Sam
e6e81efe85
correct information leak in page not found
2013-06-13 10:27:17 +10:00
Robin Ward
77b218a142
FIX: Do not suggest similar topics from secure categories you can't see.
2013-06-12 13:45:11 -04:00
Chris Hunt
a362d62b42
Do not return mail password in EmailController
2013-06-11 16:00:13 -07:00
Neil Lalonde
82b5f57e40
Make it possible to set a site setting to empty string
2013-06-11 14:31:38 -04:00
Robin Ward
93bbe190c0
Moved Email components into a module
2013-06-10 15:34:10 -04:00
Robin Ward
3b7d3aa487
FIX: Search wasn't using the lowercase username for finding the context.
2013-06-10 10:42:06 -04:00
Neil Lalonde
169125e96d
Fix a case where a random topic with null slug will be rendered instead of 404
2013-06-07 14:30:26 -04:00
Robin Ward
5217602ec3
FIX: RSS paths render a 404 for missing topics.
2013-06-07 12:52:12 -04:00
Ian Christian Myers
b61e10f9ad
All parameters for #create in PostsController pass through strong_parameters.
...
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
Chris Hunt
41b0692543
Show 'waiting approval' and don't send email
...
When 'must approve users' in enabled, we don't want to send an
activation email to users after they sign up. Instead, we will show them
'waiting approval' and not take an action until their account is
approved by an admin.
2013-06-06 18:36:16 -07:00
Neil Lalonde
a151bfc7ec
Store when a topic was first set to auto-close and report that amount of time when it closes. And do some refactoring.
2013-06-06 17:04:21 -04:00
Robin Ward
8f32aed944
Only use HTML templates for the digest email.
2013-06-06 15:08:56 -04:00
Neil Lalonde
62041da7e0
Handle /t/only-the-slug urls by trying to find the topic by slug (second try)
2013-06-06 14:41:37 -04:00
Robin Ward
bac03a3369
Merge pull request #975 from jd-erreape/username_refactor
...
[WIP] Refactored user_name suggestion methods into a module
2013-06-06 08:12:29 -07:00
Juan de Dios Herrero
96d23ddd8d
Refactored user_name suggestion methods into a module to reduce the complexity of User model
2013-06-06 16:40:10 +02:00
Ian Christian Myers
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam
255a614142
keep /srv/status exposed
2013-06-06 14:40:10 +10:00
Sam
2ca734c118
Merge pull request #964 from chrishunt/exclusive-club
...
Add 'invite only' site setting
2013-06-05 16:38:47 -07:00
Robin Ward
0b97ea6345
Better HTML emails, smarter email digests, new email section in admin with digest preview
2013-06-05 17:47:25 -04:00
Chris Hunt
a523fa56ac
Don't require authentication for invites
2013-06-05 11:12:37 -07:00
Chris Hunt
acf147ef88
Disable OmniAuth account creation if 'invite only'
2013-06-05 11:11:02 -07:00
Chris Hunt
d432798ff8
Silently fail if user tries to sneak in
...
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Ian Christian Myers
41528f5d11
Implemented strong_parameters for Upload/UploadsController.
...
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
Ian Christian Myers
f50b648844
Implemented strong_parameters for PostAction/PostActionsController.
...
PostActionsController now uses strong_parameters' #require to require certain parameters. ActionController::ParameterMissing is now thrown when a reqired parameter is missing, rather than Discourse::InvalidParameters.
2013-06-05 00:23:51 -07:00
Ian Christian Myers
3b245031a4
Implemented strong_parameters for Invite/InvitesController.
...
The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown.
2013-06-05 00:04:03 -07:00
Ian Christian Myers
130d837952
Implemented strong_parameters for Category/CategoriesController.
...
Category now requires parameters to be permitted by strong_parameters using #require or #permit for mass-assignment. Missing required parameters now throw a ActionController::ParameterMissing execption instead of the Discourse::InvalidParameters execption.
2013-06-04 23:45:25 -07:00
Sam
870e59883b
secure the links on the topic pages, eliminated deleted topics as well.
2013-06-05 16:10:26 +10:00
Sam
913a607528
need to punch through account creation stuff
2013-06-05 14:01:24 +10:00
Sam
2dfba8d6de
we need to be able to do username checks for registration to work
2013-06-05 12:50:42 +10:00
Sam
5e305eaf0a
missing skip filter for omniauth
2013-06-05 10:30:51 +10:00
Sam
21b3359ea4
Merge pull request #957 from chrishunt/chrishunt/lock-down-the-base
...
Add 'login required' site setting
2013-06-04 17:22:08 -07:00
Chris Hunt
978785720a
Redirect to root after login if no path provided
...
If we do not do this, then people that login from /login will just be
redirected back to the login page. We'd rather have them see the root
path.
2013-06-04 16:10:10 -07:00
Chris Hunt
92a4828f72
Redirect all controllers to login if required
...
We want to skip the filter for sessions controller so that we can login
and we want to skip the filter for static pages because those should be
visible to visitors.
2013-06-04 16:10:10 -07:00
Régis Hanol
e3e55d4dad
fix image uploads on s3/imgur
2013-06-05 00:35:42 +02:00
Robin Ward
02b1f78410
FIX: Include preloaded data even if the request type isn't explicitly text/html
2013-06-04 12:56:12 -04:00
Neil Lalonde
2259e97d42
Add a count of blocked users on the dashboard
2013-06-04 11:53:19 -04:00
Neil Lalonde
c4904aacc0
Automatically flag someone as a spammer if their posts get at least X spam flags from N users while their trust level is 'new user'. Staff can clear and set this status from the user record in admin.
2013-06-03 16:37:40 -04:00
Robin Ward
545dbfc07e
New Feature: Staff can choose to "Take Action" when flagging to immediately reach hiding
...
thresholds.
2013-05-31 17:39:32 -04:00
Robin Ward
d23ef1d090
FIX: You could update a topic to have a title that's too short if the TextCleaner
...
removed extra characters. Additionally, updating the title will not return an error
message to the client app if the operation fails (rather than failing silently.)
2013-05-31 15:24:13 -04:00
Sam
b228a7c185
Merge pull request #923 from eriko/cas_support
...
remove hardcoded value and replace with SiteSetting.cas_domainname
2013-05-30 21:39:29 -07:00
Neil Lalonde
42714b424f
For 403 errors, show the same html page as 404
2013-05-30 16:39:39 -04:00
Neil Lalonde
5d444be72b
Support incomplete topic urls like /t/just-a-slug; fix error when using route /t/:topic_id/:post_number
2013-05-30 10:39:15 -04:00
Sam
e93b7a3b20
more progress towards live unread and new counts, unread message implemented, still to implement delete messages
2013-05-30 16:49:57 +10:00
Sam
73834370a5
work in progress, live unread and new counts
2013-05-30 16:49:57 +10:00
Erik Ordway
364a59d344
remove hardcoded value and replace with SiteSetting.cas_domainname
2013-05-29 15:47:49 -07:00
Robin Ward
830b93a16b
Reduced complexity of admin flags controller, split up into methods, moved reports into model.
2013-05-29 16:49:34 -04:00
Neil Lalonde
b1bdebd611
url for uncategorized category topic list is always /category/uncategorized
2013-05-29 12:06:33 -04:00
Robin Ward
92dc59fba9
Properly assign draft keys to Categories List view.
2013-05-28 21:16:24 -04:00
Sam
46389754d6
Merge pull request #892 from eriko/cas_support
...
Cas support
2013-05-28 16:13:29 -07:00
Robin Ward
560fb15d8a
Include pinned topics in category list.
...
- removes an (n+1) query for user data
- supports the preload store for the data to avoid a second request
- fix a bug where uncategorizes was reporting (0, 0, 0) for topics by week, month, year
2013-05-28 15:36:16 -04:00
Robin Ward
e1781240a6
Merge branch 'refactoring' of git://github.com/mattvanhorn/discourse
...
Conflicts:
lib/text_sentinel.rb
2013-05-27 10:42:20 -04:00
Sam
661ddbb158
introduce strong_parameters
2013-05-27 11:06:09 +10:00
Sam
d84ae80074
Simplify user action make it more idiomatic
2013-05-27 10:22:37 +10:00
Matt Van Horn
d7817cf314
extract TopicNotifier class from topic
2013-05-24 13:36:33 -07:00
Robin Ward
3037e9adf6
FIX: Clearing flags wasn't making topics visible again.
2013-05-24 16:03:20 -04:00
Robin Ward
bd779834e5
Use search context for filtering search results by current category or user
2013-05-24 14:04:26 -04:00
Erik Ordway
1575ce7b10
add cas support with a few tests
2013-05-23 13:40:50 -07:00
Robin Ward
b9a310f4b1
Search Refactor: Let's use a class to keep track of our state rather
...
than passing params everywhere. Also make the private API private.
2013-05-22 15:22:06 -04:00
Robin Ward
0f296cd42b
Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now.
2013-05-22 12:06:37 -04:00
Sam
c4d8085fc5
remove moderator status posts from best feed
2013-05-22 15:04:53 +10:00
Sam
a3dce9afd7
don't error out on not posts if its a json request
2013-05-20 17:32:53 +10:00
Sam
fc57578c85
proper 404 for json request 404
2013-05-20 17:28:32 +10:00
Sam
e91ed83586
the private message stream is different to normal streams, improving the ui a bit and collapsing conversations
2013-05-20 16:44:06 +10:00
Sam
80fb20816c
get rid of nonsense 404.html
...
correct 404 handling for invalid pages
2013-05-20 10:29:49 +10:00
Neil Lalonde
f3282e33a3
Add tabs to category create/edit modal. Categories can have a default auto-close setting that applies to all new topics created in the category. Add rspec-given and write some integration tests. Tests for topic auto-close with category default
2013-05-17 11:05:35 -04:00
Robin Ward
a80ec535a3
Support for "Select All / Deselect All" while selecting posts to merge / delete.
2013-05-16 16:50:38 -04:00
Robin Ward
d554a59102
Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link
...
to the same host enough tiles, they will not be able to post the same link again.
Additionally, the site will flag all their previous posts with links as spam and they will
be instantly hidden via the auto hide workflow.
2013-05-16 12:19:50 -04:00
Sam
88417725b5
we need some, albeit hacky way of clearing these old pms, make at least some way of finding them
2013-05-16 17:30:30 +10:00
Neil Lalonde
21b4b8d5d5
Expire dashboard data when you upgrade to a new discourse version. Version check data was being cached and causing confusion to people who upgraded.
2013-05-14 16:17:25 -04:00
Neil Lalonde
9828c87525
Topic Auto-Close: admins and mods can set a topic to automatically close after a number of days
2013-05-13 12:53:52 -04:00
Sam
670b66ade3
better add some tests here tomorrow
2013-05-13 18:47:32 +10:00
Sam
b6bf95e741
speed up startup (avoid loading some gems on startup)
...
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
Sam
a27046bacd
fix cache hole
2013-05-13 11:09:03 +10:00
Sam
98d9f174ae
fix spec
2013-05-13 11:07:22 +10:00
Robin Ward
cf01c98d81
Experimental: Interface to Move Posts to an Existing Topic
2013-05-10 14:55:51 -04:00
Sam
942f168ab6
UI still a tad rough, but we have a first pass of secure categories
2013-05-10 16:47:47 +10:00
Sam
5280b3a01b
more group progress, UI getting there, controller mostly done
...
changed it so notify moderators goes to the moderators group
allow admins to grant self moderation and revoke self moderation
2013-05-09 17:37:34 +10:00
Sam
0f0fd281a8
group progress, never email banned users
2013-05-09 11:34:58 +10:00
Neil Lalonde
f35a44aeae
Add ability for admins and mods to send another activation email to a user, to activate an account, and deactivate an account
2013-05-08 10:10:47 -04:00
Sam
6b536dcde5
work in progress ... groups
2013-05-08 15:20:38 +10:00
Sam
20493106cd
fix post trashing
2013-05-07 17:56:56 +10:00
Sam
e9fc272db7
remove acts_as_paranoid, use .trash! , .recover! and .with_deleted as needed
...
makes upgrading to rails 4 possible
2013-05-07 14:39:01 +10:00
Sam
be1ab8b275
automatic group infrustructure
2013-05-06 14:49:56 +10:00
Régis Hanol
392b9696f4
prevent duplicate actions on a post
2013-05-04 02:52:45 +02:00
Sam
42494b5bb1
we can't trust CSRF for anon the way it is designed.
...
The page they have loaded may be cached we need a different way of delivering the CSRF potentially
2013-05-03 16:43:11 +10:00
Sam
5ec52bd2e9
:s/moderator?/staff/g ... our naming was kind of crazy, renamed moderator? to staff
2013-05-02 17:22:27 +10:00
Sam
65cd00cf25
moderators now have teeth, more at http://meta.discourse.org/t/moderator-permission-set/6307/5
...
allow pms to be targetted at groups
2013-05-02 15:15:53 +10:00
Sam
cef9a74053
route for markdown /md/topic_id/post_number
2013-04-30 16:30:41 +10:00
Régis Hanol
017ee7c2da
FIX: [security bug] XHR check bypass
2013-04-30 02:34:19 +02:00
Jonathan Roes
057b4768e6
strip whitespace when changing e-mail addresses
...
Fixes #778 .
2013-04-27 23:03:06 -04:00
Régis Hanol
dca2fbcefc
add meaningful error message on upload [ fixes #773 ]
2013-04-27 20:26:17 +02:00
Neil Lalonde
6063f81946
Show something on categories page when js is disabled
2013-04-26 13:10:41 -04:00
Sam
f9e33ec6b8
store ip address and current user with incoming links
...
make links long an readable in share dialog
2013-04-26 16:18:55 +10:00
Sam
37867af1bb
track incoming links, amend share link to include user
...
fix pm styling
2013-04-24 18:05:35 +10:00
Neil Lalonde
06e5083950
Dashboard links to list of admins and moderators; Move a bunch of ember routes into one file: admin_users_list_routes.js
2013-04-23 12:07:58 -04:00
Neil Lalonde
fe1b979c65
Admin Dashboard: click numbers in Users per Trust Level table to see a list of the users
2013-04-23 10:41:40 -04:00
Sam
cfc62dadff
speed up tests
...
add the ability to find the first notify private message
2013-04-22 17:45:03 +10:00
Sam
4cea92c4e9
work in progress add support for groups
2013-04-19 10:34:39 +10:00
Neil Lalonde
372442bd1c
Make it possible to edit a category with an empty slug
2013-04-18 17:07:06 -04:00
Neil Lalonde
cbe0168922
Fix a problem where you might see missing {{sentTo}} value after a failed login
2013-04-18 16:44:56 -04:00
Neil Lalonde
f76d6c0f3f
Fix for loading uncategorized topics when slug for uncategorized_name is blank
2013-04-18 16:28:47 -04:00
Sam
6974ad487c
fix not found error when spiders were hitting with .php
2013-04-18 09:55:47 +10:00
Régis Hanol
b24c1a1ad9
better consistency around email case sensitivity
2013-04-15 02:20:33 +02:00
Sam
2bdb53261b
don't treat notify user as a flag
2013-04-15 13:09:52 +10:00
Philipp Weissensteiner
3dcb1905e3
Refactor user controller, create action, mostly.
...
The gist of the commit are a few improvements in the
create action, where:
* long boolean statemenst have been wrapped in smaller more readable
methods.
* the 3rd party user info creation has been extracted (still in controller)
* a small helper method for creating a new user from params (to reduce
visual clutter)
* specs have been added where I came across untested methods/branches
Other changes are more trivial like formatting and whitespace fixes.
Hope this helps. Regards.
2013-04-13 00:53:59 +02:00
Neil Lalonde
651cfba93f
Add ability to destroy a user with 0 posts
2013-04-12 16:53:00 -04:00
Sam
0f362c5474
this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save
2013-04-12 10:07:58 +10:00
Sam
850b042cab
introduce rack:cache as a default, so users don't need to configure apache or nginx
...
under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine)
reorganised so mini profilers can be cleanly disabled from config file
added caching for categories index
move production.rb to production.sample.rb
2013-04-11 16:24:21 +10:00
Régis Hanol
c5cf8be864
auto replace rules in titles
2013-04-10 11:00:50 +02:00
Mark Rushakoff
56acb5fcce
Don't call to_sym on param
2013-04-08 22:55:39 -07:00
Robin Ward
4ad006ea97
FIX: non-logged in users couldn't see who liked something
2013-04-08 11:57:23 -04:00
Sam
11ff0ccd03
correct logic for tracking the highest seen post number so its always consistent
2013-04-08 11:12:52 +10:00
Sam
9a1619727d
Merge pull request #670 from ZogStriP/add-some-tests-for-uploads
...
added some tests for uploads
2013-04-07 15:05:35 -07:00
Régis Hanol
41b7f741d0
extract hard-coded strings
2013-04-07 18:14:50 +02:00
Régis Hanol
1692350336
added some tests for uploads
2013-04-07 17:52:46 +02:00
Robin Ward
a14f62766e
Replace MultisiteI18n hack with SiteContent and admin editing.
2013-04-05 16:48:15 -04:00
Sam
a2cca2540e
some minimal site settings diags
...
fix issue where days_visited was totally out of sync
2013-04-05 17:47:54 +11:00
Robin Ward
fa1ba6791b
Work in Progress: Content Editing in Admin Section
2013-04-04 17:26:22 -04:00
Robin Ward
738789f336
Admins can't lock themselves out of a site by setting approval.
2013-04-03 12:23:28 -04:00
Robin Ward
368011d03b
Merge pull request #628 from ZogStriP/add-uploads-controller-specs
...
add UploadsController specs
2013-04-03 08:06:49 -07:00
Régis Hanol
2b120ef886
add UploadsController specs
2013-04-03 01:17:17 +02:00
Robin Ward
ee76f1926d
Debugging Tool for Hot Topics
2013-04-02 18:00:53 -04:00
Neil Lalonde
25073e873f
Fetch the list of problems more frequently on the admin dashboard
2013-03-29 15:48:26 -04:00
Mark Rushakoff
3e3712a517
Don't call to_sym on param
2013-03-28 20:50:07 -07:00
Régis Hanol
1668b5eab2
FIX: allows the selection of the default landing tab
2013-03-28 14:01:13 +01:00
Sam
2295290383
added best=N option to get N best comment on a post
2013-03-27 22:53:11 -07:00
Robin Ward
36269cfbaa
Rename 'popular' to 'latest'. First stab at 'Hot' tab.
2013-03-27 16:21:23 -04:00
Sam
fc94d3e551
match the create api with the update api ... so api is more consistent
2013-03-26 23:49:35 -07:00
Robin Ward
af7f6fea28
Can set the `hotness` of a category. For the soon to be implemented "hotness" tab.
2013-03-26 18:08:58 -04:00
Sam
c57ec611e1
basic api support
2013-03-25 18:04:46 -07:00
Sam
deb603f41c
Merge pull request #547 from kid0m4n/convert-ruby-1-9-syntax
...
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-24 16:43:17 -07:00
Karan Misra
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
Sam
b1d1ab7d2b
Merge pull request #559 from ZogStriP/fix-exception-when-wrong-resource-type-in-url
...
[fixes #391 ] exception when wrong resource type in URL
2013-03-24 16:16:34 -07:00
Régis Hanol
0da8f35659
[ fixes #391 ] exception when wrong resource type in URL
2013-03-24 22:25:24 +01:00
buddhamagnet
baef69d08c
add render nothing to refresh_browsers method
2013-03-23 21:37:37 +00:00
Sarah Vessels
54c7b1ab63
Use consistent new-style hashes in render calls *twitch*
2013-03-22 14:08:11 -04:00
Robin Ward
ee5213be5f
Fixes regression with video embeds
2013-03-21 20:53:12 -04:00
Robin Ward
babcfe6234
Cache oneboxes in Redis now instead of postgres.
2013-03-21 13:11:54 -04:00
Neil Lalonde
c3c25b894a
Cache dashboard data in the controller, not the report model
2013-03-20 13:54:32 -04:00
Neil Lalonde
1e4dd3ea0c
Start detecting install problems and report them on the admin dashboard. This commit adds check for Rails.env
2013-03-20 12:00:52 -04:00
Sam
62c60540be
pull moderator into own column, rename trust levels
2013-03-19 21:06:11 -07:00
Robin Ward
59fc3bfac4
PostDestroyer to replace callbacks for destroying
2013-03-18 17:55:11 -04:00
Robin Ward
e1e1bdd0b1
Merge pull request #469 from wojciechka/master
...
Support for running discourse with a prefix (i.e. as http://servername/discourse )
2013-03-18 07:24:11 -07:00
Neil Lalonde
50b04b2209
Add email counts to admin dashboard
2013-03-18 10:08:09 -04:00
Neil Lalonde
6a99d12784
Add likes to admin dashboard
2013-03-18 10:08:08 -04:00
Wojciech Kocjan
e6ccc300dc
Support for running discourse with a prefix (i.e. as http://servername/discourse )
2013-03-16 00:01:21 +01:00
Neil Lalonde
d9cdde9aa7
Add user counts for each trust level to admin dashboard
2013-03-15 18:09:02 -04:00
Neil Lalonde
8983df9856
Show current user count for now, not at different points in time
2013-03-15 18:09:01 -04:00
Robin Ward
76d8df6ac6
Merge pull request #462 from kubabrecka/colorpicker3
...
implement color picking from predefined set for category badges + option to change foreground color
2013-03-15 13:43:59 -07:00
Robin Ward
ad082cea70
Big commit:
...
- Support for a popup that shows similar topics
- Cleaned up a lot of Javascript
- Cleaned up use of Promises
2013-03-15 14:35:33 -04:00