Commit Graph

38430 Commits

Author SHA1 Message Date
Martin Brennan 6be7a66ba7
FIX: Cap bookmark name at 100 chars and truncate existing names (#10189)
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.

This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
2020-07-08 17:19:01 +10:00
Sam Saffron bac25e6dd7
DEV: upgrade rack to version 2.2.3
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52

An attacker can elevate own cookie usage to bypass server cookie restrictions

Technically this is a security commit, but the surface area is extremely
low, we do not expect any real world impact.
2020-07-08 16:42:31 +10:00
Sam Saffron 8af5194e39
DEV: upgrade rails to version 6.0.3.2
This includes a fix for CVE-2020-8185 we are not vulnerable as we do not use
the impacted middleware. However it still makes sense to stay upgraded, other
small fixes exist in this release.
2020-07-08 16:34:29 +10:00
Bianca Nenciu bd842cd2b0
FEATURE: Parse images in email signatures (#10137)
* FEATURE: Parse images in email signatures

* DEV: Fix tests

* Code review
2020-07-08 15:50:30 +10:00
Martin Brennan 07ad243603
FIX: Stop updating bookmarked column from TopicUser.update_post_action_cache (#10188)
* This is causing issues where sometimes bookmarked is out of sync with what is in the Bookmark table. The BookmarkManager handles updating this column now.
* Add migration to fix bookmarked column that is incorrectly marked false when a Bookmark record exists.
2020-07-08 15:27:42 +10:00
Guo Xiang Tan 2e1eafae06
FIX: Incorrect search blurb when advanced search filters are used. 2020-07-08 11:59:49 +08:00
dependabot-preview[bot] 26dc981285 Build(deps): Bump rubocop from 0.86.0 to 0.87.1
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.87.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.87.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:38 +08:00
dependabot-preview[bot] b973ffe8e0 Build(deps): Bump onebox from 1.9.29 to 1.9.30
Bumps [onebox](https://github.com/discourse/onebox) from 1.9.29 to 1.9.30.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v1.9.29...v1.9.30)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:20 +08:00
Kane York c86b1ee9d1
FIX: Disable security keys at same time as TOTP 2FA (#10144)
Previously, the "Remove 2FA" button could result in an error. This syncs button visibility with behavior.

* FIX: Only offer disabling 2FA to admins
2020-07-07 12:19:30 -07:00
Mark VanLandingham 81fe8a50d4
DEV: Plugin API function to add items to quick access profile (#10182) 2020-07-07 13:53:40 -05:00
Kris d09a953f53 UX: Fix layout for long bookmark notes 2020-07-07 13:42:51 -04:00
Kris 66257ca8b6 FEATURE: Add "smallest" option to user text size preferences 2020-07-07 13:08:19 -04:00
Régis Hanol 44aaf4415d DEV: ensure discobot has a user_option & user_profile
When doing a migration, there might be some cases where the discobot user
doesn't have a user_option / user_profile record(s).

This ensures we always create one during the seed phase.
2020-07-07 18:24:31 +02:00
Mark VanLandingham d2e320d4f7
FIX: Bookmarks shortcut goes to new bookmarks with reminders (#10181) 2020-07-07 11:12:41 -05:00
Bianca Nenciu 4a90464619
FIX: Do not highlight large code blocks (#10125) 2020-07-07 18:51:19 +03:00
Bianca Nenciu 6705c45156
FEATURE: Add reply_as_new_group_message composer action (#10168) 2020-07-07 18:30:48 +03:00
Gerhard Schlager ab4c0a4970 FEATURE: Create SQL-only backup if there are no uploads
It doesn't make sense to compress the database dump twice if the backup doesn't contain any uploaded files.
2020-07-07 16:23:47 +02:00
Bianca Nenciu 10e2578751
FIX: Set default value for poll result field (#10178) 2020-07-07 17:23:21 +03:00
Dan Ungureanu 57d46694c5
DEV: Fix flaky test 2020-07-07 17:10:24 +03:00
Dan Ungureanu 333d4f9a98
FIX: Redirect user to the URL with the correct category slug (#10167)
This commit implements a category redirect similar to the one for topic
URLs with wrong slug.
2020-07-07 15:25:36 +03:00
jjaffeux f92116d695 Revert "DEV: flexify post actions (#9926)"
This reverts commit 6ef0e98f4e.
2020-07-07 12:42:49 +02:00
Joffrey JAFFEUX 56475f57c5
UX: simplifies editing email templates by always having a default (#10179) 2020-07-07 11:44:13 +02:00
Joffrey JAFFEUX 9b7000dbf1
FIX: ensures category order keeps consistent (#10165)
Before this change:
- first full page load would get category defaults defined un cateory settings
- a navigation to a topic and then back to categories list would reset defaut to the ones defined in discovery/topics
2020-07-07 09:56:38 +02:00
Guo Xiang Tan 0c742dd022
DEV: Simple formatting fix. 2020-07-07 15:46:14 +08:00
Vinoth Kannan f3f30edf3f SPEC: use post number to create canoncial path in mega topics.
6d17765924
2020-07-07 12:20:31 +05:30
Krzysztof Kotlarek 72861f4e1c
FIX: add table CSS rules to normalize (#10176)
* FIX: add table CSS rules to normalize

In the new version of normalize - 8.0.1 `  `table` and `td` CSS rules are missing
https://github.com/necolas/normalize.css/blob/master/normalize.css

They existed in version `3.0.1` https://github.com/necolas/normalize.css/blob/3.0.1/normalize.css#L417

Also, extracted custom rules to new file
2020-07-07 16:47:03 +10:00
Martin Brennan 280cd99c62
DEV: Add extra appEvents to composer workflow
* add composer:saved, composer:created-post, and composer:edited-post
  appEvents inside the composer controller, to make it easier to detect
  these events in plugins
2020-07-07 14:13:45 +10:00
Sam Saffron 9075d5a9f5
Revert "FIX: Set default value for poll result field (#10044)"
This reverts commit 40de535224.

Sadly this appears to break the JS test suite
2020-07-07 10:24:37 +10:00
Dan Ungureanu 556f7dc9c0
FIX: Fix race condition when resolving tag and category hashtags (#10153)
* FIX: Fix race condition when resolving tag and category hashtags

If the category hashtags were resolved first and then tag hashtags, then
the tags would overwrite the categories. Similarly, if the category
hashtags were resolved last it would overwrite even hashtags which ended
with '::tag'.

* DEV: Add test

* DEV: Fix test
2020-07-07 10:20:51 +10:00
Bianca Nenciu b9e3db6387
UX: Add link to user email preferences in admin view (#10169) 2020-07-07 10:20:14 +10:00
Dan Ungureanu e08b860e88
FIX: Improve category hashtag lookup (#10133)
* FIX: Improve category hashtag lookup

This commit improves support for sub-sub-categories and does not include
the ID of the category in the slug, which fixes the composer preview.

* FIX: Sub-sub-categories can be mentioned using only two levels

* FIX: Remove support for three-level hashtags

* DEV: Simplify code
2020-07-07 10:19:01 +10:00
Joffrey JAFFEUX 6ef0e98f4e
DEV: flexify post actions (#9926)
* DEV: flexify post actions

* more tweaks
2020-07-07 10:18:01 +10:00
Bianca Nenciu 40de535224
FIX: Set default value for poll result field (#10044) 2020-07-07 10:16:21 +10:00
Kris 1f5cecaf28 Minor follow up fix to 4f12768 for mobile 2020-07-06 19:17:30 -04:00
Kris 4f12768d10 UX: Remove extra space added by img resize controls in composer preview 2020-07-06 19:11:58 -04:00
Jeff Wong 339549d14a
Support plugin and Theme compatibility version manifests (#9995)
Adds a new rake task `plugin:checkout_compatible_all` and
`plugin:checkout_compatible[plugin-name]` that check out compatible plugin
versions.

Supports a .discourse-compatibility file in the root of plugins and themes that
list out a plugin's compatibility with certain discourse versions:

eg: .discourse-compatibility
```
2.5.0.beta6: some-git-hash
2.4.4.beta4: some-git-tag
2.2.0: git-reference
```

This ensures older Discourse installs are able to find and install older
versions of plugins without intervention, through the manifest only.

It iterates through the versions in descending order. If the current Discourse
version matches an item in the manifest, it checks out the listed plugin target.
If the Discourse version is greater than an item in the manifest, it checks out
the next highest version listed in the manifest.

If no versions match, it makes no change.
2020-07-06 14:48:00 -07:00
Blake Erickson 2e13ed061d FIX: Generate Topic Thumbnails nil to Array error
If any value, including nil, is passed in as an argument the default
won't be set, so we need to handle when a non-Array value is passed in
to the `generate_thumbnails!` method.
2020-07-06 15:35:33 -06:00
Jarek Radosz 90524906ee DEV: Fix OptimizedImage specs 2020-07-06 21:51:56 +02:00
Jarek Radosz cb048d284d FIX: Handle the case where upload goes missing during downsizing 2020-07-06 18:51:38 +02:00
David Taylor da0fc0a9d3
DEV: Cleanup PostActionType and ReviewableScore changes in tests
Followup to 2df388ffd7
2020-07-06 17:12:23 +01:00
Régis Hanol 7a6d772ad2 DEV: couple bug fixes in getsatisfaction importer
- Ensure we don't modify a frozen string
- Ensure we have a slug before trying to create a permalink
2020-07-06 17:41:28 +02:00
David Taylor 7f2b5a446a
PERF: Remove post_upload recovery in daily EnsureS3UploadsExistence job (#10173)
This is a very expensive process, and it should only be required in exceptional circumstances. It is possible to run a similar recovery using `rake uploads:recover` (5284d41a8e/lib/upload_recovery.rb (L135-L184))
2020-07-06 16:26:40 +01:00
Jarek Radosz 194c962124
FIX: Do not rerender widget-dropdown on all clicks (#10100)
Because of how the dropdown was structured, as long it was in the DOM, all clicks outside the widget would rerender it.

This commit introduces `widget-dropdown-body` that handles the `clickOutside` callback and is rendered conditionally, so it won't get called when the dropdown is closed.
2020-07-06 17:04:16 +02:00
Jarek Radosz 3b51e05de2
FIX: CookText may be gone before promise resolves (#10097)
* FIX: CookText may be gone before promise resolves

Bug introduced in 293467a37a.

* DEV: Drop the window.requireModule in cook-text

It was introduced in 2017 in 232311aa8c but doesn't seem to be necessary anymore.
2020-07-06 17:03:27 +02:00
Jarek Radosz 64ce12a758
FIX: `OptimizedImage#filesize` (#10095)
`OptimizedImage#filesize` calls `Discourse.store.download` with an OptimizedImage as an argument. It would in turn attempt to call `#original_filename` and `#secure?` on that object. Both would fail as these methods do not exist on OptimizedImage, only on Upload. We didn't know about these issues because:
1. `#calculate_filesize` is not called often, because the filesize is saved on OptimizedImage creation, so it's used mostly for manual filesize recalculation
2. we were using `rescue nil` which swallows all errors
2020-07-06 17:01:29 +02:00
Mark VanLandingham 3792ffa556
DEV: Update method documentation in lib/computed.js (#10172) 2020-07-06 09:26:21 -05:00
dependabot-preview[bot] cb421b5358
Build(deps): Bump nokogiri from 1.10.9 to 1.10.10 (#10171)
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.9 to 1.10.10.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.10.9...v1.10.10)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-06 10:13:23 -04:00
Joe 6e341f1839 UX: restore table borders
Newer versions of Normalize remove the `border-collapse: collapse;` property and fallback to browser defaults. This commit restores that property because we're using it in quite a few places.
2020-07-06 21:25:41 +08:00
David Taylor 98786cb037
DEV: Refactor basic-topic-list to use topic-list-item on mobile (#10105)
Previously, basic-topic-list had its own implementation of topic-list-item on mobile, which made it more difficult to maintain and extend. The visible difference was that the basic-topic-list implementation had no large avatar on the left. This commit adds a new hideMobileAvatar parameter to topic-list-item and topic-list, and sets it to `true` for the basic-topic-list component.
2020-07-06 13:58:57 +01:00
Régis Hanol 525a2174b3
Restore 'pointer' cursor on buttons
Normalize removed their opinionated cursor styling of buttons in [4.0.1](170455d6f6).

Follow-up-to: 1fd3a30a59
2020-07-06 13:15:31 +02:00