Commit Graph

30954 Commits

Author SHA1 Message Date
Gerhard Schlager 32784ad11a FIX: Disable multipart backup uploads to S3
Multipart upload from within the browser result in corrupt files on S3.
2018-12-18 16:01:15 +01:00
Gerhard Schlager 081aa6ad2b UX: Use new FA5 icons on Backups tab 2018-12-18 16:01:14 +01:00
Gerhard Schlager 86546bb5c6 DEV: Use locale fallback even in development mode
Making dev behave differently than prod is a bad idea.
2018-12-18 16:01:14 +01:00
Bianca Nenciu 825ae86857 FEATURE: Remove full quote only if first paragraph. (#6793) 2018-12-18 15:46:20 +01:00
Vinoth Kannan a313b01148 DEV: raise error if search term length is less than required 2018-12-18 20:06:59 +05:30
Vinoth Kannan 341a6bd78a
REFACTOR: Calculate CTR in SearchLog model and hide unique column (#6791) 2018-12-18 19:13:46 +05:30
Gerhard Schlager 577af81e76 FIX: Font tag resulted in wrong email trimming 2018-12-18 11:40:54 +01:00
Gerhard Schlager 37461a6398 FIX: Weird mixture of line breaks resulted in wrong email trimming 2018-12-18 11:40:54 +01:00
Maja Komel 98d09c90ac Current user serializer groups (ef7f84b follow-up) 2018-12-18 09:05:45 +01:00
Guo Xiang Tan 5c2e194d01 SECURITY: Users can pick non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:38:25 +08:00
Guo Xiang Tan 899caf35ba Revert "SECURITY: User could non-avatar uploads."
This reverts commit 89581fa301.
2018-12-18 13:37:31 +08:00
Guo Xiang Tan 89581fa301 SECURITY: User could non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:35:33 +08:00
Guo Xiang Tan d7660dfe40 FIX: Enabling readonly mode should clear anon cache as well. 2018-12-18 11:56:25 +08:00
Sam Saffron abbbcb2622 DEV: allow creating users with random passwords via rake
Use: `RANDOM_PASSWORD=1 bin/rake admin:create`

Handy in conjunction with dev mode /session/username/become.
2018-12-18 11:43:16 +08:00
Jeff Atwood f67cc2a540 minor copyedit 2018-12-17 19:31:02 -08:00
Kris 2a518c88d0 Prevent bullet badge from shrinking/growing as flex item 2018-12-17 21:05:32 -05:00
Kris 7d7b6baab9 Topic-list category width restriction no longer needed 2018-12-17 21:01:04 -05:00
Vinoth Kannan efcea148eb DEV: Use destroy! method to raise error if any (#0d3c1cde) 2018-12-18 03:05:43 +05:30
Vinoth Kannan ece44a44f8 UX: Change default date range of dashboard trending search report to a month 2018-12-18 03:00:30 +05:30
Gerhard Schlager 2bdbca3801 DEV: Remove unnecessary `to_not raise_error` from specs
Follow-up to 01cdbd3a13
2018-12-17 16:10:10 +01:00
Bianca Nenciu 5bda4d26b4 FIX: Rescue errors in job. (#6745) 2018-12-17 15:28:57 +01:00
Bianca Nenciu f0027961c7 FIX: Properly reset controller of admin-user-index. (#6760) 2018-12-17 15:28:29 +01:00
Bianca Nenciu 1023003eba FIX: Strip remote url before import. (#6762) 2018-12-17 15:27:49 +01:00
Joffrey JAFFEUX 22cea9ce90
FIX: adusts select-kit position even if not expanded (#6785) 2018-12-17 12:29:51 +01:00
Joffrey JAFFEUX 6ee3900791
FIX: ensures nothing is triggering rendering loop in after render (#6784) 2018-12-17 12:15:03 +01:00
Gerhard Schlager 01cdbd3a13 FEATURE: Prohibit S3 bucket reusage
This validation makes sure that the s3_upload_bucket and the
s3_backup_bucket have different values. The backup bucket is
allowed to be a subfolder of the upload bucket. The other way
around is forbidden because the backup system searches by
prefix and would return all files stored within the backup
bucket and its subfolders.
2018-12-17 11:35:28 +01:00
Gerhard Schlager 1a8ca68ea3 FEATURE: Improve backup stats on admin dashboard
* Dashboard doesn't timeout anymore when Amazon S3 is used for backups
* Storage stats are now a proper report with the same caching rules
* Changing the backup_location, s3_backup_bucket or creating and deleting backups removes the report from the cache
* It shows the number of backups and the backup location
* It shows the used space for the correct backup location instead of always showing used space on local storage
* It shows the date of the last backup as relative date
2018-12-17 11:35:11 +01:00
Maja Komel 040ddec63d Fix avatar flair styles 2018-12-17 10:44:34 +01:00
Guo Xiang Tan c0aae16f6b FIX: Clear anon cache when disabling readonly mode.
`SiteSerializer#is_readonly` is cached for an anonymous user so we have
to clear the cache when disabling readonly mode. Otherwise, the site may
appear to be in readonly mode for an extended period of time.
2018-12-17 17:27:44 +08:00
Guo Xiang Tan 9e795b9d90 Follow up to 704a122656. 2018-12-17 16:39:46 +08:00
Guo Xiang Tan e75ad37aaf FIX: Switch recently readonly mdoe cache to a `DistributedCache`.
A per process cache is hard to reason about. During PostgreSQL
failovers. The site may bounce in and out of readonly mode depending on
which server and process that a request hits.
2018-12-17 13:28:36 +08:00
Guo Xiang Tan 704a122656 Remove Ruby warning due to assignment in conditional. 2018-12-17 13:08:12 +08:00
Saurabh Patel ed1a309fe4 FIX: use new key for delete topic to make it lowercased as all other buttons label around it (#6778) 2018-12-17 10:55:19 +08:00
Gerhard Schlager 7e1f20b07f FIX: Create CORS rule on S3 only before a backup upload 2018-12-17 00:15:37 +01:00
Joffrey JAFFEUX d803dfc14a
FIX: makes more resilient select-kit positioning (#6776) 2018-12-15 16:23:23 +01:00
Kris 6213e020e6 Improving usercard badge alignment 2018-12-14 22:16:18 -05:00
Guo Xiang Tan e9ea0102a5 FIX: Consistency about our response for invalid user id in `Admin::UsersController`. 2018-12-15 08:01:35 +08:00
Neil Lalonde ef0e84e3d9 FIX: clear the site_contact_username setting if the user's staff privileges are revoked 2018-12-14 16:52:44 -05:00
Vinoth Kannan 0d3c1cde90 FIX: Use find_by_id method to prevent record not found exception 2018-12-15 03:19:45 +05:30
David Taylor 430083019d UX: Improve dashboard report title copy
Make capitalization consistent, and slightly improve clarity of two headings
2018-12-14 17:37:07 +00:00
Neil Lalonde 4ddaceda1a Version bump to v2.2.0.beta6 2018-12-14 12:21:55 -05:00
David Taylor 1960236822
FIX: Suspicious login detection (#6772) 2018-12-14 16:30:34 +00:00
David Taylor 77fe57f923 FEATURE: Rake task to list users which have been staff in the past month 2018-12-14 16:29:12 +00:00
David Taylor 9f3e2a9e34
FIX: Only serialize group membership domains for administrators (#6771) 2018-12-14 15:47:00 +00:00
Penar Musaraj a19f69590a DEV: add "topic-list-before-relative-date" plugin outlet 2018-12-14 10:39:22 -05:00
Neil Lalonde 124ae46763 Update translations 2018-12-14 10:34:12 -05:00
Kris 2f70bd83a3 Increase contrast of pinned excerpt for dark themes 2018-12-14 10:04:44 -05:00
Kyle Zhao b0c2e9bb05
minor changes to default script-src (#6770)
- add report-sample to force require a sample of the violating code
- do not whitelist GA/GTM's entire domain
2018-12-14 08:17:31 -05:00
Joffrey JAFFEUX 03014b0d05
FEATURE: adds security tab to dashboard (#6768)
This commit also includes the new staff_logins report
2018-12-14 13:47:59 +01:00
Maja Komel 9f89aadd33 FIX: delete all posts in batches without hijack (#6747) 2018-12-14 11:04:18 +01:00