3d62e5dd98
SECURITY: XSS issue on Admin users list
2016-08-05 12:01:16 -04:00
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
d0962d6e5a
FIX: serve category images from the CDN
2016-08-05 13:03:49 +02:00
e5b529f8e1
FIX: Couldn't move posts with deleted replies
2016-08-04 11:56:01 -04:00
f10c4682cd
FIX: muted tags showing in latest topic list
2016-08-04 11:54:48 -04:00
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
b08ab829b8
added 'X-Auto-Response-Suppress' email header (props to elijah)
2016-08-03 11:02:07 +02:00
f4c8070d09
FIX: Couldn't update category notification level
2016-08-02 11:22:02 -04:00
bf683178a8
FIX: Remove tag plugin code from tag hashtag check.
2016-08-02 10:59:12 +08:00
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
829143bf88
FIX: 'List-Unsubscribe' header wasn't added to emails sent when mailing_list_mode was enabled
2016-08-01 20:19:00 +02:00
c591429868
FIX: don't destroy uploads in queued posts and drafts
2016-08-01 18:35:57 +02:00
9018de39ed
FEATURE: allow shipping bio markdown via SSO
...
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
2891f230d1
SECURITY: Make sure uploaded_urls have corresponding upload records
2016-07-28 13:54:17 -04:00
cf5b756b1a
SECURITY: Cross-Site Scripting in Category and Group Settings
2016-07-28 11:57:59 -04:00
dc1a830d3d
SECURITY: SQL Injection in Admin List Active Users
2016-07-28 11:42:06 -04:00
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
16a383ea1e
SECURITY: limit bad cookie auth attempts
...
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
2a4006fe0c
Add `YandexBot` to our list of crawlers
2016-07-26 13:21:37 -04:00
b5fbff947b
FIX: don't expire old sessions when logging in
2016-07-26 11:37:41 +10:00
1379bd5053
fix all v=2 spec / test errors for emoji
2016-07-25 15:53:48 -07:00
12ecf8624a
FIX: tokenize words with dots correctly
...
hello.world is now tokenized as "hello.world" and "world" that way the word
"world" will find the post with "hello.world"
2016-07-25 16:26:33 +10:00
e01802a13b
FIX: strip quote from search term when searching within topic
2016-07-25 15:06:25 +10:00
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
12dc511fea
PERF: make score calculator cheaper when site has long topics
2016-07-22 09:48:44 +10:00
c279889191
FIX: Watching First Post in groups was working incorrectly
2016-07-21 15:05:10 -04:00
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
09be741820
FIX: Don't alert on new posts in a topic unless it's a new record
2016-07-19 15:57:05 -04:00
12cfc8cedd
FIX: Email cooker should support links within blockquotes
2016-07-18 14:38:40 -04:00
6db50b820d
FIX: Email cooker should link links that don't begin a line
2016-07-18 13:46:13 -04:00
e99a73e16d
New AWS S3 Storage Mumbai region added ( #4335 )
...
* ap-south-1 region added
* Update client.en.yml
* ap-south-1 region added
2016-07-18 09:03:26 +02:00
64bdededd3
Allow plugins that implement OAuth and OAuth2 to show up under associated accounts in the Admin area. ( #4333 )
2016-07-18 09:02:41 +02:00
d55da4fe1b
Revert "Revert "Update rails.""
...
This reverts commit 4d27d7e1d3
2016-07-18 11:00:23 +08:00
46b34e3c62
FEATURE: remove user option for edit history public
...
Users can no longer opt-in for "public" edit history
if site owner disables it.
This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
4d27d7e1d3
Revert "Update rails."
...
This reverts commit 898ec43989
2016-07-15 16:35:57 -04:00
caa1aea995
FIX: ensure emojis have absolute URLs and uses CDN
2016-07-15 18:37:51 +02:00
7848a84e0e
FIX: ensure summary emails have the 'List-Unsubscribe' header set
2016-07-15 11:39:29 +02:00
9353013b40
Merge pull request #4332 from tgxworld/bunch_of_fixes_for_backup
...
Bunch of fixes for backup
2016-07-15 17:26:30 +08:00
898ec43989
Update rails.
2016-07-15 13:18:30 +08:00
5fe4837e28
Add `PostCreator#create!`.
2016-07-15 11:36:06 +08:00
f8a12d4940
Add support for AWS cn ( #4327 )
2016-07-14 16:56:09 +02:00
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
41cbdb5dfa
Fix the build.
2016-07-13 19:14:40 +08:00
973a7c9d3a
FIX: Redeeming an invitation fails if inviter has been destroyed.
2016-07-13 11:58:31 +08:00
bb90129731
Improvements to email cook text rendering
2016-07-12 13:49:03 -04:00
Robin Ward
Régis Hanol
Neil Lalonde
Guo Xiang Tan
Sam
Andre Pereira
Jeff Atwood
Vinoth Kannan
cpradio
Hu Ming