Commit Graph

220 Commits

Author SHA1 Message Date
Régis Hanol e92f5e4fbf FEATURE: new email attachment blacklists site settings 2016-08-03 17:55:54 +02:00
Robin Ward 2891f230d1 SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 13:54:17 -04:00
Régis Hanol 376881845c always strip s/mime signatures in incoming emails 2016-06-27 22:26:05 +02:00
Régis Hanol dffe50a2e6 new alternative reply by email addresses 2016-06-10 16:14:42 +02:00
Régis Hanol de9136a8f2 FIX: bypass TL0-specific validations on posts in a PM 2016-04-18 22:08:42 +02:00
Régis Hanol 20ce7f29e0 FEATURE: new 'manual_polling_enabled' site setting 2016-03-16 22:28:01 +01:00
scossar 1914495e88 make error message translatable 2016-03-15 10:02:10 -07:00
scossar 0cbeda8414 add site setting for setting locale from header 2016-03-14 16:18:19 -07:00
Arpit Jalan 36f82aa68c FEATURE: enforce admin password validation when signing up via developer email 2016-03-04 00:28:47 +05:30
Arpit Jalan 50e65634d7 FEATURE: new setting min_admin_password_length and better default 2016-03-02 14:43:26 +05:30
Régis Hanol be5a54d67d FEATURE: new 'allow_all_attachments_for_group_messages' site setting 2016-02-29 22:39:24 +01:00
Régis Hanol 8893d711e0 FEATURE: new pop3 polling configuration admin dashboard check 2016-02-17 11:25:49 +01:00
Régis Hanol 8944d62aa6 add validator for the 'reply_by_email_enabled' site setting 2016-02-09 23:35:40 +01:00
Arpit Jalan 99c4252ba6 FEATURE: Staff should be exempt from user mention limit 2016-02-01 21:19:56 +05:30
bgr11n 53fb84baa3 fixed password validator on equality with email 2016-01-05 22:43:11 +02:00
Régis Hanol 978a1539fa new pop3_polling_enabled setting validator to ensure credentials are working before enabling it 2015-12-10 22:23:54 +01:00
Régis Hanol 5b9594277a skip most post validations for staged accounts 2015-12-01 10:40:23 +01:00
Régis Hanol 7c694139ec trust staged accounts when validating posts 2015-11-30 19:08:35 +01:00
Gerhard Schlager 6e33a21a7a FIX: Replace invalid pluralizations in locale files 2015-11-13 21:25:15 +01:00
Sam 69ad0358c2 FIX: incorrect logic in email blocker
if mail.com was blocked, email.com was automatically blocked
2015-06-15 11:28:50 +10:00
Arpit Jalan b7ac8448c6 Improve IP blocking error message 2015-06-02 07:48:26 +05:30
Arpit Jalan 6bf680882c Better error message when new registration limit from an IP address is reached 2015-06-01 10:16:25 +05:30
Arpit Jalan 220b9c5abe FIX: match subdomain with email domain blacklist 2015-05-13 21:02:02 +05:30
Gerhard Schlager 9a76ee8f8a FIX: error message used wrong filesize 2015-05-03 19:26:54 +02:00
Robin Ward a5ee45ccbe `PostEnqueuer` object to handle validation of enqueued posts 2015-04-15 14:54:36 -04:00
Neil Lalonde 30b063c08b FEATURE: make full names a required field of user profiles with the full_name_required setting 2015-04-02 17:08:04 -04:00
Arpit Jalan b706307ac7 FEATURE: new site setting min_first_post_length 2015-03-20 00:20:38 +05:30
Neil Lalonde c04b214910 FEATURE: don't allow username and email to be the same 2015-02-27 13:47:43 -05:00
Sam 0742f340f9 FEATURE: allow for a localized error when a regex fails in site settings
FEATURE: apply string validation to list site settings (so we get regex)
2015-02-27 11:45:56 +11:00
Neil Lalonde cf81b3f86d FEATURE: don't allow username and password to be the same 2015-02-25 12:00:13 -05:00
Régis Hanol f7d2fc0524 FEATURE: 'reply by email address' validator
Prevent infinite email loophole when the 'reply_by_email_address' site setting is the same as the 'notification_email'.
2015-02-06 12:08:37 +01:00
Arpit Jalan 58f46137d6 FIX: allow developer emails to bypass email blacklist/whitelist restriction 2015-01-30 00:10:03 +05:30
Régis Hanol 7641d88224 FEATURE: new 'maximum new user accounts per registration IP' site setting 2014-11-17 12:04:29 +01:00
Arpit Jalan fab2b95ab6 FIX: disposable invite was giving email validation error 2014-10-23 22:55:49 +05:30
Sam 59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Régis Hanol e64d3b8a42 FIX: disagree flag should unhide hidden post 2014-08-11 10:48:00 +02:00
Neil Lalonde 443caaa8f7 FIX: don't let admins skip post validations, unless it's faq, tos, or privacy 2014-08-01 14:53:35 -04:00
Neil Lalonde e1be478ef4 FIX: admins bypass some post validations. This allows them to edit legal docs even if those docs are longer than max post length, for example. 2014-07-28 16:40:14 -04:00
Jens Maier bf9f3c1366 FIX: NoMethodError in on extension.upcase when upload's original filename has no extension. 2014-07-15 03:23:26 +02:00
Sam 5b310c21b4 FIX: less crazy error when post exceeds max length. 2014-07-04 16:39:15 +10:00
Neil Lalonde 3eb65885d1 Add validation of string site settings with regex, and min and max lengths 2014-06-18 11:15:40 -04:00
Neil Lalonde ba65aa3f6c Add a way to validate min and max value of an integer site setting 2014-06-12 18:04:37 -04:00
Neil Lalonde 9611a1ac47 Validate username site settings 2014-06-11 16:20:57 -04:00
Neil Lalonde 3d22f90e9f FIX: email regexp for older rubies 2014-06-10 10:31:22 -04:00
Neil Lalonde c61462662b Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 16:59:20 -04:00
Régis Hanol 4371374ba6 FEATURE: support for enabling all upload file types
BUGFIX: authorized extensions is now case insensitive
2014-04-29 19:12:35 +02:00
Régis Hanol 2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Stephan Kaag f12925887c Drop Rails3 support 2014-02-17 19:42:08 +01:00
Robin Ward 14ec64a36a Give a better error message from the server if you've been replying too much. 2014-01-06 11:10:37 -05:00
Neil Lalonde ab12695d63 Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature. 2013-12-27 11:00:21 -05:00
Robin Ward 0c45eba037 FIX: Users can edit posts when they've reached the `newuser_max_replies_per_topic` threshold. 2013-12-20 11:30:51 -05:00
Neil Lalonde 854d9c8fc6 Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length. 2013-12-19 16:15:47 -05:00
Neil Lalonde 33c6997ded Move password validation into PasswordValidator 2013-12-19 16:15:47 -05:00
Robin Ward 1cac9fa257 New users can only post `newuser_max_replies_per_topic` times per topic. 2013-12-19 13:45:55 -05:00
Neil Lalonde 8724b2e2b6 Add comments about the IPAddr hack 2013-11-05 11:24:13 -05:00
Neil Lalonde c1008f4359 Fixes for postgresql inet columns in Rails 4. They're backed by an IPAddr class now, which breaks sql parameter marker support, and automatically sets the attribute to nil when trying to assign an invalid ip address. 2013-10-22 19:19:32 -04:00
Neil Lalonde 7d582fbee3 Screened ip address can be edited, deleted, and changed to allow or block. 2013-10-22 16:30:46 -04:00
Neil Lalonde 648b11a0eb Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address. 2013-10-21 14:50:18 -04:00
Neil Lalonde 78c15d5810 Move the unique post key storage code into the Post model 2013-09-09 16:17:31 -04:00
Neil Lalonde eae7e75611 FIX: recover post by a non-staff user fails because the post is not unique. Uniqueness check shouldn't happen when recovering a deleted post. 2013-09-06 11:50:15 -04:00
Neil Lalonde 117fc8db58 Change the way nuked users' posts are handled. Allow null in the user_id column of posts. Show these posts in the posts stream. 2013-09-04 15:42:21 -04:00
Neil Lalonde 86647f0a54 Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail. 2013-08-14 16:08:23 -04:00
Neil Lalonde 5f8a130277 Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-29 15:29:43 -04:00
Régis Hanol 2986798ba7 add newuser-max-attachments setting 2013-07-22 02:39:17 +02:00
Robin Ward 023d18cab2 FIX: Admins should be able to post short titles. This is especially important for when syndicating
a blog via the wordpress plugin into Discourse.
2013-06-29 17:57:10 -04:00
Régis Hanol 121d08e25f FIX: updating needs a restart 2013-06-29 03:49:54 +02:00
Sam f7de9f17d5 refactor validators
add a new setting for min pm body length
use that setting for flags
scale entropy check down for pms
2013-06-13 18:18:43 +10:00
Navin 3fdba0019b Extract callbacks and validations for Post
Move Post create callbacks to PostCreate
Extract Post validations
Move stripped_length_validator to lib/validators
2013-06-09 20:47:04 +02:00
Neil Lalonde 2465c9c724 Add min_private_message_title_length site setting so private messages can have short titles 2013-06-04 17:59:23 -04:00
Matt Van Horn 806255b3c4 refactor Topic validation
introduce a couple of custom validators
fix minor discrepancies in tests
copy I18n error message keys to default location
clean up validation invocation
move some responsibilities out of validator into class
2013-05-22 22:31:52 -07:00