Commit Graph

46535 Commits

Author SHA1 Message Date
dependabot[bot] 8fe52bbee7
Build(deps): Bump rack-protection from 3.0.1 to 3.0.2 (#18448)
Bumps [rack-protection](https://github.com/sinatra/sinatra) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sinatra/sinatra/releases)
- [Changelog](https://github.com/sinatra/sinatra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinatra/sinatra/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: rack-protection
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-02 23:27:55 +02:00
dependabot[bot] 6ef4cf195a
Build(deps): Bump exifr from 1.3.9 to 1.3.10 (#18449)
Bumps [exifr](https://github.com/remvee/exifr) from 1.3.9 to 1.3.10.
- [Release notes](https://github.com/remvee/exifr/releases)
- [Changelog](https://github.com/remvee/exifr/blob/master/CHANGELOG)
- [Commits](https://github.com/remvee/exifr/compare/release-1.3.9...release-1.3.10)

---
updated-dependencies:
- dependency-name: exifr
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-02 23:26:54 +02:00
dependabot[bot] 3f14df4796
Build(deps): Bump zeitwerk from 2.6.0 to 2.6.1 (#18450)
Bumps [zeitwerk](https://github.com/fxn/zeitwerk) from 2.6.0 to 2.6.1.
- [Release notes](https://github.com/fxn/zeitwerk/releases)
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.6.0...v2.6.1)

---
updated-dependencies:
- dependency-name: zeitwerk
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-02 23:26:35 +02:00
dependabot[bot] 28f8ade0aa
Build(deps): Bump msgpack from 1.5.6 to 1.6.0 (#18451)
Bumps [msgpack](https://github.com/msgpack/msgpack-ruby) from 1.5.6 to 1.6.0.
- [Release notes](https://github.com/msgpack/msgpack-ruby/releases)
- [Changelog](https://github.com/msgpack/msgpack-ruby/blob/master/ChangeLog)
- [Commits](https://github.com/msgpack/msgpack-ruby/compare/v1.5.6...v1.6.0)

---
updated-dependencies:
- dependency-name: msgpack
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-02 23:26:14 +02:00
Osama Sayegh a3ce93bb98
FIX: Workaround a bug in the R2 gem to produce valid RTL CSS (#18446)
See the comment in the changed file for details. Meta report: https://meta.discourse.org/t/main-css-and-mobile-style-not-working-after-update-2-9-0-beta10/240553?u=osama.
2022-10-02 22:56:57 +03:00
jbrw ff42bef1b6
DEV: Add new plugin outlet in topic list header (#18444) 2022-09-30 17:14:21 -04:00
Daniel Waterworth 563ec624b2
FIX: Allow email login for admins in staff-writes-only-mode (#18443) 2022-09-30 14:12:49 -05:00
Kris afce65bb79
UX: fix post placeholder on mobile (#18442) 2022-09-30 14:51:44 -04:00
Blake Erickson 3b86974367
FEATURE: Make General the default category (#18383)
* FEATURE: Make General the default category

* Set general as the default category in the composer model instead

* use semicolon

* Enable allow_uncategorized_topics in create_post spec helper for now

* Check if general_category_id is set

* Enable allow_uncategorized_topics for test env

* Provide an option to the create_post helper to not set allow_uncategorized_topics

* Add tests to check that category… is not present and that General is selected automatically
2022-09-30 12:20:21 -06:00
Daniel Waterworth c1a7fa6b5d
FIX: Allow logout for admins in staff-writes-only-mode (#18441) 2022-09-30 13:03:20 -05:00
Arpit Jalan 136174e0ee
FEATURE: when entering a topic scroll to last visited line marker (#18440)
When a user enters a topic they have already visited they are navigated
to that post that is newest for them (post_number_last_read + 1). Above
that post there is a "last visited" line marker which is visible when
the user scrolls a bit above the post they landed on. This commit makes
sure that the "last visited" line marker is visible as soon as user is
landed in the topic.
2022-09-30 21:27:41 +05:30
Bianca Nenciu b615201b88
FIX: Remove zero-width space when not necessary (#18429)
A zero-width space character is inserted for icon-only buttons, but that
is unnecessary when the button has some rich-content and the block form
is used.
2022-09-30 18:34:47 +03:00
Bianca Nenciu 35a90b6a3f
FIX: Add better and more strict invite validators (#18399)
* FIX: Add validator for email xor domain

* FIX: Add validator for max_redemptions_allowed

* FIX: Add validator for redemption_count
2022-09-30 13:35:00 +03:00
Selase Krakani 0c38757250
FIX: Revert recursively tag lookup with missing ancestor tags (#18439)
This reverts commit 049f8569d8.

To be revisited with a more comprehensive solution covering parent
selection when multiple parents exist.
2022-09-30 08:28:09 +00:00
dependabot[bot] 58cc35fc78
Build(deps-dev): Bump webdrivers from 5.1.0 to 5.2.0 (#18435)
Bumps [webdrivers](https://github.com/titusfortner/webdrivers) from 5.1.0 to 5.2.0.
- [Release notes](https://github.com/titusfortner/webdrivers/releases)
- [Changelog](https://github.com/titusfortner/webdrivers/blob/main/CHANGELOG.md)
- [Commits](https://github.com/titusfortner/webdrivers/compare/v5.1.0...v5.2.0)

---
updated-dependencies:
- dependency-name: webdrivers
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-30 09:00:18 +02:00
Osama Sayegh 5a5625460b
DEV: Add group messages and group_message_summary notifications in the messages tab in the user menu (#18390)
This commit adds non-archived group messages and `group_message_summary` notifications in the messages tab in the user menu. With this change, the messages tab in the user menu now includes 3 types of items:

1. Unread `private_message` notifications (notifications when you receive a reply in a PM)
2. Unread and read `group_message_summary` notifications (notifications when there's a new message in a group inbox that you track)
3. Non-archived personal and group messages

Unread `private_message` notifications are always shown first, followed by unread `group_message_summary` notifications, and then everything else (messages and read `group_message_summary` notifications) sorted by recency (most recent first).

Internal topic: t/72976.
2022-09-30 08:44:04 +03:00
Vinoth Kannan 6ebd2cecda
FIX: missing theme upload should not break precompile process. (#18431)
Previously, if an active default theme's upload record went missing then it will break the site and cause downtime.
2022-09-30 10:48:26 +05:30
Alan Guo Xiang Tan 0bdb616edc
DEV: Refactor community section code (#18436)
In a recent commit when adding the review section link, I moved to a
pattern where we allowed the section links to be refreshed after the
section has been constructed. However, we were not tearing down the old
section links when refreshing. This made me realise that refreshing
section links in a section is not a pattern I want to adopt since people
can easily forget to teardown. Instead, each section link should be
responsible for defining a teardown function for cleanup which will
always be called when the sidebar is removed.
2022-09-30 13:13:50 +08:00
Osama Sayegh 079450c9e4
DEV: Do not show handled reviewables in the user menu (#18402)
Currently, the reviewables tab in the user menu shows pending reviewables at the top of the menu and fills the remaining space in the menu with old/handled reviewables. This PR makes the revieables tab show only pending reviewables and hides the tab altogether from the menu if there are no pending reviewables. We're going to follow-up with another change soon that will show pending reviewables in the main tab of the user menu.

Internal topic: t/73220.
2022-09-30 06:10:07 +03:00
Frank 69c20a3a5e
FIX: Removed bookmark reminder alert for reminders set in the past (#18398) 2022-09-30 10:35:42 +08:00
Meghna 847e1db7fb
UX: move dismiss button on the bottom to the right of the footer message (#18424) 2022-09-30 10:04:54 +08:00
dependabot[bot] ff45651053
Build(deps): Bump net-imap from 0.3.0 to 0.3.1 (#18432)
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.3.0 to 0.3.1.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.3.0...v0.3.1)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-30 10:03:25 +08:00
dependabot[bot] 5f81f5d392
Build(deps): Bump excon from 0.92.5 to 0.93.0 (#18433)
Bumps [excon](https://github.com/excon/excon) from 0.92.5 to 0.93.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.92.5...v0.93.0)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-30 10:03:11 +08:00
Alan Guo Xiang Tan 4c5e575c15
FIX: Ensure closing sidebar tears down all callbacks. (#18434) 2022-09-30 10:02:51 +08:00
Martin Brennan 9daa6328b5
FIX: Quirks around starting new uploads when one was in progress (#18393)
This commit addresses issues around starting new uploads in a composer etc.
when one or more uploads are already processing or uploading.
There were a couple of issues:

1. When all preprocessors were complete, we were not resetting
    `completeProcessing` to 0, which meant that `needProcessing`
    would never match `completeProcessing` if a new upload was
    started.
2. We were relying on the uppy "complete" event which is supposed
    to fire when all uploads are complete, but this doesn't seem to take
    into account new uploads that are added. Instead now we can rely on
    our own `inProgressUploads` tracker, and consider all uploads complete
    when there are no `inProgressUploads` in flight
2022-09-30 11:01:40 +10:00
Bianca Nenciu f60e6837c6
FEATURE: Add setting to always confirm old email (#18417)
By default, only staff members have to confirm their old email when
changing it. This commit adds a site setting that when enabled will
always ask the user to confirm old email.
2022-09-30 00:49:17 +03:00
Daniel Waterworth cb922ca8c8
DEV: update .ruby-version.sample (#18426) 2022-09-29 13:38:44 -05:00
Jarek Radosz 000c7a3ee3 Version bump to v2.9.0.beta10 2022-09-29 20:37:21 +02:00
Jarek Radosz 4b66086d04 Revert "Version bump to v2.3.0.beta10 (#18425)"
This reverts commit b92185a2d4.
2022-09-29 20:37:21 +02:00
Jarek Radosz b92185a2d4
Version bump to v2.3.0.beta10 (#18425) 2022-09-29 20:23:19 +02:00
Jarek Radosz b27d5626d2
SECURITY: Prevent arbitrary file write when decompressing files (#18421)
* SECURITY: Prevent arbitrary file write when decompressing files
* FIX: Allow decompressing files into symlinked directories

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2022-09-29 20:00:38 +02:00
Jarek Radosz ae1e536e83
SECURITY: moderator shouldn't be able to import a theme via API (#18418)
* SECURITY: moderator shouldn't be able to import a theme via API.
* DEV: apply `AdminConstraint` for all the "themes" routes.

Co-authored-by: Vinoth Kannan <svkn.87@gmail.com>
2022-09-29 20:00:20 +02:00
Roman Rizzi ba139b8c23
REFACTOR: Improve reusability by Decoupling flag modal from flag target. (#18251)
* REFACTOR: Improve reusability by Decoupling flag modal from flag target.

We want chat message's flags to have the same features as topic and posts' flags, but we prefer not having to duplicate core's logic. This PR moves target specific bits to different classes, allowing plugins to flag custom things by
providing their own.

* A couple of fixes for the flag modal:

- Make sure buttons are disabled until a flag type is selected.
- Don't throw an error when checking if the user can undo an action on a deleted topic.
- Disable flagging on deleted topics.
2022-09-29 11:57:36 -03:00
Rafael dos Santos Silva fb5695795f
UX: Fix composer position on Firefox for Android (#18403)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-09-29 11:35:01 -03:00
Jarek Radosz 300db0615f
DEV: Fix `InstallTrigger` deprecation warnings on Firefox (#18380)
"InstallTrigger is deprecated and will be removed in the future."
2022-09-29 13:31:29 +02:00
Alan Guo Xiang Tan 5248fbbe24
UX: Add flag icon for review section link in sidebar (#18414) 2022-09-29 15:41:23 +08:00
Alan Guo Xiang Tan 4f84ed6723
FIX: Use `Category#category_text` for sidebar title (#18411)
Previously we used `Category#category_excerpt` but the excerpt keeps the
HTML entities around if present and we can't really display HTML in the
title of a link.
2022-09-29 14:44:41 +08:00
Alan Guo Xiang Tan ec1851b1dc
DEV: Fix lint (#18412) 2022-09-29 14:44:23 +08:00
Alan Guo Xiang Tan 4c2525adc6
UX: Correct padding and height for sidebar section message (#18410)
Follow-up to f1cbc23f1e
2022-09-29 14:06:28 +08:00
Alan Guo Xiang Tan 3ec1808d75
DEV: Revert change in background-color of sidebar (#18409)
Follow-up to f1cbc23f1e
2022-09-29 13:52:23 +08:00
Alan Guo Xiang Tan f1cbc23f1e
UX: Add icons to all section links in Sidebar (#18378)
This commit introduces an icon to all links in the sidebar. If an icon has not been configured, we will fall back to a generic "link" icon. As part of this commit, we also standardised the size of each prefix to 20px by 20px and set a fix margin. This is to allow sufficient space for text prefixes and image prefixes to be displayed. 

Tests have been intentionally left out for now as I don't feel like asserting for the icons will bring much value at this point. Time shall prove me wrong.

Co-authored-by: awesomerobot <kris.aubuchon@discourse.org>
2022-09-29 12:28:01 +08:00
dependabot[bot] b6dfe5e394
Build(deps): Bump net-pop from 0.1.1 to 0.1.2 (#18405)
Bumps [net-pop](https://github.com/ruby/net-pop) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/ruby/net-pop/releases)
- [Commits](https://github.com/ruby/net-pop/compare/v0.1.1...v0.1.2)

---
updated-dependencies:
- dependency-name: net-pop
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 10:23:09 +08:00
Martin Brennan 87a6cab772
FIX: Migration typo for secure_uploads (#18408)
Fixes typo from 8ebd5edd1e causing
deploy issues.
2022-09-29 11:30:14 +10:00
dependabot[bot] 854ec97772
Build(deps-dev): Bump selenium-webdriver from 4.4.0 to 4.5.0 (#18404)
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)
- [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.4.0...selenium-4.5.0)

---
updated-dependencies:
- dependency-name: selenium-webdriver
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 09:01:42 +08:00
dependabot[bot] c8be7644fa
Build(deps): Bump net-smtp from 0.3.1 to 0.3.2 (#18406)
Bumps [net-smtp](https://github.com/ruby/net-smtp) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/ruby/net-smtp/releases)
- [Changelog](https://github.com/ruby/net-smtp/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/net-smtp/compare/v0.3.1...v0.3.2)

---
updated-dependencies:
- dependency-name: net-smtp
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 09:01:10 +08:00
dependabot[bot] a53643515d
Build(deps): Bump net-imap from 0.2.3 to 0.3.0 (#18407)
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.2.3 to 0.3.0.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.2.3...v0.3.0)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-29 09:00:56 +08:00
Martin Brennan 8ebd5edd1e
DEV: Rename secure_media to secure_uploads (#18376)
This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality.

This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site.

Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing.

This also keeps compatibility with the `secure-media-uploads` path, and changes new
secure URLs to be `secure-uploads`.

Deprecated settings:

* secure_media -> secure_uploads
* secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails
* secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 09:24:33 +10:00
Osama Sayegh 70b96ac4e7
DEV: Include quote notifications in the replies tab in the user menu (#18401)
The rationale behind this change is that quote notifications are almost always as important as replies notifications so it makes sense for them to be included in the replies tab instead of the "other" tab. Internal topic: t/74748.
2022-09-28 21:41:11 +03:00
Rafael dos Santos Silva ea3bc7d7dc
UX: Restore full sized composer on mobile (#18400) 2022-09-28 15:32:09 -03:00
Jordan Vidrine 64601779f0
UX: Style changes to match updates (#18397) 2022-09-28 12:31:56 -05:00