Régis Hanol
4fb41663b3
SECURITY: prevent XSS when showing diffs
2018-04-16 15:46:32 +02:00
Régis Hanol
001b0710c7
FIX: don't add diff classes more than once
2018-04-16 15:41:45 +02:00
Joffrey JAFFEUX
a4a0b8e922
fix spec
2018-04-16 13:40:44 +02:00
Joffrey JAFFEUX
06b6c805d5
dashboard next: adds report for user types
2018-04-16 13:03:43 +02:00
Arpit Jalan
9353ae4b5d
Remove obsolete per topic unsubscribe page.
2018-04-16 16:11:20 +05:30
Joffrey JAFFEUX
035d92d2e1
dashboard next: minor tweaks
...
* help texts
* renaming of components to dashboard-*
* use number formatter
* adjust trend position
2018-04-16 12:00:49 +02:00
Maja Komel
3d99726981
FIX: set notification level when changing post owner ( #5616 )
...
FIX: do not notify last post editor if they mention themself
2018-04-16 11:48:06 +02:00
Joffrey JAFFEUX
b602bab741
linting
2018-04-16 10:57:32 +02:00
Kyle Zhao
3e7638e3f5
Improve docker performance with `delegated` mount flag ( #5760 )
2018-04-16 10:56:35 +02:00
Sudaraka Jayathilaka
8a40a1d50a
Add users-top plugin outlet ( #5761 )
2018-04-16 10:53:31 +02:00
Joffrey JAFFEUX
0e15a575f4
EXPERIMENTAL: new dashboard UI
...
This is the first iteration of an effort towards making a very good dashboard.
Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
Sam
223379e21a
per spec we need to repeat disallow paths per agent
2018-04-16 15:38:10 +10:00
Arpit Jalan
a1ef455c78
SECURITY: do not show private topic title on /unsubscribed page
2018-04-16 10:35:57 +05:30
Guo Xiang Tan
6cce839f0a
FIX: Missing action to trigger add group members modal for group owners.
...
https://meta.discourse.org/t/unable-to-add-members-to-a-group-as-group-owner-who-is-not-staff/85346?u=tgxworld
2018-04-16 09:09:47 +08:00
Arpit Jalan
c74c933996
SECURITY: escape HTML entities from topic title
2018-04-15 18:44:28 +05:30
Arpit Jalan
a8a12eb2d9
SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users
2018-04-15 18:01:58 +05:30
Arpit Jalan
c28c5083e0
SECURITY: santize tags when creating new topic via URL
2018-04-15 17:28:27 +05:30
Jeff Atwood
bf2574ee76
very minor copyedit (part deux)
2018-04-15 03:44:23 -07:00
Jeff Atwood
9642240a18
very minor copyedit
2018-04-15 03:38:53 -07:00
Arpit Jalan
0183656631
FIX: verify filtered tags when checking for category minimum required tags
2018-04-14 23:20:43 +05:30
Arpit Jalan
18f50ca01a
FIX: parameterize tag_id
2018-04-14 16:42:53 +05:30
Neil Lalonde
637bef0c3c
UX: staff can see the delete button on a post that was marked for deletion by the author
2018-04-13 15:10:18 -04:00
Robin Ward
9d0ff0dc68
FIX: Use `new-password` instead
2018-04-13 14:38:16 -04:00
Kris
fa2c474617
adding slight gradient to lightbox background
2018-04-13 13:58:30 -04:00
Régis Hanol
fe32733a57
extract signatures from emails sent using Zimbra
2018-04-13 19:04:27 +02:00
Kris
a4b8813a02
FIX: Header nav should be tabbable and have focus state
2018-04-13 12:53:04 -04:00
Neil Lalonde
3e9230714f
UX: moved posts message links to the first post at the destination topic
2018-04-13 12:47:36 -04:00
Neil Lalonde
e8d35653ae
Version bump to v2.0.0.beta6
2018-04-13 10:47:01 -04:00
Neil Lalonde
a631c8f09d
Update translations
2018-04-13 10:32:39 -04:00
Neil Lalonde
06022d042c
fix failing spec user_profile_spec
2018-04-13 10:32:28 -04:00
Robin Ward
1a410660f6
FIX: Don't autocomplete the password confirmation field
...
We currently use that field for our honeypot. However, since it's a
`type=password` certain browsers like chrome were autofilling it.
Normally this isn't a problem, but if you are using subfolders on the
same host the challenge would be different and Discourse would fail the
challenge.
2018-04-13 09:38:59 -04:00
Sam
3632b8d8d6
FEATURE: provide extra signal about content age to crawlers
...
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
Sam
6179c0ce51
FEATURE: bingbot heavily throttled till it plays nice
2018-04-13 14:24:22 +10:00
Guo Xiang Tan
a902d5b27f
Replace ActiveSupport::Logger with DiscourseLogstashLogger when enabled.
2018-04-13 12:08:27 +08:00
Guo Xiang Tan
e43baafa02
UX: Link to automatic group page on user admin page.
2018-04-13 10:46:30 +08:00
Arpit Jalan
00f59f648d
Merge pull request #5755 from techAPJ/flag-webhook
...
FEATURE: webhook for flag events
2018-04-13 07:50:21 +05:30
Guo Xiang Tan
67ab6ab751
UX: Better 'saved' indication on group manage form.
2018-04-13 10:18:09 +08:00
Arpit Jalan
a16b616861
FEATURE: webhook for flag events
2018-04-13 07:47:58 +05:30
Guo Xiang Tan
b3a88109a8
Minor UX tweaks to group pages.
2018-04-13 10:10:42 +08:00
Guo Xiang Tan
501d4ca564
UX: Align group members button/dropdown to the right.
2018-04-13 09:17:22 +08:00
Guo Xiang Tan
90dd12611c
UX: Use a wrench for `group-member-dropdown`.
2018-04-13 08:01:00 +08:00
Kris
dfeaa34435
improving mobile upload modal alignment
2018-04-12 12:16:02 -04:00
Neil Lalonde
0e2584b841
fix cursor on disabled composer
2018-04-12 11:32:13 -04:00
Gerhard Schlager
f4ebe47b32
Minor copy edit
2018-04-12 17:12:53 +02:00
Régis Hanol
a0a06492d8
FIX: make get_hostname more lenient to user input
2018-04-12 17:09:09 +02:00
Gerhard Schlager
f042a9529b
FIX: users shouldn't get notifications about mentions from system users
...
(unless the mentioned users are participants in a PM with the system user)
2018-04-12 16:19:44 +02:00
Joffrey JAFFEUX
5fc2eadd09
FIX: adds ellipsis on name of dropdown-select-box row
2018-04-12 11:39:45 +02:00
Guo Xiang Tan
a389baeb07
FIX: Group pages should work when group name contains periods.
...
https://meta.discourse.org/t/group-name-cant-have-dot-inside/48658
2018-04-12 17:11:36 +08:00
Joffrey JAFFEUX
deab0486fa
FIX: apply fa-fw on class instead of icon name
2018-04-12 10:56:32 +02:00
Guo Xiang Tan
6e46f81123
Add a distributed mutex around user creation via SSO.
...
* When two SSO requests containing the same email in the payload are
sent at the same time, it would sometimes result in two users
being created but one without an email record. Investigations
points to ActiveRecord not generating the right statements but
we have no figured out the reproduction steps yet. We should review
this after upgrading to Rails 5.2.
2018-04-12 16:18:49 +08:00