Rafael dos Santos Silva
831f3cab56
DEV: Fix search rate limit tests
2020-07-09 20:44:17 -03:00
Blake Erickson
e74817cbb9
DEV: Document set notification level endpoint
...
Another commit using rswag to document the api so that the api docs can
be automatically generated.
2020-07-09 17:41:11 -06:00
Rafael dos Santos Silva
e866e3d609
FEATURE: Add global rate limit for anon searches ( #10208 )
2020-07-10 09:08:34 +10:00
Kane York
79b52b1e9a
DEV: Add SVG tests for 31e31ef44
( #10205 )
2020-07-09 14:02:25 -07:00
Mark VanLandingham
bfde665e76
DEV: Classes and plugin-outlet in admin user-list nav ( #10204 )
2020-07-09 15:10:25 -05:00
Robin Ward
5b276af921
Remove `Discourse.SiteSettings` from tests ( #10193 )
...
* Remove unused Discourse.SiteSettings
* Remove `Discourse.SiteSettings` from many tests
* REFACTOR: `lib:formatter` was using a lot of leaky state
* Remove more `Discourse.SiteSettings` from tests
* More SiteSettings removed from tests
2020-07-09 15:54:53 -04:00
Robin Ward
b1c6ff9e1c
FIX: Test output related to `Discourse::VERSION`
...
It's a little awkward to test constants by re-assigning them so
I've added a new parameter to `Discourse.find_compatible_resource`
which can be used by tests.
2020-07-09 14:57:27 -04:00
Robin Ward
c2ce7f2673
FIX: Flaky test
...
The previous solution was not always working, I believe this one
will be consistent.
2020-07-09 14:48:49 -04:00
dependabot-preview[bot]
dadf08fb3b
Build(deps): Bump cose from 1.0.0 to 1.1.0 ( #10203 )
...
Bumps [cose](https://github.com/cedarcode/cose-ruby ) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/cedarcode/cose-ruby/releases )
- [Changelog](https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md )
- [Commits](https://github.com/cedarcode/cose-ruby/compare/v1.0.0...v1.1.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-09 14:13:32 -04:00
Robin Ward
10384bcdf4
FIX: Flaky tests
...
Locally I was getting a lot of failures from discourse-encrypt due to
leaky state in composer actions. This fixes it.
2020-07-09 12:58:57 -04:00
Mark VanLandingham
52f8eecbb9
FIX: Incorrect fix for invites breaking when no group is selected ( #10202 )
2020-07-09 11:58:29 -05:00
Mark VanLandingham
9d74cf6a63
FIX: Invites when no group is selected ( #10201 )
2020-07-09 11:41:17 -05:00
David Taylor
cb1f891392
Revert "FIX: Incorrect search blurb when advanced search filters are used."
...
This change was causing advanced search filters to disappear from the search input
This reverts commit 2e1eafae06
.
2020-07-09 16:19:18 +01:00
Daniel Waterworth
8d5750d90a
FIX: Catch all kinds of exceptions when processing email
2020-07-09 13:41:51 +01:00
Daniel Waterworth
3b368a48d1
Revert "DEV: Add logging for stack level too deep exception in HtmlToMarkdown"
...
We can do this in a better way by storing an IncomingEmail record.
Follow-up-to: 4a9ee25c56
2020-07-09 13:41:33 +01:00
Jarek Radosz
32ee9fae40
FIX: Short URL resolution in cook-text ( #10200 )
...
Regressed in 3b51e05de2
. Thanks to @romanrizzi for reporting!
2020-07-09 14:39:13 +02:00
Daniel Waterworth
4a9ee25c56
DEV: Add logging for stack level too deep exception in HtmlToMarkdown
2020-07-09 12:25:00 +01:00
Martin Brennan
e0713455ca
PERF: Load topic bookmarks for the user in user_post_bookmarks ( #10197 )
...
Instead of loading all of the user bookmarks using all the post IDs in a topic, load all the bookmarks for a user using the topic ID. This eliminates a costly WHERE ID IN query.
2020-07-09 15:46:52 +10:00
Guo Xiang Tan
d5c56a846a
DEV: Only failover the entire cluster when the default db goes down.
2020-07-09 11:49:03 +08:00
Martin Brennan
31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
...
* strip out the href and xlink:href attributes from use element that
are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
uploaded SVGs cannot be opened and executed using the XSS exploit.
svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan
fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
...
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan
f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down.
2020-07-09 11:13:02 +08:00
Guo Xiang Tan
cbe1dd8ec7
Revert "FIX: Delete related search data when record has been deleted."
...
This reverts commit ecc799ab56
.
This commit does not fix anything because we've always been deleting
records in `Searchable`.
2020-07-09 10:08:35 +08:00
Jordan Vidrine
9eedc83e00
UI: Markdown Code Wrapping ( #10195 )
2020-07-08 20:50:42 -04:00
Blake Erickson
abb01148fa
DEV: Rubocop fixes
...
Follow up to: 3314654ab3
2020-07-08 18:27:19 -06:00
Blake Erickson
3314654ab3
DEV: Add API Doc specs for topic endpoints
...
Added some more specs that will be used to auto generate the api docs.
2020-07-08 18:08:14 -06:00
romanrizzi
720a7f88e2
Revert "Add License"
...
This reverts commit ba1c4b3ee9
.
2020-07-08 15:11:04 -03:00
Roman Rizzi
ba1c4b3ee9
Add License
2020-07-08 15:09:42 -03:00
Penar Musaraj
bd511c004c
UX: Fix missing icon when merging selected posts
2020-07-08 13:57:05 -04:00
Penar Musaraj
67582e7d27
FIX: Do not send system emails to suspended users ( #10192 )
2020-07-08 13:30:32 -04:00
Mark VanLandingham
90512d723c
UX: Use group-chooser in invite modal ( #10186 )
2020-07-08 12:02:26 -05:00
Robin Ward
f3ff9d5625
FIX: `getURL` deprecation
2020-07-08 11:40:53 -04:00
Arpit Jalan
78beb4368a
FIX: 'resend all invite' button was not working as expected
2020-07-08 15:52:44 +05:30
marielaSAG
e45307a105
DEV: Added before-create-topic-button plugin-outlet ( #10109 )
2020-07-08 18:21:30 +10:00
Mark VanLandingham
a9292086f4
DEV: Add classes to quick-access-profile items ( #10185 )
2020-07-08 17:30:12 +10:00
Martin Brennan
6be7a66ba7
FIX: Cap bookmark name at 100 chars and truncate existing names ( #10189 )
...
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.
This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
2020-07-08 17:19:01 +10:00
Sam Saffron
bac25e6dd7
DEV: upgrade rack to version 2.2.3
...
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52
An attacker can elevate own cookie usage to bypass server cookie restrictions
Technically this is a security commit, but the surface area is extremely
low, we do not expect any real world impact.
2020-07-08 16:42:31 +10:00
Sam Saffron
8af5194e39
DEV: upgrade rails to version 6.0.3.2
...
This includes a fix for CVE-2020-8185 we are not vulnerable as we do not use
the impacted middleware. However it still makes sense to stay upgraded, other
small fixes exist in this release.
2020-07-08 16:34:29 +10:00
Bianca Nenciu
bd842cd2b0
FEATURE: Parse images in email signatures ( #10137 )
...
* FEATURE: Parse images in email signatures
* DEV: Fix tests
* Code review
2020-07-08 15:50:30 +10:00
Martin Brennan
07ad243603
FIX: Stop updating bookmarked column from TopicUser.update_post_action_cache ( #10188 )
...
* This is causing issues where sometimes bookmarked is out of sync with what is in the Bookmark table. The BookmarkManager handles updating this column now.
* Add migration to fix bookmarked column that is incorrectly marked false when a Bookmark record exists.
2020-07-08 15:27:42 +10:00
Guo Xiang Tan
2e1eafae06
FIX: Incorrect search blurb when advanced search filters are used.
2020-07-08 11:59:49 +08:00
dependabot-preview[bot]
26dc981285
Build(deps): Bump rubocop from 0.86.0 to 0.87.1
...
Bumps [rubocop](https://github.com/rubocop-hq/rubocop ) from 0.86.0 to 0.87.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases )
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.87.1 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:38 +08:00
dependabot-preview[bot]
b973ffe8e0
Build(deps): Bump onebox from 1.9.29 to 1.9.30
...
Bumps [onebox](https://github.com/discourse/onebox ) from 1.9.29 to 1.9.30.
- [Release notes](https://github.com/discourse/onebox/releases )
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md )
- [Commits](https://github.com/discourse/onebox/compare/v1.9.29...v1.9.30 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:20 +08:00
Kane York
c86b1ee9d1
FIX: Disable security keys at same time as TOTP 2FA ( #10144 )
...
Previously, the "Remove 2FA" button could result in an error. This syncs button visibility with behavior.
* FIX: Only offer disabling 2FA to admins
2020-07-07 12:19:30 -07:00
Mark VanLandingham
81fe8a50d4
DEV: Plugin API function to add items to quick access profile ( #10182 )
2020-07-07 13:53:40 -05:00
Kris
d09a953f53
UX: Fix layout for long bookmark notes
2020-07-07 13:42:51 -04:00
Kris
66257ca8b6
FEATURE: Add "smallest" option to user text size preferences
2020-07-07 13:08:19 -04:00
Régis Hanol
44aaf4415d
DEV: ensure discobot has a user_option & user_profile
...
When doing a migration, there might be some cases where the discobot user
doesn't have a user_option / user_profile record(s).
This ensures we always create one during the seed phase.
2020-07-07 18:24:31 +02:00
Mark VanLandingham
d2e320d4f7
FIX: Bookmarks shortcut goes to new bookmarks with reminders ( #10181 )
2020-07-07 11:12:41 -05:00
Bianca Nenciu
4a90464619
FIX: Do not highlight large code blocks ( #10125 )
2020-07-07 18:51:19 +03:00