Jeff Wong
68e4e6a575
FIX: staged users are still tl0 but do not trigger spam if 1 week old.
2018-06-18 17:20:04 -07:00
Jeff Wong
9e55767f6a
FIX: don't punish a user for being previously staged for spam flags.
2018-06-15 12:25:25 -07:00
Robin Ward
fd54c92a52
FEATURE: New site setting, whitelisted_link_domains
...
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
2018-06-13 16:11:22 -04:00
Guo Xiang Tan
ad5082d969
Make rubocop happy again.
2018-06-07 13:28:18 +08:00
Arpit Jalan
91bf10bd12
FIX: create upload record for exported csv files
2018-04-20 00:27:49 +05:30
Régis Hanol
2585ada5ca
FIX: don't allow spaces in 'reply_by_email_address' site setting
2018-04-17 17:08:12 +02:00
Robin Ward
e27edfe597
FIX: Don't give two errors about not being able to post links
2018-04-05 12:54:48 -04:00
Arpit Jalan
10759677db
FIX: when uploading image newuser restrictions should not apply to staff
2018-04-05 09:51:03 +05:30
Guo Xiang Tan
142571bba0
Remove use of `rescue nil`.
...
* `rescue nil` is a really bad pattern to use in our code base.
We should rescue errors that we expect the code to throw and
not rescue everything because we're unsure of what errors the
code would throw. This would reduce the amount of pain we face
when debugging why something isn't working as expexted. I've
been bitten countless of times by errors being swallowed as a
result during debugging sessions.
2018-04-02 13:52:51 +08:00
Joffrey JAFFEUX
ce1994beea
FIX: do not treat :: as a valid emoji
2018-03-05 15:35:24 +01:00
Régis Hanol
6a78669ca3
FIX: 'reply by email addresses' site settings should allow email addresses without a 'reply_key' when 'find related post with key' is disabled
2018-03-02 17:53:18 +01:00
Neil Lalonde
baf1c385eb
UX: when a post is blocked due to a watched word, message includes the word being blocked
2018-02-28 11:22:18 -05:00
Neil Lalonde
3313072957
Remove censored_pattern site setting, which is replaced by watched words
2018-02-26 16:29:27 -05:00
Robin Ward
3ea272f4f1
New setting: minimum trust level to embed images in a post
2018-02-20 20:00:06 -05:00
Arpit Jalan
c419c26f56
FEATURE: new site setting 'max_emojis_in_title'
2018-02-19 18:15:26 +05:30
OsamaSayegh
f3815cd785
FEATURE: New site setting for additional allowed filetypes for staff ( #5364 )
...
* FEATURE: New site setting for additional allowed filetypes for staff
* Problematic variable name
* feedback
* small issues
* fix indentation
* failing tests
* Remove message bus and fix minor issues
* Missed this message bus
2018-02-19 10:44:24 +01:00
Erick Guan
03b3e57a44
FEATURE: login by a link from email
...
Co-authored-by: tgxworld <tgx@discourse.org>
2018-02-13 16:14:39 +08:00
Robin Ward
5466389f4e
FIX: Consider oneboxes links wrt to `min_trust_level_to_post_links`
2018-02-08 18:27:40 -05:00
Robin Ward
dedeb2deb8
FIX: Don't show the link button in the composer if linking is disabled
2018-02-08 12:56:10 -05:00
Robin Ward
6a5dad0b86
FIX: Too much Javascript :)
2018-02-07 11:46:05 -05:00
Robin Ward
016b9cd0e9
FIX: Count the links in the post
2018-02-06 20:16:48 -05:00
Robin Ward
1bab15c757
FEATURE: A site setting for a minimum TL to post links
2018-02-06 18:07:58 -05:00
Gerhard Schlager
2a22b90538
SECURITY: email domain whitelist could be bypassed
2018-01-17 21:45:32 +01:00
Arpit Jalan
1208254961
FIX: validate presence of 'top menu' setting
2018-01-17 01:43:53 +05:30
Guo Xiang Tan
805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
...
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
Arpit Jalan
0514ac4ee2
FIX: verify presence of 'sso url' before enabling 'enable sso'
2017-12-23 13:30:49 +05:30
Guo Xiang Tan
4b51871f6a
Treat non-ascii URLs in `UrlValidator`.
2017-12-21 14:22:55 +08:00
Guo Xiang Tan
6ecf37c482
Improve URL validation to check for a valid host.
...
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:
URI.parse("http://https://google.com ")
=> #<URI::HTTP http://https//google.com >
2017-12-21 13:50:15 +08:00
Matt Palmer
f315c142b1
BUG: Load the appropriate file for AlternativeReplyByEmailAddressesValidator
...
Autoloading only works when the class names are namespaced appropriately.
2017-12-19 09:43:41 +11:00
Vinoth Kannan
7f2eeaf767
FIX: Password required flag should be cleared whenever clearing the raw password ( #5384 )
2017-12-01 15:19:24 +11:00
Neil Lalonde
ddbd1d5ab8
allow regex options on username site settings
2017-10-04 15:08:51 -04:00
Gerhard Schlager
7f50380221
FIX: respect email domain whitelist/blacklist when creating staged users
2017-10-03 16:36:08 +02:00
Bianca Nenciu
bb3a5910d7
Support for sending PMs to email addresses ( #4988 )
...
* Added support for sending PMs to email addresses.
* Made changes after review.
* Added settings validator.
* Fixed tests.
2017-08-28 12:07:30 -04:00
Sam
fdc5c080ea
FIX: bump default max for int site settings to a much higher number
...
(close to long int)
2017-08-24 10:16:41 -04:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Neil Lalonde
68b3dd43ce
fix intermittent failing tests, some watched word refactoring
2017-07-27 12:27:01 -04:00
Neil Lalonde
24cb950432
FEATURE: Watched Words: when posts contain words, do one of flag, require approval, censor, or block
2017-07-26 11:01:09 -04:00
Guo Xiang Tan
2255724637
UX: Add validator for `SiteSetting#sso_overrides_email`.
2017-07-10 10:08:55 +09:00
Robin Ward
b93edc9945
FIX: Make sure censored words are on boundaries in topic titles
2017-06-28 13:13:40 -04:00
Régis Hanol
54e8fb0d89
FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting
2017-06-12 22:41:29 +02:00
Sam
bc0b9af576
FEATURE: support uploads for themes
...
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Guo Xiang Tan
59b906ab0d
FEATURE: Disable minimum post length check when in PM with non human users.
...
https://meta.discourse.org/t/discourse-narrative-bot-beta-feedback/58621/65?u=tgxworld
2017-04-27 16:00:22 +08:00
Arpit Jalan
dad2024094
FIX: do not impose default min/max validation on hidden site setting
2017-04-22 12:08:39 +05:30
Arpit Jalan
9eff4f0807
FIX: all basic integer settings should have max value validation
2017-04-21 07:09:41 +05:30
Régis Hanol
2be14a604c
FIX: censored_pattern with group capturing wasn't working
2017-04-10 23:38:48 +02:00
Sam
dacfdd4dc8
use chars as opposed to split
2017-02-14 09:40:15 -05:00
Sam
8feb94e13f
FIX: password validator was being too strict
2017-02-14 09:18:04 -05:00
Neil Lalonde
94e1105af7
fix unique char counting in password validator
2017-02-10 10:38:17 -05:00
Neil Lalonde
1bcb835446
FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting
2017-02-09 15:00:22 -05:00
Rimian Perkins
25516874b5
FIX: Escape regexp chars in `SiteSetting.censored_words`.
2017-01-31 10:14:51 +08:00
Guo Xiang Tan
eafd0a7497
Bye bye bygbug.
2017-01-24 14:07:55 +08:00
Guo Xiang Tan
ce07da1d8b
UX: Only display the words that fails censored words validations.
2017-01-24 13:11:05 +08:00
Guo Xiang Tan
429b02a5d5
oops fix specs.
2017-01-09 17:08:24 +08:00
Guo Xiang Tan
3d21ccd4a5
FIX: Add validation to disallow censored words in topic title.
2017-01-09 16:55:41 +08:00
Guo Xiang Tan
13c6191e89
FIX: Don't allow invalid email to be saved.
2016-12-21 17:47:11 +08:00
Neil Lalonde
fb2633366a
FIX: featured link topics shouldn't require the same min post length
2016-12-09 15:46:26 -05:00
Erick Guan
52763f5115
FEATURE: Allow posting a link with topics
2016-12-05 17:20:54 +01:00
Neil Lalonde
86522a52b7
FEATURE: add censored_pattern setting to censor posts using regex
2016-11-08 16:39:26 -05:00
Régis Hanol
35a79a70c3
FIX: uploading custom avatar was always hidden
2016-10-20 19:53:41 +02:00
Guo Xiang Tan
d312c82474
Revert "FIX: wasn't able to update category's settings"
...
This reverts commit 282f9948cb
.
2016-09-22 11:29:44 +08:00
Robin Ward
64094954bc
FIX: Broken posting
2016-09-16 13:12:05 -04:00
Neil Lalonde
7a81669c18
SECURITY: don't allow re-using the current password during password reset
2016-08-24 12:27:21 -04:00
Neil Lalonde
d079f69b7b
FEATURE: add flair to avatars using new settings in the groups admin UI
2016-08-17 15:13:15 -04:00
Régis Hanol
282f9948cb
FIX: wasn't able to update category's settings
2016-08-09 20:14:49 +02:00
Régis Hanol
e92f5e4fbf
FEATURE: new email attachment blacklists site settings
2016-08-03 17:55:54 +02:00
Robin Ward
2891f230d1
SECURITY: Make sure uploaded_urls have corresponding upload records
2016-07-28 13:54:17 -04:00
Régis Hanol
376881845c
always strip s/mime signatures in incoming emails
2016-06-27 22:26:05 +02:00
Régis Hanol
dffe50a2e6
new alternative reply by email addresses
2016-06-10 16:14:42 +02:00
Régis Hanol
de9136a8f2
FIX: bypass TL0-specific validations on posts in a PM
2016-04-18 22:08:42 +02:00
Régis Hanol
20ce7f29e0
FEATURE: new 'manual_polling_enabled' site setting
2016-03-16 22:28:01 +01:00
scossar
1914495e88
make error message translatable
2016-03-15 10:02:10 -07:00
scossar
0cbeda8414
add site setting for setting locale from header
2016-03-14 16:18:19 -07:00
Arpit Jalan
36f82aa68c
FEATURE: enforce admin password validation when signing up via developer email
2016-03-04 00:28:47 +05:30
Arpit Jalan
50e65634d7
FEATURE: new setting min_admin_password_length and better default
2016-03-02 14:43:26 +05:30
Régis Hanol
be5a54d67d
FEATURE: new 'allow_all_attachments_for_group_messages' site setting
2016-02-29 22:39:24 +01:00
Régis Hanol
8893d711e0
FEATURE: new pop3 polling configuration admin dashboard check
2016-02-17 11:25:49 +01:00
Régis Hanol
8944d62aa6
add validator for the 'reply_by_email_enabled' site setting
2016-02-09 23:35:40 +01:00
Arpit Jalan
99c4252ba6
FEATURE: Staff should be exempt from user mention limit
2016-02-01 21:19:56 +05:30
bgr11n
53fb84baa3
fixed password validator on equality with email
2016-01-05 22:43:11 +02:00
Régis Hanol
978a1539fa
new pop3_polling_enabled setting validator to ensure credentials are working before enabling it
2015-12-10 22:23:54 +01:00
Régis Hanol
5b9594277a
skip most post validations for staged accounts
2015-12-01 10:40:23 +01:00
Régis Hanol
7c694139ec
trust staged accounts when validating posts
2015-11-30 19:08:35 +01:00
Gerhard Schlager
6e33a21a7a
FIX: Replace invalid pluralizations in locale files
2015-11-13 21:25:15 +01:00
Sam
69ad0358c2
FIX: incorrect logic in email blocker
...
if mail.com was blocked, email.com was automatically blocked
2015-06-15 11:28:50 +10:00
Arpit Jalan
b7ac8448c6
Improve IP blocking error message
2015-06-02 07:48:26 +05:30
Arpit Jalan
6bf680882c
Better error message when new registration limit from an IP address is reached
2015-06-01 10:16:25 +05:30
Arpit Jalan
220b9c5abe
FIX: match subdomain with email domain blacklist
2015-05-13 21:02:02 +05:30
Gerhard Schlager
9a76ee8f8a
FIX: error message used wrong filesize
2015-05-03 19:26:54 +02:00
Robin Ward
a5ee45ccbe
`PostEnqueuer` object to handle validation of enqueued posts
2015-04-15 14:54:36 -04:00
Neil Lalonde
30b063c08b
FEATURE: make full names a required field of user profiles with the full_name_required setting
2015-04-02 17:08:04 -04:00
Arpit Jalan
b706307ac7
FEATURE: new site setting min_first_post_length
2015-03-20 00:20:38 +05:30
Neil Lalonde
c04b214910
FEATURE: don't allow username and email to be the same
2015-02-27 13:47:43 -05:00
Sam
0742f340f9
FEATURE: allow for a localized error when a regex fails in site settings
...
FEATURE: apply string validation to list site settings (so we get regex)
2015-02-27 11:45:56 +11:00
Neil Lalonde
cf81b3f86d
FEATURE: don't allow username and password to be the same
2015-02-25 12:00:13 -05:00
Régis Hanol
f7d2fc0524
FEATURE: 'reply by email address' validator
...
Prevent infinite email loophole when the 'reply_by_email_address' site setting is the same as the 'notification_email'.
2015-02-06 12:08:37 +01:00
Arpit Jalan
58f46137d6
FIX: allow developer emails to bypass email blacklist/whitelist restriction
2015-01-30 00:10:03 +05:30
Régis Hanol
7641d88224
FEATURE: new 'maximum new user accounts per registration IP' site setting
2014-11-17 12:04:29 +01:00
Arpit Jalan
fab2b95ab6
FIX: disposable invite was giving email validation error
2014-10-23 22:55:49 +05:30
Sam
59d04c0695
Internal renaming of elder,leader,regular,basic to numbers
...
Changed internals so trust levels are referred to with
TrustLevel[1], TrustLevel[2] etc.
This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Régis Hanol
e64d3b8a42
FIX: disagree flag should unhide hidden post
2014-08-11 10:48:00 +02:00
Neil Lalonde
443caaa8f7
FIX: don't let admins skip post validations, unless it's faq, tos, or privacy
2014-08-01 14:53:35 -04:00
Neil Lalonde
e1be478ef4
FIX: admins bypass some post validations. This allows them to edit legal docs even if those docs are longer than max post length, for example.
2014-07-28 16:40:14 -04:00
Jens Maier
bf9f3c1366
FIX: NoMethodError in on extension.upcase when upload's original filename has no extension.
2014-07-15 03:23:26 +02:00
Sam
5b310c21b4
FIX: less crazy error when post exceeds max length.
2014-07-04 16:39:15 +10:00
Neil Lalonde
3eb65885d1
Add validation of string site settings with regex, and min and max lengths
2014-06-18 11:15:40 -04:00
Neil Lalonde
ba65aa3f6c
Add a way to validate min and max value of an integer site setting
2014-06-12 18:04:37 -04:00
Neil Lalonde
9611a1ac47
Validate username site settings
2014-06-11 16:20:57 -04:00
Neil Lalonde
3d22f90e9f
FIX: email regexp for older rubies
2014-06-10 10:31:22 -04:00
Neil Lalonde
c61462662b
Add ability to run validation on site settings. notification_email and other email address settings are now validated.
2014-06-09 16:59:20 -04:00
Régis Hanol
4371374ba6
FEATURE: support for enabling all upload file types
...
BUGFIX: authorized extensions is now case insensitive
2014-04-29 19:12:35 +02:00
Régis Hanol
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
Stephan Kaag
f12925887c
Drop Rails3 support
2014-02-17 19:42:08 +01:00
Robin Ward
14ec64a36a
Give a better error message from the server if you've been replying too much.
2014-01-06 11:10:37 -05:00
Neil Lalonde
ab12695d63
Block passwords that are in the top 5000 most common passwords. Site setting block_common_passwords can disable this feature.
2013-12-27 11:00:21 -05:00
Robin Ward
0c45eba037
FIX: Users can edit posts when they've reached the `newuser_max_replies_per_topic` threshold.
2013-12-20 11:30:51 -05:00
Neil Lalonde
854d9c8fc6
Minimum password length is configurable with the min_password_length site setting. FIX: reset password needs to validate password length.
2013-12-19 16:15:47 -05:00
Neil Lalonde
33c6997ded
Move password validation into PasswordValidator
2013-12-19 16:15:47 -05:00
Robin Ward
1cac9fa257
New users can only post `newuser_max_replies_per_topic` times per topic.
2013-12-19 13:45:55 -05:00
Neil Lalonde
8724b2e2b6
Add comments about the IPAddr hack
2013-11-05 11:24:13 -05:00
Neil Lalonde
c1008f4359
Fixes for postgresql inet columns in Rails 4. They're backed by an IPAddr class now, which breaks sql parameter marker support, and automatically sets the attribute to nil when trying to assign an invalid ip address.
2013-10-22 19:19:32 -04:00
Neil Lalonde
7d582fbee3
Screened ip address can be edited, deleted, and changed to allow or block.
2013-10-22 16:30:46 -04:00
Neil Lalonde
648b11a0eb
Add screening by IP address. When deleting a user as a spammer, block all signups from the same IP address.
2013-10-21 14:50:18 -04:00
Neil Lalonde
78c15d5810
Move the unique post key storage code into the Post model
2013-09-09 16:17:31 -04:00
Neil Lalonde
eae7e75611
FIX: recover post by a non-staff user fails because the post is not unique. Uniqueness check shouldn't happen when recovering a deleted post.
2013-09-06 11:50:15 -04:00
Neil Lalonde
117fc8db58
Change the way nuked users' posts are handled. Allow null in the user_id column of posts. Show these posts in the posts stream.
2013-09-04 15:42:21 -04:00
Neil Lalonde
86647f0a54
Add ScreenedUrl. Rename BlockedEmail to ScreenedEmail.
2013-08-14 16:08:23 -04:00
Neil Lalonde
5f8a130277
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field.
2013-07-29 15:29:43 -04:00
Régis Hanol
2986798ba7
add newuser-max-attachments setting
2013-07-22 02:39:17 +02:00
Robin Ward
023d18cab2
FIX: Admins should be able to post short titles. This is especially important for when syndicating
...
a blog via the wordpress plugin into Discourse.
2013-06-29 17:57:10 -04:00
Régis Hanol
121d08e25f
FIX: updating needs a restart
2013-06-29 03:49:54 +02:00
Sam
f7de9f17d5
refactor validators
...
add a new setting for min pm body length
use that setting for flags
scale entropy check down for pms
2013-06-13 18:18:43 +10:00
Navin
3fdba0019b
Extract callbacks and validations for Post
...
Move Post create callbacks to PostCreate
Extract Post validations
Move stripped_length_validator to lib/validators
2013-06-09 20:47:04 +02:00
Neil Lalonde
2465c9c724
Add min_private_message_title_length site setting so private messages can have short titles
2013-06-04 17:59:23 -04:00
Matt Van Horn
806255b3c4
refactor Topic validation
...
introduce a couple of custom validators
fix minor discrepancies in tests
copy I18n error message keys to default location
clean up validation invocation
move some responsibilities out of validator into class
2013-05-22 22:31:52 -07:00