Commit Graph

20644 Commits

Author SHA1 Message Date
Osama Sayegh 68f87dffa5
DEV: include TopicQueryParams in TagsController (#8045)
* DEV: include TopicQueryParams in TagsController

* Fix rubocop
2019-08-28 11:41:50 +03:00
Joe d14851e552 UX: better alignment for tags in the header (#8047)
* Removes unused styles

This commit only removes unnecessary / duplicate styles. It does not cause any visual changes.

* adds class to `<h1>` tag in header topic info.

This is much better to target than `h1`

* removes unused styles

* header title margin adjustment

* minor header-title margin adjustments

* One more header-title margin adjustment
2019-08-28 18:18:27 +10:00
Kyle Zhao 698e97125e REFACTOR: User menu profile link for extensibility (#8039)
This minor refactor extracts `UserMenuLinks#profileLink` &
`UserMenuLinks#linkHtml` to allow plugins / themes to control the
profile link definition, and more importantly, how it is rendered.
2019-08-28 16:34:51 +10:00
Penar Musaraj 5c02bfb000 FEATURE: Site settings for linking with iOS/Android native apps
- Adds support for iOS Universal Links via an `apple-app-site-association` endpoint

 Adds support for Google Digital Asset Links at the `.well-known/assetlinks.json` endpoint
2019-08-27 14:05:37 -04:00
David Taylor 8e5a8d1d54 Merge pull request from GHSA-7cmh-wm9h-j63f 2019-08-27 09:11:19 -07:00
romanrizzi 03d51d6519 FIX: Display actual readers on the first post 2019-08-27 12:13:38 -03:00
Penar Musaraj 0f67350764 FIX: only use app argument for official iOS app banner
When showing the native app banner, we include an app argument to automatically add the current site to the official DiscourseHub app. However, the app id can be changed via a hidden site setting, and when changed, that argument is no longer useful. This ensures the argument is only included for the official iOS app banner.
2019-08-27 10:23:57 -04:00
Roman Rizzi 7c741fa0d6
FEATURE: Publish read state on group messages. (Originally introduced in #7989) (#8025)
* Revert "Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)""

This reverts commit 36425eb9f0.

* Fix: Show who read only if the attribute is enabled

* PERF: Precalculate the last post  readed by a group member

* Use book-reader icon instear of far-eye

* FIX: update topic groups correctly

* DEV: Tidy up read indicator update on write
2019-08-27 09:09:00 -03:00
David Taylor f2331ef07f
DEV: Stop serializing user_auth_token_logs (#8043)
These are no longer used in the user interface
2019-08-27 13:07:03 +01:00
OsamaSayegh e805d44965 Revert "FIX: Heartbeat check per sidekiq process (#7873)"
This reverts commit 340855da55.
2019-08-27 11:56:23 +00:00
Osama Sayegh 2305a6fffe
DEV: don't define `_super` when modifying widgets unless the property is a function (#8042) 2019-08-27 13:34:16 +03:00
David Taylor 734a06dd21 FIX: When using a custom authenticator URL, send request using GET 2019-08-27 10:28:17 +01:00
Penar Musaraj a3cd73ef27 FIX: Don't display PWA banner when using native app 2019-08-26 15:55:26 -04:00
Roman Rizzi 3259ea60a6
DEV: Remove code deprecated by the new Reviewable API (#8023)
* Remove flag hooks and endpoints

* Remove #reject_bulk for users

* Remove code for quued_posts_controller
2019-08-26 10:33:26 -03:00
Osama Sayegh 340855da55
FIX: Heartbeat check per sidekiq process (#7873)
* FIX: Heartbeat check per sidekiq process

* Rename method

* Remove heartbeat queues of previous bootups

* Regis feedback

* Refactor before_start

* Update lib/demon/sidekiq.rb

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Update lib/demon/sidekiq.rb

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Expire redis keys after 3600 seconds

* Don't use redis to store the list of queues
2019-08-26 09:33:49 +03:00
Sam Saffron b93460cb59 UX: workaround chrome autocomplete bug in search
This works around issue mentioned in 918a0ea3
2019-08-26 10:27:43 +10:00
Joffrey JAFFEUX 171618e7d6 FIX: allows mini-tag-chooser to fetch tags in background (#8033)
This is useful when changing the category in the composer for example. When opening mini-tag-chooser after, tags will be correctly updated for the selected category.
2019-08-23 06:45:29 -06:00
Régis Hanol 2ff5592941 FIX: Filter out hidden posts for wordpress 2019-08-23 11:50:03 +02:00
Dan Ungureanu 34a76bf106 FIX: Do not set destination_url cookie after deleting own account. (#8028)
destination_url cookie is used to redirect the user to the a private
page after they have logged in. After deleting own account, a user's
pages would be refreshed which would set the destination_url, cookie
that can cause a redirect to an invalid page after logging in again.

Reproduction steps:

1. User is at `/u/:username/preferences/account` and deletes account by
requesting DELETE `/u/:username.json`.

2. User is being destroyed and a MessageBus message (`file-change`,
`['refresh']`) is published.

3. User receives response to DELETE request, but page may be or not
refreshed. Anyway, since they can no longer see the preferences page,
they are redirected to `/login` and `destination_url` cookie is set,
that will redirect on next login (but to the previous preferences page).
2019-08-22 17:42:45 +02:00
Joffrey JAFFEUX e94f67e2da
prettier (#8031) 2019-08-22 15:27:45 +02:00
Régis Hanol 1e4f0ac216 FIX: infinite loop when mentioning in IE11 2019-08-22 14:47:25 +02:00
Joffrey JAFFEUX 74931eedfd
DEV: prevents deprecation of overriding computed property (#8030)
https://deprecations.emberjs.com/v3.x/#toc_computed-property-override
2019-08-22 12:31:18 +02:00
Joffrey JAFFEUX 78eb05e4ea
DEV: bumping for customHref nav item API (#8029) 2019-08-22 12:25:02 +02:00
Vinoth Kannan 41f22946c3 FIX: properly load desktop and mobile only plugin css assets.
5bd6b70d98
2019-08-22 08:39:10 +05:30
Sam Saffron 741d5bf541 DEV: improvement to stripping quote logic
Followup one afc7830b we needed handling for nested quotes
2019-08-22 12:09:32 +10:00
Sam Saffron afc7830be5 PERF: faster length calculation of composer body
Every time we type a letter the composer issues a reply length check.

This is due to the interconnecting components, the title one depends on the
body which means that this decision making is passed along each time, even
if the title does not need it strictly.

Anyway...

This optimisation has 3 parts:

1. If the composer string is super long (10000 chars) we will bypass, quote
stripping and space squashing.

2. Quote stripping is now done much more efficiently, we strip them all in
one go

3. Space squashing eg: `hello    world` to `hello world` is done in an
efficient loop to avoid needing to generate superflous strings that need
GC
2019-08-22 11:56:38 +10:00
Kris 2d5b928da9 UX: Layout fix for category boxes w/ long subcategory names 2019-08-21 20:03:34 -04:00
Penar Musaraj 14cdb01254 FIX: Allow topic edits when using a hidden tag
Previously, a regular user could not edit the title or category
of a topic if a hidden tag had already been applied.

This also stops hidden tag names from leaking in the error message.
2019-08-21 16:33:01 -04:00
Gerhard Schlager 00b75b4f4e FIX: Don't try to delete staged, unused admins and mods 2019-08-21 15:29:51 +02:00
Daniel Waterworth d59746cdc1 SECURITY: Don't send CSRF token in query string
The token is already present in the headers thanks to the csrf-token
initializer.
2019-08-21 13:16:38 +01:00
Gerhard Schlager cc7b24b88b FIX: Regularly reset unknown extension of uploads
Discourse will try to detect the extension the next time the upload is needed. Maybe there was just a transient error the last time.
2019-08-21 10:23:20 +02:00
Sam Saffron 719a93c312 FEATURE: treat theme_uploads as settings in JavaScript
This change allows themes and components access to theme assets.

This means that inside theme js you can now get the URL for an asset with:

```
settings.theme_uploads.name
```
2019-08-21 16:51:10 +10:00
Rafael dos Santos Silva 72c2818655 FIX: Limit PWA install banner to Android for now 2019-08-20 14:47:17 -03:00
Vinoth Kannan 5bd6b70d98
DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
romanrizzi 36425eb9f0 Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)"
This reverts commit 5dda5c2f7c.
2019-08-20 13:29:22 -03:00
Roman Rizzi 5dda5c2f7c
FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"

This reverts commit 67f5cc1ce8.

* FIX: Read indicator only appears when the group setting is enabled
2019-08-20 11:57:25 -03:00
romanrizzi 67f5cc1ce8 Revert "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 1630dae2db.
2019-08-20 10:24:34 -03:00
Roman Rizzi 1630dae2db
FEATURE: Publish read state on group messages. (#7989)
* Enable or disable read state based on group attribute

* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post

* The option can be enabled/disabled from the UI

* The read indicator will live-updated using message bus

* Show read indicator on every post

* The read indicator now shows read count and can be expanded to see user avatars

* Read count gets updated everytime someone reads a message

* Simplify topic-list read indicator logic

* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
2019-08-20 09:46:57 -03:00
Joe 15e70cc4b4
UX: prevents non-lightboxed images in quotes from stretching/squeezing (#8021) 2019-08-20 18:59:02 +08:00
Rishabh f1f1fd4690 DEV: Remove unused "Email Reject No Account" template (#8022) 2019-08-20 12:43:51 +02:00
Régis Hanol 53667a01c2 FIX: ensure extra locales are only available to staff 2019-08-20 12:38:46 +02:00
Régis Hanol d18c9b2d4d FIX: ensure offset is always positive 2019-08-20 12:03:16 +02:00
Sam Saffron 8db38de9d7 SECURITY: add rate limiting to anon JS error reporting
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.

This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
2019-08-20 11:29:11 +10:00
Rafael dos Santos Silva 0a5b332b8c
FEATURE: Incorporate PWA install prompt into Discourse UI (#8013)
* FEATURE: Incorporate PWA install prompt into Discourse UI

This is mainly done so Discourse forums stop nagging people to install
on the very first visits to a website.

We will prevent the native install "mini-info" bar from ever appearing,
capture the event that pops with it, and delay it until the user meets
our criteria, which currently is trust_level 1.

If the event happens and the user meets our criteria we show a Discourse
alert banner proposing the install to the user. Dismissal of the banner
is recorded so the user ins't bothered anymore on the same device.


Co-Authored-By: Gerhard Schlager <mail@gerhard-schlager.at>
Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-08-19 14:09:21 -03:00
Joffrey JAFFEUX 6f70138f4a
DEV: injects router in customHref/customFilter of addNavigationBarItem (#8018) 2019-08-19 18:33:12 +02:00
Dan Ungureanu 0b1146add4
UX: Hide "Create Tag" option if user cannot create tag. (#7723) 2019-08-19 11:40:56 +03:00
Joffrey JAFFEUX 1a731dcff1
FIX: prevents mobile nav to create an error when unregistering click events (#8016)
This what happening when clickin on "All groups", as it was trying to get element of a destroying component.
2019-08-19 09:33:54 +02:00
Sam Saffron 47638ffea4 Merge branch 'master' of github.com:discourse/discourse 2019-08-19 17:21:17 +10:00
Sam Saffron accbbded15 PERF: avoid N+1 on topic view
Serializer is injecting information into cooked and reaching direct to
custom fields that were not preloaded

This amends it so basic post serializer can use the proper interface

That said we should probably follow this up so we don't reach for this
info on every post.
2019-08-19 17:20:56 +10:00
Arpit Jalan 24f94c40a6 SECURITY: don't reveal category details to users that do not have access 2019-08-19 12:38:28 +05:30
Joffrey JAFFEUX 897cdfb596 FIX: uses simpler pattern for custom href on extra nav items (#8015)
THe main advantage of this solution is that it will be called on each rerendered whereas the other is not once href has been set.

Example API:
```
      api.addNavigationBarItem({
        name: "foo",
        displayName: "Foo",
        customHref: function(category, args) {
          const router = api.container.lookup("service:router");
          const queryParams = { bar: "1" };
          return router.urlFor(router.currentRouteName, category, {
            queryParams
          });
        }
      });
```
2019-08-19 16:27:16 +10:00
Blake Erickson 2fd654a4ae Ran prettier to fix build
Not sure why lefthook didn't pick this up before on my previous commit,
but manually running prettier found this.

Followup to: 893d30fb92
2019-08-16 13:03:01 -06:00
Blake Erickson 893d30fb92 REVERT: External auth when redeeming invites
Reverting this commit:

87a0a6664e

because I'm extracting all of this logic into a plugin instead.
2019-08-16 12:44:14 -06:00
Dan Ungureanu df6630f868
FIX: J/K navigation resets current selection when scrolling fast.
Sometimes, when keeping J or K pressed and scrolling fast, the current
selection would go out of the viewport for a few moments and the
algorithm would try selecting the "best" element that is in viewport.

This bug is reproducible only on certain machines. For example, Linux
machines seem to be passing key events faster to the browser.
2019-08-16 17:28:25 +03:00
Joffrey JAFFEUX 936d4ce17a
FEATURE: favorites emojis will also show in composer autocomplete (#8011) 2019-08-16 11:47:03 +02:00
Sam Saffron 9a9e31f927 FIX: properly set notification levels on group invite
Previously we relied on side effects to set tracking state correctly
when inviting groups to messages

Also has a minor optimisation in that we use pluck instead of pulling in
full record
2019-08-16 18:23:51 +10:00
Sam Saffron a590061aae FIX: when inviting groups to message respect tracking state
Previously we would unconditionally issue an "invited_to_pm" notification
to all non muting users.

New behavior

- Watching and Watching first post get notified
- Tracking get a new "summary" message
- The rest get nothing

This is consistent with topic creation and way clearer
2019-08-16 17:22:18 +10:00
tshenry 82e07cb0f4 UX: Consistent placement of category-title-before plugin outlet (#8010) 2019-08-16 09:04:50 +10:00
Robin Ward b4878cde6f FEATURE: Add a webhook for user notifications
If enabled, this will fire a webhook whenever a user's notification has
been created. This could potentially be a lot of data depending on your
forum, and should be used carefully since it includes everything all users
will see in their feeds.
2019-08-15 14:47:25 -04:00
Joffrey JAFFEUX 00b91de5e8 DEV: allows customHref for extra nav items (#8012)
* DEV: allowes customHref for extra nav item

* linting

* uses value not key
2019-08-15 12:26:21 -06:00
Robin Ward b8f21ea962 FIX: Explicitly require `topic_query_params` 2019-08-15 13:54:52 -04:00
Robin Ward 23367e79ea
FEATURE: Embed topics list on remote sites via Javascript API. (#8008)
This adds support for a `<d-topics-list>` tag you can embed in your site
that will be rendered as a list of discourse topics. Any attributes on
the tag will be passed as filters. For example:

`<d-topics-list discourse-url="URL" category="1234">` will filter to category 1234.

To use this feature, enable the `embed topics list` site setting. Then
on the site you want to embed, include the following javascript:

`<script
src="http://URL/javascripts/embed-topics.js"></script>`

Where `URL` is your discourse forum's URL.

Then include the `<d-topics-list discourse-url="URL">` tag in your HTML document and it will
be replaced with the list of topics.
2019-08-15 13:41:06 -04:00
Joffrey JAFFEUX 0a6d1b687c FIX: ensures reports can't modify records (#8006) 2019-08-15 17:27:53 +10:00
Kris f7c648e3af update color variable 2019-08-14 22:57:13 -04:00
Sam Saffron e53a171916 FIX: hold s3 related distributed locks longer
These operations are pretty expensive and can take multiple minutes due to
networking.

Hold distributed mutex for much longer.
2019-08-15 11:48:44 +10:00
Joffrey JAFFEUX a5542768ea
FIX: attempts to use params from addDiscoveryQueryParam (#8007)
This commit will for example allow this:

```
api.addDiscoveryQueryParam("my_param", { persist: true });
```

If you page is forum.foo.bar/?my_param=1, when clicking on an "unread" link for example this query string will be kept.
2019-08-14 19:56:02 +02:00
Vinoth Kannan 88359b0f16
FEATURE: add support for group members visibility level (#8004)
There are 5 visibility levels (similar to group visibility)

public (default)
logged-in users
members only
staff
owners

Admins & group owners always have visibility to group members.
2019-08-14 19:00:04 +05:30
David Taylor 92f2202e4a SECURITY: Restrict message-bus access on login_required sites 2019-08-14 09:43:12 +01:00
Bianca Nenciu ba396a5384
DEV: Use ResultSet with staff action logs. (#7661) 2019-08-13 20:55:05 +03:00
David Taylor 961213ba52 FIX: Correct ordering for post_edits report, and remove query limit 2019-08-13 16:53:16 +01:00
David Taylor 572e928cba FIX: Correct query for post_edits dashboard report
- Use query builder to improve readability
- Remove subquery, so that all `where` filters happen alongside the limit
- Add 'edited at' column to the report
2019-08-13 16:11:17 +01:00
Jarek Radosz 6a65e5312b FEATURE: Add a preview to the poll builder (#7988)
* FEATURE: Add a preview to the poll builder

* Use selectKit helper in the poll preview test

* Extract the mobile-specific poll builder form CSS
2019-08-13 09:49:40 -04:00
Sam Saffron 1358339bf9 lint file
$window no longer used in panStart followup on 7877383e
2019-08-13 11:13:59 +10:00
Jeff Wong 7877383e62
FIX: RIP swipe-in menus on Android (#7997)
In later versions of android, swipe-in from the sides on android triggers
forward/back functionality. We can no longer trigger menu swipes on android

https://www.androidcentral.com/android-q-getting-rid-back-button-side-swipe-gesture
2019-08-12 17:30:18 -07:00
David Taylor 213b7d19d9 UX: Fallback to unlocalized auth provider name if required 2019-08-13 01:22:02 +01:00
Gerhard Schlager 2a95c5c5d6 FIX: Don't update `watching_first_post` notifications when moving first post
The first post isn't moved. It gets copied during a move. Notifications of this special type should still link to the original first post.
2019-08-12 22:59:43 +02:00
Kyle Zhao ca7f1dabbf REFACTOR: user-menu-links widget for extensibility (#7996) 2019-08-12 14:01:59 -04:00
Gerhard Schlager d686318133 FIX: Prevent failed remaps during restores
Additional changes:
* Verbose logging of remaps during restores
* Exclude the backup_metadata table from restores
2019-08-12 17:15:01 +02:00
Kris 1232889b30 UX: Prevent twitter onebox iframes from being taller than mobie viewport 2019-08-12 11:03:54 -04:00
David Taylor d348368ab6
FEATURE: Allow themes to override color transformation variables (#7987)
Theme developers can now add any of the transformed color variables to their color scheme in about.json. For example

```
  "color_schemes": {
    "Light": {
      "primary": "333333",
      "secondary": "ffffff",
      "primary-low": "ff0000"
    }
  },
```

would override the primary-low variable when compiling SCSS for the color scheme. The primary-low variable will also be visible in administrator color palette UI.
2019-08-12 11:02:38 +01:00
David Taylor 750802bf56
UX: Improve error handling for common OmniAuth exceptions (#7991)
This displays more useful messages for the most common issues we see:
- CSRF (when the user switches browser)
- Invalid IAT (when the server clock is wrong)
- OAuth::Unauthorized for OAuth1 providers, when the credentials are incorrect

This commit also stops earlier for disabled authenticators. Now we stop at the request phase, rather than the callback phase.
2019-08-12 10:55:02 +01:00
Joffrey JAFFEUX 731f61a818
UX: modifies admin email template to have more space for the form (#7993) 2019-08-12 10:27:25 +02:00
Jeff Wong 4cd0cd2f8e FIX: Blank second factor gets default name 2019-08-11 22:13:33 -07:00
Blake Erickson d7c73ded14 Ran prettier to clean up some formatting
Follow up to:

https://review.discourse.org/t/feature-external-auth-when-redeeming-invites/5152?u=blake
2019-08-11 19:00:52 -06:00
Blake Erickson 87a0a6664e FEATURE: External auth when redeeming invites
This feature (when enabled) will allow for invite_only sites to require
external authentication before they can redeem an invite.

- Created hidden site setting to toggle this
- Enables sending invites with local logins disabled
- OAuth button added to invite form
- Requires OAuth email address to match invite email address
- Prevents redeeming invite if OAuth authentication fails
2019-08-11 12:20:02 -06:00
Joffrey JAFFEUX 3503758599
FIX: polyfills String.prototype.repeat for IE (#7994) 2019-08-10 20:39:04 +02:00
Gerhard Schlager e4f14ca3d7 FIX: Disallow user self-delete when user posted in PMs
All posts created by the user are counted unless they are deleted,
belong to a PM sent between a non-human user and the user or belong
to a PM created by the user which doesn't have any other recipients.

It also makes the guardian prevent self-deletes when SSO is enabled.
2019-08-10 12:30:16 +02:00
Kris 9f445bec09 use color variables 2019-08-09 20:53:59 -04:00
romanrizzi d01c938e1a Revert "FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element."
This reverts commit 50afe59306.
2019-08-09 11:35:22 -03:00
romanrizzi 50afe59306 FIX: Use #dup instead of #+@ since content could be an instance of Nokogiri::XML::Element. 2019-08-09 11:13:09 -03:00
David Taylor 922c40f87c UX: Clear username when opening ignore duration modal 2019-08-08 16:31:34 +01:00
Dan Ungureanu 3008ecccbd FIX: Notify on Reviewable update. (#7980)
If a post is flagged after an action was already performed on it, it
will update the previous Reviable instance and not create a new one.
The notification logic was implemented in the :create callback which was
completely skipped in this case.
2019-08-08 16:04:34 +02:00
David Taylor 6d3d08daad UX: Hide login/signup header buttons during authentication flows 2019-08-08 13:57:18 +01:00
David Taylor 3b8c468832 SECURITY: Require POST with CSRF token for OmniAuth request phase 2019-08-08 11:58:00 +01:00
David Taylor 7bd54eaceb
UX: Add login button icon to no_ember page (#7982) 2019-08-08 10:44:04 +01:00
Joffrey JAFFEUX 5d72561f4f
FIX: allows replacement of digits and symbols emojis (#7978) 2019-08-07 11:38:58 +02:00
Kris 9e248de02a slightly better button wrapping when list controls are long 2019-08-06 23:44:44 -04:00
Sam Saffron 2408d55551 FIX: embedding topics would fail with some HTML
When truncating content we try to search for first paragraph, if HTML had
no P it would fallback to first div which may have nested elements.
2019-08-07 12:45:55 +10:00
Sam Saffron 3c44e54c3f DEV: followup on secure category mention
Follows up on #f7809207

- Priority mention support only available for groups with less than 500 members
- Proper use attribute on model
2019-08-07 10:31:25 +10:00
Robin Ward f1b3e72581 FIX: Don't hide/close topics if they don't meet minimum visibility
There are situations where depending on site settings, actions could be
taken due to flags (for example, hiding a post) but those actions were
not visibile in the review queue due to visibility settings.

This patch makes sure that the minimum score required for an action such
as hiding a post needs to meet the visibility for a moderator to see it.
2019-08-06 15:36:39 -04:00
Roman Rizzi 44ad8ee39b
FIX: Use unescaped title as combo-box id (#7979) 2019-08-06 16:27:01 -03:00
Neil Lalonde 4b9d35cd0e FEATURE: add option to always send excerpts in emails
Enable the new setting "post excerpts in emails" to send excerpts
instead of complete posts in notification emails. Control the length of
excerpts with the "post excerpt maxlength" setting.
2019-08-06 12:45:28 -04:00
Joffrey JAFFEUX a475c384d8
FIX: ensures flag-ratio report shows users with disagreed > agreed (#7977)
Without causing a division by zero error
2019-08-06 15:02:45 +02:00
Bianca Nenciu 37e7998a82
FEATURE: Send notification when member was accepted to group. (#7614) 2019-08-06 13:29:46 +03:00
Bianca Nenciu b60b2a342f
FIX: Show membership requests link just for group owners. (#7543) 2019-08-06 13:28:22 +03:00
Sam Saffron f780920759 FEATURE: mention in secure category to prioritize groups
This feature allows @ mentions to prioritize showing members of a group who
have explicit permission to a category.

This makes it far easier to @ mention group member when composing topics in
categories where only the group has access.

For example:

If Sam, Jane an Joan have access to bugs category.

Then `@` will auto complete to (jane,joan,sam) ordered on last seen at

This feature works on new topics and existing topics. There is an explicit
exclusion of trust level 0,1,2 groups cause they get too big.
2019-08-06 17:57:56 +10:00
Joffrey JAFFEUX d8dfa87f24
UX: improves dates on reports export UI (#7971)
- show it's UTC
- allows future
- shows date in more human readable format
2019-08-06 08:41:21 +02:00
Joffrey JAFFEUX 8390f230b8
FIX: allows copy pasting file in composer with chrome (#7969) 2019-08-06 08:41:04 +02:00
Rafael dos Santos Silva 6dfb2165ae FIX: Syntax error in b1f5949 2019-08-05 16:07:49 -03:00
Rafael dos Santos Silva b1f5949868 FIX: Make the workbox path compatible with multisite
Closes
https://meta.discourse.org/t/full-url-in-assets-erb-file-multisite-issues/124393?u=falco
2019-08-05 15:00:41 -03:00
David Taylor e6831afea1
FIX: Composer preview on IE11 (#7970)
Add the Array.from polyfill for IE11. This is required to support the transpiled ES6 spread syntex generated by babel: https://babeljs.io/docs/en/caveats/
2019-08-05 14:21:58 +01:00
Gerhard Schlager 2c08d43539 UX: Use shorter weekday labels in date picker 2019-08-05 14:12:27 +02:00
Faizaan Gagan 387016ea9b fixed a small typo in the function's doc comment (#7965) 2019-08-05 12:24:49 +10:00
Kyle Zhao 1bb5266437 FIX: Rename deprecated "refresh" icon to "sync" (#7966) 2019-08-05 12:21:51 +10:00
Rafael dos Santos Silva 272b38a573
FIX: Better detection of Apple browsers (#7961)
Introduces isIpadOS to our capabilities sniffer, which is currently
compatible with latest iPad beta OS. Older iPad versions will match our
isIOS detection.

Using this new feature, fixes the service worker being blocked in Google
Chrome, Firefox and other browsers while running on Mac OS, where they
work just fine. This enables Desktop PWA install in Mac OS.
2019-08-02 12:43:25 -03:00
David Taylor 06e757245f FEATURE: Add a test facility to the watched words admin interface 2019-08-02 15:29:12 +01:00
David Taylor 39e0442de9 FIX: Various watched words improvements
- Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback)
- Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins
- Censor tests are moved to ruby, to ensure everything works end-to-end
- If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
2019-08-02 15:29:12 +01:00
Gerhard Schlager 50db6a1d62 FIX: Correctly update replies when first post gets moved 2019-08-01 22:07:21 +02:00
Gerhard Schlager 4113b57cfe REFACTOR: Use less queries when moving posts 2019-08-01 22:04:45 +02:00
Robin Ward f57fdee2f6 FIX: Modal `onClose` was being called repeatedly
This happened because the modal controller was not clearing the `name`
attribute, which is used for looking up the controller to call `onClose`
on.

Every page navigation would call the method over and over, breaking
state in odd ways.
2019-08-01 15:42:43 -04:00
Robin Ward 6f367dde26
UX: Rename "Keep Post" to "Keep Post Hidden" when hidden (#7767)
* UX: Rename "Keep Post" to "Keep Post Hidden" when hidden

This is based on this feedback:
https://meta.discourse.org/t/category-group-review-moderation/116478/19

When a post is hidden this makes the operation much more clear.

* REFACTOR: Better support for aliases for actions

Allow calls on alias actions and delegate to the original one.
This is less code but also simplifies tests where the action might
be "agree_and_keep" or "agree_and_keep_hidden" which are the same.
2019-08-01 11:23:23 -04:00
Guo Xiang Tan 7bd93eba3e FIX: Gravatar uploads being dependent on authorized_extensions. 2019-08-01 16:24:09 +08:00
Joe 8531056ad5
UX: style fixes for admin digest email preview page (#7959)
* code formatting: Nothing changed in this commit except code formatting

* adds classes to digest refresh button

* adds margins to digest refresh button

* removes line break tags and uses CSS margins instead
2019-08-01 14:37:42 +08:00
Arpit Jalan 1481ea640c FIX: better error message on username update from Admin user page. 2019-08-01 10:23:42 +05:30
Régis Hanol fe645c0f0b UX: remove confusing border on ignored users list 2019-07-31 17:39:28 +02:00
David Taylor d1434b6600 DEV: Remove unused imports 2019-07-31 16:21:02 +01:00
David Taylor 49bce0ccdb DEV: Remove unused action from user preferences controller
This is no longer used following d8ff94ecaa
2019-07-31 16:15:23 +01:00
Rishabh dcb47d902b
REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications (#7958)
* REFACTOR: Rename SiteSetting.disable_edit_notifications to disable_system_edit_notifications

- The older name could cause some confusion because the setting does not disable all edit notifications, only system ones.

* FIX: Add frozen_string_literal: true in the migration

* DEV: Deprecate 'disable_edit_notifications'
2019-07-31 20:20:41 +05:30
David Taylor a49b7bb84a FIX: Prevent user-notifications-dropdown from causing unintended changes
It was setting the `onClose` property of the singleton modal controller, which would then persist until the next full page reload
2019-07-31 15:38:47 +01:00
Osama Sayegh 13e74151a9
FEATURE: list category moderators on the about page (#7916)
https://meta.discourse.org/t/category-group-review-moderation/116478?u=osama
2019-07-31 16:46:58 +03:00
Guo Xiang Tan 8a6ee09008 FIX: `Post#each_upload_url` yields incorrect path to block when CDN is enabled. 2019-07-31 10:00:52 +08:00
Neil Lalonde 43365a2bf1 Fix some broken styles 2019-07-30 16:46:20 -04:00
Neil Lalonde 9656a21fdb
FEATURE: customization of html emails (#7934)
This feature adds the ability to customize the HTML part of all emails using a custom HTML template and optionally some CSS to style it. The CSS will be parsed and converted into inline styles because CSS is poorly supported by email clients. When writing the custom HTML and CSS, be aware of what email clients support. Keep customizations very simple.

Customizations can be added and edited in Admin > Customize > Email Style.

Since the summary email is already heavily styled, there is a setting to disable custom styles for summary emails called "apply custom styles to digest" found in Admin > Settings > Email.

As part of this work, RTL locales are now rendered correctly for all emails.
2019-07-30 15:05:08 -04:00
Joe 340173eb12 DEV: consistent theme lookup in application / crawler / no-ember views (#7955)
* removes `raw` helpers

* include theme footer in the crawler view

* include theme body tag content in no-ember pages
2019-07-30 19:00:46 +02:00
tshenry 7ebb3503a3 UX: Make profile views consistent with other elements (#7956)
* UX: Make profile views consistent with other elements

* Spaces not tabs
2019-07-30 09:23:37 -04:00
Sam Saffron 5feb342914 Revert "FEATURE: add Noindex to robots.txt for disallowed routes"
This reverts commit d84256a876.

This is not supported by Google and causes robots.txt to be flagged as
invalid

Removing Noindex
2019-07-30 11:33:38 +10:00
Osama Sayegh 70bd8e2dad
UX: Show a warning when admin clicks save without adding group when changing category permissions (#7947)
* UX: Show a warning when admin clicks save without adding group when changing category permissions

* Use div rather than pseudo element

* Don't pass controller to component

* Use observer instead of a delay

* Refactor

* Rename to validator

* validator is much better than saveValidator
2019-07-29 21:53:31 +03:00
Kris 36cb5f3038 UX: Increase contrast of pinned/tracking reason text, improve layout 2019-07-29 11:54:23 -04:00
Guo Xiang Tan ef46231214 Fix the build. 2019-07-29 20:02:18 +08:00
Guo Xiang Tan faea594436 DEV: Extract common regexps for multisite. 2019-07-29 19:01:36 +08:00
David Taylor d4acd35466
FEATURE: Sync unread state live to topic lists (#7933) 2019-07-29 10:28:42 +01:00
Guo Xiang Tan 8a64b0c8e8 Revert "DEV: Remove unused kwarg and properly check for local missing uploads."
This reverts commit 97769f3d02.

The code is confusing but this change is quite risky. Defer for now
until we can look at it properly.
2019-07-29 14:35:34 +08:00
Guo Xiang Tan 97769f3d02 DEV: Remove unused kwarg and properly check for local missing uploads. 2019-07-29 14:21:06 +08:00
Guo Xiang Tan 49d9557337 Revert commit that was pushed by mistake.
This reverts commit c7516c42e9.
2019-07-29 11:04:38 +08:00
Guo Xiang Tan c7516c42e9 Revert "FIX: reverts #18e2816 (#7940)"
This reverts commit c7b146cbdf.
2019-07-29 09:18:53 +08:00
David Taylor 3324747afe UX: Improve account association when account description is missing 2019-07-27 16:37:21 +01:00
Rafael dos Santos Silva 1922d4bf78 PERF: Add more constraint on the Cache Storage usage
Only restricting cache per age wasn't enough for instances with lots of
multimedia usage and high number of posts.

MaxEntries is also more effective on cleanup, and purgeOnQuotaError
advertise that Discourse cache can be purged if necessary.

https://developers.google.com/web/tools/workbox/guides/storage-quota
2019-07-27 11:52:21 -03:00
Julien Ma dcb0e5f1e5 Fix "Host is invalid" error when TLD >10 chars (#7948)
Related to https://meta.discourse.org/t/host-is-invalid-error-when-tld-is-longer-than-7-characters/46081.

Using Discourse `v2.4.0.beta2 +119`, I can't add an host (when embedding, cf. `/admin/customize/embedding`) ending with `.engineering`.
Turns out current regex limits to 10 characters.

Fix is dumb: it only allows for up to 24 chars, which is the **current** max TLD length, see https://stackoverflow.com/a/22038535/1907212.

---

Maybe a better (and longer-term) fix would be to allow for up to 64 chars, which I understand comes from the RFC.
I'm not at ease with regexes, so can't be sure about it, but [this suggestion](https://meta.discourse.org/t/host-is-invalid-error-when-tld-is-longer-than-7-characters/46081/8?u=julienma) seems pretty good:

> rules of DNS labels are:
>
> - All labels are 1 to 63 characters, case insensitive A to Z, 0 to 9 and - (hyphen), all from ASCII.
> - No labels may start with a hyphen.
> - No top level domain label may start with a number.
>
>That means a regexp for a valid domain name would look like:
>
>`/^([a-z0-9][a-z0-9-]{0,62}\.)+[a-z][a-z0-9-]{0,62}\.?$/`
>
>Domains that are just a TLD are sufficiently bizarre as to be worth ignoring.
2019-07-26 16:29:48 -04:00
Penar Musaraj 042f7184f1 DEV: Display FA 4.7 deprecation notice in all environments
FA 4.7 icon mapping will be removed soon.
2019-07-26 15:25:20 -04:00
Penar Musaraj f408c583e8 DEV: Remove lightbox CSS rules 2019-07-26 10:57:22 -04:00
Osama Sayegh 525920a979
FIX: Better error when SSO fails due to blank secret (#7946)
* FIX: Better error when SSO fails due to blank secret

* Update spec/requests/session_controller_spec.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-26 17:37:23 +03:00
Joffrey JAFFEUX fe7f0982af
DEV: attemps to limit Discourse.User.current() usage (#7943) 2019-07-26 11:20:11 +02:00
Arpit Jalan 0603636cea FIX: include default label when exporting reports 2019-07-26 12:57:13 +05:30
Kris 0f4fa98a82 Margin applied too broadly, caused extra space on like-count 2019-07-25 16:00:13 -04:00
Gerhard Schlager fd12c414e7 DEV: Refactor helper methods for upload markdown
Follow-up to a61ff167
2019-07-25 16:36:35 +02:00
Vinoth Kannan 2ba4de2d45 REVERT: DEV: should ignore missing post uploads when a user export destroyed
Reverts 793915fe6a. We no longer need this since we're destroying each posts in commit 028121b95b.
2019-07-25 19:41:25 +05:30
Kyle Zhao 0e1d6151b9 FIX: Frozen string error in `TopicEmbed.import` (#7938)
When `SiteSetting.embed_truncate` is enabled (by default), the truncated
string is mutatable and does not raise an error.

However, when the setting is disabled, the `contents` string is frozen
and immutable, and will raise a `FrozenError`.
2019-07-25 09:21:01 -04:00
Gerhard Schlager a61ff16740 DEV: Make attachment markdown reusable 2019-07-25 14:04:18 +02:00
David Taylor 4f1382a54a FIX: Hide live-loaded posts from ignored users 2019-07-25 12:01:29 +01:00
Joffrey JAFFEUX 0c7df55686
DEV: uses router.currentRouteName instead of application (#7942)
https://deprecations.emberjs.com/v3.x/#toc_application-controller-router-properties
2019-07-25 12:50:30 +02:00
Joffrey JAFFEUX 1dde6a5355
DEV: prevents post.siteSettings computed property to be overridden (#7941)
This happens when loading a post from a json object and is a behavior which will be impossble in future Ember updates.
2019-07-25 11:54:23 +02:00
Joffrey JAFFEUX c7b146cbdf
FIX: reverts #18e2816 (#7940) 2019-07-25 11:14:23 +02:00
Osama Sayegh 997add3af9
DEV: Add extension point to allow modifying SSO URL (#7937)
This allows plugins to, for example, add extra query params to the SSO URL when discourse redirects to to the SSO website.
2019-07-25 00:18:27 +03:00
Joffrey JAFFEUX c1d2fb115c
DEV: prevents staff computed property to be overridden (#7931) 2019-07-24 22:01:08 +02:00
Kris 2ab022494a UX: Add expanded/collapsed class to post-controls (#7932) 2019-07-24 10:08:59 -04:00
Joffrey JAFFEUX 1d38bf7e2c
DEV: removes deprecated property() usage from topic-footer-button api (#7930) 2019-07-24 13:55:18 +02:00
Joffrey JAFFEUX e83dcfdb7b
DEV: ensures application.hbs is using router currentPath (#7929) 2019-07-24 13:33:59 +02:00
Joffrey JAFFEUX e444ce7ccd
REFACTOR: this.$() deprecation (#7928) 2019-07-24 13:17:36 +02:00
David Taylor 0a6cae654b SECURITY: Add confirmation screen when connecting associated accounts 2019-07-24 10:28:15 +01:00
Joffrey JAFFEUX 02e27b5cff
UX: fixes onebox favicon vertical alignment (#7926) 2019-07-24 09:40:32 +02:00
Osama Sayegh 8b5f44a9a7
FIX: apply defaults constraints to routes format (take 2) (#7920)
Reapplies 7d01c5de1a
2019-07-23 20:17:44 +03:00
Saurabh Patel 9e0a3b8229 bug: keep query params present in auth_redirect (#7923)
https://meta.discourse.org/t/user-api-keys-payload-and-existing-query-string-leads-to-a-double-question-mark/123617
2019-07-23 12:16:03 -04:00
Kris 3fdc10337d follow up fix to 7d27b8b 2019-07-23 11:37:34 -04:00
Kris 7d27b8bb8c add class for extra post buttons 2019-07-23 11:32:04 -04:00
Joffrey JAFFEUX e117b10ea8
FIX: improves tags checking when updating category of topic (#7921)
- will ensure this tag is not restricted to another category, and not only ensure this category can use it
- will clean tags param, in case client is sending an empty array, eg: [""], this could be solved client-side, but we ensure it won't happen ever this way
2019-07-23 17:06:25 +02:00
Joffrey JAFFEUX 8a9ce7336d
FIX: removes uncategorized context if not allowed in composer (#7922) 2019-07-23 17:05:49 +02:00
Saurabh Patel 4bc5ccf7e4 BUG: send featuredLink as featured_link to backend to update correct … (#7915)
* BUG: send featuredLink as featured_link to backend to update correct value
https://meta.discourse.org/t/editing-a-topic-link-does-not-change-its-featured-link/123007

* review fix
2019-07-23 09:49:04 -04:00
Gerhard Schlager 845fd42153 FIX: Update reply count when moving posts 2019-07-22 21:42:24 +02:00
Gerhard Schlager 271ddac467 FIX: Delete notifications users can't see after moving posts
No need to let notifications stay around when users can't access
a topic after it was converted into a PM or posts were moved
into a restricted topic.

Also makes sure that moving to a new topic correctly uses the
guardian for the first post by enqueuing jobs outside of a
transaction.
2019-07-22 19:02:21 +02:00
Gerhard Schlager 1235105c03 FIX: Old notifications didn't link to correct post after moving post 2019-07-22 17:38:45 +02:00
Osama Sayegh 5fc5a7f5ae FEATURE: Add search operator to see all direct messages from a user (#7913)
* FEATURE: Add search operator to see all direct messages from a user

* Only show message if related messages >= 5

* Make "all messages" the hyperlink

* Review
2019-07-22 10:55:49 -04:00
Saurabh Patel 08b48b2ba6 add user avatar to user crawler layout (#7917) 2019-07-22 10:52:35 -04:00
Kris f1dd7d05e4 Update fa to d-icon for buttons, add icon space 2019-07-22 10:31:21 -04:00
Kris 8ee48d8933 UX: Improve layout of long tag headings on mobile 2019-07-22 10:08:03 -04:00
Osama Sayegh f14c6d81f4
FEATURE: Watched words improvements (#7899)
This commit contains 3 features:

- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.

- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)

- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.

-------

This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
2019-07-22 14:59:56 +03:00
Joffrey JAFFEUX 67650328b4
FIX: allows to specify camelCased attributes in wrap component (#7919) 2019-07-22 09:24:27 +02:00
Gerhard Schlager 651a5b6e40 SECURITY: Validate backup chunk identifier 2019-07-22 08:43:16 +02:00
Roman Rizzi eb26bee046
DEV: group_list site settings should store IDs instead of group names (#7860)
* DEV: group_list site settings should store IDs instead of group names

* Ship site setting to know when we should migrate group_list settings

* Migrate existing group_list site settings

* Bump migration timestamp and don't set null when migrating is not possible.
2019-07-19 15:17:58 -03:00
Robin Ward e47e0af123
FEATURE: Allow viewing of raw emails for reviewable queued posts (#7910)
If a post arrives via email but must be reviewed, we now show an
icon that can be clicked to view the raw contents of the email.

This is useful if Discourse's email parser is acting odd and the user
reviewing the post wants to know what the original contents were before
approving/rejecting the post.
2019-07-19 11:56:14 -04:00
Robin Ward 8dd3cbfcb9
FEATURE: Allow choice of category when making a PM public (#7907)
* FEATURE: Allow choice of category when making a PM public

Previously it would default to uncategorized, which was not ideal on
some forums. This gives the staff member more choice about what they'd
like to do.

* Make the optional category more explicit

* Joffrey's feedback
2019-07-19 11:52:50 -04:00
Kris 9075789783 IE11 fix for b73bd7f 2019-07-19 11:46:20 -04:00
Bianca Nenciu 9ba2c7cd8b
FIX: Set a minimum reading time per post. (#7842)
Topics containing only images could generate a reading time of zero minutes.
2019-07-19 18:15:38 +03:00
Kris 5a3a6824c4 UX: Refactor avatar upload modal for better mobile spacing 2019-07-19 10:39:38 -04:00
Arpit Jalan 1f1b3e99d1 UX: update invite 'not found' message 2019-07-19 16:39:44 +05:30
Arpit Jalan 2f6ce29736 FIX: do not request refresh on 'log out all' request 2019-07-19 16:24:58 +05:30
Dan Ungureanu 30c491500a
FEATURE: Permit users who had no penalties in last 6 months to be TL3. (#7892)
Previously, users who had any penalties (were silenced or suspended)
were not allowed to promote to Trust Level 3.

There is also a more subtle change here: if users were silenced or
suspended and then the operation was reverted (user was un-silenced
or un-suspended), then it would have been like the user was never
penalized in the first place. This is no longer the case. To forgive a
user earlier, administrators can use "Clear Penalty History" feature.

Lastly, Jobs::UnsilenceUsers will automatically unsilence any users who
should no longer be silenced (silenced_till < now()). This made it so
silence_count - unsilence_count == 0 for any user who is not silenced,
which defeated the purpose of this TL3 requirement.
2019-07-19 12:46:10 +03:00
Bianca Nenciu 9f500a4ff4
FIX: Show same username or name for post notices. (#7862) 2019-07-19 11:05:48 +03:00
Arpit Jalan eb9155f3fe
FEATURE: send max 200 emails every minute for bulk invites (#7875)
DEV: deprecate `invite.via_email` in favor of `invite.emailed_status`

This commit adds a new column `emailed_status` in `invites` table for
 tracking email sending status.
 0 - not required
 1 - pending
 2 - bulk pending
 3 - sending
 4 - sent

For normal email invites, invite record is created with emailed_status
 set to 'pending'.

When bulk invites are sent invite record is created with emailed_status
 set to 'bulk pending'.

For invites that generates link, invite record is created with
 emailed_status set to 'not required'.

When invite email is in queue emailed_status is updated to 'sending'

Once the email is sent via `InviteEmail` job the invite emailed_status
 is updated to 'sent'.
2019-07-19 11:29:12 +05:30
Blake Erickson d26aa6e71e REFACTOR: Cleanup rake tasks based on feedback
Follow up to: [FEATURE: Create a rake task for destroying categories][1]

- `Discourse.system_user` is my friend
- Remove puts statements from rake tasks that don't return anything
- `for_each` is also my friend
- Use `human_users` to also exclude discobot
- Sort/format categories:list

[1]: 092eeb5ca3
2019-07-18 19:15:01 -06:00
Gerhard Schlager 2ecc613c5d FIX: URL encode usernames in user profile links in RSS feeds
user_url() failed for usernames containing Unicode characters because it expects URL encoded usernames. RSS feeds do not support IRIs, so lets convert them to URIs by encoding the usernames.
2019-07-18 23:18:23 +02:00
Joffrey JAFFEUX 533f5172d7
fix tests (#7912) 2019-07-18 23:15:36 +02:00
Joffrey JAFFEUX 8dfd0e0374 DEV: uses private API for currentPath (#7911)
* DEV: uses with private API for currentPath

router.currentRouteName as a slightly different API and application.currentPath is deprecated

* another fix
2019-07-18 17:00:39 -04:00
Kris e8a14a3a65 Updating breakpoint mixin value name 2019-07-18 16:33:12 -04:00
Vinoth Kannan ad04ce9f43 FIX: remove post upload record creation inside 'find_missing_uploads' method. 2019-07-19 01:44:08 +05:30
Joffrey JAFFEUX 9cdc059a99
fix tests (#7908) 2019-07-18 19:48:12 +02:00
Joffrey JAFFEUX f9c7d5a4bd DEV: removes application.currentPath deprecation (#7905)
See https://deprecations.emberjs.com/v3.x#toc_application-controller-router-properties for more context
2019-07-18 13:29:37 -04:00
Joffrey JAFFEUX 617c74bc79 DEV: remove .property() deprecations (#7906)
More context at https://deprecations.emberjs.com/v3.x#toc_function-prototype-extensions-property
2019-07-18 13:28:23 -04:00
Robin Ward 5e50a24d3a
Fix typo
It's jump-to not jumpt-to
2019-07-18 12:44:35 -04:00
Joffrey JAFFEUX cb84133855
FIX: bugs preventing to close delete account modal with button (#7904) 2019-07-18 18:16:29 +02:00
Kris 0f1a0b45de UX: Fix profile image upload control spacing on mobile 2019-07-18 11:36:24 -04:00
Joffrey JAFFEUX 95ad4f9077
FEATURE: new date/time components (#7898) 2019-07-18 17:29:41 +02:00
Neil Lalonde 194a2b612f FIX: string that can't be translated in watched words UI 2019-07-18 11:07:02 -04:00
Kris d841bff9f8 remove whitespace from twitter onebox 2019-07-18 09:45:09 -04:00
Roman Rizzi f5c707c97a
FEATURE: Gz to zip for exports (#7889)
* Revert "Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)""

This reverts commit f89bd55576.

* Replace .tar.zip with .zip
2019-07-18 09:34:48 -03:00
Joe c1b58613a2
UX: adds <a> tag with href category box titles (#7901)
This Ensures that category titles in category-boxes can be opened in a new tab.
2019-07-18 19:25:39 +08:00
Gerhard Schlager 7e69c5cc36 Revert "FEATURE: Use configured quotation marks in fancy topic title"
This reverts most of commit ce8e099639.

The rake task to update fancy topic titles is still there, because that's useful even without this feature.
2019-07-18 11:55:49 +02:00
Blake Erickson 092eeb5ca3 FEATURE: Create a rake task for destroying categories
Created a rake task for destroying multiple categories along with any
subcategories and topics the belong to those categories.

Also created a rake task for listing all of your categories.

Refactored existing destroy rake tasks to use new logging method, that
allows for puts output in the console but prevents it from showing in
the specs.
2019-07-17 12:44:14 -06:00
Vinoth Kannan 4f0004a0c2 Fix typo in dc6b13e4d2. 2019-07-17 15:54:42 +05:30
Arpit Jalan d4d81515d2 Fix the build. 2019-07-17 12:03:45 +05:30
Arpit Jalan e4d743910d FIX: respect `logout_redirect` setting on 'Log out all' 2019-07-17 11:58:04 +05:30
Vinoth Kannan dc6b13e4d2 FIX: when 'raw' started with non-image upload url it's not converted to short-url.
dd0f0494c6
2019-07-17 11:13:50 +05:30
Vinoth Kannan dd0f0494c6 FIX: convert hotlinked non-image urls to short url.
3840ace978
2019-07-17 09:15:09 +05:30
Rafael dos Santos Silva 2a0cd066a7 FIX: Remove all service workers from Apple devices *again*
There is a bug that when Safari starts up, and reloads the tabs from
the previous session **and** there is a service worker registered for
the scope of the document, all cookies marked as `SameSite=Lax` won't be
sent in the request.

This puts Discourse in a **very** broken state, where:

- You appear as a anon user
- Subsequent xhr requests will come with logged in data
- Refreshing doesn't log you in (cookies are still not sent)
- Clicking on the address bar and hitting enter, will log you in (as it
will finally send those damn `SameSite=Lax` cookies.

Looks a lot like a corner case missed by the fix at
https://trac.webkit.org/changeset/241918/webkit
2019-07-16 19:30:38 -03:00
Penar Musaraj a571efba35
FIX: Rename deprecated icons, allow custom icons in badges
- adds a migration renaming FA4 icon names in badges
- allows all icons to be used in badges (previously was limited to icons prefixed with fa-)
- renames remaining FA 4.7 icons equivalents
2019-07-16 11:13:44 -04:00
David Taylor ed5b31f427 FIX: Recompile extra_js theme assets when COMPILER_VERSION changes (#7897) 2019-07-16 16:34:33 +02:00
Osama Sayegh eff1c19e3b FIX: Fallback to gzip compression if brotli isn't supported (#7895) 2019-07-16 11:05:37 -03:00
Vinoth Kannan 3840ace978 FIX: skip markdown conversion for hotlinked non image urls 2019-07-16 18:05:17 +05:30
Joffrey JAFFEUX b3eb67976d
DEV: Upgrades to Ember 3.10 (#7871)
Co-Authored-By: majakomel <maja.komel@gmail.com>
2019-07-16 12:45:15 +02:00
David Taylor e2fa5704e9 UX: Remove duplicate copy in two-factor preferences 2019-07-16 10:57:11 +01:00
Régis Hanol 7ecbf3865b UX: use SCSS color variables 2019-07-16 11:53:34 +02:00
Michael Brown e8ee392186 Revert "FIX: apply defaults constraints to routes format (#7890)"
This reverts commit 7d01c5de1a.

Trivial get on / was failing with a 404 with this change.
2019-07-15 17:31:24 -04:00
romanrizzi 12e71f1fb2 UX: Swap ignore and mute sections to move the 'Save changes' button to the bottom 2019-07-15 17:30:01 -03:00
OsamaSayegh 8a525cafec UX: Use height relative to the viewport for robots.txt textarea 2019-07-15 19:35:50 +00:00
Rafael dos Santos Silva b505d1d700 DEV: Force workboxjs debug to false on dev env too 2019-07-15 16:07:49 -03:00
Osama Sayegh 7d01c5de1a
FIX: apply defaults constraints to routes format (#7890)
This fixes the problem where if a route ends with a dynamic segment and the segment contains a period e.g. `my.name`, `name` is interpreted as the format. This applies a default format constraints `/(json|html)/` on all routes. If you'd like a route to have a different format constraints, you can do something like this:

```ruby
get "your-route" => "your_controlller#method", constraints: { format: /(rss|xml)/ }

#or
get "your-route" => "your_controlller#method", constraints: { format: :xml }
```
2019-07-15 21:55:11 +03:00
Osama Sayegh 6515ff19e5
FEATURE: Allow customization of robots.txt (#7884)
* FEATURE: Allow customization of robots.txt

This allows admins to customize/override the content of the robots.txt
file at /admin/customize/robots. That page is not linked to anywhere in
the UI -- admins have to manually type the URL to access that page.

* use Ember.computed.not

* Jeff feedback

* Feedback

* Remove unused import
2019-07-15 20:47:44 +03:00
Penar Musaraj 90e0f1b378 UX: rearrange controls in edit modals
Allows users to see the controls even after scrolling contents of edit modal.
2019-07-15 13:44:44 -04:00
Rafael dos Santos Silva 1221d34284
FEATURE: Make Discourse work offline with WorkboxJS (#7870) 2019-07-15 13:05:55 -03:00
Vinoth Kannan 839916aa49
DEV: Debundle plugin javascript assets and don't load if disabled (#7566)
And don't load javascript assets if plugin is disabled.

* precompile auto generated plugin js assets

* SPEC: remove spec test functions

* remove plugin js from test_helper

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: using equality is slightly easier to read than inequality

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* DEV: use `select` method instead of `find_all` for readability

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-15 20:22:54 +05:30
Bianca Nenciu 8e133de831
FIX: Ensure suppressed categories do not produce any featured topics. (#7863) 2019-07-15 17:32:03 +03:00
Joffrey JAFFEUX ff66e62e0c
UX: ensures popup-tip shows over dropdowns (#7891) 2019-07-15 08:55:20 +02:00
Guo Xiang Tan 4b0cf7f6dd SECURITY: XSS when displaying watched words in admin panel.
The XSS here is only possible if CSP is disabled. Low impact since CSP
is enabled by default in SiteSettings.
2019-07-15 10:55:50 +08:00
Guo Xiang Tan a4234e9be0 DEV: Minor tweaks to `Admin::WatchedWordsController`. 2019-07-15 10:22:46 +08:00
Gerhard Schlager ce8e099639 FEATURE: Use configured quotation marks in fancy topic title 2019-07-12 21:10:10 +02:00
Gerhard Schlager 8f89254554 FIX: Recalculate settings when dependent settings change 2019-07-12 21:10:10 +02:00
Gerhard Schlager 7311eeed39 FIX: Use default locale for flag reasons 2019-07-12 12:04:23 +02:00
Bianca Nenciu c4d1833588 FIX: Do not show bootbox if post has no replies. (#7866)
When we delete a post that has replies, we show a modal asking if the user wants to delete the post, the post and its direct replies or the post and all its replies.

If replies are deleted before a post, that modal would ask the user if they want to delete the post and 0 replies.

That commit ensure we skip the modal and directly delete the post in this case.
2019-07-12 11:42:57 +02:00
Gerhard Schlager 4a095b286b Follow-up for 9a11a8b3 to fix qunit tests 2019-07-11 23:56:22 +02:00
Gerhard Schlager 9a11a8b33b FEATURE: Site setting for typographic quotation marks
Adds locale defaults for German and French
2019-07-11 23:19:28 +02:00
Robin Ward 1d38040579 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
Joe fd4557a9ef UX: Mobile editor style fixes (#7878) 2019-07-11 09:57:53 -04:00
Arpit Jalan e0562a8172 UX: update placeholder for Tags Groups 2019-07-11 12:34:11 +05:30
Kris aa7181820c UX: Add title attribute and aria-label to PM icon link 2019-07-10 23:05:57 -04:00
Kris bdaf07adcf Hide empty anchor tag from screen readers 2019-07-10 22:39:25 -04:00
Kris 1983f0d06e Don't load PM icon in title unless topic is a PM 2019-07-10 22:38:32 -04:00
Kris b848bd4ddc True should be a string to display properly in aria-haspopup 2019-07-10 22:02:21 -04:00
Joffrey JAFFEUX bd35a8f334
FIX: ensures spinner is showing on tags/show when loading more (#7876)
Context: https://meta.discourse.org/t/issue-while-scrolling-down-after-selecting-a-tag-on-the-home-page/122542
2019-07-10 21:37:31 +02:00
Joffrey JAFFEUX 142344e45d
FIX: ensures routing with hash doesn't stuck history (#7872)
* FIX: ensures routin with hash doesnt stuck history

Original issue: https://meta.discourse.org/t/hash-anchor-in-url-prevents-further-url-updates/122068/4

Basically when the path has a hash, state would be null, and nothing would happen.

* Update app/assets/javascripts/discourse/lib/discourse-location.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>
2019-07-10 20:43:03 +02:00
romanrizzi f89bd55576 Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
This reverts commit 8b2580e20f.
2019-07-10 11:38:51 -03:00
Dan Ungureanu 90fcdad3cd UX: Discard selected post if it is not in viewport. (#7869)
This way, users can combine keyboard shortcuts with mouse scrolling.
2019-07-10 10:22:09 -04:00
Roman Rizzi 8b2580e20f
FEATURE: admin/user exports are compressed using the zip format (#7784)
* FEATURE: admin/user exports are compressed using the zip format

* Update translations. Theme exporter now exports .zip file. Theme importer supports .zip and .gz files

* Fix controller test, updated locale and skip saving the csv export to disk
2019-07-10 11:13:03 -03:00
Robin Ward 629bb8adf2 SECURITY: XSS with title selector on preferences page
Note this is very low severity as the group needs to be created with a
default title that contains HTML, and group creation is restricted to
staff members right now.
2019-07-09 15:49:24 -04:00
Neil Lalonde 6e22499e5f Remove unused file resubscribe.html.erb 2019-07-09 15:17:33 -04:00
Gerhard Schlager a65a9a85d5 FEATURE: Remap uploads during restore when S3 or CDN changes
In order for this to work the Backuper stores a couple of site settings
in the new backup_metadata table, because the old setting values might
not be available on restore anymore.
2019-07-09 14:04:16 +02:00
Dan Ungureanu 9f5cfa192e
FEATURE: Allow Markdown in post notices. (#7864) 2019-07-09 14:42:02 +03:00
Penar Musaraj f4dc6de9f1 FIX: Clear theme editor content on switching tabs
Issue happens when sending a null value to ACE Editor.
Fixed by sending an empty string to ACE instead of null.
2019-07-08 20:06:56 -04:00
Arpit Jalan 324e182842
FEATURE: show login and signup button on no-ember layout (#7867) 2019-07-09 04:51:19 +05:30
Penar Musaraj 7b0517895e FEATURE: Add "Group owners" to posting options for groups
Context: https://meta.discourse.org/t/121589

This new setting option lets group owners message/mention large groups
without granting that privilege to all members.
2019-07-08 17:14:11 -04:00
Penar Musaraj b690fc3d98
FEATURE: Add new group visibility option for "logged on users" (#7814)
Groups can now be marked as visible to "logged on users". All automatic groups (except `everyone`) are now visible to "logged on users", previously they were marked as public but suppressed in the group page for non-staff.
2019-07-08 15:09:50 -04:00
Arpit Jalan bb8cf81089 Bump onebox version.
- better placeholders for audio/video/trello/typeform oneboxes
- added CSS for audio/video/trello/typeform onebox placeholders
2019-07-08 21:40:33 +05:30
Joe e49b5fa30c
UX: expand-post button alignment fix (#7865) 2019-07-08 14:36:15 +08:00
Arpit Jalan 2cd4e95d82 FIX: show category name in title for crawler view
Show category name in title for crawler view despite presence of `short_site_description`.

Bug reported here: https://meta.discourse.org/t/short-site-description-break-category-title-for-crawler-or-its-the-expected-behavior/122109/
2019-07-08 11:42:39 +05:30
Robin Ward 3132a9007b FIX: Use correct timezone for manual SQL 2019-07-06 15:14:07 -04:00
Robin Ward a075fd46fd FIX: Don't use exceptions to catch conflicts
If a database exception is raised ActiveRecord will always rollback
even if caught.

Instead we build the query in manual SQL and DO NOTHING when there's a
conflict. If we detect nothing was done, perform an update.
2019-07-06 14:43:56 -04:00
Kris a9982b5aa2 UX: Make default site logo height an even 40px 2019-07-05 23:46:43 -04:00
Robin Ward de6edf9e4e FIX: Back button would go to previous topic instead of list
See related topic:
https://meta.discourse.org/t/back-button-history-not-properly-working/122183

The issue here is the transition was not completing properly which meant
if you backed out of a topic quickly and entered a new one, hitting back
in the second topic would sometimes take you to the previous one instead
of back to the topic list.
2019-07-05 15:53:14 -04:00
Robin Ward 66214eee85 SECURITY: Strip HTML from invite emails
We also strip new lines from the emails because it ruins the markdown
formatting which expects a one line message.
2019-07-05 14:57:11 -04:00
Régis Hanol 155cad8b85 FIX: only add image size when with & height are in pixels 2019-07-05 20:34:11 +02:00
Kris 589351d996 UX: Give badge icons width to accommodate for dimensionless SVGs 2019-07-05 12:37:18 -04:00
Penar Musaraj 7c130990e9 FIX: IE grid layout issue on user's own activity page 2019-07-05 12:05:58 -04:00
Arpit Jalan 5494e17c71 UX: improve twitter status onebox with line breaks 2019-07-05 20:37:08 +05:30
Arpit Jalan 5bc1fd23b0 Bump onebox version.
- update HTML for twitter quoted onebox
- updated CSS for twitter quoted onebox
2019-07-05 19:35:36 +05:30
Arpit Jalan bd084b2147 FIX: do not show invite button if local logins are disabled 2019-07-05 15:16:20 +05:30
Joffrey JAFFEUX f140c4d499
FIX: ensures routing to / with query string works (#7859) 2019-07-05 09:40:19 +02:00
Vinoth Kannan 1bb258ab49 DEV: use upload short-url in html to markdown conversion if 'base62-sha1' data attr available. 2019-07-05 10:06:41 +05:30
Ralph Rooding 1318e0b288 FEATURE: Rake themes installer (#7848)
* Delete remote_theme when deleting the theme

* Install themes and theme components through rake

* Removed unnecessary test
2019-07-04 14:33:05 -04:00
Robin Ward 72bac61c90 FIX: Upsert a custom field if a unique constraint fails 2019-07-04 13:26:25 -04:00
Penar Musaraj c78634284c UI: when in a different topic context, allow dismissing draft without destroying it
This changes the label and behaviour of the "No, keep" button in the confirmation modal when user cancels a draft while on a different topic. The new button label is "No, save draft", and when clicked, the composer will be dismissed without destroying the draft.
2019-07-04 11:45:57 -04:00
Penar Musaraj 03805e5a76
FIX: Ensure lightbox image download has correct content disposition in S3 (#7845) 2019-07-04 11:32:51 -04:00
Mario Santos c5625b70f1 FIX: Prevent emoji-picker from not showing (#7856)
If an external plugin inserts an element with class "emoji-picker", something probable if they extend EmojiPicker, it could cause troubles as css is added depending on the emoji-picker height. Just by adding a class of a parent <div> as could be d-editor, we prevent this from happening.
2019-07-04 11:46:21 +02:00
Gerhard Schlager a5e80079d6 FEATURE: Add Belarusian language 2019-07-04 11:37:37 +02:00
David Taylor 2063d20e9a Revert "DEV: Let OmniAuth strategies return auth result. (#7833)"
This reverts commit dc5eb76551.

It is better to keep any custom redirect logic within omniauth, without relying on the app
2019-07-04 10:06:18 +01:00
Joffrey JAFFEUX 71bf9ec1b2
FEATURE: opt-in guidance on topics for users without access (#7852)
Co-Authored-By: majakomel <maja.komel@gmail.com>
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-04 10:12:39 +02:00
David Taylor 5fdf228db6
FIX: Respect the full_screen_login parameter from plugin auth providers (#7855)
This behavior was regressed in 427979e7e5
2019-07-04 09:06:29 +01:00
Arpit Jalan 1708be4f27
FEATURE: support query params when redirecting to internal link on login (#7829) 2019-07-04 11:11:43 +05:30
David Taylor 0f813fc7c7 DEV: Remove reference to non-existent `letter_proxy` route
This was introduced in f04471e422, but never actually used
2019-07-03 23:48:32 +01:00
Bianca Nenciu 459932f4e2 FIX: Use title attribute for notification items. (#7840) 2019-07-03 10:48:13 -04:00
Julian Calvento f3c9dbcf20 UX: Add styling for quoted tweets (#7832) 2019-07-03 10:34:46 -04:00
romanrizzi 9ca1bbe900 Revert "FIX: remove misplaced save button"
This reverts commit 4f468ef210.
2019-07-03 10:56:08 -03:00
Joffrey JAFFEUX f9f1df7611
DEV: prevents reports key to be time dependant when testing (#7850) 2019-07-03 15:43:01 +02:00
romanrizzi 4f468ef210 FIX: remove misplaced save button 2019-07-03 10:39:01 -03:00
Bianca Nenciu bfdf740a05 FIX: Show 'Export' button for all tabular reports. (#7838) 2019-07-03 14:47:36 +02:00
OsamaSayegh 426c8045de FIX: logs for enabling/disabling components should show up in the staff actions logs 2019-07-03 12:33:25 +00:00
Osama Sayegh 3d64532273 FEATURE: allow disabling theme components (#7812)
This allows you to temporarily disable components without having to remove them from a theme. 

This feature is very handy when doing quick fix engineering.
2019-07-03 18:18:11 +10:00
Joffrey JAFFEUX ecf0215ee7
DEV: resets page tracking state between tests (#7847) 2019-07-03 10:08:05 +02:00
Joffrey JAFFEUX 9ee2c121c1
FIX: ensures emoji helper is working with custom emojis (#7843) 2019-07-03 09:23:40 +02:00
Joffrey JAFFEUX 0733ed3a2b
FIX: ensures /t/TOPIC_ID/POST_NUMBER is correctly routing (#7841) 2019-07-03 09:23:23 +02:00
Penar Musaraj 6e3e0685fb DEV: add useBlockMode option for toolbar button text selection
Allows buttons to switch selection to block mode if needed.
2019-07-02 18:02:40 -04:00
Rafael dos Santos Silva c422520b4a FEATURE: Add CSS classes to associated accounts rows 2019-07-02 16:56:15 -03:00
Joffrey JAFFEUX 72441e2c7c
FIX: page starts at 1 (#7844) 2019-07-02 17:26:23 +02:00
romanrizzi 8404921b91 FIX: Remove misplaced outlet 2019-07-02 11:26:40 -03:00
Arpit Jalan ccb3ba509d
FIX: creating new badge is failing on empty SQL query (#7837) 2019-07-02 15:12:53 +05:30
Joffrey JAFFEUX 1b45096aa5
UX: improves styling of similar topics results in composer (#7839) 2019-07-02 11:26:43 +02:00
Penar Musaraj fca2f0f212 FIX: Only show remove timer button to users with permission to do so 2019-07-01 22:17:02 -04:00
Osama Sayegh f1c67729de Different fix (#7815) 2019-07-02 11:53:16 +10:00
Sam Saffron 4dcc5f16f1 FEATURE: when under extreme load disable search
The global setting disable_search_queue_threshold
(DISCOURSE_DISABLE_SEARCH_QUEUE_THRESHOLD) which default to 1 second was
added.

This protection ensures that when the application is unable to keep up with
requests it will simply turn off search till it is not backed up.

To disable this protection set this to 0.
2019-07-02 11:22:01 +10:00
Dan Ungureanu dc5eb76551 DEV: Let OmniAuth strategies return auth result. (#7833) 2019-07-01 13:13:11 -03:00
Arpit Jalan f56d86a852 FIX: use normal title instead of fancy title for prefilled composer 2019-07-01 17:55:24 +05:30
Joffrey JAFFEUX 7b52a110b8
DEV: removes DOMTokenList polyfill (#7831)
Creates more issues than it solves especially on IOS, I dont trust it anymore. Will reconsider if this is an issue in the future.
2019-07-01 14:08:38 +02:00
Gerhard Schlager d513c28e3b FIX: Don't send notification email when user isn't allowed to see topic 2019-07-01 14:03:03 +02:00
Arpit Jalan 997250586c FEATURE: prefill title for direct messages from topic
https://meta.discourse.org/t/default-re-title-title-for-direct-messages-from-topic/121413
2019-07-01 17:14:08 +05:30
Joffrey JAFFEUX af58049eeb
UX: puts tags and categories on same line in search-menu-results (#7830) 2019-07-01 13:11:43 +02:00
Joffrey JAFFEUX 384f5cea05
FIX: ensures static pages are using absolute path (#7828) 2019-07-01 11:25:45 +02:00
Joffrey JAFFEUX 11ae5c78db
FEATURE: adds infite scroll on admin users list page (#7821) 2019-07-01 11:00:06 +02:00
Bianca Nenciu 4f97f85178 DEV: Fix lint. (#7824) 2019-06-28 20:24:09 +02:00
Kris aa9b9e1930 UX: improved mobile positioning of topic timer remove button 2019-06-28 14:09:42 -04:00
Joffrey JAFFEUX 5bab4f8007
UX: gives each info its own line in search-menu-results (#7825) 2019-06-28 11:14:38 +02:00
Joffrey JAFFEUX 61438c825a
fix prettier (#7823) 2019-06-28 09:36:38 +02:00
Bianca Nenciu b2eb0f4ad6 FEATURE: Export any type of report supporting table mode. (#7662) 2019-06-28 08:50:31 +02:00
Kris 82f2af8a0d UX: Move link to show tracked topics, simplify translation 2019-06-27 21:36:24 -04:00
Penar Musaraj 27387b0859 Do not collapse quote notifications
This prevents an issue where edits to a post with a quote would trigger push notifications indefinitely.
2019-06-27 18:20:43 -04:00
Ralph Rooding 4ba35472e6 Don't check for second factor when switching to anonymous account (#7803) 2019-06-27 15:01:26 -07:00
Joffrey JAFFEUX a61147d838
FEATURE: displays tags in search menu results when enabled (#7819) 2019-06-27 19:26:14 +02:00
Robin Ward ed936bcb01 FIX: Fix a navigation bug
To reproduce:

1. Visit a url in a new tab such as `/latest?order=views`

2. Click a topic link

3. Click the back button

Before this patch, you would not be sent back to the latest list.

Now, I am somewhat hesitant to delete code like this, but the [original
commit](b2b7f4d905)
explains a situation that I cannot reproduce with the code missing.

I cannot seem to keep the filters as sticky even if I try. At the very
least this is better to commit right now than the currently known broken
situation.
2019-06-27 09:06:10 -04:00
Gerhard Schlager fe870a1e54 DEV: Respond with error 400 to uploads requested via XHR
follow-up to 13f38055
2019-06-27 11:15:35 +02:00
Sam Saffron 8f7a387aa7 FEATURE: add support for tag group search
The behaviour of #TERM in search has been amended

1. We try category or subcategory slugs
2. We try tags
3. We try tag-groups

The term `hello #my-group` will search for all posts tagged with any of
the tags in the tag group `My Group`

Future work may be introducing a slug cache here or caching it in the table
but the assumption is that the number of tag groups will not be huge
2019-06-27 17:53:26 +10:00
Arpit Jalan 9a2eb5c8cb UX: change icon for video placeholder 2019-06-27 12:27:14 +05:30
Sam Saffron 5bc5c02af6 FIX: mark topics in sub categories as unread when dismissing parent
Previously we would only dismiss the parent category and leave the
child categories unread
2019-06-27 13:26:48 +10:00
Jeff Wong 88ef5e55fe
FEATURE: add ability to have multiple totp factors (#7626)
Adds a second factor landing page that centralizes a user's second factor configuration.

This contains both TOTP and Backup, and also allows multiple TOTP tokens to be registered and organized by a name. Access to this page is authenticated via password, and cached for 30 minutes via a secure session.
2019-06-26 16:58:06 -07:00
Osama Sayegh 50e4ecc77e
UX: hide post is unread tooltip after the post is read (#7813)
Note we can't use `display: none` here because it doesn't work with
animations.
2019-06-26 22:39:57 +03:00
Arpit Jalan a3bcb8e887 UX: make onebox video placeholder icon grey 2019-06-26 23:40:36 +05:30
Arpit Jalan 168a38dc29 Bump onebox version.
- better Twitch placeholder
- CSS for said placeholder
2019-06-26 23:22:29 +05:30
Robin Ward 817661aed9 UX: Require a confirmation if approving a post in a closed topic 2019-06-26 12:21:49 -04:00
Robin Ward 14a64e7c4c Move "Hide Post" option up to the top on the review interface
If you agree with the post you are likely to want to hide it.
2019-06-26 11:35:59 -04:00
Robin Ward eedec7d79b FIX: Only include pending/agreed scores in the total score
This should prevent posts from being hidden if a previous flag was
rejected and a new one was added.
2019-06-26 11:21:35 -04:00
Joffrey JAFFEUX c63268467e
DEV: prettier 1.18.2 (#7810) 2019-06-26 17:09:52 +02:00
Penar Musaraj 76307611dc
UX: new inline button to remove a topic timer (#7790) 2019-06-26 11:08:53 -04:00
Gerhard Schlager 13f38055ac SECURITY: XSS in routes
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
2019-06-26 16:34:15 +02:00
Joffrey JAFFEUX 56b76f31dc
fix prettier linting (#7809) 2019-06-26 15:26:02 +02:00
Joffrey JAFFEUX dfde59f631
FIX: provides an emoji helper to replace codes by images (#7802) 2019-06-26 15:11:04 +02:00