Commit Graph

168 Commits

Author SHA1 Message Date
Erick Guan 03b3e57a44 FEATURE: login by a link from email
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward 5466389f4e FIX: Consider oneboxes links wrt to `min_trust_level_to_post_links` 2018-02-08 18:27:40 -05:00
Robin Ward dedeb2deb8 FIX: Don't show the link button in the composer if linking is disabled 2018-02-08 12:56:10 -05:00
Robin Ward 6a5dad0b86 FIX: Too much Javascript :) 2018-02-07 11:46:05 -05:00
Robin Ward 016b9cd0e9 FIX: Count the links in the post 2018-02-06 20:16:48 -05:00
Robin Ward 1bab15c757 FEATURE: A site setting for a minimum TL to post links 2018-02-06 18:07:58 -05:00
Gerhard Schlager 2a22b90538 SECURITY: email domain whitelist could be bypassed 2018-01-17 21:45:32 +01:00
Arpit Jalan 1208254961 FIX: validate presence of 'top menu' setting 2018-01-17 01:43:53 +05:30
Guo Xiang Tan 805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
Arpit Jalan 0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Guo Xiang Tan 4b51871f6a Treat non-ascii URLs in `UrlValidator`. 2017-12-21 14:22:55 +08:00
Guo Xiang Tan 6ecf37c482 Improve URL validation to check for a valid host.
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:

URI.parse("http://https://google.com")
=> #<URI::HTTP http://https//google.com>
2017-12-21 13:50:15 +08:00
Matt Palmer f315c142b1 BUG: Load the appropriate file for AlternativeReplyByEmailAddressesValidator
Autoloading only works when the class names are namespaced appropriately.
2017-12-19 09:43:41 +11:00
Vinoth Kannan 7f2eeaf767 FIX: Password required flag should be cleared whenever clearing the raw password (#5384) 2017-12-01 15:19:24 +11:00
Neil Lalonde ddbd1d5ab8 allow regex options on username site settings 2017-10-04 15:08:51 -04:00
Gerhard Schlager 7f50380221 FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 16:36:08 +02:00
Bianca Nenciu bb3a5910d7 Support for sending PMs to email addresses (#4988)
* Added support for sending PMs to email addresses.

* Made changes after review.

* Added settings validator.

* Fixed tests.
2017-08-28 12:07:30 -04:00
Sam fdc5c080ea FIX: bump default max for int site settings to a much higher number
(close to long int)
2017-08-24 10:16:41 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Neil Lalonde 68b3dd43ce fix intermittent failing tests, some watched word refactoring 2017-07-27 12:27:01 -04:00
Neil Lalonde 24cb950432 FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block 2017-07-26 11:01:09 -04:00
Guo Xiang Tan 2255724637 UX: Add validator for `SiteSetting#sso_overrides_email`. 2017-07-10 10:08:55 +09:00
Robin Ward b93edc9945 FIX: Make sure censored words are on boundaries in topic titles 2017-06-28 13:13:40 -04:00
Régis Hanol 54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Sam bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Guo Xiang Tan 59b906ab0d FEATURE: Disable minimum post length check when in PM with non human users.
https://meta.discourse.org/t/discourse-narrative-bot-beta-feedback/58621/65?u=tgxworld
2017-04-27 16:00:22 +08:00
Arpit Jalan dad2024094 FIX: do not impose default min/max validation on hidden site setting 2017-04-22 12:08:39 +05:30
Arpit Jalan 9eff4f0807 FIX: all basic integer settings should have max value validation 2017-04-21 07:09:41 +05:30
Régis Hanol 2be14a604c FIX: censored_pattern with group capturing wasn't working 2017-04-10 23:38:48 +02:00
Sam dacfdd4dc8 use chars as opposed to split 2017-02-14 09:40:15 -05:00
Sam 8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Neil Lalonde 94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Neil Lalonde 1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Rimian Perkins 25516874b5 FIX: Escape regexp chars in `SiteSetting.censored_words`. 2017-01-31 10:14:51 +08:00
Guo Xiang Tan eafd0a7497 Bye bye bygbug. 2017-01-24 14:07:55 +08:00
Guo Xiang Tan ce07da1d8b UX: Only display the words that fails censored words validations. 2017-01-24 13:11:05 +08:00
Guo Xiang Tan 429b02a5d5 oops fix specs. 2017-01-09 17:08:24 +08:00
Guo Xiang Tan 3d21ccd4a5 FIX: Add validation to disallow censored words in topic title. 2017-01-09 16:55:41 +08:00
Guo Xiang Tan 13c6191e89 FIX: Don't allow invalid email to be saved. 2016-12-21 17:47:11 +08:00
Neil Lalonde fb2633366a FIX: featured link topics shouldn't require the same min post length 2016-12-09 15:46:26 -05:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Neil Lalonde 86522a52b7 FEATURE: add censored_pattern setting to censor posts using regex 2016-11-08 16:39:26 -05:00
Régis Hanol 35a79a70c3 FIX: uploading custom avatar was always hidden 2016-10-20 19:53:41 +02:00
Guo Xiang Tan d312c82474 Revert "FIX: wasn't able to update category's settings"
This reverts commit 282f9948cb.
2016-09-22 11:29:44 +08:00
Robin Ward 64094954bc FIX: Broken posting 2016-09-16 13:12:05 -04:00
Neil Lalonde 7a81669c18 SECURITY: don't allow re-using the current password during password reset 2016-08-24 12:27:21 -04:00
Neil Lalonde d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00
Régis Hanol 282f9948cb FIX: wasn't able to update category's settings 2016-08-09 20:14:49 +02:00
Régis Hanol e92f5e4fbf FEATURE: new email attachment blacklists site settings 2016-08-03 17:55:54 +02:00
Robin Ward 2891f230d1 SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 13:54:17 -04:00
Régis Hanol 376881845c always strip s/mime signatures in incoming emails 2016-06-27 22:26:05 +02:00
Régis Hanol dffe50a2e6 new alternative reply by email addresses 2016-06-10 16:14:42 +02:00
Régis Hanol de9136a8f2 FIX: bypass TL0-specific validations on posts in a PM 2016-04-18 22:08:42 +02:00
Régis Hanol 20ce7f29e0 FEATURE: new 'manual_polling_enabled' site setting 2016-03-16 22:28:01 +01:00
scossar 1914495e88 make error message translatable 2016-03-15 10:02:10 -07:00
scossar 0cbeda8414 add site setting for setting locale from header 2016-03-14 16:18:19 -07:00
Arpit Jalan 36f82aa68c FEATURE: enforce admin password validation when signing up via developer email 2016-03-04 00:28:47 +05:30
Arpit Jalan 50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
Régis Hanol be5a54d67d FEATURE: new 'allow_all_attachments_for_group_messages' site setting 2016-02-29 22:39:24 +01:00
Régis Hanol 8893d711e0 FEATURE: new pop3 polling configuration admin dashboard check 2016-02-17 11:25:49 +01:00
Régis Hanol 8944d62aa6 add validator for the 'reply_by_email_enabled' site setting 2016-02-09 23:35:40 +01:00
Arpit Jalan 99c4252ba6 FEATURE: Staff should be exempt from user mention limit 2016-02-01 21:19:56 +05:30
bgr11n 53fb84baa3 fixed password validator on equality with email 2016-01-05 22:43:11 +02:00
Régis Hanol 978a1539fa new pop3_polling_enabled setting validator to ensure credentials are working before enabling it 2015-12-10 22:23:54 +01:00
Régis Hanol 5b9594277a skip most post validations for staged accounts 2015-12-01 10:40:23 +01:00
Régis Hanol 7c694139ec trust staged accounts when validating posts 2015-11-30 19:08:35 +01:00
Gerhard Schlager 6e33a21a7a FIX: Replace invalid pluralizations in locale files 2015-11-13 21:25:15 +01:00
Sam 69ad0358c2 FIX: incorrect logic in email blocker
if mail.com was blocked, email.com was automatically blocked
2015-06-15 11:28:50 +10:00
Arpit Jalan b7ac8448c6 Improve IP blocking error message 2015-06-02 07:48:26 +05:30
Arpit Jalan 6bf680882c Better error message when new registration limit from an IP address is reached 2015-06-01 10:16:25 +05:30
Arpit Jalan 220b9c5abe FIX: match subdomain with email domain blacklist 2015-05-13 21:02:02 +05:30
Gerhard Schlager 9a76ee8f8a FIX: error message used wrong filesize 2015-05-03 19:26:54 +02:00
Robin Ward a5ee45ccbe `PostEnqueuer` object to handle validation of enqueued posts 2015-04-15 14:54:36 -04:00
Neil Lalonde 30b063c08b FEATURE: make full names a required field of user profiles with the full_name_required setting 2015-04-02 17:08:04 -04:00
Arpit Jalan b706307ac7 FEATURE: new site setting min_first_post_length 2015-03-20 00:20:38 +05:30
Neil Lalonde c04b214910 FEATURE: don't allow username and email to be the same 2015-02-27 13:47:43 -05:00
Sam 0742f340f9 FEATURE: allow for a localized error when a regex fails in site settings
FEATURE: apply string validation to list site settings (so we get regex)
2015-02-27 11:45:56 +11:00
Neil Lalonde cf81b3f86d FEATURE: don't allow username and password to be the same 2015-02-25 12:00:13 -05:00
Régis Hanol f7d2fc0524 FEATURE: 'reply by email address' validator
Prevent infinite email loophole when the 'reply_by_email_address' site setting is the same as the 'notification_email'.
2015-02-06 12:08:37 +01:00
Arpit Jalan 58f46137d6 FIX: allow developer emails to bypass email blacklist/whitelist restriction 2015-01-30 00:10:03 +05:30
Régis Hanol 7641d88224 FEATURE: new 'maximum new user accounts per registration IP' site setting 2014-11-17 12:04:29 +01:00
Arpit Jalan fab2b95ab6 FIX: disposable invite was giving email validation error 2014-10-23 22:55:49 +05:30
Sam 59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Régis Hanol e64d3b8a42 FIX: disagree flag should unhide hidden post 2014-08-11 10:48:00 +02:00
Neil Lalonde 443caaa8f7 FIX: don't let admins skip post validations, unless it's faq, tos, or privacy 2014-08-01 14:53:35 -04:00
Neil Lalonde e1be478ef4 FIX: admins bypass some post validations. This allows them to edit legal docs even if those docs are longer than max post length, for example. 2014-07-28 16:40:14 -04:00
Jens Maier bf9f3c1366 FIX: NoMethodError in on extension.upcase when upload's original filename has no extension. 2014-07-15 03:23:26 +02:00
Sam 5b310c21b4 FIX: less crazy error when post exceeds max length. 2014-07-04 16:39:15 +10:00
Neil Lalonde 3eb65885d1 Add validation of string site settings with regex, and min and max lengths 2014-06-18 11:15:40 -04:00
Neil Lalonde ba65aa3f6c Add a way to validate min and max value of an integer site setting 2014-06-12 18:04:37 -04:00
Neil Lalonde 9611a1ac47 Validate username site settings 2014-06-11 16:20:57 -04:00
Neil Lalonde 3d22f90e9f FIX: email regexp for older rubies 2014-06-10 10:31:22 -04:00
Neil Lalonde c61462662b Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 16:59:20 -04:00
Régis Hanol 4371374ba6 FEATURE: support for enabling all upload file types
BUGFIX: authorized extensions is now case insensitive
2014-04-29 19:12:35 +02:00
Régis Hanol 2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Stephan Kaag f12925887c Drop Rails3 support 2014-02-17 19:42:08 +01:00
Robin Ward 14ec64a36a Give a better error message from the server if you've been replying too much. 2014-01-06 11:10:37 -05:00
Neil Lalonde ab12695d63 Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-27 11:00:21 -05:00
Robin Ward 0c45eba037 FIX: Users can edit posts when they've reached the `newuser_max_replies_per_topic` threshold. 2013-12-20 11:30:51 -05:00
Neil Lalonde 854d9c8fc6 Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:47 -05:00