discourse/lib
David Taylor 5db41cd578
SECURITY: Respect topic permissions when loading bookmark metadata
Co-authored-by: Martin Brennan <martin@discourse.org>
Co-authored-by: Sam Saffron <sam.saffron@gmail.com>
2020-03-23 11:30:48 +00:00
..
active_record/connection_adapters FIX: Race-condition in fallback handlers (#8005) 2019-08-21 15:47:44 +02:00
auth DEV: Replace User.unstage and User#unstage API with User#unstage! (#8906) 2020-03-17 16:48:24 +01:00
autospec DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
backup_restore FIX: Failed to restore backups from versions without translation overrides 2020-03-14 00:00:22 +01:00
common_passwords DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
compression FIX: Decompressing lots of small files triggered error 2020-01-09 15:11:31 +01:00
content_security_policy FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 2020-03-19 19:54:42 +00:00
demon PERF: avoid shelling to get hostname aggressively 2020-02-18 15:13:19 +11:00
email FIX: Condense line codes in emails (#9225) 2020-03-18 16:21:24 +02:00
emoji DEV: supports unicorn emoji 13.0beta (#8402) 2019-11-25 10:23:18 +01:00
file_store FIX: Migrating uploads to S3 could miss files 2020-03-04 12:50:48 +01:00
freedom_patches FIX: Failed to restore backups from versions without translation overrides 2020-03-14 00:00:22 +01:00
generators FIX plugin generator: mobile, desktop stylesheets registering (#9039) 2020-02-25 11:43:17 +01:00
guardian SECURITY: Respect topic permissions when loading bookmark metadata 2020-03-23 11:30:48 +00:00
highlight_js DEV: already defined constant 'HIGHLIGHTJS_DIR' 2019-01-21 10:12:23 +01:00
i18n DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
import DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
import_export FIX: Import sub-sub-categories (#8810) 2020-01-30 18:46:33 +02:00
javascripts FEATURE: Add Belarusian language 2019-07-04 11:37:37 +02:00
middleware FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 2020-03-19 19:54:42 +00:00
migration REFACTOR: Restoring of backups and migration of uploads to S3 2020-01-14 11:41:35 +01:00
onebox DEV: hbs extensions are misleading in this case (#9170) 2020-03-11 14:42:14 +01:00
plugin DEV: Introduce plugin api for conditionally rendering assets (#9200) 2020-03-13 15:30:31 +00:00
pretty_text FIX: Use full URL for secure attachments when secure media enabled (#9037) 2020-03-04 10:11:08 +11:00
rate_limiter DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable Improve spam_hosts copy (#8203) 2019-10-18 09:31:15 -07:00
scheduler FEATURE: log long running jobs in the defer queue 2018-10-12 17:03:47 +11:00
search FIX: skip invalid URLs when checking for audio/video in search blurbs 2019-11-06 10:32:15 -05:00
seed_data FIX: Consistently handle category param 2019-05-27 16:39:56 +08:00
sidekiq DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_settings UX: adds support for a color setting type (#9016) 2020-03-09 10:07:03 +01:00
stylesheet FIX: Plugins may have relative symlinks 2020-03-15 11:26:25 +00:00
svg_sprite FIX: sync-alt is used on composer draft indicator 2020-03-16 15:32:38 -03:00
tasks DEV: allows to run up/down migrations of a plugin (#9241) 2020-03-19 19:30:08 +01:00
theme_store FIX: don't break the private key when writing it out during theme import 2020-03-10 13:20:11 -04:00
turbo_tests FIX: Migration paths were being forgotten 2019-12-16 14:13:47 -05:00
validators UX: Introduce automatic 'categories topics' setting (#8804) 2020-01-29 20:30:48 +02:00
webauthn SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
wizard FIX: When running the wizard and using a custom theme, fallback to the color_scheme name if the base_scheme_id is nil (#8236) 2019-10-25 09:29:51 -03:00
admin_confirmation.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
admin_constraint.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
admin_user_index_query.rb FEATURE: Approve suspect users is now true by default. The suspect users list was removed (#9151) 2020-03-10 08:56:42 -03:00
age_words.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
archetype.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
auth.rb DEV: Drop legacy OpenID 2.0 support (#8894) 2020-02-07 17:32:35 +00:00
avatar_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
backup_restore.rb FIX: Restoring with disable_emails: false didn't work anymore 2020-03-02 17:44:01 +01:00
badge_posts_view_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
badge_queries.rb FIX: apply like based badge based off grant date 2020-01-28 12:17:55 +11:00
base62.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
bookmark_manager.rb SECURITY: Respect topic permissions when loading bookmark metadata 2020-03-23 11:30:48 +00:00
bookmark_query.rb SECURITY: Respect topic permissions when loading bookmark metadata 2020-03-23 11:30:48 +00:00
bookmark_reminder_notification_handler.rb Make sure reminder not sent for deleted post bookmark 2020-03-12 16:10:56 +10:00
browser_detection.rb FIX: Detect DiscourseHub user agent. 2019-08-09 11:58:15 +03:00
cache.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
canonical_url.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_badge.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
comment_migration.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_finder.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
configurable_urls.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
content_buffer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
content_security_policy.rb FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 2020-03-19 19:54:42 +00:00
cooked_post_processor.rb FIX: Various fixes to support posts with no user (#8877) 2020-03-11 14:03:20 +02:00
crawler_detection.rb FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
csrf_token_verifier.rb DEV: Provide method for auth plugins to generate a CSRF token 2019-08-13 01:13:08 +01:00
current_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
custom_renderer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
custom_setting_providers.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
db_helper.rb FIX: Clear banner topic cache after remapping 2019-08-15 11:24:20 +01:00
directory_helper.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_cookie_store.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_diff.rb FIX: Show a correct diff when editing consecutive paragraphs (#8177) 2019-10-11 03:50:37 -04:00
discourse_event.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_hub.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse_ip_info.rb FIX: MaxMind DB file not downloading correctly 2020-01-05 22:08:13 +11:00
discourse_js_processor.rb Convert select-kit from es6 to js (#9246) 2020-03-20 12:40:32 -04:00
discourse_logstash_logger.rb FIX: Use 'hostname' when Discourse.os_hostname is not available 2020-02-18 13:37:39 +02:00
discourse_plugin_registry.rb Support for transpiling .js files (#9160) 2020-03-11 09:43:55 -04:00
discourse_plugin.rb DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
discourse_redis.rb Revert "FIX: Redis fallback handler refactoring (#8771)" (#8776) 2020-01-24 09:20:17 +11:00
discourse_tagging.rb FIX: tag topic counts wrong after adding synonyms 2020-02-14 12:15:29 -05:00
discourse_updates.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse.rb DEV: Introduce plugin api for conditionally rendering assets (#9200) 2020-03-13 15:30:31 +00:00
disk_space.rb FIX: correct upload statistics report for external storage 2020-02-20 15:15:53 +11:00
distributed_cache.rb REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
distributed_memoizer.rb DEV: Replace Time.new with Time.now (#9142) 2020-03-09 17:37:49 +01:00
distributed_mutex.rb FIX: Off-by-one error setting the distributed mutex key to expire 2020-02-03 14:54:50 +00:00
edit_rate_limiter.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
email_backup_token.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
email_cook.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_updater.rb FIX: When admin changes staff email still enforce old email confirm (#9007) 2020-02-20 13:42:57 +10:00
email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
encodings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
enum_site_setting.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
enum.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
excerpt_parser.rb FIX: Spoiler logic should live inside of spoiler plugin 2020-02-06 07:46:46 -07:00
feed_element_installer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
feed_item_accessor.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
file_helper.rb FIX: Consider webp a supported image format for upload (#9015) 2020-02-21 13:08:01 +10:00
filter_best_posts.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
final_destination.rb FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) 2019-12-12 12:49:21 +10:00
flag_query.rb DEV: Remove FlagQuery class and old code (#8064) 2019-09-12 13:21:33 -03:00
flag_settings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
gaps.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
global_path.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
guardian.rb SECURITY: Add more restrictions on invite emails 2020-03-05 09:23:21 -05:00
has_errors.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
headless-ember.js
hijack.rb Take 2 of 0f5161af19. 2019-04-29 16:41:35 +08:00
homepage_constraint.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
html_prettify.rb Revert "FEATURE: Use configured quotation marks in fancy topic title" 2019-07-18 11:55:49 +02:00
html_to_markdown.rb FIX: Improve HTML to Markdown conversion (#9231) 2020-03-18 19:31:10 +02:00
image_sizer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
import_export.rb DEV: clean up dependencies in spec 2019-10-02 14:50:54 +10:00
inline_oneboxer.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
introduction_updater.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
ip_addr.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
js_locale_helper.rb FEATURE: Load translation overrides without JS eval 2019-11-05 19:16:38 +01:00
json_error.rb FIX: Fix build. 2019-05-22 17:39:44 +03:00
letter_avatar.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
markdown_linker.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
mem_info.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
message_bus_diags.rb PERF: avoid shelling to get hostname aggressively 2020-02-18 15:13:19 +11:00
method_profiler.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
mini_sql_multisite_connection.rb DEV: remove deprecated syntax 2019-11-11 09:36:40 +11:00
mobile_detection.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
new_post_manager.rb enqueue spam/dmarc failing emails instead of hiding (#8674) 2020-01-21 11:12:00 -05:00
new_post_result.rb Support for custom messages and redirects when creating posts (#8434) 2019-11-29 09:30:54 -05:00
notification_levels.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
oneboxer.rb DEV: hbs extensions are misleading in this case (#9170) 2020-03-11 14:42:14 +01:00
onpdiff.rb FIX: Show a correct diff when editing consecutive paragraphs (#8177) 2019-10-11 03:50:37 -04:00
pbkdf2.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
permalink_constraint.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
pinned_check.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plain_text_to_markdown.rb FIX: use URI.regexp to find URLs in plain text 2019-06-07 01:26:06 +02:00
plugin_gem.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plugin_initialization_guard.rb DEV: Add a plugin incompatibility message (#8151) 2019-10-06 20:47:33 +02:00
post_action_creator.rb REFACTOR: separate post_can_act logic in post action creator (#9103) 2020-03-03 14:56:37 -10:00
post_action_destroyer.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_result.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_creator.rb FIX: Backfill topic timer duration (#9249) 2020-03-23 09:38:18 +05:30
post_destroyer.rb FIX: Various fixes to support posts with no user (#8877) 2020-03-11 14:03:20 +02:00
post_jobs_enqueuer.rb FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025) 2019-08-27 09:09:00 -03:00
post_locker.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_merger.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_revisor.rb FIX: Various fixes to support posts with no user (#8877) 2020-03-11 14:03:20 +02:00
pretty_text.rb Migrate pretty-text to .js extensions (#9243) 2020-03-20 09:55:42 -04:00
primary_group_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
promotion.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
quote_comparer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
rake_helpers.rb Try fix upload_spec flakys and remove logging from tasks/uploads_spec 2020-02-18 15:08:58 +10:00
rate_limiter.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
read_only_header.rb DEV: rename ReadOnly module to ReadOnlyHeader 2019-05-06 16:07:49 +02:00
retrieve_title.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
route_format.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
rtl.rb Check site default locale if Rtl class is initialized without a user (#8417) 2019-11-26 15:01:37 -05:00
s3_helper.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
s3_inventory.rb FIX: Use updated_at in the S3 inventory job (#8823) 2020-01-31 11:02:44 +01:00
score_calculator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
screening_model.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
search.rb FIX: add support for sub-sub category slugs in search 2020-03-20 15:36:50 +11:00
secure_session.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
single_sign_on_provider.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
single_sign_on.rb FEATURE: Add logout functionality to SSO Provider protocol (#8816) 2020-02-03 12:53:14 -05:00
site_icon_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
site_setting_extension.rb DEV: use Discourse.cache over Rails.cache 2019-11-27 12:36:19 +11:00
slug.rb FIX: If a prettified slug is a number, return defaultt (#8554) 2019-12-17 10:34:20 +10:00
socket_server.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
spam_handler.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
sql_builder.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
staff_constraint.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
staff_message_format.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
suggested_topics_builder.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
system_message.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
text_cleaner.rb FEATURE: English locale with international date formats 2019-05-20 13:47:20 +02:00
text_sentinel.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_javascript_compiler.rb Support for transpiling .js files (#9160) 2020-03-11 09:43:55 -04:00
theme_modifier_helper.rb DEV: Allow plugins to add theme modifiers via db migrations (#9192) 2020-03-12 16:35:28 +00:00
theme_settings_manager.rb FEATURE: Load theme setting descriptions from theme locale files 2019-05-31 14:49:59 +01:00
theme_settings_parser.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_parser.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
timeline_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_creator.rb FIX: Preserve TopicCreator's timestamp resolution (#9158) 2020-03-10 15:35:40 +01:00
topic_list_responder.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_publisher.rb FIX: Use destroy_all instead of delete_all for shared drafts 2020-03-05 11:13:43 -08:00
topic_query_params.rb FEATURE: Embed topics list on remote sites via Javascript API. (#8008) 2019-08-15 13:41:06 -04:00
topic_query_sql.rb DEV: Rails 5.2 upgrade and global gem upgrade 2018-06-07 14:21:33 +10:00
topic_query.rb PERF: improve performance of category topic list 2020-02-29 15:40:54 +11:00
topic_retriever.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
topic_subtype.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_upload_security_manager.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
topic_view.rb FEATURE: MVP Bookmarks with reminders user list changes (#8999) 2020-03-12 15:20:56 +10:00
topics_bulk_action.rb FIX: Unread topics not clearing when whisper is last post (#8271) 2019-11-01 09:19:43 +10:00
trust_level.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
turbo_tests.rb FIX: Made turbo_rspec display errors in shared groups correctly 2019-08-29 12:41:14 +01:00
twitter_api.rb Fix DiscourseCops/NoURIEscapeEncode errors and re-enable 2019-12-12 14:54:26 +10:00
unread.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
upload_creator.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
upload_fixer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
upload_markdown.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_recovery.rb FEATURE: allow UploadRecovery to be run on a single post (#8094) 2019-10-02 14:57:36 +10:00
upload_security.rb DEV: Upload and secure media retroactive rake task improvements (#9027) 2020-03-03 10:03:58 +11:00
url_helper.rb Minor change to case-insensitive regex for s3_presigned_url? 2020-02-03 14:22:35 +10:00
user_name_suggester.rb DEV: correct a few Ruby 2.7 deprecations 2019-11-28 13:13:29 +11:00
version.rb Version bump to v2.5.0.beta2 2020-03-05 16:10:28 -05:00
webauthn.rb SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
wizard.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00