Commit Graph

38473 Commits

Author SHA1 Message Date
Bianca Nenciu 275b748016
FIX: Replace links to removed uploads from reviewables with a placeholder (#10180) 2020-07-10 17:57:06 +03:00
David Taylor 4b0d86d8d3
FIX: Do not display enabled inputs when username/name are locked 2020-07-10 10:49:32 +01:00
Dan Ungureanu c72bc27888
FEATURE: Implement support for IMAP and SMTP email protocols. (#8301)
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-07-10 12:05:55 +03:00
Dan Ungureanu e88b17c044
FIX: Sync client and server side behavior for category hashtag lookup
Category.query_from_hashtag_slug is the only source of truth.
2020-07-10 10:45:39 +03:00
Martin Brennan 56f42d89c5
FIX: Post menu bookmark icon and attributes not refreshing on notification click (#10214)
When creating a bookmark reminder that deletes the bookmark on reminder, if the user clicked on the notification and got taken to the post in the topic the bookmark icon still showed as blue with the reminder clock indicator. This was because the response JSON for reloading a topic post was not including the bookmark attributes, not even the bookmarked boolean.

We now return the correct attributes in the serializer, and if bookmarked is false we clear all the bookmark related attributes on the post for the notification to make sure nothing of the old bookmark remains in the UI.

This was only a problem if the user did not refresh the app completely inbetween setting the reminder and receiving the notification.
2020-07-10 14:35:53 +10:00
Martin Brennan 9a2955d471
FIX: Migrate topic_users.bookmarked to false when it is incorrectly true (#10211)
Follow up to https://github.com/discourse/discourse/pull/10188/files

There are still TopicUser records where bookmarked is true even though there are no Bookmark or PostAction records with the type of bookmark for the associated topic and user. This migration corrects this issue by setting bookmarked to false for these cases.
2020-07-10 12:22:15 +10:00
Penar Musaraj 37f7e41e60
DEV: Remove Google+ icon from sprite 2020-07-09 21:29:39 -04:00
Kris 706f1a6294
DEV: Remove text-ellipsis component and use CSS line-clamp instead (#10196) 2020-07-09 20:51:43 -04:00
Rafael dos Santos Silva 831f3cab56
DEV: Fix search rate limit tests 2020-07-09 20:44:17 -03:00
Blake Erickson e74817cbb9 DEV: Document set notification level endpoint
Another commit using rswag to document the api so that the api docs can
be automatically generated.
2020-07-09 17:41:11 -06:00
Rafael dos Santos Silva e866e3d609
FEATURE: Add global rate limit for anon searches (#10208) 2020-07-10 09:08:34 +10:00
Kane York 79b52b1e9a
DEV: Add SVG tests for 31e31ef44 (#10205) 2020-07-09 14:02:25 -07:00
Mark VanLandingham bfde665e76
DEV: Classes and plugin-outlet in admin user-list nav (#10204) 2020-07-09 15:10:25 -05:00
Robin Ward 5b276af921
Remove `Discourse.SiteSettings` from tests (#10193)
* Remove unused Discourse.SiteSettings

* Remove `Discourse.SiteSettings` from many tests

* REFACTOR: `lib:formatter` was using a lot of leaky state

* Remove more `Discourse.SiteSettings` from tests

* More SiteSettings removed from tests
2020-07-09 15:54:53 -04:00
Robin Ward b1c6ff9e1c FIX: Test output related to `Discourse::VERSION`
It's a little awkward to test constants by re-assigning them so
I've added a new parameter to `Discourse.find_compatible_resource`
which can be used by tests.
2020-07-09 14:57:27 -04:00
Robin Ward c2ce7f2673 FIX: Flaky test
The previous solution was not always working, I believe this one
will be consistent.
2020-07-09 14:48:49 -04:00
dependabot-preview[bot] dadf08fb3b
Build(deps): Bump cose from 1.0.0 to 1.1.0 (#10203)
Bumps [cose](https://github.com/cedarcode/cose-ruby) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/cedarcode/cose-ruby/releases)
- [Changelog](https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cedarcode/cose-ruby/compare/v1.0.0...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-09 14:13:32 -04:00
Robin Ward 10384bcdf4 FIX: Flaky tests
Locally I was getting a lot of failures from discourse-encrypt due to
leaky state in composer actions. This fixes it.
2020-07-09 12:58:57 -04:00
Mark VanLandingham 52f8eecbb9
FIX: Incorrect fix for invites breaking when no group is selected (#10202) 2020-07-09 11:58:29 -05:00
Mark VanLandingham 9d74cf6a63
FIX: Invites when no group is selected (#10201) 2020-07-09 11:41:17 -05:00
David Taylor cb1f891392
Revert "FIX: Incorrect search blurb when advanced search filters are used."
This change was causing advanced search filters to disappear from the search input

This reverts commit 2e1eafae06.
2020-07-09 16:19:18 +01:00
Daniel Waterworth 8d5750d90a FIX: Catch all kinds of exceptions when processing email 2020-07-09 13:41:51 +01:00
Daniel Waterworth 3b368a48d1 Revert "DEV: Add logging for stack level too deep exception in HtmlToMarkdown"
We can do this in a better way by storing an IncomingEmail record.

Follow-up-to: 4a9ee25c56
2020-07-09 13:41:33 +01:00
Jarek Radosz 32ee9fae40
FIX: Short URL resolution in cook-text (#10200)
Regressed in 3b51e05de2. Thanks to @romanrizzi for reporting!
2020-07-09 14:39:13 +02:00
Daniel Waterworth 4a9ee25c56 DEV: Add logging for stack level too deep exception in HtmlToMarkdown 2020-07-09 12:25:00 +01:00
Martin Brennan e0713455ca
PERF: Load topic bookmarks for the user in user_post_bookmarks (#10197)
Instead of loading all of the user bookmarks using all the post IDs in a topic, load all the bookmarks for a user using the topic ID. This eliminates a costly WHERE ID IN query.
2020-07-09 15:46:52 +10:00
Guo Xiang Tan d5c56a846a
DEV: Only failover the entire cluster when the default db goes down. 2020-07-09 11:49:03 +08:00
Martin Brennan 31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down. 2020-07-09 11:13:02 +08:00
Guo Xiang Tan cbe1dd8ec7
Revert "FIX: Delete related search data when record has been deleted."
This reverts commit ecc799ab56.

This commit does not fix anything because we've always been deleting
records in `Searchable`.
2020-07-09 10:08:35 +08:00
Jordan Vidrine 9eedc83e00
UI: Markdown Code Wrapping (#10195) 2020-07-08 20:50:42 -04:00
Blake Erickson abb01148fa DEV: Rubocop fixes
Follow up to: 3314654ab3
2020-07-08 18:27:19 -06:00
Blake Erickson 3314654ab3 DEV: Add API Doc specs for topic endpoints
Added some more specs that will be used to auto generate the api docs.
2020-07-08 18:08:14 -06:00
romanrizzi 720a7f88e2 Revert "Add License"
This reverts commit ba1c4b3ee9.
2020-07-08 15:11:04 -03:00
Roman Rizzi ba1c4b3ee9
Add License 2020-07-08 15:09:42 -03:00
Penar Musaraj bd511c004c
UX: Fix missing icon when merging selected posts 2020-07-08 13:57:05 -04:00
Penar Musaraj 67582e7d27
FIX: Do not send system emails to suspended users (#10192) 2020-07-08 13:30:32 -04:00
Mark VanLandingham 90512d723c
UX: Use group-chooser in invite modal (#10186) 2020-07-08 12:02:26 -05:00
Robin Ward f3ff9d5625 FIX: `getURL` deprecation 2020-07-08 11:40:53 -04:00
Arpit Jalan 78beb4368a FIX: 'resend all invite' button was not working as expected 2020-07-08 15:52:44 +05:30
marielaSAG e45307a105
DEV: Added before-create-topic-button plugin-outlet (#10109) 2020-07-08 18:21:30 +10:00
Mark VanLandingham a9292086f4
DEV: Add classes to quick-access-profile items (#10185) 2020-07-08 17:30:12 +10:00
Martin Brennan 6be7a66ba7
FIX: Cap bookmark name at 100 chars and truncate existing names (#10189)
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.

This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
2020-07-08 17:19:01 +10:00
Sam Saffron bac25e6dd7
DEV: upgrade rack to version 2.2.3
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52

An attacker can elevate own cookie usage to bypass server cookie restrictions

Technically this is a security commit, but the surface area is extremely
low, we do not expect any real world impact.
2020-07-08 16:42:31 +10:00
Sam Saffron 8af5194e39
DEV: upgrade rails to version 6.0.3.2
This includes a fix for CVE-2020-8185 we are not vulnerable as we do not use
the impacted middleware. However it still makes sense to stay upgraded, other
small fixes exist in this release.
2020-07-08 16:34:29 +10:00
Bianca Nenciu bd842cd2b0
FEATURE: Parse images in email signatures (#10137)
* FEATURE: Parse images in email signatures

* DEV: Fix tests

* Code review
2020-07-08 15:50:30 +10:00
Martin Brennan 07ad243603
FIX: Stop updating bookmarked column from TopicUser.update_post_action_cache (#10188)
* This is causing issues where sometimes bookmarked is out of sync with what is in the Bookmark table. The BookmarkManager handles updating this column now.
* Add migration to fix bookmarked column that is incorrectly marked false when a Bookmark record exists.
2020-07-08 15:27:42 +10:00
Guo Xiang Tan 2e1eafae06
FIX: Incorrect search blurb when advanced search filters are used. 2020-07-08 11:59:49 +08:00
dependabot-preview[bot] 26dc981285 Build(deps): Bump rubocop from 0.86.0 to 0.87.1
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.87.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.87.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:38 +08:00