Commit Graph

76 Commits

Author SHA1 Message Date
Simon Cossar 3d9eb3e085
Rename options passed to Readability::Document back to whitelist and blacklist (#10340) 2020-07-30 12:56:48 -07:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Roman Rizzi a41476800b
FIX: Don't raise an exception if a topic cannot be retrieved (#9906) 2020-05-28 11:59:20 -03:00
Blake Erickson da839e6d26 SECURITY: Use FinalDestination for topic embeds 2020-05-27 09:26:09 -06:00
Michael Brown d9a02d1336
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
This reverts commit 20780a1eee.

* SECURITY: re-adds accidentally reverted commit:
  03d26cd6: ensure embed_url contains valid http(s) uri
* when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on
  instead of the 03d26cd6 parent (which contains security fixes)
2020-05-23 00:56:13 -04:00
Jeff Atwood 20780a1eee Revert "Merge branch 'master' of https://github.com/discourse/discourse"
This reverts commit e62a85cf6f, reversing
changes made to 2660c2e21d.
2020-05-22 20:25:56 -07:00
Blake Erickson 03d26cd6f0 SECURITY: ensure embed_url contains valid http(s) uri 2020-05-22 14:54:56 -06:00
Krzysztof Kotlarek 9bff0882c3
FEATURE: Nokogumbo (#9577)
* FEATURE: Nokogumbo

Use Nokogumbo HTML parser.
2020-05-05 13:46:57 +10:00
Robin Ward 98729c8e6e FIX: Allow embed updates of just the title 2020-04-20 14:31:24 -04:00
Robin Ward 56a23c68f1 FIX: Embedded topics couldn't update their titles 2020-04-20 14:27:43 -04:00
Robin Ward b6b92a562c
FEATURE: New site setting `embed_unlisted` (#9391)
If enabled, posts imported to discourse via embeddings will default to
unlisted until they receive a reply.
2020-04-13 15:17:02 -04:00
romanrizzi 55b8620b43 FIX: TopicEmbed#absolutize_urls was trying to modify a frozen string 2020-03-25 12:57:54 -03:00
Penar Musaraj 99fd65328c FIX: Skip absolutizing URLs when source URI is invalid 2020-02-07 10:54:24 -05:00
Sam Saffron 0fb497eb23 DEV: use Discourse.cache over Rails.cache
Discourse.cache is a more consistent method to use and offers clean fallback
if you are skipping redis

This is part of a larger change that both optimizes Discoruse.cache and omits
use of setex on $redis in favor of consistently using discourse cache

Bench does reveal that use of Rails.cache and Discourse.cache is 1.25x slower
than redis.setex / get so a re-implementation will follow prior to porting
2019-11-27 12:36:19 +11:00
Daniel Waterworth 55a1394342 DEV: pluck_first
Doing .pluck(:column).first is a very common pattern in Discourse and in
most cases, a limit cause isn't being added. Instead of adding a limit
clause to all these callsites, this commit adds two new methods to
ActiveRecord::Relation:

pluck_first, equivalent to limit(1).pluck(*columns).first

and pluck_first! which, like other finder methods, raises an exception
when no record is found
2019-10-21 12:08:20 +01:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
romanrizzi d01c938e1a Revert "FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element."
This reverts commit 50afe59306.
2019-08-09 11:35:22 -03:00
romanrizzi 50afe59306 FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element. 2019-08-09 11:13:09 -03:00
Sam Saffron 2408d55551 FIX: embedding topics would fail with some HTML
When truncating content we try to search for first paragraph, if HTML had
no P it would fallback to first div which may have nested elements.
2019-08-07 12:45:55 +10:00
Kyle Zhao 0e1d6151b9 FIX: Frozen string error in `TopicEmbed.import` (#7938)
When `SiteSetting.embed_truncate` is enabled (by default), the truncated
string is mutatable and does not raise an error.

However, when the setting is disabled, the `contents` string is frozen
and immutable, and will raise a `FrozenError`.
2019-07-25 09:21:01 -04:00
Guo Xiang Tan d369b84ced Fix modifying frozen strings error. 2019-05-13 14:31:20 +08:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Maja Komel 6c8069c65a FIX: properly escape embed url 2019-01-07 18:11:43 +01:00
Kyle Zhao e25a6e085e FIX: drop title updates through RSS feeds
can create an update loop
2018-08-28 16:25:04 +10:00
Guo Xiang Tan 932195d828 DEV: Update test case for `TopicEmbed`. 2018-08-24 09:42:12 +08:00
Kyle Zhao baf413d527 FIX: update TopicEmbed's title and user correctly 2018-08-21 18:31:01 +08:00
Régis Hanol de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Kyle Zhao 0cc4b42180 FIX: TopicEmbed.import should update title and author 2018-05-02 17:12:31 +10:00
Arpit Jalan 12706c4b29 FEATURE: support markdown rendering for embedded posts 2018-03-11 08:00:48 +05:30
Gerhard Schlager 5a56746610 FIX: Embedded topic was not found when URL contained query string 2018-02-14 00:28:30 +01:00
Arpit Jalan 9030d3ef63 FIX: do not create duplicate topics
https://meta.discourse.org/t/duplicate-http-https-topics-are-randomly-created/77190
2018-01-04 23:53:52 +05:30
Gerhard Schlager e30851e45a Move escape_uri method to a more suitable place 2017-12-12 20:17:46 +01:00
Guo Xiang Tan 367fb1c524 FIX: Onebox fails on encoded URL.
https://meta.discourse.org/t/onebox-breaks-if-theres-chinese-text-in-url/67364
2017-09-26 18:34:54 +08:00
Gerhard Schlager 6f6b47f096 FIX: do not escape already escaped chars in URL 2017-09-22 17:36:44 +02:00
Gerhard Schlager 1a435414d5 FIX: handle URL encoded email addresses 2017-09-22 14:26:06 +02:00
Guo Xiang Tan b84e87dedd FIX: Don't raise an error if URL timesout. 2017-08-10 12:58:56 +09:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward 39e1948174 FIX: If the error is 401 unauthorized or such, just do nothing 2017-05-25 15:42:05 -04:00
Arpit Jalan aeead60036 FIX: make TopicEmbed trashable 2017-04-25 18:40:39 +05:30
Robin Ward dad57fa033 FIX: More errors with non-ascii URLs 2017-03-07 11:21:41 -05:00
Robin Ward cd571b26ba FIX: Allow Safe Redirections in Topic Embedding 2016-09-15 13:56:59 -04:00
Robin Ward 7da44e3bf0 FEATURE: Support author meta tags for embedding 2016-08-30 12:01:04 -04:00
Robin Ward c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Robin Ward 884bdf7240 FEATURE: Ability to scrub titles when importing embeddable content 2016-08-22 12:43:02 -04:00
Robin Ward e2b5919579 FIX: Don't normalize URLs before fetching them, only for saving them 2015-11-06 16:25:11 -05:00
kerryliu b7803fc68e FIX: allow emoji class when crawling embedded content, add rspc-html-matchers 2015-11-05 18:51:26 -08:00
Sam c1ecd6f4ce update annotations 2015-09-18 10:41:10 +10:00
Robin Ward d1c69189f3 FEATURE: Can edit category/host relationships for embedding 2015-08-20 15:56:04 -04:00
Robin Ward fb8ba5e137 FIX: `PG::UniqueViolation` when trying to use the same embed code
Previously providing an embed code already in use would result in
a logged server error. After this commit the error is gracefully
bubbled up from the `PostCreator`
2015-06-15 12:09:59 -04:00
Robin Ward edae9d7ad9 FIX: Sometimes `contents` is nil, don't break in that case. 2015-05-06 12:40:24 -04:00