Commit Graph

20305 Commits

Author SHA1 Message Date
Guo Xiang Tan 0290619669 Merge pull request #4443 from tgxworld/security_escape_input
SECUIRTY: Escape input made to system calls.
2016-09-16 12:09:27 +08:00
Guo Xiang Tan 512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Guo Xiang Tan f63a797e39 SECUIRTY: Escape input made to system calls. 2016-09-16 11:58:14 +08:00
Guo Xiang Tan 8f36290c05 FIX: No need to list all the files. 2016-09-16 11:57:35 +08:00
Sam e6fcaadd45 FIX: redirects back to origin for SSO and omniauth login 2016-09-16 13:48:50 +10:00
Sam 2f8c14fef1 FEATURE: allow write user api keys by default
app needs to write data regarding notifications and set read status etc
default allow.
2016-09-16 12:27:53 +10:00
Sam 25a82e7d22 PERF: only publish notification state if we changed it
also publish seen_notification_id so we can tell what is new and what is old
cleanup controller so it correctly checks user
fix bug around clearing notification when people click mark read
2016-09-16 12:02:19 +10:00
Sam 33578a2c17 FIX: always import avatars during SSO if they are missing 2016-09-16 09:45:00 +10:00
Neil Lalonde b9801d2e26 UX: add text near group flair settings explaining that flair only shows for a user's primary group 2016-09-15 17:39:47 -04:00
Neil Lalonde a74781fbbc fix jslint error 2016-09-15 16:50:23 -04:00
Neil Lalonde d0ebde9d84 don't try to render flair if there's no primary group 2016-09-15 16:26:58 -04:00
Neil Lalonde e3e15182df FEATURE: avatar flair on user cards 2016-09-15 16:15:18 -04:00
Robin Ward cd571b26ba FIX: Allow Safe Redirections in Topic Embedding 2016-09-15 13:56:59 -04:00
Guo Xiang Tan 596fcfeb58 FIX: Set formatter for original Rails logger. 2016-09-15 23:51:22 +08:00
Arpit Jalan 5dbd6a304b add search-container class to search page 2016-09-15 13:46:22 +05:30
Guo Xiang Tan baacb30ba1 FIX: Incorrect folder. 2016-09-15 15:20:07 +08:00
Guo Xiang Tan b0752b1f91 FIX: Don't bypass validations. 2016-09-15 10:15:17 +08:00
Sam fe7883eeea UX: don't allow user scaling in mobile view
on iOS 10 behavior of zoom restriction has changed.

This does not disable zooming on iOS 10 but it DOES stop it from randomly
zooming when you are composing
2016-09-15 07:36:16 +10:00
Arpit Jalan 92e716a1fd fix vbulletin import script 2016-09-14 08:15:48 +05:30
Neil Lalonde 8087cca54d Version bump to v1.7.0.beta4 2016-09-13 12:23:51 -04:00
Arpit Jalan 1a87960454 Update Translations 2016-09-13 21:21:19 +05:30
Robin Ward aa7c735d34 FIX: Improve selecting text over line breaks 2016-09-13 11:36:17 -04:00
Arpit Jalan e46204d195 FIX: allow long words if they contain periods 2016-09-13 09:15:05 +05:30
Robin Ward 2c9a47dda5 FIX: Validate the raw content of posts before enqueuing them 2016-09-12 12:26:49 -04:00
Neil Lalonde 06eb256d0a FIX: blocking users should never hide all posts if they are trust level 1 or higher 2016-09-12 11:58:10 -04:00
Sam 2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Neil Lalonde b381d84dd9 FIX: tag search should not be case sensitive 2016-09-09 16:55:26 -04:00
Robin Ward e78b7a243e FIX: Don't enqueue posts if the user can't create them (ex: closed) 2016-09-09 12:15:56 -04:00
Robin Ward 1f5325e3f0 FIX: Only validate uploaded URLs if they change 2016-09-08 12:06:18 -04:00
Arpit Jalan ed0b355e15 generalize permalink URL in GetSatisfaction import script 2016-09-08 15:01:40 +05:30
Arpit Jalan bade41db42 improve GetSatisfaction import script 2016-09-08 14:57:20 +05:30
Arpit Jalan 19ddf95efa FIX: add custom invite email templates 2016-09-08 00:54:48 +05:30
Robin Ward 9609a47016 Ability to skip email validation via a plugin 2016-09-07 14:05:46 -04:00
timur aeae63a56a Change reverse.each
Change on reverse_each because reverse_each loops in reverse order (no
intermediate array created).
2016-09-07 14:57:31 +08:00
Robin Ward 610dd933a3 FEATURE: Support importing email from Twitter 2016-09-06 12:18:13 -04:00
Robin Ward acaac02673 Merge pull request #4423 from SafaAlfulaij/arabic_client_plural_rules
Add Arabic Pluralization Rules for Client
2016-09-06 11:22:21 -04:00
Guo Xiang Tan f69f225f65 FIX: Don't prevent unicorn worker from starting if warmup fails. 2016-09-06 14:02:08 +08:00
Matt Palmer 51854e56ac Don't hide e-mail in settings behind email-in plugins 2016-09-06 14:23:43 +10:00
Guo Xiang Tan 0fbb949af5 Merge pull request #4432 from tgxworld/migrate_upload_scheme_to_scheduled_job
FIX: Make `Jobs::MigrateUploadScheme` a scheduled job.
2016-09-06 08:39:27 +08:00
Guo Xiang Tan 35bc0c943f More randomly failing specs fixes. 2016-09-05 19:33:03 +08:00
Guo Xiang Tan 1b2b142f30 FIX: Post without a topic can be destroyed. 2016-09-05 19:00:49 +08:00
Guo Xiang Tan 52c70f8b45 Merge pull request #4426 from tgxworld/gsoc_webhooks
Gsoc webhooks
2016-09-05 18:46:03 +08:00
Erick Guan 9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Guo Xiang Tan 1f70fc9e11 Make sure we reset global in specs. 2016-09-05 18:18:14 +08:00
Arpit Jalan 87e84756f0 improve Ning import script 2016-09-05 15:27:03 +05:30
Guo Xiang Tan 31d900f7e7 Fix build. 2016-09-05 17:03:41 +08:00
Guo Xiang Tan aa1f306894 Properly clean up plugin event in specs.. 2016-09-05 16:10:03 +08:00
Guo Xiang Tan aabb7a8592 FIX: DiscourseEvent should not be triggered from within the controller. 2016-09-05 15:58:04 +08:00
Guo Xiang Tan ec90655c41 FIX: Clean up specs properly. 2016-09-05 15:48:59 +08:00
Guo Xiang Tan aa9decf6fd Remove `DiscourseEvent.clear`. 2016-09-05 15:17:49 +08:00