github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-03 23:27:58 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/lib
History
Roman Rizzi 5ee31cbf7d
FIX: Mark invites flash messages as HTML safe. (#15539) 
* FIX: Mark invites flash messages as HTML safe.
This change should be safe as all user inputs included in the errors are sanitized before sending it back to the client.

Context: https://meta.discourse.org/t/html-tags-are-explicit-after-latest-update/214220

* If somebody adds a new error message that includes user input and doesn't sanitize it, using html-safe suddenly becomes unsafe again. As an extra layer of protection, we make the client sanitize the error message received from the backend.

* Escape user input instead of sanitizing
2022-01-18 09:38:31 -03:00
..
auth
DEV: Deprecate OAuth2Authenticator and OAuth2UserInfo (#15427)
2022-01-06 16:50:18 +00:00
autospec
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00
backup_restore
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
common_passwords
compression
content_security_policy
FIX: Set CSP base-uri to self (#13654)
2021-07-07 09:43:48 -04:00
demon
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
discourse_dev
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
email
FIX: don't trigger topic_created event for reply posts via email. (#15485)
2022-01-10 13:54:10 +05:30
emoji
FEATURE: Add missing emojis (#15582)
2022-01-14 17:51:13 -03:00
faker
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
file_store
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
freedom_patches
DEV: Follow Discourse's convention when monkey patching.
2022-01-11 09:48:27 +08:00
generators/rails
DEV: removes plugin generator (#14101)
2021-08-20 11:29:06 +02:00
guardian
FIX: Hide user's bio if profile is restricted
2022-01-05 10:23:36 +08:00
highlight_js
i18n
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
imap
FIX: Add random suffix to outbound Message-ID for email (#15179)
2021-12-06 10:34:39 +10:00
import
import_export
FEATURE: include user custom fields in base exporter (#14690)
2021-10-22 10:02:56 -07:00
javascripts
DEV: Allow transformed values to be used in all widget hbs statements (#13331)
2021-06-08 16:46:07 +01:00
middleware
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
2021-11-17 23:27:30 +03:00
migration
DEV: Promote old post-deploy migrations to pre-deploy migrations (#13477)
2021-06-22 16:02:24 +01:00
onebox
FIX: origins_to_regexes should always return an array (#15589)
2022-01-17 12:48:41 -05:00
plugin
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
pretty_text
DEV: replaces huge generated emoji list by a simpler regex (#11053)
2021-04-22 08:43:06 +02:00
rate_limiter
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
2021-11-17 23:27:30 +03:00
reviewable
DEV: APIs for plugin to add custom reviewable confirm modal (#12246)
2021-03-02 10:28:27 -06:00
scheduler
search
FIX: remove superfluous spaces from CJK blurbs (#12629)
2021-04-12 12:46:42 +10:00
seed_data
FIX: Support Ruby 3 keyword arguments
2021-10-05 11:25:00 -04:00
sidekiq
site_settings
DEV: Drop env-based SiteSetting deprecation errors (#15273)
2021-12-13 17:36:29 +01:00
stylesheet
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
svg_sprite
DEV: Remove a few unused icons (#14696)
2021-10-22 12:03:58 -04:00
tasks
DEV: Update rake qunit:test and rake plugin:qunit to use testem
2022-01-18 10:16:29 +00:00
theme_store
FIX: Git should not prompt for credentials (#15062)
2021-11-23 13:54:51 +02:00
topic_query
FIX: exclude topics from muted tag in category featured list. (#14925)
2021-11-16 12:10:50 +05:30
turbo_tests
FIX: Make thumbnail tests start with a clean slate (#15216)
2021-12-07 13:07:45 -06:00
validators
FIX: Mark invites flash messages as HTML safe. (#15539)
2022-01-18 09:38:31 -03:00
webauthn
wizard
FEATURE: Enable auto dark mode on new instances (#14208)
2021-09-02 14:55:38 -04:00
admin_confirmation.rb
DEV: Upgrade Redis to 4.2.1.
2020-06-15 10:05:22 +08:00
admin_constraint.rb
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
2021-11-17 23:27:30 +03:00
admin_user_index_query.rb
DEV: Let's always give a drop_from param to deprecate (#14901)
2021-11-12 08:52:59 -06:00
age_words.rb
archetype.rb
auth.rb
FEATURE: Experimental support for group membership via google auth (#14835)
2021-12-09 12:30:27 +00:00
backup_restore.rb
DEV: Upgrade Rails to 6.1.3.1 (#12688)
2021-04-21 12:36:32 +03:00
badge_posts_view_manager.rb
DEV: stop freezing frozen strings
2020-04-30 16:48:53 +10:00
badge_queries.rb
FIX: Don't grant sharing badges to users who don't exist (#13851)
2021-07-27 16:32:59 +10:00
base62.rb
DEV: Correct typos and spelling mistakes (#12812)
2021-05-21 11:43:47 +10:00
bookmark_manager.rb
DEV: Drop old bookmark columns (#15405)
2022-01-04 11:19:27 +10:00
bookmark_query.rb
FEATURE: Go to last unread for topic-level bookmark links (#14396)
2021-09-21 13:49:56 +10:00
bookmark_reminder_notification_handler.rb
DEV: Ignore reminder_type for bookmarks (#14349)
2021-09-16 09:56:54 +10:00
browser_detection.rb
cache.rb
DEV: Fix rubocop issues (#14715)
2021-10-27 11:39:28 +03:00
canonical_url.rb
FEATURE: Send a 'noindex' header in non-canonical responses (#15026)
2021-11-25 16:58:39 -03:00
category_badge.rb
chrome_installed_checker.rb
DEV: Move chrome binary check into a shared lib (#13451)
2021-06-21 13:28:48 +10:00
comment_migration.rb
composer_messages_finder.rb
FEATURE: Make allow_uploaded_avatars accept TL (#14091)
2021-08-24 10:46:28 +03:00
configurable_urls.rb
Replace base_uri with base_path (#10879)
2020-10-09 12:51:24 +01:00
content_buffer.rb
content_security_policy.rb
PERF: Eager load Theme associations in Stylesheet Manager.
2021-06-21 11:06:58 +08:00
cooked_post_processor.rb
DEV: Remove xlink hrefs (#15059)
2021-11-25 15:22:43 +11:00
cooked_processor_mixin.rb
DEV: Remove xlink hrefs (#15059)
2021-11-25 15:22:43 +11:00
crawler_detection.rb
FEATURE: Implement browser update in crawler view (#12448)
2021-03-22 19:41:42 +02:00
csrf_token_verifier.rb
current_user.rb
custom_renderer.rb
custom_setting_providers.rb
db_helper.rb
DEV: Upgrade Rails to 6.1.3.1 (#12688)
2021-04-21 12:36:32 +03:00
directory_helper.rb
discourse_connect_base.rb
DEV: rename single_sign_on classes to discourse_connect (#15332)
2022-01-06 16:28:46 +04:00
discourse_connect_provider.rb
DEV: rename single_sign_on classes to discourse_connect (#15332)
2022-01-06 16:28:46 +04:00
discourse_cookie_store.rb
discourse_dev.rb
DEV: move discourse_dev gem to the core. (#13360)
2021-06-14 20:34:44 +05:30
discourse_diff.rb
Escape values of HTML attributes
2021-08-10 10:25:15 -04:00
discourse_event.rb
DEV: Remove site_setting_saved event (#15164)
2021-12-02 09:33:03 -06:00
discourse_hub.rb
discourse_ip_info.rb
discourse_js_processor.rb
DEV: Add support for class properties in babel (#13189)
2021-05-27 16:13:14 -04:00
discourse_logstash_logger.rb
discourse_plugin_registry.rb
REFACTOR: Improve support for consolidating notifications. (#14904)
2021-11-30 13:36:14 -03:00
discourse_redis.rb
PERF: Redis snapshotting during tests (#15260)
2021-12-10 14:25:26 -06:00
discourse_tagging.rb
FEATURE: ability to add description to tags (#15125)
2021-12-01 09:18:56 +11:00
discourse_updates.rb
FIX: Regression introduced in #14715 (#14842)
2021-11-09 17:20:09 +11:00
discourse.rb
DEV: Don't warn on missing git tags (#15507)
2022-01-09 20:25:58 +01:00
disk_space.rb
distributed_cache.rb
PERF: Defer setting of distributed cache in more spots.
2021-06-04 09:13:18 +08:00
distributed_memoizer.rb
DEV: Replace Time.new with Time.now (#9142)
2020-03-09 17:37:49 +01:00
distributed_mutex.rb
edit_rate_limiter.rb
FEATURE: Increase daily edit limits proportionally to trust level (#13090)
2021-05-19 13:57:21 +04:00
email_backup_token.rb
email_cook.rb
PERF: Avoid lookbehinds when replacing links in imported emails (#11931)
2021-02-02 17:34:00 +01:00
email_updater.rb
DEV: Hash tokens stored from email_tokens (#14493)
2021-11-25 09:34:39 +02:00
email.rb
FIX: Add random suffix to outbound Message-ID for email (#15179)
2021-12-06 10:34:39 +10:00
encodings.rb
enum_site_setting.rb
enum.rb
excerpt_parser.rb
DEV: Remove dead code
2021-05-31 10:22:50 +08:00
external_upload_helpers.rb
DEV: Extract shared external upload routes into controller helper (#14984)
2021-11-18 09:17:23 +10:00
feed_element_installer.rb
feed_item_accessor.rb
file_helper.rb
DEV: Swap out optipng with oxipng (#15013)
2021-11-22 10:16:35 -07:00
filter_best_posts.rb
final_destination.rb
FIX: Canonical URLs may be relative (#14825)
2021-11-05 14:20:14 -03:00
flag_query.rb
DEV: Remove deprecated methods (#14885)
2021-11-11 12:21:25 -06:00
flag_settings.rb
gaps.rb
global_path.rb
group_email_credentials_check.rb
FEATURE: Scheduled group email credential problem check (#15396)
2022-01-04 10:14:33 +10:00
guardian.rb
FEATURE: Display pending posts on user’s page
2021-11-29 10:26:33 +01:00
has_errors.rb
hijack.rb
DEV: Add more debugging context to onebox generation
2020-10-22 12:50:22 +08:00
homepage_constraint.rb
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
2021-11-17 23:27:30 +03:00
html_prettify.rb
DEV: stop freezing frozen strings
2020-04-30 16:48:53 +10:00
html_to_markdown.rb
FIX: Hoisting linebreaks shouldn't fail for HTML5 elements (#14364)
2021-09-17 10:41:34 +02:00
http_language_parser.rb
FIX: Include resolved locale in anonymous cache key (#10289)
2020-07-22 18:00:07 +01:00
image_sizer.rb
import_export.rb
FEATURE: Rake task to export groups (#9450)
2020-04-17 14:59:54 -07:00
inline_oneboxer.rb
FEATURE: check blocked_onebox_domains setting for inline oneboxes (#11944)
2021-02-03 21:45:22 +05:30
introduction_updater.rb
FIX: replace default welcome topic post with new value from wizard
2020-04-01 15:42:45 -04:00
js_locale_helper.rb
FIX: Translation overrides from fallback locale didn't work on client
2021-12-17 14:03:35 +01:00
json_error.rb
letter_avatar.rb
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
markdown_linker.rb
mem_info.rb
message_bus_diags.rb
method_profiler.rb
DEV: Add output_sql_to_stderr! to MethodProfiler (#12445)
2021-03-19 17:48:30 +10:00
mini_sql_multisite_connection.rb
DEV: upgrade mini_sql (#12465)
2021-03-24 08:48:04 +11:00
mobile_detection.rb
new_post_manager.rb
SECURITY: Escape watched word in error message (#14434)
2021-09-24 11:55:15 +03:00
new_post_result.rb
DEV: Let's always give a drop_from param to deprecate (#14901)
2021-11-12 08:52:59 -06:00
notification_levels.rb
onebox.rb
DEV: Absorb onebox gem into core (#12979)
2021-05-26 15:11:35 +05:30
oneboxer.rb
FIX: Use CDN URL for internal onebox avatars (#15077)
2021-11-25 12:07:34 +00:00
onpdiff.rb
pbkdf2.rb
DEV: Correct typos and spelling mistakes (#12812)
2021-05-21 11:43:47 +10:00
permalink_constraint.rb
pinned_check.rb
plain_text_to_markdown.rb
DEV: stop freezing frozen strings
2020-04-30 16:48:53 +10:00
plugin_gem.rb
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
plugin_initialization_guard.rb
DEV: Print backtrace of error when plugin fails to initialize.
2020-06-09 10:25:43 +08:00
post_action_creator.rb
DEV: Create post actions without creating a notification and store custom data. (#15397)
2021-12-27 11:25:37 -03:00
post_action_destroyer.rb
FIX: Unlike own posts on ownership transfer (#10446)
2020-08-19 09:21:02 -06:00
post_action_result.rb
post_creator.rb
FIX: Don't publish PM archive events to acting user. (#14291)
2021-09-10 09:20:50 +08:00
post_destroyer.rb
FIX: Clean flagged queue when response to flagged post deleted (#15463)
2022-01-05 12:37:15 -06:00
post_jobs_enqueuer.rb
FIX: Do not send emails to mailing_list_mode subscribers for PMs (#14159)
2021-08-26 15:16:35 +10:00
post_locker.rb
post_merger.rb
FEATURE: TL4 & category moderators can merge posts (#12843)
2021-04-27 18:24:27 +02:00
post_revisor.rb
FIX: Make PostRevisor more consistent (#14841)
2021-11-09 16:29:37 +02:00
presence_channel.rb
DEV: Fix deprecation warning after updating to messabe_bus 4.0.0.
2022-01-13 14:11:07 +08:00
pretty_text.rb
FEATURE: Customizable rules and plugins for PrettyText.markdown.
2022-01-11 10:39:40 +08:00
promotion.rb
FIX: check if BasicBadge is enabled for TL1 welcome message (#13983)
2021-08-11 08:39:25 +10:00
quote_comparer.rb
FEATURE: Nokogumbo (#9577)
2020-05-05 13:46:57 +10:00
rake_helpers.rb
rate_limiter.rb
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
2021-11-17 23:27:30 +03:00
read_only_header.rb
redis_snapshot.rb
PERF: Redis snapshotting during tests (#15260)
2021-12-10 14:25:26 -06:00
retrieve_title.rb
FIX: increase chunk size to fetch title tag correctly (#14144)
2021-09-03 13:15:58 +05:30
route_format.rb
route_matcher.rb
REFACTOR: Introduce RouteMatcher class
2020-10-19 10:40:55 +01:00
rtl.rb
s3_cors_rulesets.rb
DEV: Skip logging in test environment (#14971)
2021-11-16 18:01:48 +03:00
s3_helper.rb
FEATURE: Direct S3 multipart uploads for backups (#14736)
2021-11-11 08:25:31 +10:00
s3_inventory.rb
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
score_calculator.rb
screening_model.rb
search.rb
SECURITY: Advanced group search did not respect visiblity of groups.
2022-01-10 13:49:26 +08:00
secure_session.rb
shrink_uploaded_image.rb
DEV: Improve script/downsize_uploads.rb (#13508)
2021-06-24 00:09:40 +02:00
site_icon_manager.rb
PERF: Defer setting of distributed cache in more spots.
2021-06-04 09:13:18 +08:00
site_setting_extension.rb
DEV: Don't clear cache/trigger events if site setting hasn't changed (#15045)
2021-11-22 16:43:12 +01:00
slug.rb
FIX: Make category slugs lowercase (#11277)
2021-01-12 17:28:33 +02:00
socket_server.rb
spam_handler.rb
FIX: use allowlist and blocklist terminology (#10209)
2020-07-27 10:23:54 +10:00
sql_builder.rb
DEV: Let's always give a drop_from param to deprecate (#14901)
2021-11-12 08:52:59 -06:00
staff_constraint.rb
FEATURE: Apply rate limits per user instead of IP for trusted users (#14706)
2021-11-17 23:27:30 +03:00
staff_message_format.rb
suggested_topics_builder.rb
system_message.rb
DEV: Add option to send system message to groups (#12256)
2021-03-02 18:51:50 +01:00
temporary_db.rb
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
temporary_redis.rb
DEV: Introduce TemporaryRedis and unset DISCOURSE_* env vars in the themes:isolated_test rake task (#13401)
2021-06-23 07:38:43 +03:00
text_cleaner.rb
FEATURE: Correctly convert topic title to uppercase and lowercase for Turkish default locale (#13115)
2021-05-24 18:13:30 +10:00
text_sentinel.rb
DEV: Correct typos and spelling mistakes (#12812)
2021-05-21 11:43:47 +10:00
theme_javascript_compiler.rb
FEATURE: Allow theme tests to be run in production (take 2) (#12845)
2021-04-28 23:12:08 +03:00
theme_modifier_helper.rb
Code review comments.
2021-06-21 11:06:58 +08:00
theme_settings_manager.rb
FEATURE: Allow theme settings to request refresh (#15037)
2021-11-22 13:16:56 +01:00
theme_settings_parser.rb
FEATURE: Allow theme settings to request refresh (#15037)
2021-11-22 13:16:56 +01:00
theme_translation_manager.rb
theme_translation_parser.rb
timeline_lookup.rb
FIX: ensures timeline_lookup includes last tuple (#11829)
2021-01-25 11:30:59 +01:00
topic_creator.rb
FIX: include new tags in validation if user can create one. (#14744)
2021-10-28 11:59:46 +05:30
topic_list_responder.rb
DEV: Refactor draft attributes for CategoryList and TopicList.
2020-07-24 10:11:30 +08:00
topic_publisher.rb
FIX: Use destroy_all instead of delete_all for shared drafts
2020-03-05 11:13:43 -08:00
topic_query_params.rb
FIX: Build correct topic list filter (#11473)
2020-12-11 14:20:48 +02:00
topic_query.rb
FIX: exclude topics from muted tag in category featured list. (#14925)
2021-11-16 12:10:50 +05:30
topic_retriever.rb
FEATURE: Fallback to system users when creating new TopicEmbed (#12386)
2021-03-15 11:58:53 -03:00
topic_subtype.rb
topic_upload_security_manager.rb
DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860)
2021-01-29 09:03:44 +10:00
topic_view.rb
FIX: Display pending posts in a moderated category
2021-12-07 10:14:45 +01:00
topics_bulk_action.rb
FIX: Don't publish PM archive events to acting user. (#14291)
2021-09-10 09:20:50 +08:00
trust_level.rb
FIX: Don't store translated trust level names in anonymous cache (#13224)
2021-06-01 22:11:48 +02:00
turbo_tests.rb
FIX: Make thumbnail tests start with a clean slate (#15216)
2021-12-07 13:07:45 -06:00
twitter_api.rb
DEV: Update rubocop-discourse from 2.3.2 to 2.4.0 (#11079)
2020-10-30 15:04:29 +01:00
unicorn_logstash_patch.rb
DEV: Fix lint.
2020-07-21 15:55:03 +08:00
unread.rb
FEATURE: Add last visit indication to topic view page. (#13471)
2021-07-05 14:17:31 +08:00
upload_creator.rb
FIX: Blurry onebox favicon images (#15258)
2021-12-10 12:25:50 -07:00
upload_fixer.rb
upload_markdown.rb
upload_recovery.rb
FIX: Support Ruby 3 keyword arguments
2021-10-05 11:25:00 -04:00
upload_security.rb
FIX: Do not mark badge image uploads as secure (#13193)
2021-05-28 12:35:52 +10:00
url_helper.rb
FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970)
2021-08-06 20:07:42 +04:00
user_lookup.rb
REVERT "FIX: do not show private group flair on user avatars" (#13991)
2021-08-10 17:25:11 +05:30
user_name_suggester.rb
FEATURE: when suggesting usernames skip input that consist entirely of disallowed characters (#15368)
2021-12-21 21:13:05 +04:00
vary_header.rb
FIX: Include the Vary:Accept header on all Accept-based responses (#14647)
2021-10-25 12:53:50 +01:00
version.rb
Version bump to v2.8.0.beta11 (#15567)
2022-01-13 10:35:59 -05:00
webauthn.rb
DEV: stop freezing frozen strings
2020-04-30 16:48:53 +10:00
wizard.rb
DEV: Allow plugins to add wizard steps after specific steps (#9315)
2020-04-01 08:36:50 -05:00
zeitwerk_config.rb
FIX: Better and more secure validation of periods for TopicQuery
2021-07-23 14:24:44 -04:00