Commit Graph

32 Commits

Author SHA1 Message Date
Krzysztof Kotlarek 9bff0882c3
FEATURE: Nokogumbo (#9577)
* FEATURE: Nokogumbo

Use Nokogumbo HTML parser.
2020-05-05 13:46:57 +10:00
Martin Brennan 1150cd4621
FIX: Stop secure media URLs being censored too liberally in emails (#8817)
For example /t/ URLs were being replaced if they contained secure-media-uploads so if you made a topic called "Secure Media Uploads Are Cool" the View Topic link in the user notifications would be stripped out.

Refactored code so this secure URL detection happens in one place.
2020-01-30 16:19:14 +10:00
Penar Musaraj 102909edb3 FEATURE: Add support for secure media (#7888)
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. 

A few notes: 

- the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads
- the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured
- upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status
- when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error
- when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 11:25:42 +10:00
Sam Saffron 4ea21fa2d0 DEV: use #frozen_string_literal: true on all spec
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.

Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
Arpit Jalan 230e111e87 DEV: more accurate spec for email iframe handling 2019-04-25 22:32:53 +05:30
Arpit Jalan bd1db1860a FIX: prefer data-original-href attribute to get iframe URL 2019-04-24 13:53:27 +05:30
Guo Xiang Tan 8ee31d3c85 Re-enable skip tests for `Email::Styles`. 2017-07-24 23:16:54 +09:00
Guo Xiang Tan 13f3de4bf6 Nuke all `SiteSetting.stubs` from our codebase. 2017-07-07 15:09:14 +09:00
Neil Lalonde eb9f306e64 FIX: fail to send email notification if post has img tag with no src attribute 2017-06-15 10:36:19 -04:00
Régis Hanol 8fc7420f83 FIX: prevent huge custom emojis in emails 2017-01-30 18:06:48 +01:00
Arpit Jalan 495a511862 simplify quote markup in emails 2017-01-02 21:37:01 +05:30
Régis Hanol 2a61cc8c88 FIX: email styling with blacklisted iframes 2016-10-21 12:37:03 +02:00
Guo Xiang Tan 20359788dc
Rename `SiteSetting#use_https` to `force_https`. 2016-06-29 15:02:43 +08:00
Régis Hanol 378b7f964c Revert "FEATURE (WIP): add max-width and center email notifications" 2016-01-29 11:13:59 +01:00
scossar 77167f12ad move styles to Styles 2016-01-27 19:07:21 -08:00
scossar 8d10130c10 test format_notifications 2016-01-27 15:44:49 -08:00
scossar 3f09ec2aca add layout for notifications 2016-01-27 11:27:32 -08:00
Andy Waite 3e50313fdc Prepare for separation of RSpec helper files
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`

`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).

For more information:

https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files

In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.

This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.

At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Régis Hanol e3a80936c8 prefer empty href attribute to # 2015-09-08 18:27:20 +02:00
Sam 27b1ec2917 FIX: incorrect emoji stripping logic 2015-08-19 09:12:08 +10:00
Luciano Sousa 0fd98b56d8 few components with rspec3 syntax 2015-01-09 13:34:37 -03:00
Régis Hanol 45dbdb6896 FEATURE: custom emojis 2014-12-23 01:12:26 +01:00
Régis Hanol ada750b384 fixed some more deprecations. 20 to go 2014-10-29 16:06:50 +01:00
Arpit Jalan 370f50250b FIX: attachment links in mail lacks protocol 2014-10-28 00:08:51 +05:30
Robin Ward 4eb1288dba FIX: Broken spec from @coding-horror 2014-10-20 17:13:45 -04:00
Robin Ward dd6fd7fa39 FIX: Don't put iframes in emails where they are sanitized out. Replace
them with links.
2014-07-14 16:41:37 -04:00
Robin Ward c690fa0d19 FIX: Replace protocol relative URLs in emails 2014-06-13 17:11:04 -04:00
Robin Ward 8c8645f158 FIX: Code and Emoticon formatting in HTML emails. 2013-11-28 17:21:14 -05:00
Régis Hanol 561792a615 FIX: schemaless urls in emails 2013-08-27 00:08:38 +02:00
Robin Ward b7c50ecdaa FIX: Respect protocol relative URLs in email styling 2013-08-14 11:32:17 -04:00
Sam d51dcd1705 improve email styling, include extra respond link 2013-07-26 17:27:46 +10:00
Robin Ward e29f4a3496 Work in Progress: Reply By Email:
- Add support classes and settings to enable reply by email
- Split out Email builder to be more OO, add many specs
2013-06-13 12:39:56 -04:00