Commit Graph

55195 Commits

Author SHA1 Message Date
Natalie Tay 188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
Martin Brennan 2d5f323ca3
DEV: Move config area site setting fetch into new controller (#28136)
Followup 4aea12fdcb

In certain config areas (like About) we want to be able
to fetch specific site settings by name. In this case,
sometimes we need to be able to fetch hidden settings,
in cases where a config area is still experimental.

Splitting out a different endpoint for this purpose
allows us to be stricter with what we return for config
areas without affecting the main site settings UI, revealing
hidden settings before they are ready.
2024-07-30 15:41:28 +10:00
Krzysztof Kotlarek 284aa1da22
FIX: addCommunitySectionLink secondary argument (#28135)
`addCommunitySectionLink` API function accepts secondary argument to determine if the link should be added to the primary or secondary (more) section. There was a bug and all links were mounted in the secondary section.
2024-07-30 14:32:07 +10:00
Alan Guo Xiang Tan 3193afe7ca
FIX: Rescue and warn when error is encountered in `DiscourseIpInfo.mmdb_download` (#28134)
Since switching to Maxmind permalinks to download the databases in
7079698cdf, we have received multiple
reports about rebuilds failing as `maxminddb:refresh` runs during
the rebuilds and failing to download the databases cases the rebuilds to
fail.

Downloading Maxmind databases should not sit in the critical rebuild
path but since we are close to the Discourse 3.3 release, we have opted
to just rescue all errors encountered when downloading the databases.

In the near future after the Discourse 3.3 release, we will be looking
at moving the downloading of maxmind databases out of the rebuild path.
2024-07-30 11:33:20 +08:00
Loïc Guitaut 1f5cbb9a44
DEV: Refactor translation overrides a bit (#28125)
This is a small followup of
https://github.com/discourse/discourse/pull/28037.
2024-07-30 09:56:46 +08:00
Osama Sayegh e9aa2c96e1
FIX: Add new/missing email templates to the email templates editor (#28075)
We have a dedicated admin page (`/admin/customize/email_templates`) that lets admins customize all emails that Discourse sends to users. The way this page works is that it lists all translations strings that are used for emails, and the list of translation strings is currently hardcoded and hasn't been updated in years. We've had a number of new emails that Discourse sends, so we should add those templates to the list to let admins easily customize those templates.

Meta topic: https://meta.discourse.org/t/3-2-x-still-ignores-some-custom-email-templates/308203.
2024-07-30 00:27:41 +03:00
Daniel Waterworth 1a95543e93
PERF: Don't use unaccent on string literals (#28120)
unaccent isn't marked as a pure function, so it gets evaluated per row
instead of once.
2024-07-29 15:37:25 -05:00
David Taylor b44190307f
UX: Avoid header topic-info flicker when using `?page=` params (#28117)
In this case, there is no 'nearPost' param in the URL. Instead, the server preloads a post-stream with whichever page of posts is requested. We can check for that situation using `postStream.firstPostPresent`.

Also updates the widget-header version to fetch a value from the service on initial render, instead of relying on the observer triggering.

Followup to bdec564d14
2024-07-29 20:36:23 +01:00
Natalie Tay 5b51ed3856
DEV: Promote historic post_deploy migrations (#28128)
This commit promotes all post_deploy migrations which existed in Discourse v3.2.0 (timestamp <= 20240112043325)
2024-07-30 01:14:03 +08:00
Natalie Tay 7a1e3accff
DEV: Promote historic post_deploy migrations (#28127)
This commit promotes all post_deploy migrations which existed in Discourse v3.2.0 (timestamp <= 20240112043325)
2024-07-30 00:49:21 +08:00
Loïc Guitaut cfa4f07378 FIX: Don't crash when MF definitions are missing
Currently, if MF definitions are missing (typically because there’s a
compilation error), `I18n.messageFormat` will try to access
`I18n._mfMessages.hasMessage` resulting in a crash that will in turn
crash Ember.

This patch addresses the issue by using the optional chaining operator
making the `I18n.messageFormat` method return a "Missing Key" message.
MF strings won’t be rendered properly, but the site will stay usable.
2024-07-29 18:13:17 +02:00
Neil Lalonde e81fc27a0f
FIX: db_timestamps_mover errors from discourse-voting plugin (#28123)
https://github.com/discourse/discourse-topic-voting/pull/196

Some tables in that plugin are read-only, so the script fails when
trying to update rows in those tables. Add them to the ignore list.
2024-07-29 11:20:14 -04:00
Loïc Guitaut 9c57be6403 DEV: Update Ruby I18n pluralization rules
The current pluralization rules used by the I18n system in Ruby are
obsolete and don’t follow the official rules available at
unicode.org/cldr/charts/45/supplemental/language_plural_rules.html.

Using https://github.com/ruby-i18n/ruby-cldr, new and updated ones have
been generated.
2024-07-29 15:44:52 +02:00
Loïc Guitaut fbf6bf6243 FIX: Don't escape MF variables in HTML links
We have some MF strings that are outputting HTML tags (typically links)
and their attributes are using single quotes. The problem is that with
the current implementation of MessageFormat, single quotes act as an
escaping mechanism for special characters like `{`. This then prevents
from interpolating some variables in the strings.

This patch addresses that issue by using double quotes instead,
restoring the expected behavior.
2024-07-29 15:30:52 +02:00
Discourse Translator Bot f5fc49f5db
Update translations (#28115)
* Update translations

* DEV: Spec failed because of translation update

---------

Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
2024-07-29 15:16:40 +02:00
锦心 319075e4dd
FIX: Ensure JsLocaleHelper to not output deprecated translations (#28037)
* FIX: Ensure JsLocaleHelper to obly outputs up-to-date translations

The old implementation forgot to filter out deprecated
translations, causing these translations to incorrectly override the new
locale in the frontend.

This commit fills in the forgotten where clause, filtering only the
up-to-date part.

Related meta topic: https://meta.discourse.org/t/outdated-translation-replacement-causing-missing-translation/314352
2024-07-29 15:21:25 +08:00
Ted Johansson 3126c50baa
DEV: Update member access wizard step to use toggle group (#28013)
We want to change the design of the "member experience" step of the wizard from using checkbox switches to using radio toggle groups.
2024-07-29 14:07:06 +08:00
Krzysztof Kotlarek 2a9dcade0a
UX: group admin new features by month (#28106)
Display new features grouped by month and show additional information about the version.
2024-07-29 14:20:12 +10:00
dependabot[bot] e1f2376392
Build(deps-dev): Bump lefthook from 1.7.5 to 1.7.9 (#28102)
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.7.5 to 1.7.9.
- [Release notes](https://github.com/evilmartians/lefthook/releases)
- [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md)
- [Commits](https://github.com/evilmartians/lefthook/compare/v1.7.5...v1.7.9)

---
updated-dependencies:
- dependency-name: lefthook
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:44:19 +08:00
dependabot[bot] fce6bed6a5
Build(deps): Bump sanitize from 6.1.1 to 6.1.2 (#28108)
Bumps [sanitize](https://github.com/rgrove/sanitize) from 6.1.1 to 6.1.2.
- [Release notes](https://github.com/rgrove/sanitize/releases)
- [Changelog](https://github.com/rgrove/sanitize/blob/main/HISTORY.md)
- [Commits](https://github.com/rgrove/sanitize/compare/v6.1.1...v6.1.2)

---
updated-dependencies:
- dependency-name: sanitize
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:44:03 +08:00
dependabot[bot] 22e8970629
Build(deps-dev): Bump @swc/core from 1.7.0 to 1.7.3 (#28111)
Bumps [@swc/core](https://github.com/swc-project/swc) from 1.7.0 to 1.7.3.
- [Release notes](https://github.com/swc-project/swc/releases)
- [Changelog](https://github.com/swc-project/swc/blob/main/CHANGELOG.md)
- [Commits](https://github.com/swc-project/swc/compare/v1.7.0...v1.7.3)

---
updated-dependencies:
- dependency-name: "@swc/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:43:48 +08:00
dependabot[bot] 3541cab856
Build(deps): Bump nokogiri from 1.16.6 to 1.16.7 (#28109)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.6 to 1.16.7.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.16.6...v1.16.7)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-29 10:55:24 +10:00
David McClure 912950c59b
DEV: improve copy for self wiki groups (#28105) 2024-07-27 22:09:05 -04:00
David McClure 880da52bb6
DEV: improve copy for instant-runoff polls (#28104) 2024-07-27 22:08:41 -04:00
Jarek Radosz f14cf4f8a9
DEV: Fix random typos (#28103)
July 2024 edition
2024-07-26 23:13:12 +02:00
Jarek Radosz e627d24c3b
FIX: Bulk (glimmer) topic selection on mobile (#28100)
`/t/-/134051`
2024-07-26 21:16:19 +02:00
marstall b55f2a6270
needed () to work (#28099) 2024-07-26 14:00:10 -04:00
chapoi 3e6b5a16a6
UX: restyle main nav on mobile (#28094) 2024-07-26 19:54:09 +02:00
dependabot[bot] beb7c98eee
Build(deps-dev): Bump puppeteer-core from 22.13.0 to 22.14.0 (#28091)
Bumps [puppeteer-core](https://github.com/puppeteer/puppeteer) from 22.13.0 to 22.14.0.
- [Release notes](https://github.com/puppeteer/puppeteer/releases)
- [Changelog](https://github.com/puppeteer/puppeteer/blob/main/release-please-config.json)
- [Commits](https://github.com/puppeteer/puppeteer/compare/puppeteer-core-v22.13.0...puppeteer-core-v22.14.0)

---
updated-dependencies:
- dependency-name: puppeteer-core
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-26 19:22:12 +02:00
David Taylor d141adb872
FIX: Adjust swc minify options for Safari 15 support (#28098)
By default, the swc minifier seems to unwrap 'unneeded' IIFE. That means it was undoing the 'bugfix' transformation we have for class fields in Safari 15. Disabling the 'inline' and 'reduce_funcs' options seems to stop this behavior.
2024-07-26 17:46:31 +01:00
Loïc Guitaut cec8445f14 DEV: Ensure MF locales are checked properly
This patch fixes the `i18n:check` rake task which has been broken by
the `MessageFormat` upgrade.

It also adds a spec to ensure we generate valid MF code for all our
available locales.
2024-07-26 16:20:25 +02:00
David Battersby 6f2f34f786
DEV: fix chat message grace edit period flaky (#28095)
The message grace edit window (10 seconds) was too short after freezing time, possibly causing the test to fail occasionally if the record is not updated within 5 seconds.
2024-07-26 18:16:17 +04:00
dependabot[bot] 56ecbcb8c9
Build(deps-dev): Bump ember-test-selectors from 6.0.0 to 7.0.0 (#28092)
Bumps [ember-test-selectors](https://github.com/mainmatter/ember-test-selectors) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/mainmatter/ember-test-selectors/releases)
- [Changelog](https://github.com/mainmatter/ember-test-selectors/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mainmatter/ember-test-selectors/compare/v6.0.0...v7.0.0)

---
updated-dependencies:
- dependency-name: ember-test-selectors
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-26 14:49:45 +02:00
dependabot[bot] cad516a526
Build(deps-dev): Bump docile from 1.4.0 to 1.4.1 (#28088)
Bumps [docile](https://github.com/ms-ati/docile) from 1.4.0 to 1.4.1.
- [Changelog](https://github.com/ms-ati/docile/blob/main/HISTORY.md)
- [Commits](https://github.com/ms-ati/docile/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: docile
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-26 14:44:11 +02:00
Loïc Guitaut edc6b6f26c DEV: Fix flaky spec related to translation overrides 2024-07-26 13:20:20 +02:00
Loïc Guitaut ebde13a527 WIP: extract outdated/up-to-date logic in model 2024-07-26 12:20:00 +02:00
Loïc Guitaut 53210841c8 FIX: Validate MF strings when adding overrides
Currently, when adding translation overrides, values aren’t validated
for MF strings. This results in being able to add invalid plural keys or
even strings containing invalid syntax.

This patch addresses this issue by compiling the string when saving an
override if the key is detected as an MF one.

If there’s an error from the compiler, it’s added to the model errors,
which in turn is displayed to the user in the admin UI, helping them to
understand what went wrong.
2024-07-26 12:20:00 +02:00
carson chang f169985fce
UX: Fix button syntax in preferences (#28074)
* UX: Fix button syntax in preferences

* linting
2024-07-25 14:46:30 -07:00
Penar Musaraj 5958ad89f2
DEV: Fix flakey user tips test (#28087)
When we show user tips, we immediately send an AJAX request to mark the
tiup as seen. This is done in the background. However, when system tests
are run, sometimes that request is not completed before the test ends.
This causes the test to be flakey.

One way to fix this is to force the system test run to wait for the AJAX
request to complete. However, this is not ideal because it makes the
test suite slower on each run.

Instead, this commit removes the flakey assertion and adds an alternative
assertion in the frontend tests that ensures the background request is
sent when the user tip is shown.
2024-07-25 16:39:30 -04:00
David Taylor 1b7a583ec2
Revert "Build(deps-dev): Bump lefthook from 1.7.5 to 1.7.7 (#28068)" (#28086)
This reverts commit 5dca68dc1d.

Pending https://github.com/evilmartians/lefthook/issues/783
2024-07-25 20:27:17 +01:00
Renato Atilio 75e4b8f330
UX: limit "outputs HTML" watched word option to replacements (#28063)
We were displaying the "outputs HTML" option in all watched word actions, while it's only supposed to be used in the Replace action.
2024-07-25 16:25:56 -03:00
Penar Musaraj 3195d692a1
FIX: Restore missing modal scss (#28085)
Regressed in https://github.com/discourse/discourse/pull/28047

Should fix issue reported in https://meta.discourse.org/t/broken-password-confirmation-box-on-registration/318386
2024-07-25 15:20:52 -04:00
Jan Cernik 9b3f7d2b99
FIX: Topic map styling for PMs (#28084) 2024-07-25 16:10:17 -03:00
Osama Sayegh 7cc0f26292
DEV: Migrate about config area to Form Kit (#28021)
Form Kit is our new form library/framework for unifying the way forms look across Discourse. The admin config area for the /about page is a new form that isn't currently used, so it makes sense for it to be one of the first forms to be migrated to Form Kit to test the library.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2024-07-25 19:07:38 +03:00
David McClure 45f6bc0093
DEV: Add missing comma to warning string (#28081)
@discourse-translator-bot keep_translations
2024-07-25 10:43:31 -04:00
Joffrey JAFFEUX eec1b39baf
FIX: better copy for one entry (#28082)
If only one badge has not been awarded, the rest of the string doesn’t make sense:

> Due to the large number of unmatched entries, only the first 100 are shown:

As we are going to show only 1 anyways.
2024-07-25 16:12:13 +02:00
Jarek Radosz 4c7470d5cb
DEV: Don't try to update child themes in tests (#28080) 2024-07-25 19:40:51 +05:30
Joffrey JAFFEUX e3f03c74c4
FIX: missing ? in plural translation (#28079) 2024-07-25 16:05:19 +02:00
Jan Cernik 40bc0bcf98
FIX: Render the bottom topic map only if all posts are loaded (#28078) 2024-07-25 10:48:54 -03:00
Jan Cernik f7d1b9cf67
UX: Allow adding content inline to the topic map (#28053) 2024-07-25 10:46:52 -03:00