Robin Ward
434deb1bd3
SECURITY: Backported XSS fixes from Handlebars
2015-11-24 16:08:08 -05:00
Robin Ward
8ba7c06b7d
Merge pull request #3735 from riking/patch-4
...
FIX: Discourse.BaseUri should not default to /
2015-11-06 14:52:19 -05:00
Régis Hanol
86f76e5b4d
FIX: better plugin emojis API
2015-11-06 15:02:40 +01:00
Régis Hanol
7fbf902d09
FIX: prevent cross-contamination of emojis in multisites
2015-10-30 23:26:34 +01:00
Régis Hanol
73e345fe8f
FIX: unescape emojis in digests
2015-10-15 09:59:29 +02:00
Sam
e5234b38b8
FEATURE: add title expansion for off topic quotes
2015-09-25 13:35:14 +10:00
Kane York
aca70805f1
FIX: Discourse.BaseUri should not default to /
2015-09-10 17:34:08 -07:00
Guo Xiang Tan
6a31a5d52b
Extract logic for censored-words so that it can be reused.
2015-08-25 22:26:01 +08:00
Robin Ward
e2e3e7c0e0
Add ES6 support to more files
2015-08-13 10:49:08 -04:00
Régis Hanol
c17f8d1769
keep pretty_text in sync with client code
2015-07-16 00:01:00 +02:00
Robin Ward
b52e5d1536
FIX: `default_avatars` wasn't being used for some server side templates
2015-06-26 13:38:09 -04:00
Régis Hanol
189cb3ff12
FEATURE: move migrate_to_new_scheme into a background job
...
- new hidden site setting 'migrate_to_new_scheme' (defaults to false)
- new rake tasks to toggle migration to new scheme
- FIX: migrate_to_new_scheme also works with CDN
- PERF: improve perf of the DbHelper.remap method
- REFACTOR: UrlHelper is now a class
2015-06-12 12:07:57 +02:00
Sam Saffron
b7a0a295c0
FIX: s3 cdn would break cooking if <img> tag had no src
2015-06-10 19:28:21 +10:00
Sam
93ab03966e
FIX: no-follow not handled correctly for sub domains
...
if a.com was whitelisted aa.com would pass through
2015-05-27 14:31:01 +10:00
Sam
90eaad336d
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 11:13:12 +10:00
Robin Ward
2e4d43364a
Server side quote templates don't seem to be used?
2015-05-11 11:20:45 -04:00
Régis Hanol
a737090442
- FEATURE: revamped poll plugin
...
- add User.staff scope
- inject MessageBus into Ember views (so it can be used by the poll plugin)
- REFACTOR: use more accurate is_first_post? method instead of post_number == 1
- FEATURE: add support for JSON-typed custom fields
- FEATURE: allow plugins to add validation
- FEATURE: add post_custom_fields to PostSerializer
- FEATURE: allow plugins to whitelist post_custom_fields
- FIX: don't bump when post did not save successfully
- FEATURE: polls are supported in any post
- FEATURE: allow for multiple polls in the same post
- FEATURE: multiple choice polls
- FEATURE: rating polls
- FEATURE: new dialect allowing users to preview polls in the composer
2015-04-23 19:33:29 +02:00
Régis Hanol
4a9587fa23
FIX: auto-load all plugin locales so that they can be used in PrettyText
2015-04-09 17:04:14 +02:00
Sam
a82530012a
FEATURE: Allow selection of highlight js languages
...
PERF: stop loading highlight js on load
To get latest highlight js run bin/rake highlightjs:update
2015-03-13 16:18:59 +11:00
Robin Ward
893c1aa067
FIX: Quoting an avatar when `default_avatars` was set was broken.
2015-03-12 15:51:28 -04:00
Régis Hanol
6a68e8c272
FIX: use CDN for user card/profile background and user avatars (for real this time)
2015-01-29 22:53:48 +01:00
Régis Hanol
22adb682d8
revert - FIX: use CDN for user card/profile background and user avatars
2015-01-29 20:42:05 +01:00
Régis Hanol
07d5d8faac
fix the build...
2015-01-29 20:28:50 +01:00
Régis Hanol
3a24df6956
FIX: adding a custom emoji needed an application restart to work on the server-side rendering
2015-01-29 17:35:52 +01:00
Gerhard Schlager
361b3fb07a
FIX: Loading of Emoji files depended on working directory
...
The importer scripts could not be used unless the working directory was
the Discourse root directory.
2015-01-24 00:07:39 +01:00
Régis Hanol
118d33798a
FIX: load custom emoji API before the plugins
2014-12-23 11:06:55 +01:00
Régis Hanol
5d33dee817
FIX: custom emoji weren't properly baking
2014-12-23 02:22:10 +01:00
Sam
a79b1807d7
FEATURE: attempt to recover from corrupt markdown engine
2014-11-14 17:51:04 +11:00
Régis Hanol
a5616146eb
FIX: remove meta data from lightbox in both excerpt (html & text)
2014-11-05 20:37:00 +01:00
Jens Maier
3198c3333a
Fix pretty_text translation helper again, this time for real
2014-10-02 22:08:40 +02:00
Jens Maier
b6bbfb907c
FIX: quoting non-existing messages would break SMF2 importer
2014-10-02 00:44:03 +02:00
Robin Ward
d0fb8bbcfc
Instead of `.js.handlebars` use `.hbs` for handlebars templates
2014-09-26 15:23:15 -04:00
Robin Ward
19b4364d79
SECURITY: Stripping links could unescape html fragments
2014-09-17 12:08:00 -04:00
Robin Ward
f67f34d889
FIX: Load order of Javascript files
2014-08-22 19:27:20 -04:00
Sam
84836944e8
FIX: crash on invalid uri component
2014-07-30 17:09:55 +10:00
Sam
89fc989adb
FEATURE: First Quote badge
2014-07-11 14:17:43 +10:00
Régis Hanol
27f7730fe8
fix the build
2014-07-09 17:39:38 +02:00
Robin Ward
64355c989e
FIX: Don't extract links from empty quotes
2014-05-20 17:20:52 -04:00
Louis Rose
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Robin Ward
87682f7539
FIX: Don't include image meta data when embedded in an email
2014-04-17 12:32:51 -04:00
Régis Hanol
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
riking
9c4dd1cb35
Change comma-delim site settings to pipe-delim
2014-04-08 14:17:55 -07:00
Régis Hanol
f25bcc5067
couple of bugfixes identified while importing from VB
2014-03-07 10:44:04 +01:00
Robin Ward
91ff3451c3
FIX: Include `html` helpers in the server rendering. This allows plugins
...
to easily register HTML fragments without breaking posting.
2014-02-26 10:09:17 -05:00
Sam
a28a0bbeeb
PERF: stop messing with strings that come back from I18n.t
...
allows better caching
2014-02-18 14:10:03 +11:00
Sam
d54f6faa35
minor style fix
2014-02-04 12:57:16 +11:00
Sam
1556548ff6
BUGFIX: JS errors could crash our process
2014-02-04 11:14:04 +11:00
Neil Lalonde
4f6b208e8d
Posts by trust level 3 users do not have nofollow on their external links.
2014-01-15 11:40:51 -05:00
Sam
b703d8c77a
BUGFIX: redis-rails has always been a problem child
...
implemented an ActiveSupport::Cache::Store for our internal use.
* allows for expire by family
* works correctly in multisite
* namespaced correctly
Removed redis-rails from the project, no longer needed
2014-01-06 16:50:04 +11:00
Régis Hanol
567d2bd23c
add top page
2013-12-24 00:50:36 +01:00
Sam
6ebc2dcf5c
never allow any js that takes longer than 5 seconds to run.
2013-12-09 12:44:09 +11:00
Neil Lalonde
4ec0543362
FIX: emails with embedded posts should always use absolute URLs
2013-11-28 15:57:21 -05:00
Sam
8278fdb9dd
relocate emoji plugin, stop pre-compiling assets
2013-11-20 14:38:21 +11:00
Régis Hanol
37fd7ab574
pull hotlinked images
2013-11-05 19:07:29 +01:00
Robin Ward
9adcd1579d
Renamed `components` to `lib` in the JS project, as Ember has components and they mean something different.
2013-10-24 12:36:46 -04:00
Régis Hanol
3909f93a7e
make sure image onebox is case insensitive
2013-10-24 12:21:38 +02:00
Robin Ward
f27413219e
Support for MDTest
2013-10-16 10:28:42 -04:00
Neil Lalonde
ff966e3276
FIX: don't load post.rb a second time in dev env
2013-10-15 18:33:06 -04:00
Robin Ward
5281b7f80c
Upgraded and refactored Sanitizing. Much less crap should get through now!
...
Conflicts:
app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-15 10:53:11 -04:00
Robin Ward
af931f0444
Reverting the Sanitizer commit in case we have to do something urgent
...
before we deploy it early next week. It's in the branch `sanitizer` for
now.
This reverts commit 9e93d8ed52
.
2013-10-11 16:44:26 -04:00
Robin Ward
9e93d8ed52
Upgraded and refactored Sanitizing. Much less crap should get through now!
...
Conflicts:
app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-11 16:25:40 -04:00
Robin Ward
be0ce08cc2
Ember Upgrade: 1.0
2013-10-01 11:16:27 -04:00
Robin Ward
eb5830f3b0
FIX: Make `getURL` available to plugins while they are starting up in a similar load order
...
to the client app.
2013-08-29 13:11:12 -04:00
Robin Ward
73489b652e
FIX: Allow intra-word underscores.
2013-08-27 12:25:05 -04:00
Robin Ward
7f69a58439
Replace Markdown parser.
2013-08-21 10:10:57 -04:00
Sam
be4b326f46
avoid calling v8 multiple times ( makes certain testing simpler)
2013-08-16 13:03:47 +10:00
Robin Ward
c5c29e9c4c
Revert "Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq""
...
This reverts commit f1a693c8b7
.
2013-08-15 18:12:10 -04:00
Robin Ward
f1a693c8b7
Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq"
...
This reverts commit 883db5798b
.
2013-08-15 17:22:45 -04:00
Sam
883db5798b
eliminate a class of v8 initialization bugs due to concurrency in sidekiq
2013-08-15 21:16:37 +10:00
Régis Hanol
c867b67a0b
custom avatar support
2013-08-13 22:08:29 +02:00
Sam
1837cb769c
pretty text would blow up on an <a tag with no href
2013-08-01 16:02:43 +10:00
Régis Hanol
3136638b4b
FIX: CDN doesn't work with S3
2013-07-16 22:16:33 +02:00
Sam
c49731a91b
fix failing server side quote localisation change
2013-07-16 17:48:48 +10:00
Régis Hanol
c11f4456ae
cleaned up CookedPostProcessor and improved specs
2013-06-17 02:49:34 +02:00
Sam
6bf2f15610
use lodash cause we like lodash (faster and we can remove templating easily)
2013-06-12 10:23:47 +10:00
Sam
fa8a84f20c
removed sugar.js, port functionality to moment and underscore.js
...
bring in latest ace from local so we don't mess up with https
2013-06-11 15:27:26 +10:00
Robin Ward
dfba2b6e0a
FIX: Strip links from google indexed bios when the users are new.
2013-06-05 15:28:10 -04:00
Régis Hanol
01855b70b4
FIX: Have onebox ignore internal links
2013-06-05 20:53:07 +02:00
Sam
88972b99a5
refactor
2013-05-28 09:48:47 +10:00
Avdi Grimm
9acc0cd678
Replace exception used for flow control with idiomatic throw/catch.
2013-05-16 01:19:34 -04:00
Régis Hanol
297680c28d
FIX: pinned topic excerpt is not properly truncated
2013-05-10 12:28:17 +02:00
Sam
b25a5a20bb
option to strip links from excerpts
2013-04-30 13:25:55 +10:00
Sam
dec6b9970a
guard failed me
2013-04-15 15:37:31 +10:00
Robin Ward
00f9e628e0
Don't apply markdown to content of [quote] -- it messes up spacing.
2013-04-09 17:32:50 -04:00
Sam
deb603f41c
Merge pull request #547 from kid0m4n/convert-ruby-1-9-syntax
...
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-24 16:43:17 -07:00
Karan Misra
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
Régis Hanol
7d43058d20
FIX: Email notification for different user being mentioned
2013-03-24 01:57:00 +01:00
Wojciech Kocjan
e6ccc300dc
Support for running discourse with a prefix (i.e. as http://servername/discourse )
2013-03-16 00:01:21 +01:00
Robin Ward
cf09e200a5
Moved Markdown out of Discourse.Utilities -> Discourse.Markdown
2013-03-05 14:56:43 -05:00
Gosha Arinich
cafc75b238
remove trailing whitespaces ❤️
2013-02-26 07:31:35 +03:00
Robin Ward
f661fa609e
Convert all CoffeeScript to Javascript. See:
...
http://meta.discourse.org/t/is-it-better-for-discourse-to-use-javascript-or-coffeescript/3153
2013-02-20 19:01:13 -05:00
Robin Ward
dee9e9a51f
Fix bug where links to posts weren't being tracked
2013-02-13 15:23:09 -05:00
Sam Saffron
fd5f949116
formatting
2013-02-11 19:01:33 +11:00
Sam Saffron
f68f59c24f
setting to exclude rel nofollow from particular domains
2013-02-11 18:58:19 +11:00
Sam Saffron
543845c673
rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default.
2013-02-11 11:43:07 +11:00
Robin Ward
21b5628528
Initial release of Discourse
2013-02-05 14:16:51 -05:00