey JAFFEUX
066010db7d
FEATURE: introduces list/compact_list components
2018-08-03 16:41:37 -04:00
Régis Hanol
ac2513b0f2
FEATURE: automatic PM when a user's email is revoked
2018-08-03 16:39:22 +02:00
Jeff Atwood
c81bad3232
Merge pull request #6232 from OsamaSayegh/message-email-short-reply
...
UX: better rejection message when reply via email is too short
2018-08-02 14:25:04 -07:00
OsamaSayegh
a157dfd418
UX: better rejection message when reply via email is too short
2018-08-02 22:43:53 +03:00
Régis Hanol
14bbd5d167
FIX: use the right URL when downloading the file from S3
2018-08-02 10:04:41 +02:00
Penar Musaraj
4a872823e7
Improvements to user drafts ( #6226 )
...
* drafts in user profile: only show to user herself (not to admins), use avatar replying to (instead of topic OP), add keyboard shortcut for drafts, simplify display labels
* use JSON when testing Draft.stream
2018-08-02 07:41:27 +10:00
Régis Hanol
0f1137dafa
FIX: 'migrate_from_s3' rake task wasn't handling short urls
2018-08-01 22:58:46 +02:00
Jeff Wong
059862ed46
Mark discord auth plugin official
2018-08-01 09:33:14 -07:00
Neil Lalonde
b829452c75
Merge pull request #6209 from discourse/mini_scheduler
...
REFACTOR: extract scheduler to the mini_scheduler gem
2018-08-01 10:28:24 -04:00
Joffrey JAFFEUX
0b9437cee7
FIX: more resilient/consistent dashboard caching ( #6223 )
2018-08-01 09:45:50 -04:00
Gerhard Schlager
a115aae45f
Use rchardet instead of charlock_holmes gem
2018-08-01 10:41:20 +02:00
Gerhard Schlager
ff942ed2f3
FIX: Try detecting encoding of RSS feed
2018-08-01 10:41:20 +02:00
Penar Musaraj
1f45215537
FEATURE: Drafts view in user profile
...
* add drafts.json endpoint, user profile tab with drafts stream
* improve drafts stream display in user profile
* truncate excerpts in drafts list, better handling for resume draft action
* improve draft stream SQL query, add rspec tests
* if composer is open, quietly close it when user opens another draft from drafts stream; load PM draft only when user is in /u/username/messages (instead of /u/username)
* cleanup
* linting fixes
* apply prettier styling to modified files
* add client tests for drafts, includes a fixture for drafts.json
* improvements to code following review
* refresh drafts route when user deletes a draft open in the composer while being in the drafts route; minor prettier scss fix
* added more spec tests, deleted an acceptance test for removing drafts that was too finicky, formatting and code style fixes, added appEvent for draft:destroyed
* prettier, eslint fixes
* use "username_lower" from users table, added error handling for rejected promises
* adds guardian spec for can_see_drafts, adds improvements following code review
* move DraftsController spec to its own file
* fix failing drafts qunit test, use getOwner instead of deprecated this.container
* limit test fixture for draft.json testing to new_topic request only
2018-08-01 16:34:54 +10:00
Vinoth Kannan
6aee22b88f
FIX: Onebox images are not downloaded locally without css class
2018-08-01 02:51:02 +05:30
Neil Lalonde
4ad7ce70ce
REFACTOR: extract scheduler to the mini_scheduler gem
2018-07-31 17:12:55 -04:00
Arpit Jalan
afe3b00c0f
FIX: use hidden setting for max export file size
2018-07-31 11:25:28 +05:30
Sam
f0c203a5cf
clean up previous commit
2018-07-31 14:50:02 +10:00
Jay Pfaffman
b55d9e63a0
Rake mail test debugging ( #6171 )
...
* FEATURE: rake emails:test add debugging
* Oops! Remove safety code
* more language tweaks
2018-07-31 14:45:59 +10:00
Neil Lalonde
fd29ecb91a
UX: include a flag reason in the post-deleted-by-staff-because-of-flags message
2018-07-30 16:45:46 -04:00
Régis Hanol
8f1db615db
FIX: don't break restore if function does not exist
2018-07-30 22:11:38 +02:00
Arpit Jalan
17b851cf08
FEATURE: show last updated date for wiki topics
2018-07-30 20:27:49 +05:30
David Taylor
6566b2f11a
FEATURE: Allow revoke and connect for Instagram logins
2018-07-30 14:38:53 +01:00
Arpit Jalan
dfcb2a0d42
FEATURE: include published_time in metadata
2018-07-30 17:09:56 +05:30
David Taylor
8d1acbd4c2
DEV: Include specific authenticator name in warning message
2018-07-30 11:33:48 +01:00
Guo Xiang Tan
b94633e844
FIX: FileHelper
should prioritize response content-type.
...
Request to a URL with `.png` extension may return a jpg
instead causing us to attach the wrong extension to an
upload.
2018-07-30 10:54:36 +08:00
David Taylor
5f1fd0019b
FEATURE: Allow revoke and connect for GitHub logins
2018-07-27 17:18:53 +01:00
David Taylor
6296f63804
FEATURE: Revoke and connect for Yahoo logins
2018-07-27 16:20:47 +01:00
David Taylor
9c72c00206
FEATURE: Revoke and reconnect for Twitter logins
2018-07-27 12:28:51 +01:00
Arpit Jalan
c74dd2fa08
FIX: welcome topic should not be a private message
2018-07-27 15:15:13 +05:30
Guo Xiang Tan
6740631fdb
TEMPFIX: Fix broken restores.
2018-07-27 12:48:16 +08:00
Neil Lalonde
135c803f49
FIX: don't send PM if flagged post is deleted but flags were deferred or cleared
2018-07-26 15:12:31 -04:00
Neil Lalonde
a74024b1c9
Version bump to v2.1.0.beta3
2018-07-26 14:16:06 -04:00
David Taylor
467c529920
FIX: Remove return statement from inside block
2018-07-26 15:52:39 +01:00
David Taylor
88241f57a3
FEATURE: allow auth plugins to have a site setting for full screen login
2018-07-26 11:11:16 +01:00
Nick Shearer
def2c977ce
allow auth plugins to have a site setting for if they should be full screen vs popup window
2018-07-25 19:20:11 -05:00
Régis Hanol
f94aeaf6cf
SECURITY: force IM decoder based on file extension - part 3
2018-07-25 23:55:06 +02:00
Régis Hanol
800c57c6ab
SECURITY: force IM decoder based on file extension - part 2
2018-07-25 23:08:02 +02:00
Régis Hanol
4bf3bf6786
SECURITY: force IM decoder based on file extension
2018-07-25 22:00:04 +02:00
David Taylor
0d0d78841b
FIX: Remove plugin.enabled?
checks at initialization time ( #6166 )
...
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.
Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.
I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
Joffrey JAFFEUX
796639a797
FIX: makes disk_space computation more resilient ( #6172 )
2018-07-25 11:04:01 -04:00
David Taylor
fa399ce1c5
FEATURE: Add revoke and reconnect functionality for google logins
2018-07-25 16:03:14 +01:00
Joffrey JAFFEUX
578c8e861b
FIX: refreshes disk_space on backup create/destroy ( #6169 )
2018-07-25 08:26:30 -04:00
David Taylor
776fd0de66
FIX: Filter open-id logins by identifier
2018-07-25 11:47:09 +01:00
Gerhard Schlager
84d14fd8a0
FIX: Don't rely on setting data type read from database
2018-07-25 11:40:59 +02:00
Neil Lalonde
417bcf7d2e
add checks for staff and system user before sending flags_agreed_and_post_deleted message
2018-07-24 19:25:11 -04:00
Neil Lalonde
fe39cdc90a
FEATURE: when a post is deleted because a moderator agreed with flags, send a message to the post author
2018-07-24 17:17:56 -04:00
Robin Ward
7058205f70
FIX: Broken specs
2018-07-24 12:00:34 -04:00
Robin Ward
236243f38a
SECURITY: Consider 0.0.0.0
a private IP
2018-07-24 11:16:27 -04:00
Joffrey JAFFEUX
7a3c541077
UX: Preview multiple color schemes in wizard ( #6151 )
...
It was a dropdown to provide choices of color schemes,
and only one scheme could be shown.
With this commit, multiple color scheme previews can be displayed on
one page at the same time, making admins choose color schemes more
easily.
Theme preview windows are shrinked.
Imported default color schemes.
Co-Authored-By: Misaka 0x4e21 <misaka4e21@gmail.com>
2018-07-24 09:00:20 -04:00
Guo Xiang Tan
fa19d3a53c
Merge pull request #6108 from discourse/transaction-sidekiq-fix
...
Fix notifications for topics moved between categories
2018-07-24 17:44:03 +08:00
David Taylor
20a21b1240
Move into MiniSQLMultisiteConnection, and add test for rollback
2018-07-24 09:41:55 +01:00
Guo Xiang Tan
fad9c2b971
PERF: Move EmailLog#reply_key
into new post_reply_keys
table.
2018-07-24 13:51:53 +08:00
Guo Xiang Tan
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
Gerhard Schlager
e42038eae2
Rake task called method with wrong arguments
2018-07-24 00:10:09 +02:00
David Taylor
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
Guo Xiang Tan
b165cfdfbe
FIX: Raise a better error in SiteSettings::TypeSupervisor
.
2018-07-19 16:41:00 +08:00
Arpit Jalan
14a0879658
FIX: allow Twitter videos to go fullscreen
2018-07-19 10:22:36 +05:30
David Taylor
2dc3a50dac
FIX: Do not update last seen
time for suspended users
2018-07-18 16:04:57 +01:00
Régis Hanol
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
Sam
379384ae1e
FIX: never block /srv/status which is used for health checks
...
This route is also very cheap so blocking it is not required
It is still rate limited and so on elsewhere
2018-07-18 12:37:01 +10:00
Guo Xiang Tan
3874d40910
Prepare to drop EmailLog#topic_id
.
2018-07-18 10:22:24 +08:00
Guo Xiang Tan
1d74ccaaf8
Add compatibility for ImageMagick7.
2018-07-17 15:50:58 +08:00
Arpit Jalan
a7ec949e02
make RuboCop happy
2018-07-17 13:15:44 +05:30
Arpit Jalan
7c7509e1bd
FEATURE: update TwitterApi for prettifying like/retweet count
2018-07-17 12:59:40 +05:30
Neil Lalonde
7b3ef4d13f
FIX: use email color settings consistently in notification emails
2018-07-16 12:30:42 -04:00
Rishabh
a6c589d882
FEATURE: Add custom S3 Endpoint and DigitalOcean Spaces/Minio support for Backups ( #6045 )
...
- Add custom S3 Endpoints and DigitalOcean Spaces support
- Add Minio support using 'force_path_style' option and fix uploads to custom endpoint
2018-07-16 14:44:55 +10:00
Jay Pfaffman
0ed2834c2d
FEATURE: Add users:disable_2factor rake task
...
https://meta.discourse.org/t/admin-locked-out-of-2fa/92156/2?u=pfaffman
2018-07-16 09:56:55 +08:00
Arpit Jalan
b1082924b9
FIX: do not validate topic deletions
2018-07-13 22:53:36 +05:30
Guo Xiang Tan
711371e8c8
FIX: Select+below will ask server for post ids on megatopics.
2018-07-13 15:10:39 +08:00
Guo Xiang Tan
c722b07057
FIX: /t/:topic_id/last
route did not return any posts.
2018-07-13 14:26:10 +08:00
Kyle Zhao
2901691e87
FEATURE: per-category approval settings ( #5778 )
...
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
David Taylor
81f9500f5c
FIX: Change megatopic threshold to 10,000 posts
2018-07-12 22:00:53 +01:00
Guo Xiang Tan
258e9e35ca
PERF: Make mega topics work without a stream.
...
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld .
2018-07-12 12:46:12 +08:00