Commit Graph

3068 Commits

Author SHA1 Message Date
Toby Zerner
6d14d0c39b Perform visibility checks on notification subjects at the query level
This will prevent a notification from being seen by a user if its
subject is deleted or undergoes some kind of permission change (eg.
a discussion is moved into a private tag)

ref #1380
2018-11-11 16:58:08 +10:30
Toby Zerner
17fdc0ebe0 Consolidate Post visibility logic into the PostPolicy
A post can only be seen if the discussion in which it resides can be
seen. The logic for this belongs in the policy, not the model.
2018-11-11 16:54:15 +10:30
Toby Zerner
9de786d1e6 Fix notification list not displaying "empty" message 2018-11-11 16:46:54 +10:30
Toby Zerner
b92ae61294 Always allow users to see their own account. fixes #1626 2018-11-11 14:25:21 +10:30
Franz Liedke
e99f7fcdac
Fix leak of private information when updating users
Fixes #1628.
2018-11-09 12:02:26 +01:00
Franz Liedke
009ddcdb63
Add regression test for email crawling vulnerability
Refs #1628.
2018-11-09 12:02:26 +01:00
Franz Liedke
d021dc2399
Move trait to base test class
This way, its properties can be overwritten in subclasses of
`ApiControllerTestCase`. This isn't allowed when those subclasses
use the trait directly.
2018-11-09 12:02:21 +01:00
Daniël Klabbers
1fff5dbbbc add security address in issue template as well (#1630)
as per suggestion by @CDK2020, let's also add an important statement in the issue template
2018-11-09 10:02:20 +01:00
Daniël Klabbers
4de5accfc1 add security email address in flarum/core readme (#1629)
Let's make the security email address even more visible.
2018-11-08 23:41:51 +01:00
Daniël Klabbers
bb0fc165af [b8] master token fix (#1622)
* fixed not being able to use master token because id column no longer holds key
* added flexibility of user_id column
* added tests to confirm the api keys actually work as intended
2018-11-07 22:34:09 +01:00
flarum-bot
fb185f70cd Bundled output for commit f283f0c7bd [skip ci] 2018-11-07 21:20:16 +00:00
Franz Liedke
3b630cb03e
Restore horizontal overflow for permission grid
Refs #1627.
2018-11-07 22:17:16 +01:00
Clark Winkelmann
f283f0c7bd Use ItemList for EditGroupModal fields (#1625) 2018-11-07 22:15:19 +01:00
David Sevilla Martín
4b915c688c Remove overflow from .PermissionsPage-permissions (#1627) 2018-11-06 22:41:21 +01:00
Toby Zerner
83e99ed5a5
Merge pull request #1623 from flarum/luceos-patch-1
Update AccessToken.php
2018-11-02 07:12:23 +10:30
Daniël Klabbers
a09894a906
Update AccessToken.php
Fixes phpdoc while working on #1622
2018-11-01 10:56:45 +01:00
flarum-bot
1c7d2c3d27 Bundled output for commit 7db6cfac3f [skip ci] 2018-10-31 13:35:47 +00:00
Daniël Klabbers
7db6cfac3f
Update EditGroupModal.js
fixed placeholder icon name fa 4 style to fa 5 style with `fas fa-bolt`
2018-10-31 14:28:50 +01:00
Daniël Klabbers
c446c5cc61 fixes author gambit when used with fulltext search, added test to cover (#1620)
* fixes author gambit when used with fulltext search, added test to cover

* Apply fixes from StyleCI

[ci skip] [skip ci]
2018-10-29 23:01:25 +01:00
flarum-bot
bd10ebff24 Bundled output for commit 104d3982fe [skip ci] 2018-10-28 21:00:22 +00:00
Toby Zerner
104d3982fe Fix regression in admin routing in subdirectory. fixes #1606
Because admin routing uses the "hash" strategy, the base path does not
need to be taken into account.
2018-10-29 07:25:17 +10:30
Franz Liedke
a1948e7bb8
Fix installation in subdirectory
Fixes #1604.
2018-10-26 00:27:35 +02:00
Franz Liedke
4775535421
Fix tests 2018-10-24 22:38:47 +02:00
Franz Liedke
2392e06c0e
Apply fixes from StyleCI (#1616)
[ci skip] [skip ci]
2018-10-24 22:20:15 +02:00
Franz Liedke
e3e10a8fc3
Allow setting all paths when instantiating Site
Fixes #1592.
2018-10-24 22:19:09 +02:00
flarum-bot
b4dbab5df1 Bundled output for commit f062f69f00 [skip ci] 2018-10-24 20:06:14 +00:00
Clark Winkelmann
f062f69f00 Update Font Awesome icons page link (#1615) 2018-10-24 21:20:49 +02:00
Toby Zerner
0e3b0fc5a0 Update forgotten column name 2018-10-23 20:52:09 +10:30
Franz Liedke
21b3737dc2
Merge pull request #1608 from flarum/fl/1602-extend-frontend-document
New extender for adding variables to HtmlDocument payload
2018-10-21 22:34:22 +02:00
Franz Liedke
4ed1d0aaee
New extender for adding variables to HtmlDocument payload
Fixes #1602.
2018-10-21 20:45:19 +02:00
Franz Liedke
86b26ce2fb
Tweak ContentInterface so that callables can be used as well 2018-10-21 20:41:45 +02:00
Toby Zerner
eafc637475 Prevent long words/content from stretching the discussion list width 2018-10-21 14:47:41 +10:30
Daniël Klabbers
a03f243ca5 Fixes logging in with access token (#1605)
Seems the created_at column has no default value. This was always the case, at least that's what I can tell from a clean install and no migrations changing that default value.

```
$table->timestamp('created_at');
```
2018-10-21 01:21:34 +02:00
Toby Zerner
5f5e1c512c Load extensions in the configured order 2018-10-20 22:21:39 +10:30
Toby Zerner
a4d540f74b Don't require paths to be set in config - use sensible defaults 2018-10-18 19:27:03 +10:30
Tristian Kelly
c23af9550e Broader system font stack (#1600) 2018-10-17 23:55:41 +02:00
David Sevilla Martín
8fd3e8908c Align search icon on search bar (#1599) 2018-10-16 20:40:39 +02:00
David Sevilla Martín
cc95faa07d Add migration to add 'fa fa-' to group icons (#1597)
* Add migration to add 'fa fa-' (FA v4 shim) to group icons

* StyleCI

* Change prefix to `fas fa-`
2018-10-10 00:39:19 +02:00
flarum-bot
f1add1798b Bundled output for commit 9fa7258325 [skip ci] 2018-10-09 22:32:47 +00:00
Franz Liedke
81f6ce220e
Merge pull request #1594 from datitisev/item-list
Allow ItemList method chaining (add, merge, remove, replace)
2018-10-10 00:28:03 +02:00
Franz Liedke
9fa7258325
Merge pull request #1598 from flarum/dk/log-rotation
adds log rotation, reducing file size per log file and easier to delete
2018-10-10 00:27:39 +02:00
Daniël Klabbers
4841661ee2 adds log rotation, reducing file size per log file and easier to delete 2018-10-09 19:54:52 +02:00
David Sevilla Martín
7b34636636
Allow ItemList method chaining (add, merge, remove, replace) 2018-10-05 19:30:14 -04:00
Franz Liedke
8474dfd6e2
Consistent use of private instead of protected
See discussion in 5b821b21b1 (r30752077).
2018-10-04 09:08:43 +02:00
flarum-bot
737d33826e Bundled output for commit 3006f58274 [skip ci] 2018-09-29 23:59:11 +00:00
Toby Zerner
3006f58274 The document JS payload attribute was previously renamed to apiDocument 2018-09-30 09:24:25 +09:30
Toby Zerner
d3a5e2451a
Merge pull request #1581 from flarum/fl/1463-extension-install-hooks
Extension enable/disable hooks
2018-09-29 08:19:26 +09:30
Franz Liedke
f03c954dcc
Extensions do not need to know whether they are enabled 2018-09-26 23:34:33 +02:00
Franz Liedke
3b70b9e76e
Let extensions take care of flushing the formatter cache 2018-09-26 23:11:27 +02:00
Franz Liedke
b823a9df47
migrate: Use existing public API to filter extensions 2018-09-26 23:03:48 +02:00