Commit Graph

6391 Commits

Author SHA1 Message Date
Maja Komel 39522659a6 FIX: validate parent category/subcategories permissions
See: https://meta.discourse.org/t/subcategories-do-not-inherit-permissions-from-parent-category/17174/23 for more details

This ensures users with access to child category can always at least see parent
2019-02-14 16:38:52 +11:00
Sam ba2fb2024f FEATURE: by default exclude thumbnails from backups
This makes backups slimmer out of the box but introduces extra process post
restore to run a full rebake of all posts containing uploads and all avatars

The benefit (slimmer backup) outweighs the cost of running the full rebake
2019-02-14 12:20:55 +11:00
Régis Hanol 4d674acc25 FEATURE: AWS SNS bounce notifications webhooks 2019-02-13 21:26:40 +01:00
Gerhard Schlager b087719340 FEATURE: Setting for excluding optimized images from backups 2019-02-13 11:10:51 +01:00
Gerhard Schlager 9eb7dea0f1 FEATURE: Setting for compression level of upload in backups 2019-02-12 15:50:31 +01:00
Penar Musaraj 62043e6904 UX: Hide branch/private repo options in admin theme import modal 2019-02-08 10:17:29 -05:00
David Taylor 56820a5fa5
PERF: Add text/javascript to NGINX gzip_types 2019-02-07 23:47:42 +00:00
Gerhard Schlager cbedb6a1ac FEATURE: Hidden site setting to always include topic excerpt 2019-02-07 22:45:21 +01:00
Neil Lalonde 55cc5ab4b8 Update translations 2019-02-07 09:49:57 -05:00
David Taylor 0c14f0d0a0 UX: Rename color scheme to color palette in UI
The word 'scheme' was very easy to get confused with 'theme', this provides a better distinction.
2019-02-07 11:04:49 +00:00
David Taylor f3cfce4a93
FEATURE: Calculate sprite-sheet based on currently active themes (#6973)
Previously there was only one sprite sheet, which always included icons from all themes even if they were disabled
2019-02-06 15:51:23 +00:00
Arpit Jalan 381793243e FIX: include error message if the "accept invite" process fails 2019-02-06 19:20:25 +05:30
Sam 15857b900a DEV: explicitly require Rails components
`rails/all` includes too much stuff per: https://github.com/rails/rails/blob/master/railties/lib/rails/all.rb

This commit makes it explicit what pieces of Rails Discourse depends on.

Previously the LoadError was protecting us and we were excluding components,
using the Gemfile, this method ensures that even if we add `rails` meta gem
as a dependency only the parts of Rails Discourse uses will be used.
2019-02-06 17:45:48 +11:00
Gerhard Schlager ba724d7f25 FIX: S3 endpoint broke bucket creation in non-default region 2019-02-05 18:17:02 +01:00
Maja Komel d42139dfaa fix typo 2019-02-05 12:59:20 +01:00
Vinoth Kannan 3119e88efe Allow 'enable_s3_inventory' site setting to be shadowed. 2019-02-01 14:33:06 +05:30
Vinoth Kannan b4f713ca52
FEATURE: Use amazon s3 inventory to manage upload stats (#6867) 2019-02-01 10:10:48 +05:30
Neil Lalonde 6bfd2b6eaf Update translations 2019-01-31 16:27:07 -05:00
Neil Lalonde 024ba28525 Update translations 2019-01-28 10:27:20 -05:00
David Taylor 77d26b9df6 FIX: Support application/gzip theme imports, and improve error message 2019-01-28 11:51:14 +00:00
Simon Cossar 47dbf54960 Update descriptions of public and staff user custom field Site Settings (#6954) 2019-01-25 14:47:36 -08:00
Joffrey JAFFEUX 85002cf02b
UX: improves copy of various reports (#6950) 2019-01-25 16:58:18 +01:00
David Taylor d338e54f59
FEATURE: Allow setting font size per-device using a cookie (#6947) 2019-01-25 15:06:06 +00:00
David Taylor a48731e359
FEATURE: Support additional metadata in theme about.json (#6944)
New `about.json` fields (all optional):
 - `authors`: An arbitrary string describing the theme authors
 - `theme_version`: An arbitrary string describing the theme version
 - `minimum_discourse_version`: Theme will be auto-disabled for lower versions. Must be a valid version descriptor.
 - `maximum_discourse_version`: Theme will be auto-disabled for lower versions. Must be a valid version descriptor.

A localized description for a theme can be provided in the language files under the `theme_metadata.description` key

The admin UI has been re-arranged to display this new information, and give more prominence to the remote theme options.
2019-01-25 14:19:01 +00:00
Joffrey JAFFEUX f461a9971f
FIX: makes staff_logins show only admins (#6948) 2019-01-25 11:28:52 +01:00
Joshua Rosenfeld 1bf3e46537
UX: Improve global notice description
Add "non-dismissible" to the site setting description for global notice per https://meta.discourse.org/t/global-notice-whats-the-use-case/107355/5
2019-01-24 10:34:31 -05:00
David Taylor afd449089f
FEATURE: Import and export themes in a .tar.gz format (#6916) 2019-01-23 14:40:21 +00:00
Joe d720215183 UX: admin badge page improvements 2019-01-23 11:29:51 +01:00
David Taylor 2e59a37687
FEATURE: List unused theme components (#6924) 2019-01-23 09:20:13 +00:00
Jeff Atwood eb9377afd4 FEATURE: default block ahrefsbot crawler 2019-01-23 00:38:16 -08:00
Jeff Atwood 2dc680c94c very minor copyedit 2019-01-23 00:27:10 -08:00
Jeff Atwood 658cc4d0d0 FEATURE: default block semrushbot crawler 2019-01-23 00:25:01 -08:00
Bhanu 035c330457 Update Twitter App links
Twitter changed their Developer page link again, apps.twitter.com is now in sunset phase.
2019-01-22 09:10:22 -05:00
Neil Lalonde 65f6135213 Update translations 2019-01-21 14:04:43 -05:00
Joffrey JAFFEUX 3e1e9fce7e
FIX: better legend labels for stacked-charts (#6914) 2019-01-21 17:10:10 +01:00
Joffrey JAFFEUX b95165b838
FEATURE: adds a new chart report to track pageviews (#6913) 2019-01-21 15:17:04 +01:00
Jeff Atwood 444bc466b0 for docs, normalize on space after code fence when specifying lang 2019-01-21 01:19:28 -08:00
Guo Xiang Tan 27c421775e Fix broken spec. 2019-01-21 16:15:39 +08:00
Jeff Atwood 9b7cbe444c copyedits 2019-01-20 23:35:45 -08:00
Vinoth Kannan 9cf4013073 Add raw post content in "flagged post removed by staff" PM 2019-01-21 12:27:23 +05:30
Guo Xiang Tan eb9565d8fc DEV: Rescue from readonly error in lograge. 2019-01-21 14:20:19 +08:00
Gerhard Schlager 90823eaca6 Update translations 2019-01-19 23:41:52 +01:00
Maja Komel 45f66826ee PERF: delete potentially large associated tables before user_destroyer.destroy transaction 2019-01-18 16:10:03 +01:00
Claas Augner 78362448bc I18n: fix typo (#6903)
In site_settings.likes_notification_consolidation_window_mins
2019-01-18 10:01:41 -05:00
Guo Xiang Tan ee7ab3e2ec Pause MiniScheduler when Sidekiq is paused. 2019-01-18 17:50:24 +08:00
Rishabh a827e2afe3 UX: correct innacurate descriptions for short_title, pwa_config_title_warning
follow-up on 1a39f6fd
2019-01-18 11:29:16 +05:30
Gerhard Schlager 1d0ee6fa8d UX: Remove unused translations (#6885)
These messages aren't needed any more since bb93a345eb
2019-01-18 12:09:20 +08:00
Jeff Atwood b2a12de8a1 remove out of date copy on category desc 2019-01-17 16:54:52 -08:00
Penar Musaraj 3501533a2b DEV: unpin Prettier version, apply to YAML files
We had Prettier pinned because of https://github.com/prettier/prettier/issues/5529. Since that bug is fixed, unpinning.

Prettier now supports YAML, so this applies Prettier to all .yml except for translations, which should not be edited directly anyway.
2019-01-17 13:05:39 -05:00
Kris 675bf94133 UX: Bump up base font size 1px, add smaller text size option 2019-01-17 10:30:34 -05:00
David Taylor 880311dd4d
FEATURE: Support for localized themes (#6848)
- Themes can supply translation files in a format like `/locales/{locale}.yml`. These files should be valid YAML, with a single top level key equal to the locale being defined. For now these can only be defined using the `discourse_theme` CLI, importing a `.tar.gz`, or from a GIT repository.

- Fallback is handled on a global level (if the locale is not defined in the theme), as well as on individual keys (if some keys are missing from the selected interface language).

- Administrators can override individual keys on a per-theme basis in the /admin/customize/themes user interface.

- Theme developers should access defined translations using the new theme prefix variables:
  JavaScript: `I18n.t(themePrefix("my_translation_key"))`
  Handlebars: `{{theme-i18n "my_translation_key"}}` or `{{i18n (theme-prefix "my_translation_key")}}`

- To design for backwards compatibility, theme developers can check for the presence of the `themePrefix` variable in JavaScript

- As part of this, the old `{{themeSetting.setting_name}}` syntax is deprecated in favour of `{{theme-setting "setting_name"}}`
2019-01-17 11:46:11 +00:00
Guo Xiang Tan 234e0f35c5 Fix the build.
6edf285c89
2019-01-17 17:28:09 +08:00
Guo Xiang Tan 6edf285c89 FIX: Avoid rescuing error in login hint initializer.
On the first migration, trying to access the users table will throw an
error in PostgreSQL's log which has been confusing since users will
report it to us when rebuild fails.
2019-01-17 17:22:15 +08:00
Rishabh 1a39f6fd5d UX: Improve short_title SiteSetting description 2019-01-17 13:15:47 +05:30
Rishabh 88546bfe00
UX: Improve logo setting texts to hint that dimensions are a requirement (#6892)
* UX: Improve logo setting texts to hint that dimensions are a requirement
follow-up on 67a7670b
Use 512 × 512 instead of 512 x 512 or 512 by 512

* UX: Normalize all SiteSetting text dimensions to use the '512 × 512' format
2019-01-17 12:49:43 +05:30
Sam 384135845b FEATURE: introduce ultra_low priority queue
This commit introduces an ultra low priority queue for post rebakes. This
way rebakes can never interfere with regular sidekiq processing for cases
where we perform a large scale rebake.

Additionally it allows Post.rebake_old to be run with rate_limiter: false
to avoid triggering the limiter when rebaking. This is handy for cases
where you want to just force the full rebake and not wait for it to trickle
2019-01-17 14:53:19 +11:00
Jeff Atwood 67a7670bab copyedits 2019-01-16 19:43:28 -08:00
Jeff Atwood 2fad75306d minor copyedit 2019-01-16 19:13:41 -08:00
Jeff Atwood 9f179d4986 UX: soften dashboard warning PM 2019-01-16 15:11:06 -08:00
Jeff Atwood f0999f27a7 UX: soften the "problems" alert on dashboard 2019-01-16 14:58:19 -08:00
Guo Xiang Tan c30f78793a Lower default for `SiteSetting.likes_notification_consolidation_threshold`. 2019-01-16 17:56:02 +08:00
Guo Xiang Tan e7b49c42c4 FIX: Allow liked notifications consolidation to be disabled. 2019-01-16 16:17:04 +08:00
Guo Xiang Tan ebe65577ed
FEATURE: Consolidate likes notifications. (#6879) 2019-01-16 10:40:16 +08:00
Gerhard Schlager 70cdb42173 FIX: Tooltip for unlisted topics wasn't shown in topic list
The locale key had to be renamed, because this key is also used as CSS class.
The "invisible" CSS class makes the icon invisible. "unlisted" doesn't have that effect.
2019-01-15 16:13:06 +01:00
Penar Musaraj 1c1fd2051f
FEATURE: enable CSP by default on new sites (#6873)
- adds migration to enable CSP for new sites
- removes "EXPERIMENTAL" labels from setting names
- sets CSP violation report to default off
- adds CSP-related note to GTM setting
2019-01-15 08:58:46 -05:00
Neil Lalonde 81953339f2 Update translations 2019-01-14 12:23:49 -05:00
David Taylor 1ebd3dbbd0
FEATURE: Allow the base font size to be changed on a per-user basis (#6859) 2019-01-14 13:21:46 +00:00
Arpit Jalan aeeead351a UX: use generic label for S3-compatible storage provider 2019-01-14 15:05:15 +05:30
Arpit Jalan 93eb0a0690 UX: better help text for private invite-only instance 2019-01-12 18:40:00 +05:30
David Taylor 49593d1a00 FIX: Fix registration dialog popup for 'full screen' social logins
Regression following the ember3 upgrade. In addition to fixing, this commit consolidates our social registration logic into one place, and adds tests for the behaviour.
2019-01-12 12:08:13 +00:00
David Taylor a8fc677677 FIX: Correct copy for flag_sockpuppets site setting 2019-01-11 17:31:41 +00:00
Vinoth Kannan 2684ecaecf minor copyedit
Topics will be in closed status until the community flags are handled
2019-01-09 14:49:28 +05:30
Zach Whitehead 2748822576 FEATURE: Remove option for Google Plus sharing (#6864)
* Remove option for Google Plus sharing

* remove google+ share translations
2019-01-09 10:17:50 +08:00
Rafael dos Santos Silva f73fe36772 FEATURE: PWA compatibility checks in the Dashboard (#6850) 2019-01-09 08:46:11 +08:00
Arpit Jalan e0bc82657b FIX: better accept invite flow when user is invited via a link 2019-01-07 14:22:08 +05:30
Gerhard Schlager c0a8bb9a91 FEATURE: Include "via <site_name>" in email From header 2019-01-04 17:06:19 +01:00
David Taylor 5bf16d7d10 FEATURE: Topic timer for bumping a topic in the future 2019-01-04 13:08:04 +00:00
Sam 8b7a2d1cb7 FEATURE: add setting to bypass sending redis CLIENT commands
Some cloud providers (Google Memorystore) do not support any CLIENT commands

By setting :id to nil in the redis config hash we can avoid these commands.

This adds a special global setting GCE users can enable:
`DISCOURSE_REDIS_SKIP_CLIENT_COMMANDS = true`
2019-01-04 15:08:33 +11:00
Sam 8f35fd4595 FEATURE: remove global settings for redis sentinels
This global setting is never used, configuring Discourse with sentinel is
unsupported.
2019-01-04 15:08:33 +11:00
cfitz 19d7545318 FEATURE: Make auth_redirect param options on user_api_keys
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
2019-01-04 14:46:18 +11:00
Jeff Atwood d7a82f146a minor copyedit 2019-01-03 16:47:39 -08:00
Joshua Rosenfeld e74dd273b9
UX: Update site setting description to match current function 2019-01-03 19:08:25 -05:00
Sam 70269c7c97 FEATURE: tighter limits on per cluster post rebakes
We have the periodical job that regularly will rebake old posts. This is
used to trickle in update to cooked markdown. The problem is that each rebake
can issue multiple background jobs (post process and pull hotlinked images)

Previously we had no per-cluster limit so cluster running 100s of sites could
flood the sidekiq queue with rebake related jobs.

New system introduces a hard limit of 300 rebakes per 15 minutes across a
cluster to ensure the sidekiq job is not dominated by this.

We also reduced `rebake_old_posts_count` to 80, which is a safer default.
2019-01-04 09:24:46 +11:00
Vinoth Kannan 385829d7be FEATURE: Display error message when category restriction is applied for tags 2019-01-04 00:29:13 +05:30
Neil Lalonde d7656f30c3 Update translations 2019-01-02 12:32:38 -05:00
Joe 2914431729
Improves admin and wizard logo copy
History:

https://meta.discourse.org/t/logo-recommended-resolution-tips/105053/6
2019-01-02 14:12:40 +08:00
Arpit Jalan 70fdc10365
FEATURE: move posts to new/existing PM (#6802) 2018-12-31 17:17:22 +05:30
Arpit Jalan 1381dc603d UX: show generic message when reloading 'activation email resent' page 2018-12-31 13:12:37 +05:30
Sam a19170a4c2 DEV: avoid require_dependency for some libs
This avoids require dependency on method_profiler and anon cache.

It means that if there is any change to these files the reloader will not pick it up.

Previously the reloader was picking up the anon cache twice causing it to double load on boot.

This caused warnings.

Long term my plan is to give up on require dependency and instead use:

https://github.com/Shopify/autoload_reloader
2018-12-31 10:53:30 +11:00
Joffrey JAFFEUX f1269fa807
FEATURE: Add `Top Uploads` report (#6825)
Co-Authored-By: I am very Pro-Grammer. <khalilovcmded@users.noreply.github.com>
2018-12-28 20:48:54 +01:00
Joe eaabbe5943
UX: improves help text for admin and wizard logo settings 2018-12-28 17:48:33 +08:00
Joffrey JAFFEUX 0402f0f357
UX: new site setting to define activity metrics displayed on dashboard 2018-12-26 10:29:07 +01:00
Jeff Atwood 29c455bb7f minor copyedit on embedding referer error 2018-12-21 17:27:56 -08:00
Saurabh Patel f4d8a330c3 Merge pull request #6761 from mrfinch/saurabh/show-popup
FIX:show popup before bulk invite
2018-12-21 21:36:17 +01:00
Joffrey JAFFEUX e655e1863f
UX: Adding reports dashboard tab, new layout, report descriptions (#6790)
Co-Authored-By: Kris  <shout@k-ris.com>
2018-12-19 14:44:43 +01:00
Neil Lalonde 6774b64aef FEATURE: add /conduct as an alias for /guidelines 2018-12-18 16:40:24 -05:00
Rishabh c279792130 FIX: Allow sending test e-mails to any email address when disable_email is set to non-staff (#6792) 2018-12-18 16:12:05 +01:00
Vinoth Kannan 341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column (#6791) 2018-12-18 19:13:46 +05:30
Jeff Atwood f67cc2a540 minor copyedit 2018-12-17 19:31:02 -08:00
Gerhard Schlager 01cdbd3a13 FEATURE: Prohibit S3 bucket reusage
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
Gerhard Schlager 1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Saurabh Patel ed1a309fe4 FIX: use new key for delete topic to make it lowercased as all other buttons label around it (#6778) 2018-12-17 10:55:19 +08:00
David Taylor 430083019d UX: Improve dashboard report title copy
Make capitalization consistent, and slightly improve clarity of two headings
2018-12-14 17:37:07 +00:00
Neil Lalonde 124ae46763 Update translations 2018-12-14 10:34:12 -05:00
Joffrey JAFFEUX 03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00
Neil Lalonde a1db15fead FEATURE: require admins to re-validate their email addresses if they haven't been seen for a number of days, configurable with the invalidate_inactive_admin_email_after_days site setting. Social logins are also revoked. Default is 365 days. 2018-12-12 15:32:38 -05:00
Bianca Nenciu 7cac04e1a8 * FEATURE: Adds site setting to let quotes on direct replies.
* DEV: Added test.
* FIX: Do not bump topic when removing full quotes.
2018-12-12 15:42:53 +01:00
Maja Komel dbbadb5c35 FEATURE: add short_site_description setting to be included in title tag on homepage 2018-12-12 11:46:58 +01:00
Joffrey JAFFEUX 3a799ed922
FEATURE: Check if draft exists before starting a new one (#6755)
Co-Authored-By: Bianca Nenciu <nbianca@users.noreply.github.com>
Co-Authored-By: zogstrip <regis@hanol.fr>
2018-12-12 10:21:51 +01:00
Guo Xiang Tan e564fe1866 FIX: Sidekiq fails to start if any of the multisite has problems. 2018-12-12 11:30:14 +08:00
Sam a34bc92e1a DEV: update mini profiler
This provides us with instrumentation missing after rails upgrade

Latest version of rails uses exec_params internally which is no longer
routed to intercepted methods in mini profiler 1.0.0
2018-12-10 14:29:20 +11:00
Penar Musaraj 67450ba402 UX: when composer is minimized, let user open composer in regular size instead of full screen 2018-12-07 17:45:13 -05:00
Bianca Nenciu 41e184280d FEATURE: Remove full quotes of direct replies. (#6729) 2018-12-07 13:07:11 +01:00
Jay Pfaffman cf2e86c763 FEAT: make s3_force_path_style shadowed_by_global
Without this it's impossible to enable S3 backups to Minio (and Digital Ocean Spaces?) using only ENV variables in config.

@tgxworld 

https://meta.discourse.org/t/can-we-make-s3-force-path-style-be-shadowed-by-global/103571
2018-12-07 10:59:15 +11:00
Gerhard Schlager 43cfdb1cb9 FIX: Wizard tries harder to find existing Welcome Topic
The wizard searches for:

* a topic that with the "is_welcome_topic" custom field
* a topic with the correct slug for the current default locale
* a topic with the correct slug for the English locale
* the oldest globally pinned topic

It gives up if it didn't find any of the above.
2018-12-06 10:27:22 +01:00
Bianca Nenciu e9bbdef156 FEATURE: Add support for inline emoji translation. 2018-12-05 21:58:55 +01:00
Bianca Nenciu b585f7f336 DEV: Apply code review. 2018-12-05 21:56:18 +01:00
Bianca Nenciu 56890efd7a FEATURE: Add 'Advanced Test' for admin panel. 2018-12-05 21:56:18 +01:00
Guo Xiang Tan 978f0db109 SECURITY: Require groups to be given when inviting to a restricted category. (#6715) 2018-12-05 16:43:07 +01:00
Jeff Atwood 1d8266a623 very minor copyedit 2018-12-05 03:18:11 -08:00
Vinoth Kannan d33d031742
FEATURE: Filter topic and post web hook events by tags (#6726)
* FEATURE: Filter topic and post web hook events by tags

* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Sam 1a71f98d28 DEV: only publish logs error count to admins 2018-12-05 17:03:37 +11:00
Jeff Atwood ba762ea87f minor copyedit 2018-12-04 16:36:47 -08:00
Régis Hanol 3c9c95ac83 Update Rubocop to 0.60 2018-12-04 10:48:16 +01:00
Guo Xiang Tan cfa0321aaa FIX: Increase timeout when trying to reload unicorn.
Also fail better when reloading takes too long by sending
unicorn a TERM.
2018-12-04 13:43:14 +08:00
Sam 12f5889c85 DEV: stop logging warning when overriding open scope
ActiveRecord defines automatic scopes for enums, the Poll model defines
an enum for `{open: 1}` this mean Rails wants the scope `Poll.all.open`
to work which in turn means it has to override `open` which is defined
privately.

Rails feature req exists for: https://github.com/rails/rails/issues/34599
which will allow us to define enums without scopes which would resolve this
a lot more cleaner.
2018-12-03 13:52:09 +11:00
Maja Komel 1073634271 FIX: show generic title when quoting off-topic secure category posts 2018-12-03 09:42:32 +11:00
Kris 7efc1b7bf7 Removing added text from commit a113777 2018-11-30 19:56:10 -05:00
Kris a113777003 Extra margin isn't needed on mobile 2018-11-30 19:49:26 -05:00
Kyle Zhao 488fba3c5f
FEATURE: allow plugins and themes to extend the default CSP (#6704)
* FEATURE: allow plugins and themes to extend the default CSP

For plugins:

```
extend_content_security_policy(
  script_src: ['https://domain.com/script.js', 'https://your-cdn.com/'],
  style_src: ['https://domain.com/style.css']
)
```

For themes and components:

```
extend_content_security_policy:
  type: list
  default: "script_src:https://domain.com/|style_src:https://domain.com"
```

* clear CSP base url before each test

we have a test that stubs `Rails.env.development?` to true

* Only allow extending directives that core includes, for now
2018-11-30 09:51:45 -05:00
Neil Lalonde d43d007929 Update translations 2018-11-29 10:51:16 -05:00
Saurabh Patel 55945ec7c8 FIX: throw error when link in reason for grant badge is an external link (#6690) 2018-11-28 18:01:41 +01:00
Penar Musaraj 654b80e472 FIX: add FA Discourse icon, update setting instructions 2018-11-28 09:53:06 -05:00
Gerhard Schlager e7b76b319a FEATURE: Setting for short title used by Android on homescreen 2018-11-28 14:59:30 +01:00
Saurabh Patel 49c3cf9c75 UX: Topic stats were hard to translate 2018-11-28 14:25:22 +01:00
Jeff Atwood 54c599c7a3 copyedit on max consecutive replies help 2018-11-27 03:35:27 -08:00
Penar Musaraj 03deda2147
Upgrade to FontAwesome 5 (take two) (#6673)
* Add missing icons to set

* Revert FA5 revert

 This reverts commit 42572ff

* use new SVG syntax in locales

* Noscript page changes (remove login button, center "powered by" footer text)

* Cast wider net for SVG icons in settings

- include any _icon setting for SVG registry (offers better support for plugin settings)

- let themes store multiple pipe-delimited icons in a setting

- also replaces broken onebox image icon with SVG reference in cooked post processor

* interpolate icons in locales

* Fix composer whisper icon alignment

* Add support for stacked icons

* SECURITY: enforce hostname to match discourse hostname

This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname

* load SVG sprite with pre-initializers

* FIX: enable caching on SVG sprites

* PERF: use JSONP for SVG sprites so they are served from CDN

This avoids needing to deal with CORS for loading of the SVG

Note, added the svg- prefix to the filename so we can quickly tell in
dev tools what the file is

* Add missing SVG sprite JSONP script to CSP

* Upgrade to FA 5.5.0

* Add support for all FA4.7 icons

- adds complete frontend and backend for renamed FA4.7 icons

- improves performance of SvgSprite.bundle and SvgSprite.all_icons

* Fix group avatar flair preview

- adds an endpoint at /svg-sprites/search/:keyword

- adds frontend ajax call that pulls icon in avatar flair preview even when it is not in subset

* Remove FA 4.7 font files
2018-11-26 16:49:57 -05:00
Vinoth Kannan cedd2118c4
FEATURE: If PM email bounced for staged user then alert in whisper reply (#6648) 2018-11-27 00:29:37 +05:30
David Taylor a3ed570124
FIX: Fix routes ending in `:username` for usernames containing periods (#6660) 2018-11-23 17:41:41 +00:00
Guo Xiang Tan a19780d7a6 DEV: Don't expose wizard qunit route in production. 2018-11-23 13:49:31 +08:00
Kyle Zhao 80398d0b8f
Extract inline JS on embedded comments (#6645)
* use the meta refresh tag instead

* extract inline JS in embedded comment
2018-11-22 10:02:58 -05:00
Kyle Zhao 8e32aa1483 FEATURE: show post approvals in Moderation History (#6643) 2018-11-22 10:22:23 +08:00
Saurabh Patel d984323e23 FEATURE: Show change name of user in staff logs (#6647)
https://meta.discourse.org/t/admins-changing-users-name-not-username-should-be-logged/99511
2018-11-22 10:13:02 +08:00
Gerhard Schlager a3f8ef89a6 FIX: Setting DISCOURSE_S3_REGION env variable had no effect 2018-11-21 23:15:28 +01:00
Guo Xiang Tan 598ac69773 Stop Sidekiq first before reloading unicorn master. 2018-11-21 09:53:00 +08:00
Guo Xiang Tan 1def6c08ec Fix copy due to 050dd57494. 2018-11-21 08:00:15 +08:00
Kyle E. Mitchell 15e793fd3b FEATURE: Terms of Service v1.0.0
Co-authored-by: Gerhard Schlager <mail@gerhard-schlager.at>
2018-11-21 00:45:16 +01:00
Jeff Atwood 050dd57494 update wizard intro copy step 2018-11-20 13:43:18 -08:00
Erick Guan a2042c8e7d strip unused string from an deleted site setting 2018-11-20 14:28:42 +01:00
Bianca Nenciu a0022a1771 FIX: Use count variable for pluralized string. 2018-11-20 14:17:31 +02:00
Kyle Zhao e25b3965a7 do not overwrite hostname in development (#6623) 2018-11-20 14:34:02 +11:00
Joffrey JAFFEUX e860c8b844
FIX: adds support for missing reports from old dashboard (#6624) 2018-11-19 12:20:05 +01:00
Sam 1824ac9d39 PERF: cache path for svg-sprite in upcoming FA5
We need to make sure NGINX caches all paths for SVG assets,
this ensures only the first request for an svg sprite ever hits the app
2018-11-19 10:34:16 +11:00
Guo Xiang Tan 44d7249a17
Stop seeding assets for site design topic. (#6609) 2018-11-16 12:57:04 +08:00
Joffrey JAFFEUX dcc6527dff
FIX: s/save/finish for wizard exit early button (#6614) 2018-11-15 21:26:26 +01:00
Kyle Zhao 5f754b43f1
extract inline `onpopstate` handler on 404 page (#6613) 2018-11-15 13:35:38 -05:00
Joffrey JAFFEUX c52e68a0c8
FIX: better handling of missing welcome topic in wizard (#6606) 2018-11-15 12:20:48 +01:00
Sam e7001f879a SECURITY: enforce hostname to match discourse hostname
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
2018-11-15 15:23:06 +11:00
Régis Hanol 5852fe7975 FIX: change 'max_consecutive_replies' default to 3 2018-11-14 22:58:05 +01:00
David Taylor 7987425e09 UX: Improve copy for tag upload 2018-11-14 20:03:36 +00:00
Andrew Schleifer 581016c31f Revert "strip X-Forwarded-Host in sample"
This broke brotli_assets on a site, more testing needed.

This reverts commit 118abfad0f.
2018-11-14 12:05:21 -06:00
Bianca Nenciu b6576d9473 FEATURE: Add new setting to force user edit last post. (#6571) 2018-11-14 15:48:16 +01:00
Bianca Nenciu fce0a0ccc8 FEATURE: Compute distance between logins to generate login alerts. (#6562) 2018-11-14 13:26:47 +01:00
Penar Musaraj f6fb079129 Disable wizard invites step when local_logins are turned off 2018-11-14 13:05:32 +01:00
Bianca Nenciu 34e4d82f1a FEATURE: Report edit conflicts when saving draft. (#6585) 2018-11-14 12:56:25 +01:00
Guo Xiang Tan 44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Andrew Schleifer 118abfad0f strip X-Forwarded-Host in sample 2018-11-13 12:44:32 -06:00
Robin Ward 0cb33d2b52 UX: Rename Most Disagreed Flaggers report to "User Flagging Ratio" 2018-11-12 16:23:37 -05:00
David Taylor ba00fcc371 FIX: Translation improvements for unused tags (d89ffbe) 2018-11-12 16:36:56 +00:00
David Taylor d89ffbeffd
FEATURE: Add button to delete unused tags (#6587)
This is particularly useful if you have uploaded a CSV file, and wish
to bulk-delete all of the tags that you uploaded.
2018-11-12 16:24:34 +00:00
Joffrey JAFFEUX 9c616e0679
FIX: handles not found reports in bulk loading (#6582) 2018-11-12 13:47:24 +01:00
Sam e17a13ce19 FEATURE: additional "related messages" section
This splits out previous message correspondence from suggeted and instead
has a dedicated section called "related messages"
2018-11-12 13:04:42 +11:00
Sam 173408d72f DEV: correctly force Ruby version 2.5.2 and up 2018-11-09 18:36:18 +11:00
Gerhard Schlager cbd6bd191a Add base path to relative links in translations 2018-11-08 23:31:05 +00:00
Gerhard Schlager 42f693adfa Update translations 2018-11-08 23:31:05 +00:00
Gerhard Schlager 24e5be3f0c FIX: Relative links in translations should work with subfolder 2018-11-08 23:31:05 +00:00
Gerhard Schlager 5c845c5877 Remove unused copy 2018-11-08 23:31:05 +00:00
Jay Pfaffman 53634c457c
replace "digest" with "summary"
https://meta.discourse.org/t/discourse-activity-summary-emails-guide/36627 suggests that "digest" is no longer what these are to be called.
2018-11-08 12:02:33 -08:00
Sam 42572ff138 Revert font awesome 5 changes
We are still pushing ahead on this 100% just need a bit longer to prepare
all plugins
2018-11-08 16:12:18 +11:00
Penar Musaraj 005e1ecb9b
FEATURE: Update Font Awesome to v5.4.1 and SVGs (#6557)
* First take on subsetting svg icons

* FontAwesome 5 svg subset WIP

* Include icons from plugins/badges into svg sprite subset

* add svg icon support to themes

* Add spec for SvgSprite

* Misc. SVG icon fixes

* Use FA5 svgs in local-dates plugin

* CSS adjustments, fix SVG icons in group flair

* Use SVG icons in poll plugin

* Add SVG icons to /wizard
2018-11-07 13:05:43 -05:00
Claas Augner 31ee618b50 Fix typo in server.en.yml 2018-11-06 22:47:52 +00:00
Daniel Hollas 30501b6660 Fix link to GitHub oauth registration page (#6567)
* Fix link to GitHub oauth registration page

The old link lead only to the list of authorised apps for a particular user.

* Whoops, fix href tag.

Co-Authored-By: danielhollas <danekhollas@gmail.com>
2018-11-06 15:22:16 +00:00
Joffrey JAFFEUX 75b1865d15
UX: adds new categories layouts to the wizard (#6569) 2018-11-06 15:52:13 +01:00
Bianca Nenciu bd3e8d1a54 UX: Minor copyedit. 2018-11-05 13:58:20 +02:00
David Taylor d963f96fa4 Update translations 2018-11-05 11:16:58 +00:00
Maja Komel ae9eddb002 FIX: don't allow adding a value containing vertical bar char to the secret list 2018-11-05 12:14:56 +01:00
Jeff Atwood 48501b0d45 minor wizard copyedit 2018-11-03 15:36:29 -07:00
scossar 939d5ede91 Fix sso overrides avatar description 2018-11-02 11:52:49 -07:00
Robin Ward 5194313133 Revert "Add base_url to config locales (#6510)"
This reverts commit 8a443e051b.
2018-11-02 10:58:28 -04:00
Joffrey JAFFEUX 4e0f033fae
FEATURE: adds ignored flags to most_disagreed_flags report (#6554) 2018-11-02 11:08:00 +01:00
Robin Ward ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Régis Hanol 0bf52d422c FEATURE: new 'simultaneous_uploads' site setting 2018-10-31 10:58:09 +01:00
Daniel Kessler 8a443e051b Add base_url to config locales (#6510) 2018-10-31 08:19:37 +00:00
Joe d08cd0b21f
UX: updates category muting instructions 2018-10-31 13:01:22 +08:00
Bianca Nenciu e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu 087b12b40c FIX: Fix 'New Login Alert' message. (#6539) 2018-10-30 19:13:25 +00:00
Gerhard Schlager e32993f96c minor copyedit 2018-10-30 13:33:26 +01:00