Commit Graph

35967 Commits

Author SHA1 Message Date
Vinoth Kannan b6765aac4b FIX: add 'noindex' header to rss feed responses. 2020-01-24 09:30:27 +05:30
Martin Brennan 45b37a8bd1
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777)
When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads.

Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over.

In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-24 11:59:30 +10:00
Vinoth Kannan e4b8121650 Fix the build.
Make prettier happy.
2020-01-24 04:39:07 +05:30
Vinoth Kannan 26186ee6af FIX: topics sorting in tag pages is broken. 2020-01-24 04:26:14 +05:30
Krzysztof Kotlarek 8cc09fc668
Revert "FIX: Redis fallback handler refactoring (#8771)" (#8776)
This reverts commit 4f677854d3.
2020-01-24 09:20:17 +11:00
Roman Rizzi 8eb2147f1f
FIX: Ensure sourcemap's source is correct. Uses the full assets path this time. (#8774) 2020-01-23 14:44:00 -03:00
Roman Rizzi 9eb622985a
FEATURE: Replace existing badge owners when using the bulk award feature (#8770)
* FEATURE: Replace existing badge owners when using the bulk award feature

* Use ActiveRecord to sanitize title update query, Change replace checkbox text

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:14:58 -03:00
Roman Rizzi db5373a87c
UX: Invalid CSV error message now includes information about the malformed line (#8773)
* UX: Invalid CSV error message now includes information about the malformed line

* Update config/locales/server.en.ym and use line_number instead of lineno

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:04:06 -03:00
Régis Hanol 821e920711 DEV: fix deprecation warnings in specs
Also fixed a typo in a string key "max_pm_recepients" -> "max_pm_recipients"
2020-01-23 16:37:48 +01:00
dependabot-preview[bot] 0b3de60bee Build(deps): Bump faraday from 0.17.1 to 1.0.0 (#8646)
Bumps [faraday](https://github.com/lostisland/faraday) from 0.17.1 to 1.0.0.
- [Release notes](https://github.com/lostisland/faraday/releases)
- [Changelog](https://github.com/lostisland/faraday/blob/master/CHANGELOG.md)
- [Commits](https://github.com/lostisland/faraday/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-23 16:19:40 +01:00
dependabot-preview[bot] 9fea89a017 Build(deps-dev): Bump webmock from 3.7.6 to 3.8.0 (#8728)
Bumps [webmock](https://github.com/bblimke/webmock) from 3.7.6 to 3.8.0.
- [Release notes](https://github.com/bblimke/webmock/releases)
- [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md)
- [Commits](https://github.com/bblimke/webmock/compare/v3.7.6...v3.8.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-23 16:19:28 +01:00
dependabot-preview[bot] e309db9b58 Build(deps-dev): Bump parallel_tests from 2.30.0 to 2.30.1 (#8717)
Bumps [parallel_tests](https://github.com/grosser/parallel_tests) from 2.30.0 to 2.30.1.
- [Release notes](https://github.com/grosser/parallel_tests/releases)
- [Commits](https://github.com/grosser/parallel_tests/compare/v2.30.0...v2.30.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-23 16:19:14 +01:00
Arpit Jalan feff8b7425 Revert "FIX: lower case URLs before comparing for embedding comments"
This reverts commit 6ea040dd5f.
2020-01-23 20:36:05 +05:30
dependabot-preview[bot] 004d9ef3b7 Build(deps): Bump raindrops from 0.19.0 to 0.19.1 (#8680)
Bumps [raindrops](https://yhbt.net/raindrops/) from 0.19.0 to 0.19.1.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-23 15:47:01 +01:00
dependabot-preview[bot] 523bebbfeb Build(deps): Bump kgio from 2.11.2 to 2.11.3 (#8679)
Bumps [kgio](https://yhbt.net/kgio/) from 2.11.2 to 2.11.3.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-23 15:46:50 +01:00
Dan Ungureanu 6279d0e8b5 UX: Use '-' as default category slug (#8607)
This replaces the default slug from 'ID-category' to '-'.
2020-01-23 15:44:29 +01:00
Krzysztof Kotlarek 4f677854d3
FIX: Redis fallback handler refactoring (#8771)
* DEV: Add a fake Mutex that for concurrency testing with Fibers

* DEV: Support running in sleep order in concurrency tests

* FIX: A separate FallbackHandler should be used for each redis pair

This commit refactors the FallbackHandler and Connector:

 * There were two different ways to determine whether the redis master
   was up. There is now one way and it is the responsibility of the
   new RedisStatus class.

 * A background thread would be created whenever `verify_master` was
   called unless the thread already existed. The thread would
   periodically check the status of the redis master. However, checking
   that a thread is `alive?` is an ineffective way of determining
   whether it will continue to check the redis master in the future
   since the thread may be in the process of winding down.

   Now, this thread is created when the recorded master status goes from
   up to down. Since this thread runs the only part of the code that is
   able to bring the recorded status up again, we ensure that only one
   thread is probing the redis master at a time and that there is always
   a thread probing redis master when it is recorded as being down.

 * Each time the status of the redis master was checked periodically, it
   would spawn a new thread and immediately join on it. I assume this
   happened to isolate the check from the current execution, but since
   the join rethrows exceptions in the parent thread, this was not
   effective.

 * The logic for falling back was spread over the FallbackHandler and
   the Connector. The connector is now a dumb object that delegates
   responsibility for determining the status of redis to the
   FallbackHandler.

 * Previously, failing to connect to a master redis instance when it was
   not recorded as down would raise an exception. Now, this exception is
   passed to `Discourse.warn_exception` and the connection is made to
   the slave.

This commit introduces the FallbackHandlers singleton:

 * It is responsible for holding the set of FallbackHandlers.

 * It adds callbacks to the fallback handlers for when a redis master
   comes up or goes down. Main redis and message bus redis may exist on
   different or the same redis hosts and so these callbacks may all
   exist on the same FallbackHandler or on separate ones.

These objects are tested using fake concurrency provided by the
Concurrency module:

 * An `around(:each)` hook is used to cause each test to run inside a
   Scenario so that the test body, mocking cleanup and `after(:each)`
   callbacks are run in a different Fiber.

 * Therefore, holting the execution of the Execution abruptly (so that
   the fibers aren't run to completion), prevents the mocking cleaning
   and `after(:each)` callbacks from running. I have tried to prevent
   this by recovering from all exceptions during an Execution.

* FIX: Create frozen copies of passed in config where possible

* FIX: extract start_reset method and remove method used by tests

Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2020-01-23 13:39:29 +11:00
Martin Brennan 1b3b0708c0
FEATURE: Update upload security status on post move, topic conversion, category change (#8731)
Add TopicUploadSecurityManager to handle post moves. When a post moves around or a topic changes between categories and public/private message status the uploads connected to posts in the topic need to have their secure status updated, depending on the security context the topic now lives in.
2020-01-23 12:01:10 +10:00
Blake Erickson e85f4f6cc8 DEV: Add a test for ensure only edited badge titles updates a users
title

Adding a test to make sure we don't regress here in the future.

Follow up to: 8a89b7e108
2020-01-22 16:42:45 -07:00
Martin Brennan 65481858c2
FEATURE: Use upload:// short URL for videos and audio in composer (#8760)
For consistency this PR introduces using custom markdown and short upload:// URLs for video and audio uploads, rather than just treating them as links and relying on the oneboxer. The markdown syntax for videos is ![file text|video](upload://123456.mp4) and for audio it is ![file text|audio](upload://123456.mp3).

This is achieved in discourse-markdown-it by modifying the rules for images in mardown-it via md.renderer.rules.image. We return HTML instead of the token when we encounter audio or video after | and the preview renders that HTML. Also when uploading an audio or video file we insert the relevant markdown into the composer.
2020-01-23 09:41:39 +10:00
Martin Brennan 4646a38ae6
FIX: Use presigned URL to avoid 403 when pulling hotlinked images for secure media (#8764)
When we were pulling hotlinked images for oneboxes in the CookedPostProcessor, we were using the direct S3 URL, which returned a 403 error and thus did not set widths and heights of the images. We now cook the URL first based on whether the upload is secure before handing off to FastImage.
2020-01-23 09:31:46 +10:00
Robin Ward 57390d0bb9 FIX: Re-apply sourceURL in development mode
The `sourceURL` directive must be on the same line as the thing it's
referencing. This patch allows it to work again in development mode
because each Javascript file ends up in its own `define(...)` line.

It will strip out any trailing whitespace and put the `sourceURL`
comment on the same line and everything seems to work.
2020-01-22 18:12:41 -05:00
Mark VanLandingham c5eec19368
FIX: Featuring topic on other users profile shows their topics (#8769) 2020-01-22 14:16:17 -06:00
mintsaxon 4b54791bcc FIX: Notify staged users about private categories (#8765)
group membership and `CategoryUser` notification level should be
respected to determine whether to notify staged users about activity in
private categories, instead of only ever generating notifications for staged
users' own topics (which has been the behaviour since
0c4ac2a7bc)
2020-01-22 16:33:25 -03:00
romanrizzi 1de5b4ad64 Revert "FIX: Ensure sourcemap's source is correct"
This reverts commit 4553a0f6e0.
2020-01-22 16:31:34 -03:00
Dan Ungureanu c7a8bbd6a5
FIX: Show category list on subcategory page if it has subcategories too (#8768)
The category list was displayed only for top level categories, which
had no parent.
2020-01-22 20:27:30 +02:00
Neil Lalonde b63d146128 UX: add confirmation when adding tag synonyms
The new confirmation modal explains that adding a tag as a synonym to
another tag will change all topics to replace the synonyms with the
base tag.
2020-01-22 12:35:42 -05:00
dependabot-preview[bot] 9e8ee90774 Build(deps): Bump aws-partitions from 1.266.0 to 1.267.0 (#8762)
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.266.0 to 1.267.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-partitions/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-22 11:52:47 -05:00
Roman Rizzi 4553a0f6e0
FIX: Ensure sourcemap's source is correct 2020-01-22 12:57:28 -03:00
Dan Ungureanu b25d9e96c1
FIX: Show all parent categories on topic page (#8767) 2020-01-22 17:39:50 +02:00
Bianca Nenciu 7b7e1717f2
FIX: Quoting a quote preserves the original post information (#8746)
Let's say post #2 quotes post number #1. If a user decides to quote the
quote in post #2, it should keep the information of post #1
("user_1, post: 1, topic: X"), instead of replacing with current post
info ("user_2, post: 2, topic: X").
2020-01-22 16:10:23 +02:00
Blake Erickson 8a89b7e108 FIX: Ensure only edited badge titles update a users title
When editing site texts from

/admin/customize/site_texts/

you can edit badge titles (aka name) and this will update any users that
have that badge currently set as their title. This fix prevents a badge
description text from being set as their title if an admin updates the
badge description text or any other badge fields that aren't the title.
2020-01-21 19:09:42 -07:00
Neil Lalonde cca654fc1a Version bump to v2.4.0.beta10 2020-01-21 17:05:30 -05:00
Régis Hanol 96b64df4d4 FIX: use schema.org's BreadcrumList
The data-vocabulary.org schema is being deprecated.
We're now using the BreadcrumList data from the latest and greatest schema.org.

FIX: categories_breadcrumb helper to support more than 2 levels of categories.
2020-01-21 22:27:21 +01:00
Dan Ungureanu 89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
Bianca Nenciu fe6ff1b5ab DEV: Fix failing test
jquery.autoellipsis tries to automatically find the available space
which depends on multiple factors which may differ between the machines
where the tests are running.

Follow-up to commit 9c628f0897.
2020-01-21 19:15:29 +02:00
Bianca Nenciu 9c628f0897
FIX: Workaround limitation in jquery.autoellipsis (#8747)
Calling $.ellipsis() on an element containing <br> elements would throw
an exception.
2020-01-21 18:44:50 +02:00
Bianca Nenciu 0a27086764
FEATURE: Export all types of reports (#8748)
There is a single stacked_chart which was not exportable
2020-01-21 18:43:19 +02:00
Leo McArdle 8883cca373 enqueue spam/dmarc failing emails instead of hiding (#8674)
* enqueue spam/dmarc failing emails instead of hiding

* add translations for dmarc/spam enqueued reasons

* unescape quote

* if email_in_authserv_id is blank return gray for all emails
2020-01-21 11:12:00 -05:00
Kris 411512c0e3 FIX: higher z-index for usercards in the header 2020-01-21 10:57:32 -05:00
Dan Ungureanu 03143d9449
FIX: Do not extract dates from quotes and Oneboxes (#8754)
Post.local_dates used to contain dates from quotes and Oneboxes.
2020-01-21 17:42:41 +02:00
dependabot-preview[bot] 4e6ca5610c Build(deps): Bump aws-sdk-core from 3.87.0 to 3.89.1 (#8719)
Bumps [aws-sdk-core](https://github.com/aws/aws-sdk-ruby) from 3.87.0 to 3.89.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-core/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-21 10:09:56 -05:00
dependabot-preview[bot] b49f7a420b Build(deps): Bump aws-sdk-kms from 1.27.0 to 1.28.0 (#8755)
Bumps [aws-sdk-kms](https://github.com/aws/aws-sdk-ruby) from 1.27.0 to 1.28.0.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sdk-kms/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/1.27.0...1.28.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-21 10:09:41 -05:00
dependabot-preview[bot] 6cf088b7c9 Build(deps-dev): Bump byebug from 11.0.1 to 11.1.0 (#8758)
Bumps [byebug](https://github.com/deivid-rodriguez/byebug) from 11.0.1 to 11.1.0.
- [Release notes](https://github.com/deivid-rodriguez/byebug/releases)
- [Changelog](https://github.com/deivid-rodriguez/byebug/blob/master/CHANGELOG.md)
- [Commits](https://github.com/deivid-rodriguez/byebug/compare/v11.0.1...v11.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-21 10:09:20 -05:00
dependabot-preview[bot] 3c28f55ab7 Build(deps): Bump mini_sql from 0.2.3 to 0.2.4 (#8757)
Bumps [mini_sql](https://github.com/discourse/mini_sql) from 0.2.3 to 0.2.4.
- [Release notes](https://github.com/discourse/mini_sql/releases)
- [Changelog](https://github.com/discourse/mini_sql/blob/master/CHANGELOG)
- [Commits](https://github.com/discourse/mini_sql/compare/v0.2.3...v0.2.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-21 10:08:53 -05:00
dependabot-preview[bot] 32ec61d63c Build(deps): Bump unicode-display_width from 1.6.0 to 1.6.1 (#8756)
Bumps [unicode-display_width](https://github.com/janlelis/unicode-display_width) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/janlelis/unicode-display_width/releases)
- [Changelog](https://github.com/janlelis/unicode-display_width/blob/master/CHANGELOG.md)
- [Commits](https://github.com/janlelis/unicode-display_width/compare/v1.6.0...v1.6.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-01-21 10:08:24 -05:00
David Taylor 84a2aae77f
FIX: Allow the app to generate and accept longer backup codes (#8761)
- Increase size of textarea when displaying generated codes
- Adjust maxlength of input field in JS UI
- Adjust maxlength of input field in no_ember UI

Follow-up to bff9880d63
2020-01-21 14:28:31 +00:00
Martin Brennan 9db59deb11 Only warn about missing recipients for PM archetype 2020-01-21 16:38:16 +10:00
Martin Brennan 88e23d4cfa Change logger.debug to logger.warn for PM debug messages 2020-01-21 16:11:52 +10:00
Sam Saffron bff9880d63 DEV: increase the length of backup codes
16 ^ 8 though not tiny but is a workable search space in the event of
breach, 16 ^ 16 is not.
2020-01-21 15:32:06 +11:00