Commit Graph

27378 Commits

Author SHA1 Message Date
Régis Hanol 4fb41663b3 SECURITY: prevent XSS when showing diffs 2018-04-16 15:46:32 +02:00
Régis Hanol 001b0710c7 FIX: don't add diff classes more than once 2018-04-16 15:41:45 +02:00
Joffrey JAFFEUX a4a0b8e922
fix spec 2018-04-16 13:40:44 +02:00
Joffrey JAFFEUX 06b6c805d5
dashboard next: adds report for user types 2018-04-16 13:03:43 +02:00
Arpit Jalan 9353ae4b5d Remove obsolete per topic unsubscribe page. 2018-04-16 16:11:20 +05:30
Joffrey JAFFEUX 035d92d2e1
dashboard next: minor tweaks
* help texts
* renaming of components to dashboard-*
* use number formatter
* adjust trend position
2018-04-16 12:00:49 +02:00
Maja Komel 3d99726981 FIX: set notification level when changing post owner (#5616)
FIX: do not notify last post editor if they mention themself
2018-04-16 11:48:06 +02:00
Joffrey JAFFEUX b602bab741
linting 2018-04-16 10:57:32 +02:00
Kyle Zhao 3e7638e3f5 Improve docker performance with `delegated` mount flag (#5760) 2018-04-16 10:56:35 +02:00
Sudaraka Jayathilaka 8a40a1d50a Add users-top plugin outlet (#5761) 2018-04-16 10:53:31 +02:00
Joffrey JAFFEUX 0e15a575f4
EXPERIMENTAL: new dashboard UI
This is the first iteration of an effort towards making a very good dashboard.

Until we feel confident this is good, this dashboard will only be accessible through /admin/dashboard_next
2018-04-16 10:42:06 +02:00
Sam 223379e21a per spec we need to repeat disallow paths per agent 2018-04-16 15:38:10 +10:00
Arpit Jalan a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Guo Xiang Tan 6cce839f0a FIX: Missing action to trigger add group members modal for group owners.
https://meta.discourse.org/t/unable-to-add-members-to-a-group-as-group-owner-who-is-not-staff/85346?u=tgxworld
2018-04-16 09:09:47 +08:00
Arpit Jalan c74c933996 SECURITY: escape HTML entities from topic title 2018-04-15 18:44:28 +05:30
Arpit Jalan a8a12eb2d9 SECURITY: do not disclose topic titles on /unsubscribed page to unauthorized users 2018-04-15 18:01:58 +05:30
Arpit Jalan c28c5083e0 SECURITY: santize tags when creating new topic via URL 2018-04-15 17:28:27 +05:30
Jeff Atwood bf2574ee76 very minor copyedit (part deux) 2018-04-15 03:44:23 -07:00
Jeff Atwood 9642240a18 very minor copyedit 2018-04-15 03:38:53 -07:00
Arpit Jalan 0183656631 FIX: verify filtered tags when checking for category minimum required tags 2018-04-14 23:20:43 +05:30
Arpit Jalan 18f50ca01a FIX: parameterize tag_id 2018-04-14 16:42:53 +05:30
Neil Lalonde 637bef0c3c UX: staff can see the delete button on a post that was marked for deletion by the author 2018-04-13 15:10:18 -04:00
Robin Ward 9d0ff0dc68 FIX: Use `new-password` instead 2018-04-13 14:38:16 -04:00
Kris fa2c474617 adding slight gradient to lightbox background 2018-04-13 13:58:30 -04:00
Régis Hanol fe32733a57 extract signatures from emails sent using Zimbra 2018-04-13 19:04:27 +02:00
Kris a4b8813a02 FIX: Header nav should be tabbable and have focus state 2018-04-13 12:53:04 -04:00
Neil Lalonde 3e9230714f UX: moved posts message links to the first post at the destination topic 2018-04-13 12:47:36 -04:00
Neil Lalonde e8d35653ae Version bump to v2.0.0.beta6 2018-04-13 10:47:01 -04:00
Neil Lalonde a631c8f09d Update translations 2018-04-13 10:32:39 -04:00
Neil Lalonde 06022d042c fix failing spec user_profile_spec 2018-04-13 10:32:28 -04:00
Robin Ward 1a410660f6 FIX: Don't autocomplete the password confirmation field
We currently use that field for our honeypot. However, since it's a
`type=password` certain browsers like chrome were autofilling it.
Normally this isn't a problem, but if you are using subfolders on the
same host the challenge would be different and Discourse would fail the
challenge.
2018-04-13 09:38:59 -04:00
Sam 3632b8d8d6 FEATURE: provide extra signal about content age to crawlers
Adds Last-Modified field to help teach crawlers not to crawl old content
2018-04-13 14:58:33 +10:00
Sam 6179c0ce51 FEATURE: bingbot heavily throttled till it plays nice 2018-04-13 14:24:22 +10:00
Guo Xiang Tan a902d5b27f Replace ActiveSupport::Logger with DiscourseLogstashLogger when enabled. 2018-04-13 12:08:27 +08:00
Guo Xiang Tan e43baafa02 UX: Link to automatic group page on user admin page. 2018-04-13 10:46:30 +08:00
Arpit Jalan 00f59f648d
Merge pull request #5755 from techAPJ/flag-webhook
FEATURE:  webhook for flag events
2018-04-13 07:50:21 +05:30
Guo Xiang Tan 67ab6ab751 UX: Better 'saved' indication on group manage form. 2018-04-13 10:18:09 +08:00
Arpit Jalan a16b616861 FEATURE: webhook for flag events 2018-04-13 07:47:58 +05:30
Guo Xiang Tan b3a88109a8 Minor UX tweaks to group pages. 2018-04-13 10:10:42 +08:00
Guo Xiang Tan 501d4ca564 UX: Align group members button/dropdown to the right. 2018-04-13 09:17:22 +08:00
Guo Xiang Tan 90dd12611c UX: Use a wrench for `group-member-dropdown`. 2018-04-13 08:01:00 +08:00
Kris dfeaa34435 improving mobile upload modal alignment 2018-04-12 12:16:02 -04:00
Neil Lalonde 0e2584b841 fix cursor on disabled composer 2018-04-12 11:32:13 -04:00
Gerhard Schlager f4ebe47b32 Minor copy edit 2018-04-12 17:12:53 +02:00
Régis Hanol a0a06492d8 FIX: make get_hostname more lenient to user input 2018-04-12 17:09:09 +02:00
Gerhard Schlager f042a9529b FIX: users shouldn't get notifications about mentions from system users
(unless the mentioned users are participants in a PM with the system user)
2018-04-12 16:19:44 +02:00
Joffrey JAFFEUX 5fc2eadd09
FIX: adds ellipsis on name of dropdown-select-box row 2018-04-12 11:39:45 +02:00
Guo Xiang Tan a389baeb07 FIX: Group pages should work when group name contains periods.
https://meta.discourse.org/t/group-name-cant-have-dot-inside/48658
2018-04-12 17:11:36 +08:00
Joffrey JAFFEUX deab0486fa
FIX: apply fa-fw on class instead of icon name 2018-04-12 10:56:32 +02:00
Guo Xiang Tan 6e46f81123 Add a distributed mutex around user creation via SSO.
* When two SSO requests containing the same email in the payload are
  sent at the same time, it would sometimes result in two users
  being created but one without an email record. Investigations
  points to ActiveRecord not generating the right statements but
  we have no figured out the reproduction steps yet. We should review
  this after upgrading to Rails 5.2.
2018-04-12 16:18:49 +08:00