Commit Graph

3474 Commits

Author SHA1 Message Date
Toby Zerner
95944e3630 Log errors that occur in the API stack
This takes place only in the FallbackExceptionHandler. Having a custom
exception handler implies that a friendly message is displayed in the
API response, in which case we can bet that the exception won't need to
be "debugged" per se.
2018-11-11 18:00:57 +10:30
Toby Zerner
4302687876 Stop logging errors that use a custom view
Having a custom view implies that a friendly message is displayed to
the user, in which case we can bet that the exception won't need to be
"debugged" per se.
2018-11-11 17:57:55 +10:30
Toby Zerner
2df5be7bcb Catch Throwables so that we handle internal PHP errors too 2018-11-11 17:54:19 +10:30
flarum-bot
91e8d6820a Bundled output for commit d9037fe472 [skip ci] 2018-11-11 06:35:34 +00:00
Toby Zerner
278bbd992b Apply fixes from StyleCI (#1632)
[ci skip] [skip ci]
2018-11-11 17:01:34 +10:30
Toby Zerner
d9037fe472 Delete associated notifications when deleting discussions, posts, and users. fixes #1380 2018-11-11 16:59:24 +10:30
Toby Zerner
0e5c3aff1a Perform visibility checks on notification subjects at the query level
This will prevent a notification from being seen by a user if its
subject is deleted or undergoes some kind of permission change (eg.
a discussion is moved into a private tag)

ref #1380
2018-11-11 16:58:08 +10:30
Toby Zerner
9b013a4136 Consolidate Post visibility logic into the PostPolicy
A post can only be seen if the discussion in which it resides can be
seen. The logic for this belongs in the policy, not the model.
2018-11-11 16:54:15 +10:30
Toby Zerner
e02b18d08e Fix notification list not displaying "empty" message 2018-11-11 16:46:54 +10:30
Toby Zerner
b68f183e86 Always allow users to see their own account. fixes #1626 2018-11-11 14:25:21 +10:30
Franz Liedke
ebcc173496 Fix leak of private information when updating users
Fixes #1628.
2018-11-09 12:02:26 +01:00
Franz Liedke
fad8ed335d Add regression test for email crawling vulnerability
Refs #1628.
2018-11-09 12:02:26 +01:00
Franz Liedke
99f9ec45f1 Move trait to base test class
This way, its properties can be overwritten in subclasses of
`ApiControllerTestCase`. This isn't allowed when those subclasses
use the trait directly.
2018-11-09 12:02:21 +01:00
Daniël Klabbers
f41ae92f1a add security address in issue template as well (#1630)
as per suggestion by @CDK2020, let's also add an important statement in the issue template
2018-11-09 10:02:20 +01:00
Daniël Klabbers
ee386b8899 add security email address in flarum/core readme (#1629)
Let's make the security email address even more visible.
2018-11-08 23:41:51 +01:00
Daniël Klabbers
33b39137b9 [b8] master token fix (#1622)
* fixed not being able to use master token because id column no longer holds key
* added flexibility of user_id column
* added tests to confirm the api keys actually work as intended
2018-11-07 22:34:09 +01:00
flarum-bot
4eafba9189 Bundled output for commit 8e5099711f [skip ci] 2018-11-07 21:20:16 +00:00
Franz Liedke
537e61ba00 Restore horizontal overflow for permission grid
Refs #1627.
2018-11-07 22:17:16 +01:00
Clark Winkelmann
8e5099711f Use ItemList for EditGroupModal fields (#1625) 2018-11-07 22:15:19 +01:00
David Sevilla Martín
e1dc724333 Remove overflow from .PermissionsPage-permissions (#1627) 2018-11-06 22:41:21 +01:00
Toby Zerner
1f2c24e404 Merge pull request #1623 from flarum/luceos-patch-1
Update AccessToken.php
2018-11-02 07:12:23 +10:30
Daniël Klabbers
dba160b9f1 Update AccessToken.php
Fixes phpdoc while working on #1622
2018-11-01 10:56:45 +01:00
flarum-bot
38259d2cd5 Bundled output for commit ddeb005a7a [skip ci] 2018-10-31 13:35:47 +00:00
Daniël Klabbers
ddeb005a7a Update EditGroupModal.js
fixed placeholder icon name fa 4 style to fa 5 style with `fas fa-bolt`
2018-10-31 14:28:50 +01:00
Daniël Klabbers
b64cdb1cfe fixes author gambit when used with fulltext search, added test to cover (#1620)
* fixes author gambit when used with fulltext search, added test to cover

* Apply fixes from StyleCI

[ci skip] [skip ci]
2018-10-29 23:01:25 +01:00
flarum-bot
ac5a6349e4 Bundled output for commit 9b24edc391 [skip ci] 2018-10-28 21:00:22 +00:00
Toby Zerner
9b24edc391 Fix regression in admin routing in subdirectory. fixes #1606
Because admin routing uses the "hash" strategy, the base path does not
need to be taken into account.
2018-10-29 07:25:17 +10:30
Franz Liedke
5ad2a5a842 Fix installation in subdirectory
Fixes #1604.
2018-10-26 00:27:35 +02:00
Franz Liedke
194808ec7c Fix tests 2018-10-24 22:38:47 +02:00
Franz Liedke
196a4f6e65 Apply fixes from StyleCI (#1616)
[ci skip] [skip ci]
2018-10-24 22:20:15 +02:00
Franz Liedke
28eb5f27f2 Allow setting all paths when instantiating Site
Fixes #1592.
2018-10-24 22:19:09 +02:00
flarum-bot
cce87c9fb2 Bundled output for commit cc1cc20a52 [skip ci] 2018-10-24 20:06:14 +00:00
Clark Winkelmann
cc1cc20a52 Update Font Awesome icons page link (#1615) 2018-10-24 21:20:49 +02:00
Toby Zerner
da5b3c26f4 Update forgotten column name 2018-10-23 20:52:09 +10:30
Franz Liedke
ec991cb9d7 Merge pull request #1608 from flarum/fl/1602-extend-frontend-document
New extender for adding variables to HtmlDocument payload
2018-10-21 22:34:22 +02:00
Franz Liedke
cbe52ff846 New extender for adding variables to HtmlDocument payload
Fixes #1602.
2018-10-21 20:45:19 +02:00
Franz Liedke
d335ce8eef Tweak ContentInterface so that callables can be used as well 2018-10-21 20:41:45 +02:00
Toby Zerner
52d7cd0461 Prevent long words/content from stretching the discussion list width 2018-10-21 14:47:41 +10:30
Daniël Klabbers
e28147a7ff Fixes logging in with access token (#1605)
Seems the created_at column has no default value. This was always the case, at least that's what I can tell from a clean install and no migrations changing that default value.

```
$table->timestamp('created_at');
```
2018-10-21 01:21:34 +02:00
Toby Zerner
da5a97fd36 Load extensions in the configured order 2018-10-20 22:21:39 +10:30
Toby Zerner
ed23a25f44 Don't require paths to be set in config - use sensible defaults 2018-10-18 19:27:03 +10:30
Tristian Kelly
805f0b9a47 Broader system font stack (#1600) 2018-10-17 23:55:41 +02:00
David Sevilla Martín
58980e323b Align search icon on search bar (#1599) 2018-10-16 20:40:39 +02:00
David Sevilla Martín
5f785c9473 Add migration to add 'fa fa-' to group icons (#1597)
* Add migration to add 'fa fa-' (FA v4 shim) to group icons

* StyleCI

* Change prefix to `fas fa-`
2018-10-10 00:39:19 +02:00
flarum-bot
a900bf5ffa Bundled output for commit 08af258f3a [skip ci] 2018-10-09 22:32:47 +00:00
Franz Liedke
ccf1110faf Merge pull request #1594 from datitisev/item-list
Allow ItemList method chaining (add, merge, remove, replace)
2018-10-10 00:28:03 +02:00
Franz Liedke
08af258f3a Merge pull request #1598 from flarum/dk/log-rotation
adds log rotation, reducing file size per log file and easier to delete
2018-10-10 00:27:39 +02:00
Daniël Klabbers
3dde57f9da adds log rotation, reducing file size per log file and easier to delete 2018-10-09 19:54:52 +02:00
David Sevilla Martín
df9c4596e3 Allow ItemList method chaining (add, merge, remove, replace) 2018-10-05 19:30:14 -04:00
Franz Liedke
74fbae0b65 Consistent use of private instead of protected
See discussion in fe07d4064b (r30752077).
2018-10-04 09:08:43 +02:00