Commit Graph

54791 Commits

Author SHA1 Message Date
David Taylor 0a72b21e8f
DEV: Add admin warnings for plugin-outlet deprecations (#27679)
Adds warnings for:
- `discourse.plugin-outlet-tag-name`
- `discourse.plugin-outlet-parent-view`

Also updates the ID list to be strings rather than regex (so that `.` is not treated as a wildcard).
2024-07-02 15:01:41 +01:00
dependabot[bot] 53e150716e
Build(deps-dev): Bump esbuild from 0.21.5 to 0.22.0 (#27652)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.21.5 to 0.22.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.21.5...v0.22.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-02 12:03:17 +02:00
Sam 61610a61fa
FIX: disallow concurrent downloads of hotlinked images (#27676) 2024-07-02 10:06:46 +01:00
Gerhard Schlager 7c26d5d084
FIX: Import script was broken after upgrade of sqlite3 gem (#27648) 2024-07-02 17:38:15 +10:00
Martin Brennan 2ab4913d13
DEV: Disable smart lists for now on Firefox (#27677)
Firefox is having a lot of inconsistent issues with this
feature introduced in 30fdd7738e,
disabling it there for now until further investigation can
be done.
2024-07-02 13:36:24 +10:00
Krzysztof Kotlarek a1d2c46d28
FIX: increase secure session for OAuth expiration time (#27674)
By default, secure sessions expire after 1 hour.
For OAuth authentication it should expire at the same time when the authentication cookie expires - `SiteSetting.maximum_session_age.hours`.

It is possible that the forum will not have persistent sessions, based on `persistent_sessions` site setting. In that case, with next username and password authentication we need to reset information about OAuth.

Bug introduced in this PR - https://github.com/discourse/discourse/pull/27547
2024-07-02 11:43:59 +10:00
dependabot[bot] 592b5ceed1
Build(deps-dev): Bump typescript from 5.5.2 to 5.5.3 (#27673)
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 5.5.2 to 5.5.3.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/Microsoft/TypeScript/compare/v5.5.2...v5.5.3)

---
updated-dependencies:
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-02 09:36:46 +08:00
Jan Cernik 7b94cfcb1e
FIX: Hide message button for current user if can't message (#27672)
Hide message button for current user if can't message
2024-07-02 10:01:58 +10:00
Amanda Alves Branquinho 0acd6bea4c
PERF: Eager load field causing N+1 issue (#27626)
* PERF: Fix N+1 issue for javascript_cache

* FIX: missing upload fields should still appear in stylesheets

Sass is still expected to compile successfully even without uploads.
Revert a blank upload to have a blank URL

* DEV: remove unneeded test comment

---------

Co-authored-by: Jeff Wong <awole20@gmail.com>
2024-07-01 20:55:06 -03:00
Martin Brennan 947990b7f6
FIX: Small delay when auto-adding list item in composer (#27661)
Followup 30fdd7738e,

The issue with keyup is that it happens too late. maybeContinueList
itself runs in about 1 or 2 ms. But we show the linebreak in the
textarea on keydown and we handle it in keyup, which causes the “lag”.

The fix here is “hacking” itsatrap and textarea behavior to allow us to handle
it right away after the linebreak is inserted.

Full credit to Joffrey Jaffeux for this fix, I am making him
"co-author" below.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-02 09:37:10 +10:00
Kris 9e8d8d37fa
UX: fix height of lazy youtube embeds (#27671) 2024-07-01 17:27:11 -04:00
Kris 1c67aab135
UX: prevent the tag bullet from shrinking (#27669) 2024-07-01 16:49:49 -04:00
Kris 4311e9df45
UX: truncate too-long names in usercard (#27650) 2024-07-01 16:29:18 -04:00
Jan Cernik 6599b85a75
DEV: Block accidental serialization of entire AR models (#27668) 2024-07-01 17:08:48 -03:00
Gabriel Grubba 1ae902fa60
FIX: Division by zero error on WebHookEventsDailyAggregate (#27667)
* FIX: Division by zero error on WebHookEventsDailyAggregate

* DEV: Update implementation of WebHookEventsDailyAggregate to handle division by zero error
2024-07-01 15:40:52 -03:00
dependabot[bot] 88d259b73a
Build(deps-dev): Bump @floating-ui/dom from 1.6.6 to 1.6.7 (#27653)
Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.6.6 to 1.6.7.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.6.7/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:49 +08:00
dependabot[bot] 7e27ca386d
Build(deps-dev): Bump test-prof from 1.3.3 to 1.3.3.1 (#27654)
Bumps [test-prof](https://github.com/test-prof/test-prof) from 1.3.3 to 1.3.3.1.
- [Release notes](https://github.com/test-prof/test-prof/releases)
- [Changelog](https://github.com/test-prof/test-prof/blob/master/CHANGELOG.md)
- [Commits](https://github.com/test-prof/test-prof/compare/v1.3.3...v1.3.3.1)

---
updated-dependencies:
- dependency-name: test-prof
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:39 +08:00
dependabot[bot] 2586215fa1
Build(deps): Bump minitest from 5.24.0 to 5.24.1 (#27655)
Bumps [minitest](https://github.com/minitest/minitest) from 5.24.0 to 5.24.1.
- [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc)
- [Commits](https://github.com/minitest/minitest/compare/v5.24.0...v5.24.1)

---
updated-dependencies:
- dependency-name: minitest
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:23 +08:00
dependabot[bot] 909901494a
Build(deps-dev): Bump rubocop-rails from 2.25.0 to 2.25.1 (#27656)
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.25.0 to 2.25.1.
- [Release notes](https://github.com/rubocop/rubocop-rails/releases)
- [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rails/compare/v2.25.0...v2.25.1)

---
updated-dependencies:
- dependency-name: rubocop-rails
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:11 +08:00
dependabot[bot] 703aeb9429
Build(deps): Bump sassc-embedded from 1.76.0 to 1.77.1 (#27657)
Bumps [sassc-embedded](https://github.com/sass-contrib/sassc-embedded-shim-ruby) from 1.76.0 to 1.77.1.
- [Commits](https://github.com/sass-contrib/sassc-embedded-shim-ruby/compare/v1.76.0...v1.77.1)

---
updated-dependencies:
- dependency-name: sassc-embedded
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-01 19:28:00 +08:00
David Battersby bee7312f46
FIX: show group based notifications in chat summary email (#27641)
Follow up to #27631 to account for group mentions in channels.

We only want to show mentions for groups that are currently mentionable and those that the current user belongs to.
2024-07-01 12:47:38 +04:00
Martin Brennan ffc99253fa
DEV: Resolve TODO comments for martin-brennan
I am changing many of these to notes or resolving them as is,
most of these I have not actively worked on in years so someone
else can work on them when we get to these areas again.
2024-07-01 15:32:30 +10:00
Martin Brennan 56f34e2d2b
DEV: Unhide enable_direct_s3_uploads setting (#27659)
This has been around for a long time now and was mentioned
in https://meta.discourse.org/t/a-new-era-for-file-uploads-in-discourse/210469,
there is no need to hide it, self-hosters are free to enable
this.
2024-07-01 13:56:00 +10:00
Osama Sayegh 4c1c25027d
DEV: Wiring for the admin about config page (#27492)
This commit continues work laid out by ffec8163b0 for the admin config page for the /about page. The last commit set up the user interface, and this one sets up all the wiring needed to make the input fields and save buttons actually work.

Internal topic: t/128544.
2024-07-01 05:40:37 +03:00
Vinoth Kannan e8a41011eb
FIX: should not raise error when minimum_required_tags value not defined for category. (#27658)
While creating a new category if the user didn't specify a value for `minimum_required_tags` input but clicked it then it returned the "PG::NotNullViolation: null value in column 'minimum_required_tags'" error.
2024-07-01 07:14:34 +05:30
Jan Cernik 0b3b101c97
FIX: `CalendarDateTimeInput` renders the wrong day (#27639) 2024-06-28 19:18:01 -03:00
Jan Cernik e161086630
FIX: User controls buttons order for admins (#27646) 2024-06-28 18:32:25 -03:00
Régis Hanol 8dc358e4d5 FIX: better iframe sanitization
This improves the way we sanitize `iframe` and correctly strips them from the "raw" before cooking it.

Otherwise, we would show an empty iframe box.

Internal ref - t/131430
2024-06-28 22:53:20 +02:00
Kris 307b207e91
UX: remove redundant nav-pill active border (#27649) 2024-06-28 16:29:50 -04:00
Keegan George 05a5f3c816
DEV: Extract top replies summary out of `summary-box` (#27647) 2024-06-28 10:43:47 -07:00
Keegan George f6dfb9d63f
DEV: Add `topic-map-expanded-after` plugin outlet (#27645) 2024-06-28 07:53:05 -07:00
Discourse Translator Bot 423f92490c Update translations 2024-06-28 16:10:06 +02:00
Loïc Guitaut 232503b3df FIX: Render a 404 error on a bad redirect in list controller
When bad data is provided in the URI for redirecting to a category,
Rails raises an `ActionController::Redirecting::UnsafeRedirectError`
error, leading to a 500 error.

This patch catches the exception to render a 404 instead.
2024-06-28 10:42:10 +02:00
Loïc Guitaut a442eeb0f4 FIX: Don’t raise an error on permalinks with external URL
Currently redirecting to an external URL through a permalink doesn’t
work because Rails raises a
`ActionController::Redirecting::UnsafeRedirectError` error.

This wasn’t the case before we upgraded to Rails 7.0.

This patch fixes the issue by using `allow_other_host: true` on the
redirect.
2024-06-28 10:09:37 +02:00
dependabot[bot] b9ade92856
Build(deps-dev): Bump sqlite3 from 1.7.3 to 2.0.2 (#27160)
Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.7.3 to 2.0.2.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/sqlite3-ruby/compare/v1.7.3...v2.0.2)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-28 09:32:01 +10:00
dependabot[bot] e6487aa6c3
Build(deps-dev): Bump qunit-dom from 3.1.2 to 3.2.0 (#27637)
Bumps [qunit-dom](https://github.com/mainmatter/qunit-dom) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/mainmatter/qunit-dom/releases)
- [Commits](https://github.com/mainmatter/qunit-dom/compare/v3.1.2...v3.2.0)

---
updated-dependencies:
- dependency-name: qunit-dom
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-28 01:10:46 +02:00
Jay Pfaffman 6a5ee0693d
FIX: rescue mmdb download failure (#27556)
* rescue mmdb download failure

If mmdb database fails to download a bootstrap fails. This is a trivial fix for that problem. A more elegant solution might check whether the dataabase was downloaded and provide a helpful error message.

* linting

---------

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-06-28 05:10:14 +08:00
Kris 9ab18ed2e3
UX: fix featured link alignment, hide participants wrapper outside of PMs (#27636) 2024-06-27 13:47:12 -04:00
Jarek Radosz 3ce618e57a
DEV: Update plugin-outlet tests (#27630)
qunit-dom, reformat hbs blocks, use `<template>` where possible
2024-06-27 19:36:55 +02:00
Régis Hanol 57eecbef4b FIX: invalid user locale when accepting group membership
If, for whatever reasons, the user's locale is "blank" and an admin is accepting their group membership request, there will be an error because we're generating posts with the locale of recipient.

In order to fix this, we now use the `user.effective_locale` which takes care of multiple things, including returning the default locale when the user's locale is blank.

Internal ref - t/132347
2024-06-27 19:22:55 +02:00
Régis Hanol a56321efb5 FIX: topic search order
When using the full page search and filtering down to a specific topic, the sort order was overwritten to by by "post_number".

This was confusing because we allow different type of sort order in the full search page.

This fixes it by only sorting by post_number when there's no "global" sort order defined.

Since the "new topic map" uses the search endpoint behind the scene, this also fixes the "most likes" popup.

Context - https://meta.discourse.org/t/searching-order-seems-to-be-broken-when-searching-in-topic/312303
2024-06-27 18:13:26 +02:00
Kelv 4b111626cb
DEV: Remove invalid content_security_policy_script_src site setting values from DB (#27588)
* DEV: add db migration to filter out invalid csp script source values

* DEV: insert UserHistory row during data migration to track old value for content_security_policy_script_src site setting
2024-06-27 22:17:56 +08:00
Gabriel Grubba 8d28038666
FEATURE: Add WebHookEventsDailyAggregate report page (#27573)
* FEATURE: Add WebHookEventsDailyAggregate

Add WebHookEventsDailyAggregate model to store daily aggregates of web hook events.
Add AggregateWebHooksEvents job to aggregate web hook events daily.
Add spec for WebHookEventsDailyAggregate model.

* DEV: Update annotations for web_hook_events_daily_aggregate.rb

* DEV: Update app/jobs/scheduled/aggregate_web_hooks_events.rb

Co-authored-by: Martin Brennan <martin@discourse.org>

* DEV: Address review feedback

Solves:
- https://github.com/discourse/discourse/pull/27542#discussion_r1646961101
- https://github.com/discourse/discourse/pull/27542#discussion_r1646958890
- https://github.com/discourse/discourse/pull/27542#discussion_r1646976808
- https://github.com/discourse/discourse/pull/27542#discussion_r1646979846
- https://github.com/discourse/discourse/pull/27542#discussion_r1646981036

* A11Y: Add translation to retain_web_hook_events_aggregate_days key

* FEATURE: Purge old web hook events daily aggregate

Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646961101

* DEV:  Update tests for web_hook_events_daily_aggregate

Update WebHookEventsDailyAggregate to not use save! at the end
Solves: https://github.com/discourse/discourse/pull/27542#discussion_r1646984601

* PERF: Change job query to use WebHook table instead of WebHookEvent table

* DEV: Update tests to use `fab!`

* DEV: Address code review feedback.

Add idempotency to job
Add has_many to WebHook

* FEATURE: Add WebHookEventsDailyAggregate report page

Add locales for the new report page
Reorder imports in the report.rb

* DEV: Remove logger line

* FEATURE: Add `auto_insert_none_item` option to `report-filters` components

---------

Co-authored-by: Martin Brennan <martin@discourse.org>
2024-06-27 10:26:42 -03:00
David Battersby 580bad3c02
FIX: only show relevent chat channel mentions in summary email (#27631)
Chat summary email should only contain mentions that are relevant to the current user.
2024-06-27 15:53:40 +04:00
Régis Hanol 4a6b79dead
FIX: "in posts by" user search (#27628)
When visiting a user profile, and then opening the search, there's an option to filter down by posts made by that user.

When clicking that option, it used to pre-fill the "search bar" with "@<username>" to filter down the search.

This restore this behaviour and add a system spec to ensure it doesn't regress.

Context - https://meta.discourse.org/t/in-posts-by-search-option-does-not-work-when-clicked/312916
2024-06-27 14:20:18 +10:00
Dylan Yang e92a82aa1d
FIX: update id types in API docs to integers (#27412) 2024-06-26 20:44:39 -06:00
Martin Brennan cada172981
FIX: Do not capture OAuth user on 2FA page (#27617)
If the `enforce_second_factor_on_external_auth` setting
is disabled and a user logs in with an OAuth method,
they don't automatically get redirected to /preferences/second-factor
on login. However, they can get there manually, and once there
they cannot leave.

This commit fixes the issue and allows them to leave
and also does some refactors to indicate to the client
what login method is used as a followup to
0e1102b332
2024-06-27 10:27:49 +10:00
dependabot[bot] 89df5761ff
Build(deps-dev): Bump puppeteer-core from 22.12.0 to 22.12.1 (#27629)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.12.0 to 22.12.1.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.12.0...puppeteer-core-v22.12.1)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 00:46:48 +02:00
dependabot[bot] d99ea68282
Build(deps): Bump google-protobuf from 4.27.1 to 4.27.2 (#27627)
Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.27.1 to 4.27.2.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/commits)

---
updated-dependencies:
- dependency-name: google-protobuf
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-27 00:41:16 +02:00
Jarek Radosz 964f47e795
FIX: Correctly highlight new topic-list-items in glimmer (#27623) 2024-06-26 20:04:33 +02:00