Commit Graph

36433 Commits

Author SHA1 Message Date
Martin Brennan 3e54e0191e
FIX: Use full URL for secure attachments when secure media enabled (#9037)
When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
2020-03-04 10:11:08 +11:00
dependabot-preview[bot] f971ecd231
Build(deps): Bump nokogiri from 1.10.8 to 1.10.9 (#9093)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.8 to 1.10.9.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/v1.10.9/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.8...v1.10.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-03 10:19:34 -05:00
David Taylor 65cc61be7a
PERF: Allow preloading 'recent time read' for a user (#9076)
This will be used when serializing multiple user cards
2020-03-03 13:57:46 +00:00
David Taylor d23f7af3cb
PERF: Allow user serializer to make use of preloaded custom fields (#9074) 2020-03-03 13:56:54 +00:00
Martin Brennan 0df72a51b8
FIX: Stop infinite lookup-urls issue for video/audio on page (#9096)
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119

* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
2020-03-03 15:44:01 +11:00
OsamaSayegh 5035a490b2 DEV: Bump Logster version to 2.7.1
This version includes a fix to stop `env` mutation that occurred in
Logster default store which caused chained loggers to report different
backtraces for the same message when backtrace is provided via `env`.

https://github.com/discourse/logster/compare/v2.7.0...v2.7.1
2020-03-03 07:02:01 +03:00
Martin Brennan 0388653a4d
DEV: Upload and secure media retroactive rake task improvements (#9027)
* Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security

* Improved uploads:disable_secure_media to be more efficient and provide better messages to the user.

* Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL

* Many improvements to uploads:secure_upload_analyse_and_update

* Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload.

* Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.
2020-03-03 10:03:58 +11:00
dependabot-preview[bot] 8a696a4ffc
Build(deps-dev): Bump annotate from 3.0.3 to 3.1.0 (#9091)
Bumps [annotate](https://github.com/ctran/annotate_models) from 3.0.3 to 3.1.0.
- [Release notes](https://github.com/ctran/annotate_models/releases)
- [Changelog](https://github.com/ctran/annotate_models/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ctran/annotate_models/compare/v3.0.3...v3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 16:35:13 -05:00
dependabot-preview[bot] ee35bbdbba
Build(deps): Bump oj from 3.10.2 to 3.10.3 (#9092)
Bumps [oj](https://github.com/ohler55/oj) from 3.10.2 to 3.10.3.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.10.2...v3.10.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 16:34:53 -05:00
Jarek Radosz 4da357e378
DEV: Use async functions in tests (#9087)
This change both improves readability and fixes potential race-condition issues where promises were nested instead of being chained.

Also includes:
* Use arrow functions and Promise shorthands
* Remove the obsolete `asyncTestDiscourse` helper
2020-03-02 21:20:19 +01:00
Roman Rizzi 537f87562e
FIX: We need to skip users with associated reviewables when auto-approving (#9080)
* FIX: We need to skip users with associated reviewables when auto-approving them

* Update spec/initializers/track_setting_changes_spec.rb

* Update spec/initializers/track_setting_changes_spec.rb

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-03-02 14:33:52 -05:00
dependabot-preview[bot] f44ad91a52
Build(deps): Bump hashdiff from 1.0.0 to 1.0.1 (#9068)
Bumps [hashdiff](https://github.com/liufengyun/hashdiff) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/liufengyun/hashdiff/releases)
- [Changelog](https://github.com/liufengyun/hashdiff/blob/master/changelog.md)
- [Commits](https://github.com/liufengyun/hashdiff/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:31:19 -05:00
dependabot-preview[bot] b78df9c4c9
Build(deps): Bump aws-sigv4 from 1.1.0 to 1.1.1 (#9067)
Bumps [aws-sigv4](https://github.com/aws/aws-sdk-ruby) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/aws/aws-sdk-ruby/releases)
- [Changelog](https://github.com/aws/aws-sdk-ruby/blob/master/gems/aws-sigv4/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-ruby/compare/1.1.0...1.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:31:06 -05:00
Joffrey JAFFEUX 11425f8adc
FEATURE: alows to add a description link to a report (#9065)
This commit adds a description link to users_per_trust_level report linking to our blog  article on the subject https://blog.discourse.org/2018/06/understanding-discourse-trust-levels/
2020-03-02 14:30:51 -05:00
Mark VanLandingham c11e5eb042
DEV: Run prettier on staged files before commit using lefthook (#9064)
* DEV: Run prettier on staged files before commit using lefthook

* excluded some js files
2020-03-02 14:30:23 -05:00
Dan Ungureanu c62d5b139b
FIX: Allow users to create polls in PMs with non human users (#9055) 2020-03-02 14:29:40 -05:00
Robin Ward a653737a66
FIX: Add aria-labels to topic list items (#9048)
* FIX: Add aria-labels to topic list items

Before this fix you could navigate the topic list using a screen reader
and a keyboard but some of the items were not as descriptive as they
could be. The newly added labels make it easier to understand what you
are tabbing over.

context:
https://meta.discourse.org/t/accessibility-aria-attributes-are-not-defined-for-links-under-replies-category/142539

* Update app/assets/javascripts/discourse/lib/utilities.js.es6

Co-Authored-By: Régis Hanol <regis@hanol.fr>

* Multiline fix

* Fix more tests

Co-authored-by: Régis Hanol <regis@hanol.fr>
2020-03-02 14:28:54 -05:00
Joffrey JAFFEUX f17459c620
UX: attempts to increate popup menu hitzone on mobile (#9038) 2020-03-02 14:27:50 -05:00
Mark VanLandingham 176aa0ac7d
DEV: Import pretender instead of global server var (#8996)
* DEV: Remove server global test variable

* Delete yarn-error.log

* prettier and some eslint fixes

* add global server variable back for plugins

* rename imported server to pretender

* prettier

* support plugin server. usage

* Export pretender as named

* Prettier

* change default pretender export

* fix bad import

* Use pretender() and original default export

* export new Pretender as default

* fix accidental change

* WIP testing

* add pretend handlers in correct location

* move more stuff into the correct pretender

* Consolidated more pretenders

* comment out another bad test

* fix user acceptance tests

* commented out bad test

* fixed another composer server stub

* fix more tests

* fixed tag test pretender

* Fix admin email test

* removed another draft handler

* add back test

* fix and uncomment another test

* remove test that is not useful

* remove commented out lines

* reapply handlers between every test

* no need to re-stub requests now :)

* cleanup from review

* more cleanup
2020-03-02 14:24:31 -05:00
Jarek Radosz fedd8e3e3a
DEV: Remove uses of deprecated `Ember.copy` and `Copyable` (#8978) 2020-03-02 14:24:05 -05:00
Jarek Radosz 76a06dfa03
DEV: Remove the last (defunct) use of Ember.View (#8976)
This codepath has been deprecated 3 years ago in c5687100b0.

Ember.View has been removed in Ember 2.0.
2020-03-02 14:23:46 -05:00
David Taylor f9cc3dc4b7
PERF: Allow passing an existing list of user field ids when loading (#8970)
* PERF: Allow passing an existing list of user field ids when loading

This avoids the need for running `UserField.pluck(:id)` for each user that is serialized

* Memoize user_fields to avoid rebuilding hash ever time
2020-03-02 14:22:49 -05:00
tshenry a09e5d12c2
FIX: Topics should honor auto-close when published to category (#8963)
* FIX: Topics should honor auto-close when published to category

* Add test
2020-03-02 14:21:35 -05:00
Gerhard Schlager 5c39e21c18
UX: Allow correct pluralization for "too few topics and posts" notices (#8947) 2020-03-02 14:20:37 -05:00
dependabot-preview[bot] 8e7868b405
Build(deps-dev): Bump rubocop from 0.80.0 to 0.80.1 (#9081)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.80.0 to 0.80.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.80.0...v0.80.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:10:19 -05:00
dependabot-preview[bot] 93b8d7ec89
Build(deps): Bump puma from 4.3.2 to 4.3.3 (#9079)
Bumps [puma](https://github.com/puma/puma) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.2...v4.3.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:09:56 -05:00
dependabot-preview[bot] 98d4b7bbc1
Build(deps-dev): Bump better_errors from 2.5.1 to 2.6.0 (#9043)
Bumps [better_errors](https://github.com/BetterErrors/better_errors) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/BetterErrors/better_errors/releases)
- [Commits](https://github.com/BetterErrors/better_errors/compare/v2.5.1...v2.6.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:09:33 -05:00
dependabot-preview[bot] d85726a866
Build(deps-dev): Bump simplecov from 0.18.3 to 0.18.5 (#9044)
Bumps [simplecov](https://github.com/colszowka/simplecov) from 0.18.3 to 0.18.5.
- [Release notes](https://github.com/colszowka/simplecov/releases)
- [Changelog](https://github.com/colszowka/simplecov/blob/master/CHANGELOG.md)
- [Commits](https://github.com/colszowka/simplecov/compare/v0.18.3...v0.18.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 14:09:05 -05:00
Joffrey JAFFEUX ed85cfe141
FIX: prevents click on sk header to bubble (#9084) 2020-03-02 20:06:02 +01:00
Rafael dos Santos Silva d05142d3f7 FEATURE: Enable service worker on iOS PWA 2020-03-02 15:55:09 -03:00
Gerhard Schlager 5889309d3b FIX: Restoring with `disable_emails: false` didn't work anymore 2020-03-02 17:44:01 +01:00
Gerhard Schlager d7ccb58559 FIX: Google Groups scraper failed to login 2020-03-02 17:24:48 +01:00
Rafael dos Santos Silva fd38ed3631
DEV: Fix lint error introduced in 58f16f2 2020-03-02 13:04:52 -03:00
Rafael dos Santos Silva 58f16f2e2b
FIX: Make FooterNav work with PWAs on iPadOS 2020-03-02 12:56:37 -03:00
David Taylor 68c7699c46 Revert "Build(deps-dev): Bump annotate from 3.0.3 to 3.1.0 (#9013)"
v3.1.0 has a bug which rewrites default annotations with erroneous quotes. https://github.com/ctran/annotate_models/issues/762

This reverts commit dd4a04e72c.
2020-03-02 13:34:39 +00:00
dependabot-preview[bot] 34fddaa824
Build(deps): Bump rails_multisite from 2.0.7 to 2.1.0 (#9083)
Bumps [rails_multisite]() from 2.0.7 to 2.1.0.

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-03-02 10:34:17 +00:00
Martin Brennan 8123538c94
DEV: Minor review fixes and fix bookmark spec logging (#9045)
As per:

https://review.discourse.org/t/fix-never-allow-custom-emoji-to-be-marked-secure-8965/9072
https://review.discourse.org/t/feature-improving-bookmarks-part-2-topic-bookmarking-8954/9038
2020-03-02 15:40:29 +10:00
Kane York 4635be10c8 DEV: Add docker cleanup script to d/ folder 2020-03-01 12:09:07 -08:00
Sam Saffron e23e247dff
DEV: spec suite fails on leap years
Something about year math fails here on leap years, just
set up the clock so it is consistent to avoid it.
2020-02-29 18:30:08 +11:00
Sam Saffron b4999acadd
PERF: improve performance of category topic list
In some cases CTE caused pathologically bad query plans.
This optimises it so query runs by itself and caches for lifetime
of the topic query object.

This lightweight caching is done cause topic query will often
execute two queries (one for pinned and one for non pinned)
2020-02-29 15:40:54 +11:00
Sam Saffron 18209e1daf
DEV: remove dead code
This code is not called anywhere, remove it
2020-02-29 15:05:09 +11:00
dependabot-preview[bot] 18ed2cc7d8
Build(deps): Bump puma from 4.3.1 to 4.3.2 (#9063)
Bumps [puma](https://github.com/puma/puma) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v4.3.1...v4.3.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-02-28 14:25:52 -05:00
Joffrey JAFFEUX 2db8ada222
FIX: ensures category url of category drop is built using slug and id (#9069) 2020-02-28 17:58:22 +01:00
Brad Morrical ff5ff8d0d2
fix invalid byte sequence in UTF-8 (ArgumentError) (#9077) 2020-02-28 10:26:18 -05:00
David Taylor 0903aa44bb
FEATURE: Always disable customizations on the `/safe-mode` route (#9052)
This makes it easier to enter safe mode when a customization has made the UI unusable
2020-02-28 10:53:11 +00:00
Dan Ungureanu 8cbb6e35cb
DEV: Fix build
Follow up to 60184a290c.
2020-02-28 11:31:04 +02:00
Dan Ungureanu 60184a290c
FIX: Sync preload key format for category topic lists
The server and client used two different formats for preload keys. The
server was using 'topic_list_c/SLUG/l/latest', but the client was using
'topic_list_c/SLUG/ID/l/latest'.

This commit is an addition to 374534f00e.
2020-02-28 11:10:03 +02:00
Martin Brennan 14adddd18d
FIX: Ignore secure-media-uploads for miniprofiler (#9070) 2020-02-28 12:11:30 +10:00
Sam Saffron 8e5edae093
FEATURE: unconditionally skip indexing on search controller
There are absolutely no actions in search that need indexing

Also no point adding this header on non get requests
2020-02-28 09:21:31 +11:00
Mark VanLandingham f358114361
FIX: Prettier on iframed-html component (#9062) 2020-02-27 11:56:13 -06:00