Commit Graph

37796 Commits

Author SHA1 Message Date
Sam Saffron 57a3d4e0d2
FEATURE: whitelist theme repo mode (experimental)
In some restricted setups all JS payloads need tight control.

This setting bans admins from making changes to JS on the site and
requires all themes be whitelisted to be used.

There are edge cases we still need to work through in this mode
hence this is still not supported in production and experimental.

Use an example like this to enable:

`DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"`

By default this feature is not enabled and no changes are made.

One exception is that default theme id was missing a security check
this was added for correctness.
2020-06-03 13:19:57 +10:00
Guo Xiang Tan 062db10c52
FIX: `EmailValidator` needs to validate format of email. 2020-06-03 10:34:37 +08:00
Kris 1b5a505930 Small fixes to image uploaders 2020-06-02 20:36:01 -04:00
Sam Saffron 10e321a96f
Revert "DEV: makes autocomplete debounced (#9941)"
This reverts commit f9e715672b.

Sadly this debounce fix appears to break @mention autocomplete,
reverting for now.
2020-06-03 08:40:21 +10:00
Kris 688d9428fe Use an em-based width for better scaling with font-size changes 2020-06-02 17:14:04 -04:00
Kris 9e9ff01e86 Add missing text back in 2020-06-02 16:39:18 -04:00
Gerhard Schlager 9c42c0fe9a FIX: Broken MessageFormat string 2020-06-02 21:42:39 +02:00
Gerhard Schlager fc640f31df DEV: Skip interpolation key specs until build scripts can be fixed
Currently the build fails because it runs the specs for all plugins even though the current source of those plugins isn't pulled from git.
2020-06-02 19:51:47 +02:00
Gerhard Schlager 0cf297725f DEV: Use consistent interpolation key format in translations
From now on client strings can easily be reused on the server and you don’t have to think about choosing the right format anymore.
2020-06-02 19:05:10 +02:00
Mark VanLandingham b3c8d36412
DEV: Plugin api for adding extra header icons (#9964) 2020-06-02 11:39:12 -05:00
Robin Ward 4e3a84c687 FIX: If creating a flag for a watched word, include the reason 2020-06-02 11:49:02 -04:00
Jarek Radosz 3e8d548d35
FIX: Prevent clipping user mentions (#9962) 2020-06-02 16:30:34 +02:00
Guo Xiang Tan 439db7ca1e
DEV: Add `REDIS_RAILS_FAILOVER` env to test our new redis failover. 2020-06-02 17:24:14 +08:00
Guo Xiang Tan deb84017f2
Update `rails_failover`. 2020-06-02 17:01:45 +08:00
Guo Xiang Tan 4120ef7305
Bump rails_multisite to 2.2.2. 2020-06-02 16:49:33 +08:00
David Taylor 75b1298e99
DEV: Drop unused image_url column from posts and topics (#9953)
This has been superseded by image_upload_id. The image_url value in API responses is now generated dynamically from the upload record.
2020-06-02 16:21:38 +10:00
Bianca Nenciu d76ea9fa6b
FIX: Do not destroy $.fileupload element (#9888)
conditional-loading-section component rerendered the <input> element
and lost the necessary event handlers for jQuery-File-Upload.
2020-06-02 16:14:41 +10:00
Dan Ungureanu ef3e3077d0
FIX: Staff users can bypass tag validation rule (#9924) 2020-06-02 16:11:25 +10:00
Joffrey JAFFEUX f9e715672b
DEV: makes autocomplete debounced (#9941)
* DEV: makes autocomplete debounced

* better wording
2020-06-02 15:20:14 +10:00
Aman Gupta Karmani 6358e79f0f
FIX: catch NoMethodError during precompile_css too (#9940)
Ran into this on heroku:

    NoMethodError: undefined method `enabled?' for #<Theme:0x0000558f069e7718>
    vendor/bundle/ruby/2.6.0/gems/activemodel-6.0.1/lib/active_model/attribute_methods.rb:431:in `method_missing'
    app/models/theme.rb:155:in `block (2 levels) in transform_ids'
    vendor/bundle/ruby/2.6.0/gems/activerecord-6.0.1/lib/active_record/relation/delegation.rb:85:in `each'
    vendor/bundle/ruby/2.6.0/gems/activerecord-6.0.1/lib/active_record/relation/delegation.rb:85:in `each'
    vendor/bundle/ruby/2.6.0/gems/activerecord-6.0.1/lib/active_record/relation/query_methods.rb:260:in `select'
    vendor/bundle/ruby/2.6.0/gems/activerecord-6.0.1/lib/active_record/relation/query_methods.rb:260:in `select'
    app/models/theme.rb:155:in `block in transform_ids'
    app/models/theme.rb:105:in `get_set_cache'
    app/models/theme.rb:140:in `transform_ids'
    app/models/theme.rb:321:in `list_baked_fields'
    app/models/theme.rb:317:in `resolve_baked_field'
    lib/stylesheet/manager.rb:289:in `theme_digest'
2020-06-02 15:18:03 +10:00
dependabot-preview[bot] 111e8dec10
DEV: Bump rubocop from 0.84.0 to 0.85.0 (#9960)
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.84.0 to 0.85.0.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.84.0...v0.85.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>

Change looks safe, everything is still passing lint
2020-06-02 15:11:33 +10:00
Guo Xiang Tan 426b62a04a
DEV: Add silencer for verbose query logs in development. 2020-06-02 12:15:31 +08:00
Guo Xiang Tan 3dd1778199
PERF: Reduce number of queries from 3 -> 1 when fetching web manifest. 2020-06-02 12:04:02 +08:00
Guo Xiang Tan e4cd4f7e0b
DEV: Avoid reaching for `Redis#_client` which is considered deprecated. 2020-06-02 11:46:55 +08:00
Guo Xiang Tan fe9c82994d
DEV: Actually disconnect from Redis connections after fork. 2020-06-02 11:40:16 +08:00
Guo Xiang Tan ade60b0cbc
DEV: Enable readonly mode for all multisite sites when PG goes down.
The risk here is that the database for one site goes down in the multisite setup and we drop everything to readonly mode. However, I discussed this with Sam and we agree that one database having problem is very rare. Most of the time, it is the entire DB cluster that goes down.
2020-06-02 11:32:07 +08:00
Guo Xiang Tan 7897010dfd
Fix lint. 2020-06-02 10:45:18 +08:00
Guo Xiang Tan 370cba451d
DEV: Refactor away conditionals that we don't need. 2020-06-02 10:40:29 +08:00
Guo Xiang Tan c21e3bbd1b
DEV: Prefer `create!` over `create` when not checking return value.
We don't want stuff to silently fail.
2020-06-02 10:34:05 +08:00
Penar Musaraj 2a0a689442
UX: prevent devices from miscalculating fullscreen composer height
Fixes issue seen in some Chromebooks that flip between tablet and regular notebook window size
2020-06-01 22:24:16 -04:00
Sam Saffron 7e52106812
DEV: when synchornizing state pull tags
In some cases we may want topic tracking state to keep track of tags
this small change ensures we do not remove them if they are already in place
2020-06-02 11:42:00 +10:00
Guo Xiang Tan 326d6d5b0f
DEV: Pause Sidekiq when forcing pg readonly mode. 2020-06-02 09:20:03 +08:00
Penar Musaraj fa6aa7f627
FIX: Digest frequency issue on user creation
If `default email digest frequency` was set to "Never", users would get
a `digest_after_minutes` set to `nil` which triggered this error
in the logs if/when the site eventually changed that setting and
enabled digests:

```
NoMethodError (undefined method `>=' for nil:NilClass)
/var/www/discourse/app/mailers/user_notifications.rb:227:in `digest'
```
2020-06-01 17:39:16 -04:00
Robin Ward a95826f60c
Remove discourse constants (#9958)
* DEV: `Discourse.baseUri` does not exist

This never could have worked - should have been `Discourse.BaseUri` if
anything.

* DEV: Remove Discourse.Environment

* DEV: Remove `Discourse.disableMissingIconWarning`

* DEV: A bunch more missing environment checks
2020-06-01 16:33:43 -04:00
Kane York 9162cd8f3d
FIX: Only render group card if user title is from group (#9946)
This was failing when a user with a primary_group chose to display a title coming from a badge.
2020-06-01 11:44:41 -07:00
Neil Lalonde 09dc5eb5ea
Version bump to v2.5.0.beta6 2020-06-01 14:13:48 -04:00
Neil Lalonde 72c09ab4ae
Update translations 2020-06-01 13:58:51 -04:00
Mark VanLandingham b6709f0dda
DEV: Add option to only show icons to header widget (#9935) 2020-06-01 12:26:59 -05:00
David Taylor 3106f85983
FIX: Support exporting reports which reference topics (#9957) 2020-06-01 18:23:58 +01:00
David Taylor 7b9d207175
DEV: Restore default_list_filter column migration
This migration was added to master temporarily, then removed. This resulted in some sites being in an inconsistent state. Adding the migration back for now. If we decide the column is unneeded, then we should add a second migration to remove the column.

This reverts part of commit e1af91f5ae.
2020-06-01 18:16:00 +01:00
tshenry 0d6b638dac
FEATURE: New plugin outlet under badges page title (#9936) 2020-06-01 08:55:51 -07:00
tshenry c01a994263
DEV: Better error handling for destroy:users task (#9939) 2020-06-01 08:55:08 -07:00
David Taylor 13d00eaad0
Drop support for outdated browsers (#9956)
In particular, this includes Internet Explorer 11. Code which existed to support old browsers will be removed over the coming weeks.

https://meta.discourse.org/t/discourse-is-ending-support-for-internet-explorer-11-ie11-on-june-1-2020/137984
2020-06-01 16:38:44 +01:00
Jarek Radosz e19d907f0f
FIX: Correct the misalignment of popover arrows (#9947)
* Fixes position of the top arrow, and border width of both
* Merged top and transform properties
* .5px values are required to make arrow border appear the same with as overall popover border width

I did have a chance to try it out on a Windows machine with a non-high DPI display and there were no issues. And I just re-tested it with Firefox on macOS using the "Open in Low Resolution" option and it looked more or less ok (bearing in mind that it the whole app is then a blurry mess, and that using custom zoom levels causes the arrow to break slightly, but that was also the case on Firefox before this change)
2020-06-01 16:31:53 +02:00
dependabot-preview[bot] d8b258b4e5
Build(deps): Bump ffi from 1.12.2 to 1.13.0 (#9954)
Bumps [ffi](https://github.com/ffi/ffi) from 1.12.2 to 1.13.0.
- [Release notes](https://github.com/ffi/ffi/releases)
- [Changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ffi/ffi/compare/1.12.2...1.13.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-06-01 10:29:34 -04:00
dependabot-preview[bot] 2c43c21abc
Build(deps): Bump coderay from 1.1.2 to 1.1.3 (#9943)
Bumps [coderay](https://github.com/rubychan/coderay) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/rubychan/coderay/releases)
- [Changelog](https://github.com/rubychan/coderay/blob/master/Changes.textile)
- [Commits](https://github.com/rubychan/coderay/compare/v1.1.2...v1.1.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-06-01 10:21:46 -04:00
Penar Musaraj c2abf88a61
UX: Adjustments to topic admin menu on mobile (#9945) 2020-06-01 09:39:38 -04:00
Jarek Radosz 921751f128
UX: Remove box-shadow from kbd, unify styling (#9948)
Having many elements with multiple box-shadows (e.g. in keyboard shortcuts modal) was tanking scrolling performance in some browsers.
2020-06-01 15:00:56 +02:00
Jarek Radosz ef8e44af73 FIX: Don't change the button height when spinner appears
on the exception page.
2020-06-01 14:15:41 +02:00
Joffrey JAFFEUX 57e587f39f
DEV: removes dead code of dropdown-menu (#9942) 2020-06-01 11:22:35 +02:00