Commit Graph

45427 Commits

Author SHA1 Message Date
David Taylor 166fe3bb34
FIX: Apply 'allowed_href_schemes' to all src/srcset attributes (#16860)
Previously we were only applying the restriction to `a[href]` and `img[src]`. This commit ensures we apply the same logic to all allowlisted media src attributes.
2022-05-19 11:18:30 +01:00
dependabot[bot] 95c85a278e
Build(deps): Bump json from 2.6.1 to 2.6.2 (#16848)
Bumps [json](https://github.com/flori/json) from 2.6.1 to 2.6.2.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.6.1...v2.6.2)

---
updated-dependencies:
- dependency-name: json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 10:56:05 +02:00
dependabot[bot] f927ac6a01
Build(deps): Bump rubocop-rspec from 2.10.0 to 2.11.1 (#16868)
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.10.0 to 2.11.1.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.10.0...v2.11.1)

---
updated-dependencies:
- dependency-name: rubocop-rspec
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 10:55:06 +02:00
Chapoi a6abf8d07a
UX: update hljs-builtin-name colour (#16863) 2022-05-18 16:11:59 -04:00
Gabe Pacuilla 4284ba9c27
FIX(cache_critical_dns): use correct DISCOURSE_DB_USERNAME envvar (#16862) 2022-05-18 13:01:18 -04:00
Bianca Nenciu 4d1c6396c9
FIX: Allow users to select "regular" categories (#16857)
Categories that had a CategoryUser record and the notification level
set to "Normal" were not selectable in any of the "Watched", "Tracked",
"Watching First Post" or "Muted" inputs. This happened because the
category seemed to be already selected in the "Normal" input, but that
does not exist (it is the default value if category is not present in
any of the other inputs).
2022-05-18 17:57:57 +03:00
Loïc Guitaut aa4b1d9c38 DEV: Use new defaults for ActiveSupport::Digest
Use the `OpenSSL::Digest::SHA256` class for `ActiveSupport::Digest`.
This could lead to cache invalidation.
2022-05-18 16:51:07 +02:00
Penar Musaraj 71c74a262d
FEATURE: Include participants in PN search data (#16855)
This makes it easier to find PMs involving a particular user, for
example by searching for `in:messages thisUser` (previously, that query
would only return results in posts where `thisUser` was in the post body).
2022-05-18 10:34:01 -04:00
Chapoi 96d656f450
UX: update hljs-builtin-name highlight (#16859)
* update hljs-builtin-name highlight

* Move dark-light function to better file
2022-05-18 15:55:40 +02:00
Gabe Pacuilla 9f246e6969
FIX(cache_critical_dns): use discourse database name and user by default (#16856) 2022-05-17 16:09:32 -04:00
Bianca Nenciu 9ea8a4a9af
FIX: Use CSS transition to make room for composer (#16750)
The composer is displayed over the bottom part of the page. To make sure
that no content is covered by the composer, a bottom padding is added
equal to the height of the composer. When the composer is opened or
closed that padding is added after around 300ms because of a debounce.

This commit makes sure that the padding is added as soon as the composer
state changes by using a CSS custom property (variable) and transition
property for a smooth user interface.
2022-05-17 22:44:25 +03:00
Daniel Waterworth 6e53f4d913
DEV: New readonly mode. Only applies to non-staff (#16243) 2022-05-17 13:06:08 -05:00
Bianca Nenciu 985afe1092
FEATURE: Add page title to 404 pages (#16846)
The title had to be added both on the 404 page generated by the server
side, displayed when the user reaches a bad page directly and the 404
page rendered by Ember when a user reaches a missing topic while
navigating the forum.
2022-05-17 18:37:43 +03:00
Loïc Guitaut 0feffa6f88 DEV: Enable Rails 7 cache format version 2022-05-17 17:32:10 +02:00
David Taylor 8bc8dbc134
Revert "DEV: Drop our `mail` gem fork (#16622)" (#16853)
This reverts commit 0d30c19b7e.

Pending resolution of https://github.com/mikel/mail/issues/1489
2022-05-17 16:11:39 +01:00
Discourse Translator Bot ddb5d88158
Update translations (#16852) 2022-05-17 16:51:11 +02:00
Rafael dos Santos Silva 5f1c3b4c9f
FIX: `acted` state in post action like could desync with multiple likes (#16847)
If userA has multiple tab/devices on the same topic, and:

1. userA likes a post in tab1
2. userB likes the same post
3. userA post like `acted` attr would desync in tab2

This fix handles this case and also the reverse one when removing likes
interleaved with other users acting on the same post.

Reported in Meta at https://meta.discourse.org/t/-/227239/3
2022-05-17 10:21:17 -03:00
Meghna 28affa8cba
UX: consistent spacing on group interaction form (#16851) 2022-05-17 18:38:46 +05:30
Loïc Guitaut 73de203843 FIX: Apply 'hide email account' for invites 2022-05-17 09:56:06 +02:00
Penar Musaraj f31301b6de
UX: Fix status icon size in suggested topics (#16845) 2022-05-16 15:53:40 -04:00
David Taylor 38216f6f0b
DEV: Make user field validation more specific (#16746)
- Only validate if custom_fields are loaded, so that we don't trigger a db query
- Only validate public user fields, not all custom_fields

This commit also reverts the unrelated spec changes in ba148e08, which were required to work around these issues
2022-05-16 14:21:33 +01:00
Chapoi b65ecf6987
UX: Add back link on taggroup page (#16700)
* Add back button to taggroup page

* Lint update + enclosing tags

* Linting

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-05-16 10:34:09 +02:00
dependabot[bot] ce1f2473b9
Build(deps-dev): Bump faker from 2.20.0 to 2.21.0 (#16842)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.20.0 to 2.21.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.20.0...v2.21.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 00:42:31 +02:00
dependabot[bot] adbd1b5565
Build(deps): Bump rubocop-ast from 1.17.0 to 1.18.0 (#16841)
Bumps [rubocop-ast](https://github.com/rubocop/rubocop-ast) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/rubocop/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-ast/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 00:42:15 +02:00
dependabot[bot] 8ce29a4a22
Build(deps): Bump loofah from 2.17.0 to 2.18.0 (#16726)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.17.0 to 2.18.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.17.0...v2.18.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-14 23:00:10 +02:00
Isaac Janzen 4e622c9fd8
DEV: Remove 'htmlSafe' string prototype extensions (#16828)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 16:24:05 -05:00
Isaac Janzen 85ceafb4dc
DEV: Remove 'htmlSafe' string prototype extensions (#16766)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 14:58:26 -05:00
Daniel Waterworth 9eadabe9fc
DEV: Let's deny access to sso endpoints when disabled consistently (#16752) 2022-05-13 14:33:28 -05:00
Daniel Waterworth 6a4696eec8
DEV: Add helper method for repeated sso logging pattern (#16749) 2022-05-13 12:19:44 -05:00
Isaac Janzen ce8dd8810e
DEV: Remove 'underscore' string prototype extensions (#16748)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 11:32:38 -05:00
Isaac Janzen 839ae52c20
DEV: Remove 'decamelize' string prototype extensions (#16747) 2022-05-13 11:32:19 -05:00
Isaac Janzen aa95a3d654
DEV: Remove 'dasherize' string prototype extensions (#16740)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 10:56:23 -05:00
Daniel Waterworth 66a04c5cfe
FIX: Prevent all kinds of login in readonly mode (#16743) 2022-05-13 10:52:01 -05:00
Andrei Prigorshnev 7412f665e7
DEV: improve timezone API on the client (#16660) 2022-05-13 13:21:56 +04:00
David Taylor 6bea6cba5d
FIX: Add safari 12 to ember-cli build targets in production (#16745)
cf273ec6 removed ie11 as a target. A side effect is that this also removed support for Safari 12, which we will be maintaining support for until January 2023

https://meta.discourse.org/t/224747
2022-05-13 10:08:59 +01:00
Alan Guo Xiang Tan de9fe907ee
DEV: Readonly Redis support for `DiscourseRedis#multi/pipelined` (#16744)
Follow-up to 2df3c65ba9
2022-05-13 16:18:13 +08:00
Alan Guo Xiang Tan 2cc9f0e7d9
DEV: Setup categories section in sidebar for future work (#16733) 2022-05-13 09:35:15 +08:00
dependabot[bot] ab9433569a
Build(deps): Bump rubocop from 1.29.0 to 1.29.1 (#16742)
Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.29.0 to 1.29.1.
- [Release notes](https://github.com/rubocop/rubocop/releases)
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop/compare/v1.29.0...v1.29.1)

---
updated-dependencies:
- dependency-name: rubocop
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-13 00:17:50 +02:00
Daniel Waterworth 1d7e423f86
FIX: Make read only errors respect the request format (#16741) 2022-05-12 17:04:49 -05:00
Penar Musaraj 18ebe2fc28
DEV: Add ability to populate private messages (#16705) 2022-05-12 14:29:49 -04:00
Isaac Janzen 88b34172af
DEV: Remove 'classify' string prototype extensions (#16739)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-12 13:17:59 -05:00
Isaac Janzen 324a89c9d6
DEV: Remove 'capitalize' string prototype extensions (#16738)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-12 13:17:33 -05:00
Isaac Janzen 20740f196c
FIX: handle quote rendering for external Discourse instance (#16722)
Gracefully handle quotes from an external discourse instance by stripping quote-controls and including username in the title
2022-05-12 10:07:43 -05:00
David Taylor 991b62b6f1
DEV: Drop old hotlinked image data from post_custom_fields (#16594)
`20220428094026_create_post_hotlinked_media` moved this data into a dedicated table
2022-05-12 15:34:35 +01:00
Isaac Janzen 459060db0b
DEV: Remove string prototype extensions (#16736)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-12 09:23:23 -05:00
Loïc Guitaut 9957929a15 DEV: Use hybrid cookies instead of marshal ones
Now that we’re sure about not reverting from Rails 7, we can enable the
hybrid cookie serializer to convert our cookies automatically.
2022-05-12 11:50:15 +02:00
Alan Guo Xiang Tan 0bc04cb003
DEV: Add missing titles on sidebar buttons. (#16730)
* Also small refactor to reduce magical generation of translation string
key when using `Section` and `SectionLink` components.
2022-05-12 15:10:14 +08:00
Bianca Nenciu 61eefcf037
FIX: Checked allowed tag when editing Reviewables (#16713)
While editing a reviewable's tags, the tag chooser did not show the tags
restricted to a specific category. This happened because the tag-chooser
did not pass the categoryId to the server while it was requesting the
list of tags the user can use.
2022-05-12 09:46:11 +03:00
Alan Guo Xiang Tan fd1dc91eed
DEV: Don't cache watched words in test env (#16731)
The cache was causing state to leak between tests since the `WatchedWord` record in the DB would have been rolled back but `WordWatcher` still had the word in the cache.
2022-05-12 14:45:05 +08:00
Martin Brennan 8e9164fb60
DEV: Minor bookmark tweaks for polymorphism (#16728)
* Make the modal for bookmarks display more consistently
* Make sure bookmark query can handle empty results for certain
  bookmarkable queries
2022-05-12 10:29:01 +10:00