2c9d76e510
FIX: Use specified limit option in user search ( #20020 )
2023-01-26 16:17:15 +02:00
d5745d34c2
SECURITY: Limit the character count of group membership requests ( #19993 )
...
When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.
Co-authored-by: Ted Johansson <ted@discourse.org>
2023-01-25 13:50:33 +02:00
3866867e45
Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts ( #19982 )
2023-01-24 22:51:23 +01:00
69c7f676ea
Build(deps): Bump ember-auto-import in /app/assets/javascripts ( #19981 )
2023-01-24 22:50:05 +01:00
75032f4752
UX: remove extra whitespace in search helper ( #19980 )
2023-01-24 15:27:05 -05:00
e71bf672cb
UX: prevent user card status overflow ( #19979 )
2023-01-24 13:58:24 -05:00
4da8e15801
A11Y: discourse-tags should have a role and label ( #19977 )
2023-01-24 13:04:32 -05:00
a57d6a0f75
A11Y: add aria-labels for flagging textareas ( #19938 )
2023-01-24 09:49:15 -05:00
7683b4bbfa
UX: improve bulk button layout and alignment ( #19966 )
2023-01-24 09:47:35 -05:00
17deb79fcb
DEV: Fix random typos ( #19973 )
2023-01-24 15:41:01 +01:00
1bc39c1a4f
FIX: text selection breaks opening of links in new tabs ( #19867 )
...
When a user checks "Open all external links in a new tab" preference
he expects not to be overruled by unrelated text selections.
Yet if text is selected during a link click the link is followed on
the same tab. This change corrects that.
2023-01-24 14:17:03 +01:00
48713653df
DEV: Add failing test for `api.modifyClass` with native getters ( #19911 )
...
https://meta.discourse.org/t/251793/8
2023-01-24 10:41:48 +00:00
ac4ee1a3d4
FIX: TL4 user is not redirected to latest when delete topic ( #19967 )
...
Continue of https://github.com/discourse/discourse/pull/19766
When TL4 is allowed to delete topic, they should not be redirected to / after that action.
2023-01-24 11:28:04 +11:00
bc9874033f
Build(deps): Bump qunit from 2.19.3 to 2.19.4 in /app/assets/javascripts ( #19962 )
2023-01-23 23:52:22 +01:00
239815c4a4
UX: fixes and adjustments for user nav ( #19954 )
2023-01-23 14:28:55 -05:00
1d7b50a0d3
FIX: Fix margin on mini-tag-chooser ( #19953 )
2023-01-23 10:39:57 -06:00
b26e0dcf35
UX: Set penalty history to sticky ( #19933 )
2023-01-23 07:14:23 -06:00
54e5a2e4c4
Build(deps): Bump sass from 1.57.0 to 1.57.1 in /app/assets/javascripts ( #19538 )
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.57.0...1.57.1 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 23:36:16 +01:00
f81c94637a
Build(deps): Bump ember-rfc176-data in /app/assets/javascripts ( #19925 )
...
Bumps [ember-rfc176-data](https://github.com/ember-cli/ember-rfc176-data ) from 0.3.17 to 0.3.18.
- [Release notes](https://github.com/ember-cli/ember-rfc176-data/releases )
- [Changelog](https://github.com/ember-cli/ember-rfc176-data/blob/master/CHANGELOG.md )
- [Commits](https://github.com/ember-cli/ember-rfc176-data/compare/v0.3.17...v0.3.18 )
---
updated-dependencies:
- dependency-name: ember-rfc176-data
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:56:17 +01:00
9be9f97373
Build(deps): Bump @babel/standalone in /app/assets/javascripts ( #19945 )
...
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone ) from 7.20.12 to 7.20.13.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.20.13/packages/babel-standalone )
---
updated-dependencies:
- dependency-name: "@babel/standalone"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:53:57 +01:00
36447fb043
Build(deps): Bump jsdom from 21.0.0 to 21.1.0 in /app/assets/javascripts ( #19944 )
...
Bumps [jsdom](https://github.com/jsdom/jsdom ) from 21.0.0 to 21.1.0.
- [Release notes](https://github.com/jsdom/jsdom/releases )
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md )
- [Commits](https://github.com/jsdom/jsdom/compare/21.0.0...21.1.0 )
---
updated-dependencies:
- dependency-name: jsdom
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-22 22:39:36 +01:00
f7907a3645
A11Y: remove heading tags from user profile ( #19935 )
2023-01-20 12:27:07 -05:00
1521bace4f
A11Y: add secondary skip link to user profiles ( #19926 )
2023-01-20 10:30:57 -05:00
7ebd8a44f5
UX: hide date in timeline when wrapping ( #19912 )
2023-01-20 10:05:16 -05:00
b412f03b29
UX: Remove left margin ( #19932 )
2023-01-20 07:59:25 -06:00
62aa2adc74
UX: Add margin to search keyword ( #19931 )
2023-01-20 07:40:48 -06:00
0c30f31f17
FIX: Allow modals to scroll on mobile when keyboard is open ( #19930 )
...
Meta topic: https://meta.discourse.org/t/android-keyboard-overlaps-text-when-flagging-with-something-else/249687?u=osama
On Android, it's currently not possible to scroll modals that take input from the user (such as the flagging modal) when the keyboard is open which means that the keyboard can cover up part of the modal with no way for the user to see the covered part without closing the keyboard. This commit adds some CSS to make these modals scrollable when the keyboard is open.
2023-01-20 14:23:19 +03:00
90d452ab6c
FIX: Don't display staff-only options to non-staff in group member bulk menu ( #19907 )
...
In the group member bulk edit menu we are displaying staff-only options
to non-staff. The requests are blocked by the back-end, so there is no
harm other than to the user experience.
Notably the individual user edit menu is correctly filtering out
unavailable options. This change brings the bulk edit menu in line with
that.
2023-01-20 11:16:04 +08:00
b05f193cf0
FIX: move min tag setting to tags section in edit category ( #19789 )
...
`Minimum number of tags required in a topic` should be in `Tags` panel instead of `Settings`
2023-01-20 13:30:39 +11:00
292d3677e9
FEATURE: Allow admins to permanently delete revisions ( #19913 )
...
# Context
This PR introduces the ability to permanently delete revisions from a post while maintaining the changes implemented by the revisions.
Additional Context: /t/90301
# Functionality
In the case a staff member wants to _remove the visual cue_ that a post has been edited eg.
<img width="86" alt="Screenshot 2023-01-18 at 2 59 12 PM" src="https://user-images.githubusercontent.com/50783505/213293333-9c881229-ab18-4591-b39b-e3419a67907d.png ">
while maintaining the changes made in the edits, they can enable the (hidden) site setting of `can_permanently_delete`.
When this is enabled, after _hiding_ the revisions
<img width="149" alt="Screenshot 2023-01-19 at 1 53 35 PM" src="https://user-images.githubusercontent.com/50783505/213546080-2a9e9c55-b3ef-428e-a93d-1b6ba287dfae.png ">
there will be an additional button in the history modal to <kbd>Delete revisions</kbd> on a post.
<img width="997" alt="Screenshot 2023-01-19 at 1 49 51 PM" src="https://user-images.githubusercontent.com/50783505/213546333-49042558-50ab-4724-9da7-08bacc68d38d.png ">
Since this action is permanent, we display a confirmation dialog prior to triggering the destroy call
<img width="722" alt="Screenshot 2023-01-19 at 1 55 59 PM" src="https://user-images.githubusercontent.com/50783505/213546487-96ea6e89-ac49-4892-b4b0-28996e3c867f.png ">
Once confirmed the history modal will close and the post will `rebake` to display an _unedited_ post.
<img width="868" alt="Screenshot 2023-01-19 at 1 56 35 PM" src="https://user-images.githubusercontent.com/50783505/213546608-d6436717-8484-4132-a1a8-b7a348d92728.png ">
see that there is not a visual que for _revision have been made on this post_ for a post that **HAS** been edited. In addition to this, a user history log for `purge_post_revisions` will be added for each action completed.
# Limits
- Admins are rate limited to 20 posts per minute
2023-01-19 15:09:01 -06:00
2fb2b0a538
UX: switch categories-boxes layouts from flexbox to grid ( #19501 )
2023-01-19 12:48:58 -05:00
f66e798ed7
A11Y: more descriptive user page titles ( #19819 )
2023-01-19 12:45:45 -05:00
2b36a9f7b8
UX: prevent search context btn text from wrapping ( #19904 )
2023-01-18 09:40:56 -05:00
20f5a69427
UX: add missing space and other minor search adjustments ( #19899 )
2023-01-18 09:40:38 -05:00
3483285b89
UX: restyle quote/share popup, fix hover jitter ( #19561 )
2023-01-17 12:28:33 -05:00
145d2baa14
A11Y: add aria tags to the new user nav ( #19774 )
2023-01-17 12:18:16 -05:00
86b4f4d664
UX: Refactor alignment of tag icon in Discourse onebox ( #19880 )
...
Followup to 1ce9582a6c
2023-01-17 11:13:55 -05:00
011c9b9973
DEV: Use message-bus chunked encoding in development ( #19878 )
...
This was previously disabled because of incompatibility with the ember-cli proxy. This commit fixes that incompatibility, and restores the development behaviour to match production.
There were three issues at play:
1. Our bootstrap-js addon handles the forwarding of most requests in the ember-cli proxy. This is not built to handle streaming responses. Solution: skip our custom request processing for `/message-bus/*` and use ember-cli's default `http-proxy`.
2. The request/response size-limiting middleware (`rawMiddleware`) would apply even to unhandled paths, causing request and response bodies to be buffered. Solution: skip it for any paths which are not handled by our custom addon.
3. Expressjs servers will buffer/compress responses. Solution: add `Cache-Control: no-transform` to message-bus responses. For now I've done this in development only, but it may be useful to add it to message-bus's default headers in future
2023-01-17 09:54:33 +00:00
624f4a7de9
Drop support for iOS < 15.7 ( #19847 )
...
https://meta.discourse.org/t/224747
2023-01-16 17:28:59 +00:00
1ce9582a6c
FIX: Display Discourse onebox tag icon properly in chat
2023-01-16 14:53:49 +01:00
d59ed1cbfe
UX: fix alignment issues with autocomplete ( #19828 )
2023-01-16 09:09:23 +11:00
9ed4550b86
Build(deps): Bump eslint in /app/assets/javascripts ( #19873 )
...
Bumps [eslint](https://github.com/eslint/eslint ) from 8.31.0 to 8.32.0.
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v8.31.0...v8.32.0 )
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-15 22:32:00 +01:00
a444023113
DEV: adds row index support ( #19871 )
...
This commits adds a data-index attribute on each `select-kit-row` DOM node and also makes available `this.index` in each `select-kit-row` template.
2023-01-13 16:39:21 +01:00
f525f722ea
DEV: adds expandedOnInsert option to sk ( #19870 )
...
Allows to display a select-kit component expanded by default.
Usage:
```
<SingleSelect
@value={{this.value}}
@content={{this.content}}
@options={{hash expandedOnInsert=true}}
/>
```
2023-01-13 16:13:13 +01:00
5cd136510a
Build(deps): Bump message-bus-client in /app/assets/javascripts ( #19864 )
...
Bumps [message-bus-client](https://github.com/discourse/message_bus ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/discourse/message_bus/releases )
- [Changelog](https://github.com/discourse/message_bus/blob/main/CHANGELOG )
- [Commits](https://github.com/discourse/message_bus/compare/v4.3.1...v4.3.2 )
---
updated-dependencies:
- dependency-name: message-bus-client
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-13 12:22:00 +00:00
5db72f8daf
FIX: Preload user sidebar attrs when `?enable_sidebar=1` ( #19843 )
...
This allows users to preview the sidebar even when
`SiteSetting.naviation_menu` is set to `false`.
2023-01-13 06:47:58 +08:00
28078d78e2
DEV: Make 'username' optional for bookmark notifications ( #19851 )
...
Data Explorer queries have a `user_id` assigned to each query created. DE Reports can be bookmarked for later reference.
When creating the bookmark notification there was the possibility of a notification error being thrown (that made the notification menu inaccessible) due to a DE Query not having a owner (associated user_id). This can happen in a couple ways:
- having a query created by a user that was then later deleted leaving the query without ownership
- having a TA create a query for a customer using a temporary account, that would then later be deleted leaving the query without ownership
Since there is a case that `bookmark.user` is not valid the PR makes the `bookmark.user.username` optional for a bookmark notification. As [tested](https://github.com/discourse/discourse/pull/19851/files#diff-5b5154de37f96988d551feff6f1dfe5ba804fbcbc1c33b5478dde02a447a634f ) in the case a username is not present, we will still render the `content` of the notification minus the username. This creates a safe fallback when looking up non-valid users.
2023-01-12 12:22:11 -06:00
1a759fd75f
Build(deps): Bump @ember/render-modifiers in /app/assets/javascripts ( #19832 )
...
Bumps [@ember/render-modifiers](https://github.com/emberjs/ember-render-modifiers ) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/emberjs/ember-render-modifiers/releases )
- [Changelog](https://github.com/emberjs/ember-render-modifiers/blob/master/CHANGELOG.md )
- [Commits](https://github.com/emberjs/ember-render-modifiers/compare/v2.0.4...v2.0.5 )
---
updated-dependencies:
- dependency-name: "@ember/render-modifiers"
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-12 10:47:23 +01:00
21a95b000e
DEV: Remove defunct TODOs ( #19825 )
...
* Firefox now finally returns PerformanceMeasure from performance.measure
* Some TODOs were really more NOTE or FIXME material or no longer relevant
* retain_hours is not needed in ExternalUploadsManager, it doesn't seem like anywhere in the UI sends this as a param for uploads
* https://github.com/discourse/discourse/pull/18413 was merged so we can remove JS test workaround for settings
2023-01-12 09:41:39 +10:00
92bb728fe5
DEV: Add search suggestions for tag-intersections ( #19777 )
...
Added `tagIntersection` search context for handling search suggestions on tag intersection and tag+category routes.
# Tag & Category Route Search Suggestions
eg. /tags/c/general/5/updates
### Before
<img width="422" alt="Screenshot 2023-01-06 at 2 58 50 PM" src="https://user-images.githubusercontent.com/50783505/211098933-ade438c6-5008-49ce-9a90-c8200ec5fe00.png ">
### After
<img width="359" alt="Screenshot 2023-01-06 at 3 00 35 PM" src="https://user-images.githubusercontent.com/50783505/211099183-c3feaeac-8661-47ed-843c-da9d9fb78e9e.png ">
# Tag Intersection Route Search Suggestions
eg. /tags/intersection/updates/foo
### Before
<img width="421" alt="Screenshot 2023-01-06 at 3 02 23 PM" src="https://user-images.githubusercontent.com/50783505/211099435-e8fc6d87-2772-45b5-b455-1831f80eab3a.png ">
### After
<img width="362" alt="Screenshot 2023-01-09 at 2 02 09 PM" src="https://user-images.githubusercontent.com/50783505/211397349-acb350f7-8e6a-4d9f-a749-8292e49400d9.png ">
I defaulted to using `+` as a separator for tag intersections. The reasoning behind this is that we don't make the tag intersection routes easily accessible, so if you are going out of your way to view multiple tags, you are most likely going to be searching by **both** of those tags as well.
# General Search
Introducing flex wrap removes whitespace causing a [test](https://github.com/discourse/discourse/pull/19777/files#diff-5d3d13fabc1a511635eb7471ffe74f4d455d77f6984543c2be6ad136dfaa6d3aR813 ) to fail, but to remedy this I added spacing to the `.search-item-prefix` and `.search-item-slug` which achieves the same thing.
### After
<img width="359" alt="Screenshot 2023-01-09 at 2 04 54 PM" src="https://user-images.githubusercontent.com/50783505/211397900-60220394-5596-4e13-afd0-b6130afa0de2.png ">
2023-01-11 13:02:22 -06:00
Bianca Nenciu
Natalie Tay
dependabot[bot]
Kris
Jarek Radosz
Aleksey Bogdanov
David Taylor
Krzysztof Kotlarek
Jordan Vidrine
Osama Sayegh
Ted Johansson
Isaac Janzen
Penar Musaraj
Loïc Guitaut
chapoi
Joffrey JAFFEUX
Alan Guo Xiang Tan
Martin Brennan
