Commit Graph

36560 Commits

Author SHA1 Message Date
Dan Ungureanu 82b307cd52
FIX: Use correct translation string 2020-02-17 13:49:43 +02:00
Joffrey JAFFEUX d33aaa0292
FIX: sk body should follow wrapper width (#8984) 2020-02-17 10:39:20 +01:00
Joffrey JAFFEUX 9feace3388
FIX: prevents error when loading tag groups (#8983) 2020-02-17 10:39:04 +01:00
Joffrey JAFFEUX d827430ea6
FIX: prevents expand post to trigger page routing (#8982) 2020-02-17 10:06:38 +01:00
Martin Brennan e8efdd60d4
FIX: Tweak upload security emoji check (#8981)
Further on from my earlier PR #8973 also reject upload as secure if its origin URL contains images/emoji. We still check Emoji.all first to try and be canonical.

This may be a little heavy handed (e.g. if an external URL followed this same path it would be a false positive), but there are a lot of emoji aliases where the actual Emoji url is something, but you can have another image that should not be secure that that thing is an alias for. For example slight_smile.png does not show up in Emoji.all BUT slightly_smiling_face does, and it aliases slight_smile e.g. /images/emoji/twitter/slight_smile.png?v=9 and /images/emoji/twitter/slightly_smiling_face.png?v=9 are equivalent.
2020-02-17 15:11:15 +10:00
Martin Brennan 9dcc454a07
FIX: Improvements and fixes for update_upload_acl rake task (#8980)
The rake task was broken, because the addition of the
UploadSecurity check returned true/false instead of the
upload ID to determine which uploads to set secure.
Also it was rebaking the posts in the wrong place and
pretty inefficiently at that. Also it was rebaking before
the upload was being changed to secure in the DB.
This also updates the task to set the access_control_post_id
for all uploads. the first post the upload is linked to is used
for the access control. if the upload doesn't get changed to
secure this doesn't affect anything.
Added a spec for the rake task to cover common cases.
2020-02-17 14:21:43 +10:00
Martin Brennan dac923379a
FIX: Never mark uploads based on regular emoji secure (#8973)
Sometimes PullHotlinkedImages pulls down a site emoji and creates a new upload record for it. In the cases where these happen the upload is not created via the normal path that custom emoji follows, so we need to check in UploadSecurity whether the origin of the upload is based on a regular site emoji. If it is we never want to mark it as secure (we don't want emoji not accessible from other posts because of secure media).

This only became apparent because the uploads:ensure_correct_acl rake task uses UploadSecurity to check whether an upload should be secure, which would have marked a whole bunch of regular-old-emojis as secure.
2020-02-17 12:30:47 +10:00
Sam Saffron 3b062f79fc
FIX: invalid syntax in elsif in Theme importer
elsif had a check that assigned to vars, this is not valid syntax and
could explode at runtime
2020-02-16 20:37:54 +11:00
Sam Saffron 28d61cb0d7
Revert "Build(deps): Bump oauth2 from 1.4.2 to 1.4.4 (#8952)"
This reverts commit c7544880b6.

Plugins depend on specific version so this upgrade is in fact
not safe
2020-02-16 10:45:06 +11:00
dependabot-preview[bot] c7544880b6
Build(deps): Bump oauth2 from 1.4.2 to 1.4.4 (#8952)
Bumps [oauth2](https://github.com/oauth-xx/oauth2) from 1.4.2 to 1.4.4.
- [Release notes](https://github.com/oauth-xx/oauth2/releases)
- [Changelog](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.4)

Change should be safe mainly cosmetic
2020-02-16 10:38:56 +11:00
Kris cd5b7109d0 UX: Cap height of user fields on mobile user-cards, add line-clamp mixin 2020-02-14 16:19:11 -05:00
Kris f81bebf93f UX: Cap staff action detail height 2020-02-14 14:23:31 -05:00
Kris 103af2dcce FIX: Toolbar menu specificity 2020-02-14 13:44:38 -05:00
Roman Rizzi 99305511bc
DEV: Remove unused BreakString class (#8942) 2020-02-14 15:32:59 -03:00
Robin Ward 92bb7b9269 FIX: Username mentions lost styling 2020-02-14 13:02:56 -05:00
Robin Ward d51107e2c9 FIX: If a group is unmentionable, don't render it as mentionable
Now if a group is visible but unmentionable, users can search for it
when composing by typing with `@`, but it will be rendered without the
grey background color.

It will also no longer pop up a JIT warning saying "You are about to
mention X people" because the group will not be mentioned.
2020-02-14 12:29:56 -05:00
Neil Lalonde c31039d51f FIX: tag topic counts wrong after adding synonyms
After adding a tag as a synonym of another tag,
both tags will have the wrong topic counts. It's
corrected within 12 hours by the EnsureDbConsistency
job. This fix ensures the topic counts are updated
much sooner.
2020-02-14 12:15:29 -05:00
Roman Rizzi fadb2b7157
FEATURE: Users cannot reflag recently handled items using the same reason unless the post was edited, or it was reviewed more than 24 hours ago. (#8969) 2020-02-14 13:43:48 -03:00
Penar Musaraj ea0f20e331 DEV: Concatenate value-list choices array
Followup to 89d9704194
2020-02-14 11:33:17 -05:00
Penar Musaraj 89d9704194 FIX: value-list choices when removing a value
Fixes an issue where choices were broken when removing an item from the value-list component.

Adds test case for this scenario.
2020-02-14 11:21:06 -05:00
Robin Ward dafa354d3d FIX: Confirm `draft_key` is present on GET
Also adds a test for the `show` action which did not exist
2020-02-14 11:06:12 -05:00
Robin Ward bfdd42c53a FIX: Return a 404 when the `draft_key` is missing
Previously if `draft_key` was missing you'd get a 500 error in the logs.
2020-02-14 10:48:56 -05:00
Régis Hanol aad46a1aba DEV: remove unused 'composer/parse_html' route 2020-02-14 16:15:34 +01:00
David Taylor b37d2f09ba
PERF: Memoize allowed user fields more efficiently (#8968)
Previously we were caching by user_id, but the there are only two possible outcomes. Therefore we only need to cache two values.

This removes another N+1 query when serializing multiple user cards.
2020-02-14 14:47:16 +00:00
Joffrey JAFFEUX 2c7d32e783
FIX: prevents everyone group to show as group option for polls (#8957) 2020-02-14 14:11:34 +01:00
David Taylor ce588006e3
DEV: Update the site title in qunit fixtures (#8959)
This confuses me every time I run qunit tests in the browser. The tab is labelled Meta, but it's not meta! This change has no functional impact on the tests
2020-02-14 11:30:04 +00:00
Dan Ungureanu 8eae7d2799
DEV: Improve code readability (#8967)
Follow-up to b0f72ca1 and 8e27fa1b.
2020-02-14 13:05:52 +02:00
Joffrey JAFFEUX 7d94de6439
FIX: brings back castInteger as a safer migration path for sk2 (#8966) 2020-02-14 10:00:39 +01:00
Dan Ungureanu 09edde8ef7
DEV: Add test (#8961)
Follow-up to 67c9940d72.
2020-02-14 10:19:57 +02:00
Dan Ungureanu 9aeb9f0ca1
DEV: Add test (#8960)
Follow-up to 3ad07aacfa.
2020-02-14 10:19:40 +02:00
Krzysztof Kotlarek e90f9e5cc4
FIX: when unread reply notification exists don't create new (#8921)
* FIX: when unread reply notification exists don't create new

From time to time, the user is creating a reply post and then they want to add additional details. They edit an existing post and for example, add a quote from a previous one.

In that situation, if the user to whom reply was directed to already have the unread notification, we should not create the new one.

That behaviour was mentioned here: https://meta.discourse.org/t/reply-then-edit-to-add-quote-notification-redundancy/138358

* FIX: dont create new notification if already exists
2020-02-14 16:41:42 +11:00
Vinoth Kannan 38dd184a16 FIX: update `Site.top_tags` in "categories" route if topic list available.
Else it is not updating the tags dropdown while navigate between the category pages.
2020-02-14 09:53:41 +05:30
dependabot-preview[bot] 157dcc7e3b
DEV: Bump sidekiq from 6.0.4 to 6.0.5 (#8964)
Bumps [sidekiq](https://github.com/mperham/sidekiq) from 6.0.4 to 6.0.5.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v6.0.4...v6.0.5)

Changes are safe, mostly around 2.7 support
2020-02-14 14:53:31 +11:00
Martin Brennan 56b16bc68e
FIX: Never allow custom emoji to be marked secure (#8965)
* Because custom emoji count as post "uploads" we were
marking them as secure when updating the secure status for post uploads.
* We were also giving them an access control post id, which meant
broken image previews from 403 errors in the admin custom emoji list.
* We now check if an upload is used as a custom emoji and do not
assign the access control post + never mark as secure.
2020-02-14 11:17:09 +10:00
Joffrey JAFFEUX 149196b9ce
FIX: displays selection text when no default_notification_level is set (#8962) 2020-02-13 23:45:03 +01:00
Joffrey JAFFEUX 6405159484
FEATURE: adds a new plugin api to decorate plugin outlets (#8937)
```
api.decoratePluginOutlet(
  "discovery-list-container-top",
  elem => {
    if (elem.classList.contains("foo")) {
      elem.style.backgroundColor = "yellow";
    }
  }
);
```
2020-02-13 23:44:34 +01:00
Neil Lalonde 2136d4b5d5 Version bump to v2.4.0.beta11 2020-02-13 16:56:46 -05:00
Neil Lalonde 637535fc6b Update translations 2020-02-13 15:00:16 -05:00
Robin Ward c2e58b6b85 FIX: Don't remove the topic image if posts don't have them 2020-02-13 14:00:30 -05:00
dependabot-preview[bot] 4b46db6ea8
Build(deps-dev): Bump webmock from 3.8.1 to 3.8.2 (#8951)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.8.1...v3.8.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-13 12:32:02 -05:00
Gerhard Schlager a7efca1fa9 DEV: Remove unused "search help" 2020-02-13 18:31:21 +01:00
David Taylor 8d50f092b5
DEV: Use classes for styling user and group cards (#8913)
Styling based on element-ids, it is impossible for themes/plugins to display multiple cards on a single page. Using classes is a more flexible approach. The element-ids are maintained for backwards compatibility with existing plugins/themes.
2020-02-13 09:58:17 +00:00
Joffrey JAFFEUX 3875785dcc
FIX: ensures shortcuts work correctly with topic-notifications-button (#8956) 2020-02-13 10:01:28 +01:00
Joffrey JAFFEUX 42bda52486
FIX: ensures select-kit can select a row with 0 as value (#8955) 2020-02-13 09:04:32 +01:00
Martin Brennan e1e74abd4f
FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954)
### UI Changes

If `SiteSetting.enable_bookmarks_with_reminders` is enabled:

* Clicking "Bookmark" on a topic will create a new Bookmark record instead of a post + user action
* Clicking "Clear Bookmarks" on a topic will delete all the new Bookmark records on a topic
* The topic bookmark buttons control the post bookmark flags correctly and vice-versa
Disabled selecting the "reminder type" for bookmarks in the UI because the backend functionality is not done yet (of sending users notifications etc.)

### Other Changes

* Added delete bookmark route (but no UI yet)
* Added a rake task to sync the old PostAction bookmarks to the new Bookmark table, which can be run as many times as we want for a site (it will not create duplicates).
2020-02-13 16:26:02 +10:00
Kris e7c4ebc6d5 Fix styling for topic count in category chooser 2020-02-12 22:19:00 -05:00
Dan Dascalescu b2ac80593e
Fix run-on sentence (#8953) 2020-02-12 18:13:38 -08:00
Blake Erickson 965ac3567b FIX: Handle SSO Provider Parse exception
Prevent unnecessary 500 errors from appearing in the logs and return a
422 response instead.
2020-02-12 16:08:04 -07:00
Michael Brown 904bbdb307 DOCS: Clarify what a DNS "A record" is with a link
* context: https://meta.discourse.org/t/-/141250/6
2020-02-12 16:50:56 -05:00
Gerhard Schlager 33728035c7
DEV: Add configuration file for Crowdin 2020-02-12 22:45:17 +01:00