Commit Graph

21457 Commits

Author SHA1 Message Date
David Taylor a9d0d55817 FEATURE: Add message to log when admins are automatically deactivated 2020-01-28 12:16:24 +00:00
David Taylor 25fd2b544a
PERF: Use a separate route for user cards, and split user serializer (#8789)
Adds a new route `/u/{username}/card.json`, which has a reduced number of fields. This change is behind a hidden site setting, so we can test compatibility before rolling out.
2020-01-28 11:55:46 +00:00
Dan Ungureanu 5060811464
FIX: Export all category names in user archives (#8790) 2020-01-28 12:52:07 +02:00
Mark VanLandingham 9fa2016d2a
DEV: Plugin outlet for admin backup view (#8793) 2020-01-27 12:31:08 -06:00
Vinoth Kannan 602f965070 FIX: undefined method 'title' for nil:NilClass in PostAlerter#create_notification 2020-01-27 23:54:11 +05:30
David Taylor fe0d912b97
FIX: getURL on a subfolder site should ignore prefix in middle of URL (#8794) 2020-01-27 17:51:46 +00:00
Gerhard Schlager ea11ad4d99 DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
Rafael dos Santos Silva ce83fd93bb FEATURE: Use Contact Picker API for invites 2020-01-27 11:07:28 -03:00
Jarek Radosz 8a82ceb3bc
FIX: Improve downsize_uploads (#8409)
With this change the script:
* Actually removes original large-sized images
* Doesn't save processed files if their size has increased
* Prevents inconsistent state
2020-01-27 03:31:11 +01:00
Jarek Radosz b843aa7b05
FIX: Adjust the broken image placeholder border (#8781)
* DEV: Remove `.large-image` selector

This selector is no longer used in core and there's no reference to it in any of `all-the-plugins`.

* FIX: Adjust the broken image placeholder border
2020-01-27 02:39:05 +01:00
Vinoth Kannan b6765aac4b FIX: add 'noindex' header to rss feed responses. 2020-01-24 09:30:27 +05:30
Martin Brennan 45b37a8bd1
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777)
When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads.

Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over.

In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-24 11:59:30 +10:00
Vinoth Kannan e4b8121650 Fix the build.
Make prettier happy.
2020-01-24 04:39:07 +05:30
Vinoth Kannan 26186ee6af FIX: topics sorting in tag pages is broken. 2020-01-24 04:26:14 +05:30
Roman Rizzi 9eb622985a
FEATURE: Replace existing badge owners when using the bulk award feature (#8770)
* FEATURE: Replace existing badge owners when using the bulk award feature

* Use ActiveRecord to sanitize title update query, Change replace checkbox text

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:14:58 -03:00
Roman Rizzi db5373a87c
UX: Invalid CSV error message now includes information about the malformed line (#8773)
* UX: Invalid CSV error message now includes information about the malformed line

* Update config/locales/server.en.ym and use line_number instead of lineno

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:04:06 -03:00
Dan Ungureanu 6279d0e8b5 UX: Use '-' as default category slug (#8607)
This replaces the default slug from 'ID-category' to '-'.
2020-01-23 15:44:29 +01:00
Martin Brennan 1b3b0708c0
FEATURE: Update upload security status on post move, topic conversion, category change (#8731)
Add TopicUploadSecurityManager to handle post moves. When a post moves around or a topic changes between categories and public/private message status the uploads connected to posts in the topic need to have their secure status updated, depending on the security context the topic now lives in.
2020-01-23 12:01:10 +10:00
Martin Brennan 65481858c2
FEATURE: Use upload:// short URL for videos and audio in composer (#8760)
For consistency this PR introduces using custom markdown and short upload:// URLs for video and audio uploads, rather than just treating them as links and relying on the oneboxer. The markdown syntax for videos is ![file text|video](upload://123456.mp4) and for audio it is ![file text|audio](upload://123456.mp3).

This is achieved in discourse-markdown-it by modifying the rules for images in mardown-it via md.renderer.rules.image. We return HTML instead of the token when we encounter audio or video after | and the preview renders that HTML. Also when uploading an audio or video file we insert the relevant markdown into the composer.
2020-01-23 09:41:39 +10:00
Mark VanLandingham c5eec19368
FIX: Featuring topic on other users profile shows their topics (#8769) 2020-01-22 14:16:17 -06:00
Dan Ungureanu c7a8bbd6a5
FIX: Show category list on subcategory page if it has subcategories too (#8768)
The category list was displayed only for top level categories, which
had no parent.
2020-01-22 20:27:30 +02:00
Neil Lalonde b63d146128 UX: add confirmation when adding tag synonyms
The new confirmation modal explains that adding a tag as a synonym to
another tag will change all topics to replace the synonyms with the
base tag.
2020-01-22 12:35:42 -05:00
Dan Ungureanu b25d9e96c1
FIX: Show all parent categories on topic page (#8767) 2020-01-22 17:39:50 +02:00
Bianca Nenciu 7b7e1717f2
FIX: Quoting a quote preserves the original post information (#8746)
Let's say post #2 quotes post number #1. If a user decides to quote the
quote in post #2, it should keep the information of post #1
("user_1, post: 1, topic: X"), instead of replacing with current post
info ("user_2, post: 2, topic: X").
2020-01-22 16:10:23 +02:00
Blake Erickson 8a89b7e108 FIX: Ensure only edited badge titles update a users title
When editing site texts from

/admin/customize/site_texts/

you can edit badge titles (aka name) and this will update any users that
have that badge currently set as their title. This fix prevents a badge
description text from being set as their title if an admin updates the
badge description text or any other badge fields that aren't the title.
2020-01-21 19:09:42 -07:00
Régis Hanol 96b64df4d4 FIX: use schema.org's BreadcrumList
The data-vocabulary.org schema is being deprecated.
We're now using the BreadcrumList data from the latest and greatest schema.org.

FIX: categories_breadcrumb helper to support more than 2 levels of categories.
2020-01-21 22:27:21 +01:00
Dan Ungureanu 89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
Bianca Nenciu 9c628f0897
FIX: Workaround limitation in jquery.autoellipsis (#8747)
Calling $.ellipsis() on an element containing <br> elements would throw
an exception.
2020-01-21 18:44:50 +02:00
Bianca Nenciu 0a27086764
FEATURE: Export all types of reports (#8748)
There is a single stacked_chart which was not exportable
2020-01-21 18:43:19 +02:00
Kris 411512c0e3 FIX: higher z-index for usercards in the header 2020-01-21 10:57:32 -05:00
David Taylor 84a2aae77f
FIX: Allow the app to generate and accept longer backup codes (#8761)
- Increase size of textarea when displaying generated codes
- Adjust maxlength of input field in JS UI
- Adjust maxlength of input field in no_ember UI

Follow-up to bff9880d63
2020-01-21 14:28:31 +00:00
Martin Brennan 9db59deb11 Only warn about missing recipients for PM archetype 2020-01-21 16:38:16 +10:00
Martin Brennan 88e23d4cfa Change logger.debug to logger.warn for PM debug messages 2020-01-21 16:11:52 +10:00
Sam Saffron bff9880d63 DEV: increase the length of backup codes
16 ^ 8 though not tiny but is a workable search space in the event of
breach, 16 ^ 16 is not.
2020-01-21 15:32:06 +11:00
Martin Brennan c677f8ee6a
DEV: Add debug lines for mystery no_user_selected error (#8759)
On some customer forums we are randomly getting a "You must select a valid user" error when sending a PM even when all parameters seem to be OK. This is an attempt to track it down with more data.
2020-01-21 10:50:44 +10:00
Krzysztof Kotlarek aa04349cfd
FIX: Incorrect locale in badge granter (#8749)
We want to use default locale when:
a) Site settings are not allowing for user locale
OR
b) User locale are blank
2020-01-21 09:08:48 +11:00
Krzysztof Kotlarek 0420be88a6
FIX: when tag or category is added notify users that topic was modified (#8750)
There is a feature, that when tag or category is added to the topic,
customers who are watching that category or tag are notified.

The problem is that it is using default notification type "new post"

It would be better to use "new post" only when there really is a new
post and "edited" when categories or tags were modified.
2020-01-21 08:41:13 +11:00
Martin Brennan 1014e56e80
DEV: Respond with 403 instead of 500 for disabled local login via email
Previously if local login via email was disabled because of the site setting or because SSO was enabled, we were raising a 500 error. We now raise a 403 error instead; we shouldn't raise 500 errors on purpose, instead keeping that code for unhandled errors. It doesn't make sense in the context of what we are validating either to raise a 500.
2020-01-20 16:11:58 +10:00
Dan Ungureanu eeefa1177f
FIX: Make category-chooser show all parent categories (#8706) 2020-01-19 13:07:54 +02:00
Blake Erickson 79ec686ec9 DEV: Use blank instead of NOT present
Follow up to: 75069ff179
2020-01-18 07:34:15 -07:00
Blake Erickson 75069ff179 FIX: Users should be able to remove their primary group
This fix allows a user to remove their currently assigned primary group
if the Site Setting `user selected primary groups` is enabled.

Before this fix, if a user selected "none" for their primary group it
would silently fail and never be updated.
2020-01-17 15:43:54 -07:00
Gerhard Schlager 3fc589f875 FIX: Don't override timezone on every visit of profile preferences
The timezone should only be initialized when there is no timezone stored in the DB yet. This also fixes an error that happened in dev mode whenever you switch between user preference tabs.
2020-01-17 22:34:18 +01:00
romanrizzi 0d08eac1c7 UX: Users must confirm when leaving a private group 2020-01-17 17:58:47 -03:00
Kris 4089607b40 UX: Minor adjustments to choose topic modal 2020-01-17 15:02:04 -05:00
Joffrey JAFFEUX a7ae28ed88
REFACTOR: removes places where we never show glyph and DRY code (#8744) 2020-01-17 20:58:15 +01:00
Kris b56ade5043 FIX: show PM icon in docked header 2020-01-17 13:30:54 -05:00
Joffrey JAFFEUX 6abc2f5072
FIX: applies correct styles to icon and attempts to dry code (#8739) 2020-01-17 18:20:23 +01:00
Joffrey JAFFEUX 56fa77c032
FIX: do not increase size of emojis in markdown tables (#8742) 2020-01-17 18:15:05 +01:00
Gerhard Schlager ab07b945c2
Merge pull request #8736 from gschlager/rename_reply_id_column
REFACTOR: Rename `post_replies.reply_id` column to `post_replies.reply_post_id`
2020-01-17 17:24:49 +01:00
Joffrey JAFFEUX 3b5a6c9895
REFACTOR: unify naming of only emoji (#8741) 2020-01-17 17:21:08 +01:00
Roman Rizzi 28d09227f5
FIX: Reload the ReviewableScore types when extending flags (#8740)
ReviewableScore#types extend the PostActionTypes with their own, storing the result inside a class variable. To avoid overwriting an existing flag, we need to calculate the next flag ID using these types instead of the PostAction ones. Since we first call the score types to calculate the id, this list gets memoized, leaving us with an outdated list.

To fix this, we now reload ReviewableScore#types after replacing flags.
2020-01-17 11:59:38 -03:00
Kris af3dce4930 Hide PM glyph, follow-up to 02dbcac 2020-01-17 07:10:44 -05:00
Dan Ungureanu 7d8c33a094 FIX: Include sub-sub-categories in new/unread counts (#8710)
The count used to be less than the real one because the topics in
sub-sub-categories and deeper were not taken into account.
2020-01-17 10:02:57 +00:00
Kris 02dbcac861 UX: Improve appearance of pm title editing 2020-01-16 21:31:17 -05:00
Martin Brennan 9c04aa593c
Fix broken admin login fro SSO enabled sites (#8737)
* When we refactored away the admin-login route we introduced a bug where admins could not log into an SSO enabled site, because of a check in the email_login route that disallowed this.
* Allow admin to get around this check.
2020-01-17 11:25:31 +10:00
Régis Hanol 7b83237261 FIX: groups pagination was broken 2020-01-16 23:57:34 +01:00
Roman Rizzi 0c4ac2a7bc
Merge pull request from GHSA-569c-22ff-pj3x 2020-01-16 15:17:16 -03:00
Jarek Radosz fe588cc7f8
DEV: Fix function prototype deprecations (#8681)
* DEV: Fix the function prototype observers deprecation

DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.observes('foo') to observer('foo', function() {}). [deprecation id: function-prototype-extensions.observes] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-observes for more details.

* DEV: Fix the function prototype event listeners deprecation

DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.on('foo') to on('foo', function() {}). [deprecation id: function-prototype-extensions.on] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-on for more details.

* DEV: Simplify `default as` imports

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-01-16 18:56:53 +01:00
Jarek Radosz ff5a82b614
FIX: Change rootNone behavior in category-chooser (#8692)
This breaking change was originally a deprecation fix for overriding a computed property `none`.

There are 4 uses of `rootNone` in core and "all-the-plugins":
1. in discourse-chat-integration, admin-plugins-chat-edit-rule.hbs - changed behavior, that I'd consider a fix - `rootNoneLabel` is now used regardless of `siteSettings.allow_uncategorized_topics` value, which I believe was an originally intended behavior (i.e. it most likely hasn't been tested with disabled uncategorized topics)
2. in discourse-slack-official, plugins-slack.hbs - the same as 1.
3. in core, edit-category-general.hbs (in this PR) - no change in behavior
4. in discourse-googlebooks, edit-category-general.hbs - no change in behavior (since `allowUncategorized="true"` is also passed as an argument)
2020-01-16 18:51:29 +01:00
Gerhard Schlager f216c6d60b FEATURE: Drop "backup" schema 7 days after restore
The "backup" schema is used to rollback a failed restore. It isn't useful after a longer period of time and turns into a waste of disk space.
2020-01-16 17:48:47 +01:00
Joffrey JAFFEUX 948bd00340
FEATURE: line with only 1 to 3 emojis will now display as large emojis 2020-01-16 09:54:26 +01:00
Martin Brennan 18bba860b5 Fix mobile topic-timeline not closing on scrolling past last post (#8730)
* when we dragged the topic-timeline handle past the last post
  in a topic we were not closing the timeline as we would if
  scrolling to a specific post
* this also fixes the issue where when scrolling past the end of
  the topic with a massive last post, none of the post could be
  seen
2020-01-16 17:23:44 +11:00
Martin Brennan 7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664)
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 13:50:27 +10:00
Mark VanLandingham 135d09d671
FIX: Styling for feature topic on profile modal (#8727) 2020-01-15 15:20:12 -06:00
Arpit Jalan 0bc65fa60e
FIX: show error message if the topic deletion fails (#8723) 2020-01-16 00:58:03 +05:30
Roman Rizzi 2db7b3d9c7
FIX: Correctly wrap image and resize controls inside paragraph (#8718) 2020-01-15 14:01:14 -03:00
Arpit Jalan 0f8695958b FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
Régis Hanol c4817e9ee9 DEV: lint 💅 2020-01-15 11:36:33 +01:00
Martin Brennan 66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Régis Hanol 5d75f90b27 FIX: group membership leak
FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
2020-01-15 11:21:58 +01:00
Joffrey JAFFEUX ac865112a3
FIX: ensures group-navigation states changes when route changes (#8724) 2020-01-15 10:13:07 +01:00
Joffrey JAFFEUX f4744193bd
FEATURE: allows to define a dissmiss duration on global notices (#8715)
This commit also adds more documentation to various options and defines a 1 week duration for IE global notice dismiss duration.
2020-01-15 09:02:28 +01:00
Joffrey JAFFEUX ec1aeb8a55
FIX: ensures secondary menu of user notifications mobile nav reloads (#8716) 2020-01-15 09:01:44 +01:00
Kris b1508a6f44 UX: Improve appearance of lists and user fields in mobile bios 2020-01-14 16:33:50 -05:00
Mark VanLandingham 5df0ef1e98
FIX: Update user-selector excluded usernames after insert (#8711) 2020-01-14 10:28:35 -06:00
Gerhard Schlager c351ffe580 FEATURE: Add hidden setting to disable configuration of inventory bucket 2020-01-14 17:23:12 +01:00
David Taylor 12d2fe7ff6 UX: Ensure all generated backup codes are displayed on the screen 2020-01-14 15:33:27 +00:00
David Taylor 4fdfc2665d FIX: Update featured badge ranking when mass-awarding badges
Follow-up to cff6e941de
2020-01-14 14:39:20 +00:00
David Taylor cff6e941de
PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
Joffrey JAFFEUX f10078eab4
FIX: moves back padStart/padEnd to core polyfills (#8714)
Multiple users are on chrome 56 when this is only supported on chrome 57. Given it's only few lines of code, it makes sense to keep supporting this.
2020-01-14 10:54:39 +01:00
romanrizzi d3091edcea UX: Return a friendlier error when the CSV is invalid. Added a cancel button to return to the /badges view 2020-01-13 15:53:41 -03:00
Robin Ward e4a85e2a80 Minor tweaks to badge CSV upload 2020-01-13 12:44:22 -05:00
Roman Rizzi d69c5eebcf
Feature: Mass award badge (#8694)
* UI: Mass grant a badge from the admin ui

* Send the uploaded CSV and badge ID to the backend

* Read the CSV and grant badge in batches

* UX: Communicate the result to the user

* Don't award if badge is disabled

* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.

* Dynamically discover current route
2020-01-13 11:20:26 -03:00
Martin Brennan 9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
Blake Erickson 1a31a403ce DEV: Remove buffered-render file
This is the last and final commit in a multi-commit refactor to remove
all uses of buffered-render.

Previous commit: fc94b6cb9e in this
series.
2020-01-10 18:19:23 -07:00
Penar Musaraj 687c79ca1c FIX: Remove padding while composer is saving
Padding on `#main-outlet` while compooser was in "saving" state was causing posts to bounce after replying.
2020-01-10 12:57:16 -05:00
Mark VanLandingham 5898afaa73
FEATURE: pass in excluded usernames to user-selector (#8695) 2020-01-10 09:02:43 -08:00
Rafael dos Santos Silva 5a70f50032
FEATURE: Use new Badging API
Now that the spec is finished use the unprefixed API, which was also moved
from window to navigator.

Still uses feature detection so it fail gracefully when not available in
the user agent.
2020-01-10 13:41:35 -03:00
Dan Ungureanu 815116f6a2
FIX: Make 'findBySlugPathWithID' when URL ends with a slash (#8699)
Make URLs such as 'https://discourse/c/foo/bar/' work the same way
'https://discourse/c/foo/bar' does.
2020-01-10 17:02:36 +02:00
Joffrey JAFFEUX 5ce602ecea FIX: prevents url of file from being pasted when pasting file on iOS (#8693) 2020-01-10 08:39:01 +05:30
Martin Brennan cb660ef952 SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
Kris dd52291fb7 UX: Center featured topic on mobile profiles 2020-01-09 16:35:34 -05:00
Kris ef9828b25d UX: Remove reliance on JS for category box links 2020-01-09 16:25:41 -05:00
Robin Ward dcbe527a82 FIX: Don't log a claimed topic database error during tests
We now test the uniqueness validation, but also rescue a DB
exception in case the controller fails this check.
2020-01-09 12:32:05 -05:00
Robin Ward d043a4c6fe FIX: Stop logging errors in postgres on reviewable conflict
The previous concurrency-safe implementation relied on catching an
index conflict and following through appropriately. Unfortunately
those conflicts were logged to Postgres and there is no easy way
to turn them off.

This solution approaches the problem differently. It should still
be safe under concurrency and not log errors.
2020-01-09 12:04:17 -05:00
Jarek Radosz 531016f99b
DEV: Add missing indexes to user_profiles (#8691)
* DEV: Update model annotations
* DEV: Add missing indexes to user_profiles

The columns were changed in 24347ace10 (diff-baa5914c0c7cddf3c8b5cd9139e0d091)
2020-01-09 17:08:55 +01:00
Régis Hanol 92a9ae6ab0
REFACTOR: isValidLink
- Reduced verbose comments
- Merged 2 `if` which had the same logic
2020-01-08 18:14:24 +01:00
David Taylor 5eda44f8f2 FIX: Do not redirect to `/auth/*` urls after authentication
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
2020-01-08 17:06:03 +00:00
Robin Ward e616b92511 FIX: If the admin sso sync has no external ID, don't throw an error
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
2020-01-08 11:47:37 -05:00
David Taylor 4d5b142f1d DEV: Allow `doLogin` to be called with a set of parameters
This can be used for themes/plugins to specify additional URL parameters to be used when starting authentication. Example usage:

```
LoginMethod.findAll()[0].doLogin({params: {mydata: "myvalue"}});
```
2020-01-08 16:13:12 +00:00
Jarek Radosz 502f154cfc
FIX: Don't leak event listeners in user-activity-drafts (#8682) 2020-01-08 16:55:10 +01:00
David Taylor cf60de59b1 FIX: Allow omniauth confirmation page to pass through GET parameters
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
2020-01-08 15:31:51 +00:00
Vinoth Kannan 13f229808a FIX: add noindex header to user profile pages. 2020-01-08 11:26:20 +05:30
Martin Brennan bdff4561d4 FIX: Make scrolling to bottom post in topic more consistent (#8671)
* Make scrolling to bottom post in topic more consistent

* when using the slider to scroll past the bottom post,
  we now scroll to the bottom of the post/page IF the
  post height is > the window height (e.g. really long
  posts). if the post height is smaller, then we lock
  onto and jump to the top of the post
* this also removes the mobile hack that would always jump
  to the top of the last post on mobile

* Prettier lint
2020-01-08 16:37:13 +11:00
Kris a8fbf7c128 minor subcategory box padding adjustments 2020-01-07 20:54:27 -05:00
Mark VanLandingham c01c937151
DEV: Allow returning non-objects from addToolbarPopupMenuOptionsCallback (#8677) 2020-01-07 16:01:11 -06:00
Kris cae60b5900 UX: Sub-sub categories in "Boxes with subcategories" + consistency 2020-01-07 16:38:17 -05:00
Robin Ward abff3716ba
Upgrade handlebars (#8675)
* Upgrade Handlebars to 4.3.0

* Upgrade Handlebars to the latest version
2020-01-07 15:37:37 -05:00
Kris e0539d7ffe remove log 2020-01-07 11:28:56 -05:00
Bianca Nenciu eef21625c6
Rename 'target usernames' with 'target recipients' in Composer (#8606)
* Reapply "Rename 'target usernames' with 'target recipients' in Composer"

This reverts commit 9fe11d0fc3 which
reverted ebb288dc2c.

* DEV: Add test for replying to PM
2020-01-07 15:33:48 +02:00
Osama Sayegh d3a64e34e7
DEV: Remove unnecessary debugging line
I was playing with groups locally and saw this line. I suspect this method isn't needed at all because I don't see any reference to it anywhere in the code, and as far as I know ActiveRecord objects don't have an `id!` method so if this method is called dynamically somewhere it's most likely failing.
2020-01-07 15:04:43 +03:00
Joffrey JAFFEUX c495aed6ff
removes logging (#8673) 2020-01-07 12:01:21 +01:00
Joffrey JAFFEUX 7f00cefcac
FIX: onScroll method was not defined on mobile discovery (#8672) 2020-01-07 11:59:58 +01:00
Martin Brennan 5b75b8c135 Still redirect to signed URL for secure uploads
if SiteSetting.secure_media is disabled we still want to
redirect to the signed url for uploads that are marked as
secure because their ACLs are probably still private
2020-01-07 14:02:17 +10:00
Martin Brennan abca91cc4d
FEATURE: Add rake task to disable secure media (#8669)
* Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed.
* Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-07 12:27:24 +10:00
Blake Erickson fc94b6cb9e
DEV: Remove buffered rendering from topic-list-item (#8589)
* DEV: Remove buffered rendering from topic-list-item

This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.

Previous commit: 1c7305c0f1 in this
series.

This is just a refactor and should not change any functionality.

* apply prettier fix

* update syntax

* Use computed properties where possible

* switch to using didReceiveAttrs

* Simplify topic.pinned observer
2020-01-06 17:41:45 -07:00
David Taylor d1779346e8 FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
Penar Musaraj b1402d9f13 DEV: replace "warning" icons with "exclamation-triangle" 2020-01-06 12:51:44 -05:00
Penar Musaraj f755810906 DEV: replace "trash" icons with "trash-alt" 2020-01-06 12:35:00 -05:00
Penar Musaraj 93a556d9a2 DEV: replace "eye-slash" icons with "far-eye-slash" 2020-01-06 12:27:20 -05:00
Penar Musaraj e2e9420204 DEV: Update deprecated icon name 2020-01-06 11:43:32 -05:00
romanrizzi ca07a571c7 FIX: Only agree with the first post when using the 'Delete post + replies and agree' option 2020-01-06 13:38:23 -03:00
David Taylor 784da19e4c
FIX: Cached new topic data should not be deleted after dismiss new (#8660)
43ddf60cdf introduced a new method for dismissing new topics in topic-tracking-state, which works on a per-category basis.

This commit removes the old mechanism, which was to delete all 'new' topics from the local tracking state, regardless of category.
2020-01-06 16:22:40 +00:00
David Taylor 5df815c2ee
FIX: New/unread count after dismissing new topics in a regular category (#8659)
6e1fe22 introduced the possiblity for category_users to have a NULL notification_level, so that we can store `last_seen_at` dates without locking the notification level. At the time, this did not affect the topic-tracking-state query. However, the query changes in f434de2 introduced a slight change in behavior.

Previously, a subquery would look for a category_user with notification_level=mute. f434de2 refactored this to remove the subquery, and inverted some of the logic to suit.

The new query checked for `notification_level <> :muted`. If `notification_level` is NULL, this comparison will return NULL. In this scenario, notification_level=NULL means that we should fall back to the default tracking level (regular), and so we want the expression to resolve as true, not false. There was already a check for the existence of the category_users row, but it did not check for the existence of a NOT NULL notification_level.

This commit amends the expression so that the notification_level will only be compared if it is non-null.
2020-01-06 16:15:24 +00:00
Joffrey JAFFEUX ff151cb580
FIX: allows scroll on load for discovery topic list (#8661) 2020-01-06 15:43:36 +01:00
Vinoth Kannan 7dbde18f02 FIX: keep 'rb' & 'rp' tags in html to markdown conversion. 2020-01-04 17:16:23 +05:30
Robin Ward f7a7263164 FIX: Show uncategorized description on categories page 2020-01-03 11:46:18 -05:00
Robin Ward fe7bb62387 FIX: Descriptions were blank for uncategorized in hamburger menu 2020-01-03 11:10:06 -05:00
Osama Sayegh fac71da605
FIX: Don't give error 500 when invalid date param is given to admin reports (#8658)
Providing invalid dates as the end_date or start_date param causes a 500 error and creates noise in the logs. This will handle the error and returns a proper 400 response to the client with a message that explains what the problem is.
2020-01-03 17:01:38 +03:00
Sam Saffron 0d757814e5 FIX: correctly account for onebox height when lazy loading images
Page used to jitter when oneboxes loaded images lazily.

Previously we inserted the the "shadow" loading image before the "real" image.

This meant that certain styling with `firstChild` CSS selectors would apply
incorrectly to the shadow image.

Additionally we had special case code for onebox and quoted images that was
not really needed due to this fix.

We had an old fix that used computed style for image height and width in
specific scenarios, we now run it all the time.

On slow devices there was a possibility that the cache fetch after amending
src at the end of the process would cause a flash, this is avoided using a
new onload handler.
2020-01-03 15:15:42 +11:00
Joffrey JAFFEUX ec5418fbb4
FIX: any global notice text can contain HTML (#8655) 2020-01-02 19:58:27 +01:00
Roman Rizzi 98853b217f
FIX: Bots accuracy should be zero (#8654) 2020-01-02 13:24:24 -03:00
David Taylor b60b57cddd
FIX: Allow any protocol in wildcard url checker (#8651)
This is required for people using apps with custom protocols. We still verify the entire URL (including protocol) against the site setting value.

Refactored wildcard_url_checker so that it always returns a boolean, rather than sometimes returning a regex match.
2020-01-02 16:03:13 +00:00
David Taylor 45c5f56ffc
PERF: Reduce DB queries when serializing ignore/mute information (#8629)
* PERF: Cache ignored and muted user ids in the current_user object
* PERF: Avoid DB queries when checking ignore/mute permission in guardian
2020-01-02 13:04:08 +00:00
Sam Saffron 34ede90927 FIX: under rare conditions saving a new draft could error temporarily
Under rare conditions due to bad HTTP timing and so on a draft could be
set at the exact same time from 2 unicorn workers.

When this happened and all the stars aligned, one of the sets would win
and the other would raise an error.

This transparently handles the situation without adding any cost to the
draft system.

The alternative is to add a distributed mutex, tricky DB transaction or handle
the error in the controller. However this seems like a reasonable way to
work around a pretty big edge case.
2020-01-02 11:38:14 +11:00
David Taylor c7a74e574f FIX: Only show admin wrench when there are actions on mobile
Corrects typo in logic from b725252cd0
2019-12-31 12:35:44 +00:00
David Taylor a4a0d12b39 DEV: Update deprecated FA4 icon name 2019-12-31 11:21:31 +00:00
Krzysztof Kotlarek fd8b98a55e
FIX: don't display cloak on admin tool when the right wrench is clicked (#8641) 2019-12-31 15:16:24 +11:00
Joe b7ed50fe56
prettier 2019-12-31 10:59:38 +08:00
Joe 23a4936826
UX: TMP fix (CSS revert) until translations are ready for flex 2019-12-31 10:43:16 +08:00
Krzysztof Kotlarek 764e01b597
FIX: visual improvements to admin topic menu (#8638)
* 10 px padding from the bottom to look better on rounded phones
* dark cloak on other elements to emphasize admin menu
* slide up animation
2019-12-31 11:52:25 +11:00
Jarek Radosz c76e22942c
FIX: Open a card on click even if the mention has extra elements (#8626)
Plugins like https://github.com/discourse/discourse-calendar add extra HTML (e.g. icons) to user/group mentions. Clicking on those extra elements used to only flash a blank card. Now, the card opens properly.
2019-12-30 19:26:23 +01:00
Roman Rizzi c751291769
FIX: The 'reviewed' status filter should include deleted elements (#8630) 2019-12-30 14:56:17 -03:00
Robin Ward 5214f82841 API endpoints should return a response, not nil 2019-12-30 10:14:29 -05:00
David Taylor bc4c40abd4
DEV: Remove unsafe-eval from development CSP (#8569)
- Refactor source_url to avoid using eval in development
- Precompile handlebars in development
- Include template compilers when running qunit
- Remove unsafe-eval in development CSP
- Include unsafe-eval only for qunit routes in development
2019-12-30 12:17:12 +00:00
David Taylor df8444e813
FIX: Update topic/post counter correctly when category has zero topics (#8600)
Previously, categories without any topics were being excluded from the UPDATE query. This means the counter gets stuck, and the category cannot be deleted. This change ensures that the counters get correctly set to zero.
2019-12-30 11:20:44 +00:00
David Taylor 9348d2cfdf
PERF: Cache user badge count in user_stats table (#8610)
This means that we no longer need to run a `count()` on the user_badges table when serializing a user
2019-12-30 11:19:59 +00:00
Joffrey JAFFEUX 6fa5725292
FIX: makes highlighting last viewed topic more resilient (#8624)
`highlight` was called from `didInsertElement` which technically doesn't ensure the list is rendered. By wrapping the highlighting code in `afterRender` we ensure it works more consistently.
2019-12-30 08:18:36 +01:00
Martin Brennan 473e39f4a4 DEV: model annotations 2019-12-30 16:13:27 +10:00
Krzysztof Kotlarek b725252cd0
FEATURE: Topic admin menu sticks to bottom on mobile. (#8620)
Our current topic admin menu is not always fully visible on a mobile
device, therefore some options are difficult to click.

To solve this issue, we can display the admin menu on the bottom of the
screen on mobile devices.
2019-12-30 08:15:46 +11:00
Joffrey JAFFEUX 041067cc21
FIX: correctly styles pwa consent banner (#8623) 2019-12-29 19:10:35 +01:00
Joffrey JAFFEUX df465ed0be
FIX: allows global_notice site setting to contain html (#8622) 2019-12-29 18:29:41 +01:00
Joffrey JAFFEUX 2f37f446f8
FIX: correctlt styles notification-consent-banner (#8621)
TODO: this should be moved to new global notice API
2019-12-27 15:27:12 +01:00
Roman Rizzi 16d97573f9
DEV: Improve support for extending flags. (#8619)
- Ensure that the 'notify_moderators' flag is always the last flag when using custom flags.
- Support passign a custom FlagSettings object when replacing flags to reuse existing ones.
2019-12-27 08:41:50 -03:00
Joffrey JAFFEUX c25b8abd70
FEATURE: allows plugins to add a global notice (#8552)
* FEATURE: allows plugins to add a global notice

Usage:

```
api.addGlobalNotice(id, text, options = {});
```

Options can be:

```
dismissable // Will display a button to hide the notice if true
html // will prepend html to the next if present
level // alert level, will usee css class of alert component
persistentDismiss // if true won't show notice again on reload
onDismiss // execute a custom action on dismiss
visibility // defines custom logic for notice visibility
```

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2019-12-27 09:06:36 +01:00
Gerhard Schlager 52a59b5811 FIX: English and US date/time formats 2019-12-24 12:17:25 +01:00
Arpit Jalan 49c124a12e fix the build. 2019-12-24 15:56:44 +05:30
Arpit Jalan 2c0574010a FIX: better error message when forum is in read-only mode 2019-12-24 15:49:27 +05:30
Krzysztof Kotlarek 86fb08d04a
Revert "FIX: update normalize css from 3.0.1 to 8.0.1 (#8591)" (#8618)
This reverts commit 16f01d0ddf.
2019-12-24 10:45:42 +11:00
Krzysztof Kotlarek 16f01d0ddf
FIX: update normalize css from 3.0.1 to 8.0.1 (#8591)
Changelog is available here - https://github.com/necolas/normalize.css/blob/master/CHANGELOG.md

I decided that the easiest way to ensure it works would be checking different browsers. It looked good to me on Chrome, Firefox, Edge and IE 11. In addition, I checked 3 random themes.
2019-12-24 08:39:51 +11:00
Krzysztof Kotlarek 9e4fcb1a0a
FIX: Correct description for out of love badge (#8615)
The bug mentioned here
https://meta.discourse.org/t/badge-not-triggering/135896/8

Basically, descriptions for 3 badges: "Out of Love", "Higher Love" and
"Crazy in Love" are granted based on on "max_likes_per_day" and the
description should reflect that.
2019-12-24 08:30:34 +11:00
Krzysztof Kotlarek ac626a0dc3
FIX: bug when revoking badge as title (#8616)
When user revokes badge as title, UserHistory item is created. However,
that object is not accepting revoke_reson parameter.
2019-12-24 08:03:51 +11:00
Jeff Wong 63323bd7a8
FIX: category routes model params should decode their URL parts (#8612)
* FIX: category routes model params should decode their URL parts

Ember's route star globbing does not uri decode by default. This is
problematic for subcategory globs with encoded URL site settings enabled.

Subcategories with encoded URLs will 404 without this decode.

I found this https://github.com/tildeio/route-recognizer/pull/91
which explicitly explains that globbing does not decode automatically.
2019-12-23 10:24:41 -08:00
Jeff Wong e36efb1edc FIX: ensure that we encode a slug only once if slug generation method is encoded
This was re-encoding the search slug each loop - if the category list was not
the first category in the list, it'd continually search with a re-encoded search
term from the previous iteration. This results in ember 404ing when navigating
to raw encoded category slugs of the form /c/encoded-slug-with-non-ascii
that have no ID attached.
2019-12-22 00:25:12 -08:00
Jeff Wong eca1c643d5 FEATURE: allow TL3 promotions for overturned penalties
Restore tl3 reachability by calculating penalty counts vs unsuspend/unsilence.

Only count unsuspend or unsilences that have been made by a user other than
the Discourse system user.
2019-12-20 15:25:21 -08:00
Kris 00477d8f88 UX: Some category page style adjustments for sub-sub categories 2019-12-20 16:17:34 -05:00
Mark VanLandingham 6ec3d42b16
FEATURE: Allow complex post params from plugin (#8598) 2019-12-20 10:37:12 -06:00
Kris f8633d5c58 FIX: Give expanded CSS/HTML editor >0 height 2019-12-20 10:37:23 -05:00
Penar Musaraj bbe2947742 DEV: Use FA5 name for moved post icon 2019-12-20 09:50:05 -05:00
Krzysztof Kotlarek b47b1d8af8 FIX: label helpers on sign up form are not hidden (#8603)
This commit fe9293b8b5 created a regression.

The problem is that dom changed a little bit.
Before it was
```
<tr class="instructions create-account-email">
  <td></td>
  <div id="account-email-validation" class="tip bad ember-view"></div>
  <td><label>Never shown to the public.</label></td>
</tr>
```

And after we got
```
<tr class="instructions create-account-email">
  <td></td>
  <div id="account-email-validation" class="tip bad ember-view"> </div>
  <td><label>Never shown to the public.</label></td>
</tr>
```
That small space may look like not important change.

However, now helpers are hitting that CSS rule:

```
.login-form {
  .tip {
    &:not(:empty) + td {
      display: none;
    }
}
```

To fix it, we should render template only if there is a reason - like it was before

```
if (reason) {
  buffer.push(iconHTML(this.good ? "check" : "times") + " " + reason);
}
```

* FIX: remove rerenderTriggers
2019-12-20 12:17:51 +01:00
Bianca Nenciu 9fe11d0fc3 Revert "Rename 'target usernames' with 'target recipients' in Composer (#8468)"
This reverts commit ebb288dc2c.
2019-12-20 11:56:20 +02:00
Régis Hanol 7030c93206 Revert "FIX: Show signup input tips and improve spacing"
This reverts commit d449834a28.

The signup input tips were hidden instead.
2019-12-20 09:42:11 +01:00
Bianca Nenciu ebb288dc2c
Rename 'target usernames' with 'target recipients' in Composer (#8468) 2019-12-20 10:28:14 +02:00
Kris d449834a28 FIX: Show signup input tips and improve spacing 2019-12-19 20:37:47 -05:00
David Taylor 7737ecd0fe FIX: Limit requests and include data when reporting deprecated icons
- Only report each icon to the server once, to avoid hitting rate limits
- Correct typo in ajax `data` parameter

Follow-up to db7d00a8dc
2019-12-19 22:11:45 +00:00
Kris 2ad40d5f71 UX: New bell icons for notification/tracking statuses 2019-12-19 14:39:29 -05:00
Hector Bustillos 87c04ebe39 FEATURE: Keyboard shortcut for opening the topic admin menu (#8568)
* Keyboard shortcut for opening the topic admin menu

* Review changes

* Attrubute and target class renaming
2019-12-19 14:18:14 -05:00
Jeff Wong 036a24cf30
FIX: correct user serializer user method for extended serializer (#8590)
A small fix for Basic User Serializers where some downstream serializers do not correctly set user objects. This caused some issues in certain plugins that depend on the user method to return a user.
2019-12-19 09:48:01 -08:00
Dan Ungureanu 069bc70bd4
UX: Improve sub-sub-categories styling in categories list (#8593)
- Using h4 instead of h3 for sub-categories.
- Show category description if it does not have subcategories.
- Implemented equivalent for mobile-view.
- Include description_excerpt in basic serializer. This is needed for
  displaying second-level categories in category list.

Follow-up to 9253cb79e3.
2019-12-19 17:09:45 +02:00
Dan Ungureanu f1c4180ff8
FEATURE: Make 'Reorder Categories' work with nested categories (#8578) 2019-12-19 12:27:01 +02:00
Dan Ungureanu 9253cb79e3
UX: Show grandchildren in categories list (#8592) 2019-12-19 12:26:11 +02:00
Kris 3a8ed4033f UX: Prevent the post admin menu from appearing under the header on OP 2019-12-18 19:57:58 -05:00
Penar Musaraj db7d00a8dc DEV: Log deprecated FA 4.7 icon names in /logs (take 2)
Does not use utilities library, to avoid wizard qunit test failures
2019-12-18 12:52:31 -05:00
Penar Musaraj 274c22e7a2 Revert "DEV: Log deprecated FA 4.7 icon names in /logs"
This reverts commit 2dd9727c11.
2019-12-18 12:44:52 -05:00
Penar Musaraj 2dd9727c11 DEV: Log deprecated FA 4.7 icon names in /logs 2019-12-18 12:22:03 -05:00
David Taylor fab3bbf705 FIX: IE11 compatibility for readonly check
In some situations, the xhr object is undefined in IE11
2019-12-18 16:57:20 +00:00
Kris 37c9579a01 UX: reduce opacity on hidden topic contents, but not the controls 2019-12-18 11:34:33 -05:00
Dan Ungureanu 95390e3333
FIX: Show parent and subcategories for 2nd level categories (#8579)
The maximum level used to be one, which meant that a category could be
either a parent or a child. If it was a parent, the subcategories were
shown; if it was a child then the parent selector was shown.

With multiple levels of nesting, a category can be both a parent and a
child.
2019-12-18 17:44:28 +02:00
Kris 89154308b0 UX: Minor user admin page adjustments, accomodating for long group names 2019-12-18 09:26:03 -05:00
David Taylor 96bfefac5c FIX: Prevent errors in IE11 following AJAX request
In some situations, the xhr object is undefined, so check that it's present before continuing
2019-12-18 13:38:36 +00:00
Krzysztof Kotlarek 1921538faa FIX: show new/unread button when a new topic or post is created (#8576)
There is a problem that if you read all messages, even when a new one
arrives, the button on the top is not showing.

This is because once the button got `hidden` class, a label under is
properly updated, however, the class is not removed.

Therefore, I added computed isHidden function which is recalculated when
`count` change.
2019-12-18 11:22:28 +00:00
Vinoth Kannan 3b7f5db5ba
FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 11:21:57 +05:30
Krzysztof Kotlarek f59647cd55
FIX: move IE specific CSS rules to discourse-internet-explorer plugin (#8567) 2019-12-18 15:25:16 +11:00
Mark VanLandingham e916bd7ea0
FIX: Fix choose-topic component to search by url (#8574) 2019-12-17 13:01:52 -08:00
Mark VanLandingham d37dc14c57
REVERT: Remove feature topic on profile button from topic view (#8573) 2019-12-17 12:41:49 -08:00
Kris 62ebfbbb67 UX: Minor adjustment to give the PM recipient input more flexibility. 2019-12-17 14:56:57 -05:00
Joffrey JAFFEUX 007652ece5
DEV: allows this.get in widgets (#8571) 2019-12-17 18:39:51 +01:00
Blake Erickson 1c7305c0f1 DEV: Remove buffered rendering from topic-status
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.

Previous commit: 006e5904be in this
series.

This commit affects the icons next to the topic title that indicate if
it is closed, unlisted, pinned, etc. It is just a refactor and should
not change any functionality.

Originally I was going to continue to use the existing
topic-status-icons arrayProxy helper but this would require using
observers, so I opted instead to use computed properties and have a bit
larger hbs template.
2019-12-17 10:35:05 -07:00
Kris ff1be40980 UX: Increase combo-box tap area for mobile 2019-12-17 11:43:11 -05:00
Dan Ungureanu d9e7611910
FIX: Avoid String.matchAll for IE11 support 2019-12-17 18:09:29 +02:00