When secure media is enabled and an attachment is marked as secure we want to use the full url instead of the short-url so we get the same access control post protections as secure media uploads.
Meta report: https://meta.discourse.org/t/excessive-requests-to-uploads-lookup-urls-leading-to-429-response/143119
* The data-orig-src attribute was not being removed from cooked
video and audio so the composer was infinitely trying to get the
URLs for them, which would never resolve to anything
* Also the code that retrieved the short URL was unscoped, and was
getting everything on the page. if running from the composer we
now scope to the preview window
* Also fixed a minor issue where the element href for the video
and audio tags was not being set when the short URL was found
* FIX: Add aria-labels to topic list items
Before this fix you could navigate the topic list using a screen reader
and a keyboard but some of the items were not as descriptive as they
could be. The newly added labels make it easier to understand what you
are tabbing over.
context:
https://meta.discourse.org/t/accessibility-aria-attributes-are-not-defined-for-links-under-replies-category/142539
* Update app/assets/javascripts/discourse/lib/utilities.js.es6
Co-Authored-By: Régis Hanol <regis@hanol.fr>
* Multiline fix
* Fix more tests
Co-authored-by: Régis Hanol <regis@hanol.fr>
PMs will now display an envelope icon next to the topic title in search results. This is especially useful when searching using `in:all`.
Co-authored-by: adam j hartz <hz@mit.edu>
In IE11, the browser returns the cached HTML response, rather than the JSON formatted response. Adding the `.json` suffix ensures that the cache is not shared. Same root cause as b0211772
This commit also fixes a deprecation warning as the previous component was overriding a computed property from the group model.
Finally a test has been added as this is the only place where we use list-setting outside of the settings, this was highly subject to regressions.
* Also fixes an issue where if webp was a downloaded hotlinked
image and then secure + sent in an email, it was not being
redacted because webp was not a supported media format in
FileHelper
* Webp originally removed as an image format in
https://github.com/discourse/discourse/pull/6377
and there was a spec to make sure a .bin webp
file did not get renamed from its type to webp.
However we want to support webp images now to make
sure they are properly redacted if secure media is
on, so change the example in the spec to use tiff,
another banned format, instead
d7d4612b2d removed the duplicate call to initState(). However, we are relying on a side effect of the duplicate call for subfolder sites to function correctly when accessed without a trailing slash. To avoid a large refactor before the stable release, this commit restores the old behavior.
Long term we should look at migrating to Ember's built-in location library, rather than maintaining our own (very similar) version
https://github.com/emberjs/ember.js/blob/master/packages/%40ember/-internals/routing/lib/location/history_location.ts
If a group mention could be notified on preview it was given an `<a>`
tag with the `.notify` class. When cooked it would display differently.
This patch makes the server side cooking match the client preview.
Now if a group is visible but unmentionable, users can search for it
when composing by typing with `@`, but it will be rendered without the
grey background color.
It will also no longer pop up a JIT warning saying "You are about to
mention X people" because the group will not be mentioned.
Styling based on element-ids, it is impossible for themes/plugins to display multiple cards on a single page. Using classes is a more flexible approach. The element-ids are maintained for backwards compatibility with existing plugins/themes.
### UI Changes
If `SiteSetting.enable_bookmarks_with_reminders` is enabled:
* Clicking "Bookmark" on a topic will create a new Bookmark record instead of a post + user action
* Clicking "Clear Bookmarks" on a topic will delete all the new Bookmark records on a topic
* The topic bookmark buttons control the post bookmark flags correctly and vice-versa
Disabled selecting the "reminder type" for bookmarks in the UI because the backend functionality is not done yet (of sending users notifications etc.)
### Other Changes
* Added delete bookmark route (but no UI yet)
* Added a rake task to sync the old PostAction bookmarks to the new Bookmark table, which can be run as many times as we want for a site (it will not create duplicates).
* FEATURE: export defaultRenderTag function
This can be helpful for plugins e.g. when combined with replaceTagRenderer: a plugin may want to customize rendering for some tags and let others be rendered with default code
* refactor: don't change version
..as per review comment, https://github.com/discourse/discourse/pull/8941#discussion_r378406809
The `DiscourseLocation.initState` function was accidently renamed in 0431942f (select-kit-2) to `initOptions`. This means that the ember router does not automatically call the function after the router is initialized.
For a long time, we have been calling the `initState` function in the `init` function of discourse-location, which caused an imperceptible URL change to the the root domain, before switching back to the correct subfolder URL when ember called `initState`. This commit removes that call from the initializer, so `initState` is only called once (by ember).
Relevant ember code: https://github.com/emberjs/ember.js/blob/v3.12.2/packages/@ember/-internals/routing/lib/system/router.ts#L695-L699
Meta topic: https://meta.discourse.org/t/secure-media-uploads-expire/140894
This fixes the issue where if secure media was enabled, audio
and video files would do an initial load using the presigned
URL for the media to get metadata information e.g. duration of
track/video. However this started the expiry countdown for the
URL, so when a user pressed play on the media after 15 seconds
the media would be expired and AWS would return a 403 error.
We do not preload media if secure media is enabled. Otherwise
we just set the preload type to "metadata" which is the browser
default anyway.
* FIX: Properly convert quotes to Markdown
When quoting a quote it used to convert the quote header, including the
user avatar and username, into a image and some text and then the
contents. This also caused issues when quoting full paragraphs (or when
selecting paragraphs by triple-clicking) because the user avatar and
name from the following quote would also be included.
This commit implements the support necessary to convert
<aside class="quote"> elements to proper Discourse quotes.
Commit aa24be1 made it possible to build data attributes from image's
Markdown and this changes ensure that the resize controls still work
when data attributes are present.
Extracted from #8772
This will allow developers (in rails development mode only) to log pre-loaded JSON app data to the browser console for inspection.
When a tag is restricted to a secured category that the user can't see,
the message was saying that it wasn't restricted to any categories.
Now it will say it's restricted to categories you can't access.
* DEV: Use Ember 3.12.2
* Add Ember version to ThemeField's DEPENDENT_CONSTANTS
* DEV: Use `id` instead of `elementId` (See: https://github.com/emberjs/ember.js/issues/18147)
* FIX: Don't leak event listeners (bug introduced in 999e2ff)
Our current algorithm for picking the number of notifications to display
when expanding the notifications relies on magic numbers.
Previously we only allowed for header and an estimate of maximum height of
notification container, this is not ideal as there is padding at the bottom
and top of the notification container
This adds a special number for padding.
The longer term fix though is to render the notification panel off screen
then grab the correct count, finally adding it back into view with.
This would allow for large fonts, small fonts, custom themes and much more.
This reverts commit 7133fd8c89.
Unfortunately performCheckSize may have certain situations in topic
navigation where it is unsafe to call.
We need to add som more safety here prior to merging.
Previously it would go to the "html" page when refreshing on the "css" page, and would open an invalid empty-state page when trying to go to the "email style" tab when already on it.
This also enables`@action` use in plugin connectors.
Setting `actions` earlier allows `setupComponents` to use them, for example, when setting up event listeners.
Those are the same arguments that are passed into `after-d-editor` outlet. This will enable plugins that attach to editor preview to be conditionally enabled, usually only for the composer.
Plugins that will use this: discourse-canned-responses, discourse-zoom.
Previously you'd get a server side generic error due to a password check
failing. Now the input element has a maxlength attribute and the server
side will respond with a nicer error message if the value is too long.
* DEV: Add data-notification-level attribute to category UI
* Show muted categories on the category page by default
This reverts commit ed9c21e42c.
* Remove redundant spec - muted categories are now visible by default
This new iteration of select-kit focuses on following best principales and disallowing mutations inside select-kit components. A best effort has been made to avoid breaking changes, however if you content was a flat array, eg: ["foo", "bar"] You will need to set valueProperty=null and nameProperty=null on the component.
Also almost every component should have an `onChange` handler now to decide what to do with the updated data. **select-kit will not mutate your data by itself anymore**
This fixes a bug which caused '{{#unless var}}' to act the same as
'{{#if true}}' because 'unless' was transforming the conditional value
to 'undefined'.
Martin Brennan
Joffrey JAFFEUX
Robin Ward
Jarek Radosz
Gerhard Schlager
Rafael dos Santos Silva
Mark VanLandingham
Roman Rizzi
adam j hartz
Dan Ungureanu
David Taylor
Penar Musaraj
Vinoth Kannan
Kris
Artem Vasiliev
Arpit Jalan
Jordan Vidrine
Bianca Nenciu
Neil Lalonde
Osama Sayegh
Sam Saffron