Commit Graph

42599 Commits

Author SHA1 Message Date
Alan Guo Xiang Tan 303e9e42b6 SECURITY: Do not reveal post whisperer in personal messages.
Prior to this fix, post whisperer in personal messages are revealed in
the topic's participants list even though non-staff users are unable to
see the whisper.
2021-07-23 15:42:23 +08:00
Mark VanLandingham 9165f0a0f8
DEV: Export pretty text function for plugin use (#13826) 2021-07-22 14:06:46 -05:00
Neil Lalonde cb858af8c7
Version bump to v2.8.0.beta4 (#13824) 2021-07-22 12:23:50 -04:00
Andrei Prigorshnev 8bc01c1bb5
DEV: extract leave_group method from the group#remove_member method (#13823)
* Copy remove_member to new `leave` method

* Remove unneeded code from the leave method

* Rearrange the leave method

* Remove unneeded code from the remove_member method

* Add tests

* Implement on the client side
2021-07-22 20:14:18 +04:00
Dan Ungureanu 27211ee7bb
FIX: Ensure browser history contains correct URLs (#13367)
Clicking on an incomplete link to a topic (/t/ID or /t/SLUG) from
another post could replace current history entry or create two: one for
the incomplete URL and another one for the correct one. Going back was
either impossible or took the user to a redirect loop, redirected back
to /t/ID which redirected them again to /t/SLUG/ID.
2021-07-22 18:59:59 +03:00
Andrei Prigorshnev 73e8183ffb
FIX: update the list of users after user joined group (#13822)
* Make UI update after user have joined a public group

* Check if a group exists in the join method
2021-07-22 18:48:26 +04:00
Bianca Nenciu 18c32a809b
FIX: Validate email_accent_bg_color color (#13778)
Using an invalid value was allowed. This commit tries to automatically
fix the color by adding missing # symbol or will show an error to the
user if it is not possible and it is not a CSS color either.
2021-07-22 17:42:47 +03:00
Discourse Translator Bot 3667cc6447
Update translations (#13821) 2021-07-22 12:31:19 +02:00
Ruoxin Wang f9aaed7020
FIX: MyBB importer exposes deleted posts (#13700)
The MyBB importer exposes posts marked as deleted in MyBB. This may lead to a privacy issue.
2021-07-22 09:55:02 +02:00
Andrei Prigorshnev 3cf7a3766a
DEV: extract join_group method from groups#add_members method (#13807)
* Copy the add_members method to the new join method

* Remove unneeded code from the join method

* Rearrange the join method

* Remove unneeded stuff from the add_members method

* Extract add_user_to_group method

* Implement of the client side

* Tests

* Doesn't inline users.uniq

* Return promise from join.then()

* Remove unnecessary begin and end

* Revert "Return promise from join.then()"

This reverts commit bda84d8d

* Remove variable already_in_group
2021-07-22 11:11:23 +04:00
Martin Brennan f41908ad5b
SECURITY: Validate period param for top topic routes (#13818)
Fixes a possible SQL injection vector
2021-07-22 16:31:53 +10:00
jbrw 09d23a37a5
DEV: Add default `Accept-Language` to FinalDestination requests (#13817)
Not specifying an `Accept-Language` should be equivalent to specifying an `Accept-Language` of `*`, however some webservers seem to prefer it if we are explicit about being able to handle a response of content in any language.
2021-07-22 15:49:59 +10:00
dependabot[bot] c191194046 Build(deps-dev): Bump listen from 3.5.1 to 3.6.0
Bumps [listen](https://github.com/guard/listen) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/guard/listen/releases)
- [Commits](https://github.com/guard/listen/compare/v3.5.1...v3.6.0)

---
updated-dependencies:
- dependency-name: listen
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-07-22 09:11:39 +08:00
Joffrey JAFFEUX 5eb6e9281a
FIX: manually adds frowning_face_with_open_mouth for apple (#13528) 2021-07-21 23:27:20 +02:00
Robin Ward 78ab3f37b8 FIX: Don't proxy `/qunit` URL when using Ember CLI
This is confusing because you're running the tests on the older version
of Ember. Use `/tests` for Ember CLI, and `/qunit` when using Rails'
asset pipeline (but only if REALLY necessary!)
2021-07-21 15:21:09 -04:00
Penar Musaraj 8a470e508e
UX: Improve quick search suggestions (#13813) 2021-07-21 14:00:27 -04:00
Robin Ward 4f328089d6 FIX: Force timeline/progress to re-insert into DOM on topic change
We have CSS animations which depend on the timeline/progress being
completely cleared when navigating from one topic directly to another.
This always worked because our loading component would clear the entire page
between topics but with our new experimental loading component the DOM was being
re-used.

This patch ensures that the timeline is removed completely from the DOM
if the topic changes.
2021-07-21 12:37:40 -04:00
Kris 5ebae8a64d
need to check if currentUser exists (#13814) 2021-07-21 12:26:28 -04:00
Régis Hanol da81cfe317
Fixed a typo in the 'same_site_cookies' site setting description (#13809) 2021-07-21 17:21:04 +02:00
Kris aa6daeaa3e
FEATURE: New style for personal messages (#13800) 2021-07-21 10:41:04 -04:00
Joffrey JAFFEUX a10fd95a7e
DEV: removes unused version_bump script (#13811) 2021-07-21 10:35:24 -04:00
Penar Musaraj 2ce2c83bc9
FIX: Show user filter hints when typing `@` in search (#13799)
Will show the last 6 seen users as filtering suggestions when typing @ in quick search. (Previously the user suggestion required a character after the @.)

This also adds a default limit of 6 to the user search query, previously the backend was returning 20 results but a maximum of 6 results was being shown anyway.
2021-07-21 09:14:53 -04:00
Joffrey JAFFEUX 519528daa2
FIX: allows to use icon-picker in wizard (#13786)
- inlines dasherize helper in sk
- uses an ajax helper to load wizard's ajax lib when in wizard
- amends wizard's ajax lib to work with string as first arg
- disabled loading spinner in wizard as it's not available
2021-07-21 13:49:21 +02:00
Bianca Nenciu 4da0a33524
FIX: Allow only groups with flairs to be selected (#13744)
It used the same permission check as for primary groups which is
wrong because not all groups that can be primary have a flair.
2021-07-21 14:41:04 +03:00
Andrei Prigorshnev d9faae483d
FIX: Consider 100 years suspension as permanent (instead of 500-years suspension) (#13808)
That'll be consistent with recent changes in https://github.com/discourse/discourse/pull/13776
2021-07-21 15:28:47 +04:00
Joffrey JAFFEUX 265e32e3e2
DEV: uses main instead of master in version_bump script (#13805) 2021-07-21 10:40:35 +02:00
Discourse Translator Bot 28b5e6e47d
Update translations (#13796) 2021-07-21 10:30:34 +02:00
Krzysztof Kotlarek 40f6ceb6f2
FIX: display warning when SSO email is different from invite email (#13804)
In this commit, we skipped frontend validation when email is obfuscated:
https://github.com/discourse/discourse/commit/534008ba24c

However, if email from SSO is different from email from invite, we should still display warning.
2021-07-21 17:03:04 +10:00
mintsaxon 7162ecfb04 FEATURE: Per-category default slow mode duration for topics.
When configured, all topics in the category inherits the slow mode
duration from the category's default.

Note that currently there is no way to remove the slow mode from the
topics once it has been set.
2021-07-21 12:32:07 +08:00
Gerhard Schlager 0ea58fe51f DEV: Spec shouldn't depend on translation 2021-07-21 12:24:54 +08:00
Alan Guo Xiang Tan 0d8144b62b DEV: Improve logging of errors in `Jobs::ProcessUserNotificationSchedules`
Gives us the actual error and backtrace to work with. Otherwise, the
logging of the error is not useful at all.
2021-07-21 12:20:44 +08:00
Jarek Radosz 4223541bc5
DEV: Fix release_note task warnings (#13794)
There was a bunch of warnings repeated over and over during spec runs:

```
/var/www/discourse/lib/tasks/release_note.rake:3: warning: already initialized constant DATE_REGEX
/var/www/discourse/lib/tasks/release_note.rake:3: warning: previous definition of DATE_REGEX was here
/var/www/discourse/lib/tasks/release_note.rake:5: warning: already initialized constant CHANGE_TYPES
/var/www/discourse/lib/tasks/release_note.rake:5: warning: previous definition of CHANGE_TYPES was here
```
2021-07-20 20:25:48 +02:00
Kris 5f6b9e36ed
UX: New text and style for dominating topic message (#13789) 2021-07-20 13:58:38 -04:00
Mark VanLandingham af5cf5ec2a
FIX: User directory - correct variable names (#13798) 2021-07-20 09:58:54 -05:00
Andrei Prigorshnev efc8d5f134
DEV: ignore the 2FA table when moving timestamps (#13793)
or 2FA will be broken after moving. We use this script for moving timestamps when restoring Try.
2021-07-20 15:49:20 +04:00
Andrei Prigorshnev 1a8c949900
UX: suspend forever time period messages (#13776)
When the Forever option is selected for suspending a user, the user is suspended for 1000 years. Without customizing the site’s text, this time period is displayed to the user in the suspension email that is sent to the user, and if the user attempts to log back into the site. Telling someone that they have been suspended for 1000 years seems likely to come across as a bad attempt at humour.

This PR special case messages when a user suspended or silenced forever.
2021-07-20 14:42:08 +04:00
Jarek Radosz 351ef6c2cc
UX: Tweak groups page css (#13775)
Improves icon-name alignment.
2021-07-20 12:26:52 +02:00
Bianca Nenciu 3d387d7891
FIX: Serialize flair group ID for preferences page (#13741)
Staff viewing the user preferences page of other users did not see the
selected flair because that information was not serialized for them.
2021-07-20 13:06:40 +03:00
Joffrey JAFFEUX 4cb65675c6
DEV: uses main branch in lefthooks (#13792) 2021-07-20 10:18:55 +02:00
Vinoth Kannan 08c6a7679d
DEV: allow `dev:populate` rake task in production environment. (#13777)
To use this rake task in production `ALLOW_DEV_POPULATE` environment variable should be set to "1".
2021-07-20 12:25:59 +05:30
Kris b335211038
FEATURE: Add input name so 1password ignores input (#13790) 2021-07-20 15:06:05 +10:00
Michael Brown 784e929499 upload_creator: force ImageMagick to use internal SVG code to determine size
This change largely targets dev users, but it could potentially change
behaviour in production.

Jamie Wilson & I debugged a problem where "should not be larger than the
maximum thumbnail size" would fail due to timeouts.

On our systems, on ImageMagick 7.1.0-2, with inkscape installed, IM would
attempt to rasterise the svg then check the resulting filesize, causing the
test to timeout.

As of now, we haven't found a way to cause this to behave better, but have a
workaround in that forcing IM to use the internal renderer (`MSVG:`) seems to
make it perform the same on development workstations as it does in our docker
container.
2021-07-19 22:03:57 -04:00
Martin Brennan 0dadd61d27
FIX: Change email from to not have via site_name for group SMTP (#13788)
We now use the group's full name in group SMTP emails, so we are dropping the via #{site_name}. If group owners still want this they can just change the full name of the group.
2021-07-20 11:56:04 +10:00
Penar Musaraj e3144fc0c7
FIX: Toggle search menu when click the same button (#13781) 2021-07-19 19:01:09 -04:00
Kris fe5be427c3
Update class name to avoid ad blocker (#13785) 2021-07-19 16:15:09 -04:00
Mark VanLandingham 80950d7b28
DEV: Add chat_mention notification type (#13784) 2021-07-19 14:52:12 -05:00
Michael Brown 76a11e6dc9 DEV: fix test (missed a reference to master) 2021-07-19 12:47:45 -04:00
Michael Brown aa12d12c0b discourse/discourse change from 'master' to 'main': update fixture data 2021-07-19 11:46:15 -04:00
Michael Brown 5f7e60d9dc discourse/discourse change from 'master' to 'main' 2021-07-19 11:46:15 -04:00
Alan Guo Xiang Tan 1472e47aae
FIX: Remove hardcoded value when displaying incoming messages count. (#13774)
Follow-up to 902d0e1e3a.
2021-07-19 14:59:05 +08:00