cdbe027c1c
Refactor `FileHelper` to use keyword arguments.
2017-05-24 13:54:26 -04:00
d0f84aa14e
FIX: missing to_i which breaks selector component for anon
2017-05-24 11:39:10 -04:00
238a156300
FIX: `TopicTimestampChanger` should not allow timestamps in the future.
2017-05-22 16:03:49 +08:00
4382a0bb07
Rename `PostTimestampChanger` -> `TopicTimestampChanger`.
2017-05-22 15:01:33 +08:00
908433a7a0
SECURITY: Validate the `entity` when downloading a CSV
2017-05-19 16:00:51 -04:00
8ab9f30bbd
FIX: User can't remove bookmark from a deleted post.
2017-05-19 12:25:12 +08:00
1fd8e426f2
FIX: better uploads error page
2017-05-18 23:29:37 +05:30
13e489b4ca
replace the upload type whitelist with a sanitizer
2017-05-18 12:13:13 +02:00
2a5a01af2e
improve error on theme upload, add gif to allowed uploads
2017-05-17 16:29:09 -04:00
a0f03936ff
FIX: saving invisible primary group field that you don't belong to
2017-05-17 12:46:50 -04:00
e1dd543a93
FEATURE: allow users to select theme on single device
2017-05-15 12:48:16 -04:00
2d96a0785d
FEATURE: theme selection is now global per-user
2017-05-12 12:41:34 -04:00
55b61e9bea
rename topic_status_update to topic_timer
2017-05-11 18:27:53 -04:00
18de62b015
Add get_embeddable_css_class to assist multi-site embed styling
...
If present, pass embeddable_host.class_name to view for inclusion
on the <html> element as a class for targeted styling.
2017-05-11 15:16:16 -04:00
4bf8548dc5
Add embed class name setup for embeddable hosts
2017-05-11 15:16:16 -04:00
9641d2413d
REFACTOR: upload workflow creation into UploadCreator
...
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
04b5516bf2
improve upload functionality
2017-05-10 15:47:11 -04:00
bc0b9af576
FEATURE: support uploads for themes
...
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
c2829dce22
FIX: base sql vanishes after badge creation
2017-05-09 09:25:57 -04:00
afe04b8bbb
FIX: Possible 500 error if category saved incorrectly
2017-05-08 15:17:58 -04:00
e89d0a6b20
FIX: importing a theme via file was broken
2017-05-08 12:03:24 +05:30
777f1f0f47
FIX: Return a 404 if the auth session is not present
2017-05-04 15:35:24 -04:00
1768c45a33
FIX: If we can't proxy to a CDN due to HTTP error, render blank
2017-05-04 12:42:46 -04:00
57a2042ef6
FIX: Quiet server side errors for requesting json for account-created
2017-05-04 12:30:13 -04:00
3eb920e2b0
Merge pull request #4841 from fantasticfears/webhook-ping
...
add event name for ping webhooks in the header
2017-05-04 04:54:40 +08:00
81190f5d66
FIX: Redirect away from `account-created` if you're logged in
2017-05-03 11:18:01 -04:00
12fb20fe1b
FEATURE: Allow users to resend/update email from confirmation page
2017-05-03 11:18:01 -04:00
b381372184
Use Ember.js for the `/u/account-created` path so we can add controls
2017-05-03 11:18:01 -04:00
946f25098f
Refactor theme fields so they support custom theme defined vars
...
This paves the way to allowing themes to specify uploads and so on.
2017-05-02 16:02:14 -04:00
77a8cae094
FIX: rescue specific errors on invite failure
2017-05-02 15:13:33 +05:30
9f8a917d65
add event name for ping webhooks in the header
2017-05-02 08:13:23 +02:00
0722ffadf1
Remove site settings enforce_global_nicknames and discourse_org_access_key
2017-05-01 14:53:16 -04:00
304ace926e
FIX: Raise right response when post_action does not exist.
2017-04-27 17:29:53 +08:00
e4b9f72f9e
FIX: Force the right encoding when handling email.
2017-04-27 16:51:54 +08:00
b755279cf0
remove unneeded code
2017-04-27 08:47:47 +05:30
e3f82140d8
more readable code for filtering username/email when bulk adding to group
2017-04-27 08:43:28 +05:30
b41d96fac1
FIX: properly initialize hashes
2017-04-27 02:56:14 +05:30
285c167fae
FEATURE: provide more details when performing a bulk add to group
2017-04-27 01:37:51 +05:30
6f7c6b0fd0
FIX: Incorrect error raised.
2017-04-25 09:59:01 +08:00
423f2ab228
FIX: Processing incoming email should be done in a background job.
2017-04-24 13:57:28 +08:00
7a9eee1b71
FEATURE: default notification level for group messages
...
also fixes it so staff can amend other user's group notification level
2017-04-20 15:47:35 -04:00
ea26c56631
FIX: redirect to login page for anonymous user when profiles are hidden
2017-04-20 13:00:45 +05:30
8b8ee2ad61
Pass a context in when using a HTML builder
2017-04-18 12:35:35 -04:00
1c23aedccf
FIX: always send password reset email when accepting invite if password is not set
2017-04-18 14:37:06 +05:30
1363988cd7
Support for an HTML builder that can create dynamic HTML
2017-04-17 17:32:55 -04:00
86904e9cd6
FIX: better error handling for theme import
2017-04-17 16:55:53 -04:00
0954367bf4
FIX: send activation email when accepting invite if password is set
2017-04-15 14:59:50 +05:30
04016f0dec
Support Ruby 2.4.
2017-04-15 12:29:00 +08:00
ed2e62f845
correct environment handling for test mode
2017-04-14 14:00:46 -04:00
def7348777
FIX: display custom sections with default theme
...
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
ef093b1610
Merge pull request #4807 from techAPJ/email-token-social
...
FIX: confirm email token for user created via social login
2017-04-13 16:18:15 +05:30
3d76fb9c2c
FIX: Don't show category options for reports that can't be scoped to a category.
2017-04-13 17:10:55 +08:00
7fb17b83c4
FIX: confirm email token for user created via social login
2017-04-13 14:15:32 +05:30
ee449b0dd5
Improve SSO verbose log when user record is invalid.
2017-04-13 11:39:26 +08:00
57788200ec
REFACTOR: Add `User.reserved_username?`.
2017-04-13 10:44:26 +08:00
a3e8c3cd7b
FEATURE: Native theme support
...
This feature introduces the concept of themes. Themes are an evolution
of site customizations.
Themes introduce two very big conceptual changes:
- A theme may include other "child themes", children can include grand
children and so on.
- A theme may specify a color scheme
The change does away with the idea of "enabled" color schemes.
It also adds a bunch of big niceties like
- You can source a theme from a git repo
- History for themes is much improved
- You can only have a single enabled theme. Themes can be selected by
users, if you opt for it.
On a technical level this change comes with a whole bunch of goodies
- All CSS is now compiled using a custom pipeline that uses libsass
see /lib/stylesheet
- There is a single pipeline for css compilation (in the past we used
one for customizations and another one for the rest of the app
- The stylesheet pipeline is now divorced of sprockets, there is no
reliance on sprockets for CSS bundling
- CSS is generated with source maps everywhere (including themes) this
makes debugging much easier
- Our "live reloader" is smarter and avoid a flash of unstyled content
we run a file watcher in "puma" in dev so you no longer need to run
rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
0013a23dc1
SECURITY: prefer render plain/html to render text where possible
2017-04-10 08:01:42 -04:00
9663a74445
FIX: Ensure `username` param is valid in `NotificationsController`.
2017-04-07 17:32:52 +08:00
93556bb950
Merge pull request #4793 from rcgordon/smtp-fast-rejection
...
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
708f65f740
FIX: web crawlers getting 404 on category pages
2017-04-06 14:52:06 -04:00
888d1512ec
Corrected indentation.
2017-04-06 01:49:34 -04:00
402eaaa773
FEATURE: add og tags to metadata in individual badges page
2017-04-06 09:32:53 +05:30
5943543ec3
FIX: Improve checks for non-human users.
2017-04-06 11:29:34 +08:00
c51af13338
smtp_should_reject API: use better approach to find user email.
2017-04-05 23:10:36 -04:00
a51c191a66
Make Email::Receiver.check_address() into a class method.
2017-04-05 23:10:36 -04:00
e15d11df18
Added an API to ask if an incoming email should be dropped at the SMTP level.
...
This lets an SMTP server optionally decide if it should reject a mail without
passing it on to Discourse at all, possibly before even reading the
email's payload, to prevent spam-induced backscatter and save resources.
This just does the bare minimum sanity checking that could prevent obvious
backscatter. For legit errors from legit users, Discourse will still send a
much more pleasant reply email.
2017-04-05 23:10:36 -04:00
40ab2e5667
FEATURE: Let users update their emails before confirming
...
This allows users who entered a typo or invalid email address when
signing up an opportunity to fix it and resending the confirmation
email to that address.
2017-04-05 16:44:49 -04:00
3839206317
FIX: Return JSON errors for `by-external` if JSON requested
2017-04-04 16:22:14 -04:00
17f2974d0a
SECURITY: Confirm new administrator accounts via email
2017-04-04 15:59:01 -04:00
406d721f11
Fix `NilClass` error in `UsersController`.
2017-04-04 14:17:45 +08:00
f4758a4c4d
FEATURE: Allow admins to schedule a topic to be published in the future.
2017-04-04 11:16:05 +08:00
0bbad5040a
`topic-status-info` component wasn't updated when topic is closed/opened.
2017-03-31 15:58:26 +08:00
b6e9871b4b
Update `Topic#closed` client side when closing/opening a topic temporarily.
2017-03-31 15:05:00 +08:00
34b7bee568
FEATURE: Allow admin to auto reopen at topic.
...
* This commit also introduces a `TopicStatusUpdate`
model to support other forms of deferred topic
status update in the future.
2017-03-31 11:14:18 +08:00
14410b71fb
Convert server side paths to use `/u/`
2017-03-30 10:23:24 -04:00
a818fa9831
FIX: Show stats of the last 30 days be default for admin reports.
...
* `1.month.ago + 1.month` uses the calendar month for calculations
such that `1.month.ago` from the 30th of March 2017 will give
us the 28th of February 2017. Adding one month ahead from
28th February 2017 will be 28th of March 2017.
2017-03-30 09:48:10 +08:00
f3cd5f61c5
FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site
2017-03-28 09:07:23 +05:30
11ce73b8ed
FEATURE: category setting for default top period
2017-03-22 16:54:18 -04:00
8e5e3b5af8
FIX: sso provider require return_sso_url
2017-03-22 09:08:38 -04:00
874e8900af
Display email address in SSO error message.
2017-03-21 15:37:46 -04:00
aeaf5075bf
Custom errors for when Email is invalid via SSO
2017-03-21 15:23:38 -04:00
52d78294cc
Render a layout when there's an SSO error
2017-03-21 15:23:38 -04:00
82c0f5f587
Merge pull request #4767 from techAPJ/activate-account
...
FIX: send activation email if user have unconfirmed email address
2017-03-21 09:44:23 +05:30
7c3ae50dcd
FIX: send activation email if user have unconfirmed email
2017-03-21 09:41:50 +05:30
b94c7b4902
missing disposition
2017-03-20 17:07:32 -04:00
652b2d7199
remove redundent header setting
2017-03-20 16:08:18 -04:00
c106ca6778
FEATURE: fallback asset path for multi host setups
2017-03-20 15:59:17 -04:00
1d4993a185
FIX: Sync user's notification channel before preloaded current user data.
...
This is to fix the problem where a newly created user would not
receive live updates for the first notification if the notification
is published before the client has subscribed to the channel.
2017-03-20 17:17:21 +08:00
f5f54c1b77
Merge pull request #4764 from tgxworld/nuke_backticks
...
FIX: Don't use backticks that take in inputs.
2017-03-17 15:40:23 -04:00
e7c972ac89
FIX: Don't use backticks that take in inputs.
2017-03-17 15:33:51 +08:00
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
bbc85e1e29
Merge pull request #4750 from discourse/group_login_registration_flow
...
FEATURE: Redirect to groups page and apply group actions upon login/s…
2017-03-16 09:50:56 +08:00
ca965bb455
FEATURE: Redirect to groups page after login/registration flow.
2017-03-16 09:48:51 +08:00
1a7e954e09
FIX: Store custom emojis as uploads.
...
* Depending on a hardcoded directory was a flawed design
which made it impossible to debug when custom emojis go
missing.
2017-03-14 13:07:18 +08:00
6d7e968e30
FEATURE: box-style rendering of sub-categories
2017-03-13 15:25:52 -04:00
a690121805
SECURITY: always allow staff to resend activation mails
2017-03-13 10:32:24 -04:00
1a745ca16a
else @user makes no sense :)
2017-03-13 10:22:23 -04:00
9364d8ce71
FIX: Store user's id instead for sending activation email.
...
* Email and username are both allowed to be used for logging in.
Therefore, it is easier to just store the user's id rather than
to store the username and email in the session.
2017-03-13 20:24:55 +08:00
7ebfa3c901
SECURITY: Only allow users to resend activation email with a valid session.
...
* Improve error when an active user tries to request for an activation email.
2017-03-13 19:35:29 +08:00
848120c098
FEATURE: RSS feed for top page period filters
2017-03-13 15:23:46 +05:30
f13367cecd
FIX: latest + category not respecting homepage category suppression
2017-03-10 15:17:51 -05:00
bc1a6ccb90
Merge pull request #4741 from tgxworld/allow_bookmark_removal
...
FIX: Allow user to remove bookmark from posts as long as bookmark is …
2017-03-10 12:49:20 -05:00
f7e7ca3937
FEATURE: anonymized site statistics
2017-03-10 18:50:26 +05:30
00380d84c5
UX: display text & html parts alongside raw email in incoming email modal
2017-03-08 23:15:42 +01:00
801b5838e1
FIX: do not show faq/guidelines page to anonymous users for private forums
2017-03-08 16:00:49 +05:30
090236b15b
FIX: do not show about page to anonymous users for private forums
2017-03-08 13:15:44 +05:30
689dd16be0
FIX: Allow user to remove bookmark from posts as long as bookmark is present.
...
https://meta.discourse.org/t/bookmark-issue-when-access-to-topic-is-lost-pms/51993
2017-03-08 13:53:49 +08:00
d95e4102c1
FIX: tags created in secured categories should not be forbidden outside those categories
2017-03-07 11:46:46 -05:00
c3477cd40d
Merge pull request #4716 from discourse/bounced_emails_details
...
FEATURE: Allow checking the raw response of a bounced email
2017-03-06 13:30:19 -03:00
477eb0591e
FIX: Posts in a deleted topic couldn't be moved.
...
https://meta.discourse.org/t/moving-posts-to-new-topic/58436/4
2017-03-06 14:56:20 +08:00
c99f4260c0
Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
...
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
6aab8cb331
FEATURE: new category setting for whether to show latest topics or top topics by default
2017-03-03 11:30:44 -05:00
aac4a4ed94
Handle invalid parameters and missing bounced emails
2017-03-02 20:37:28 -03:00
ca20cb9941
FEATURE: subcategories can be discovered by web crawlers on page 1 of the parent category topics list
2017-03-02 15:06:56 -05:00
3d347fb9c4
FIX: Don't mark user as `active` if verified email is different.
2017-03-02 14:24:30 +08:00
dbfea9b5b0
correct refactor
2017-03-01 18:26:26 -05:00
c79b146283
FEATURE: make list controller a bit more extensible
2017-03-01 16:41:09 -05:00
262016604d
FEATURE: each category can control how many topics to show on categories page
2017-03-01 15:12:57 -05:00
80858bae2c
FEATURE: further restrict downloading of backups
...
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
877957ae88
Merge pull request #4715 from techAPJ/login-per-ip
...
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
cba51e1c38
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 16:58:03 +05:30
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
a2c04be718
FIX: eradicate I18n fallback issues 💣
...
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations
FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes
REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules
TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
3754b038e8
fix brotli origin
2017-02-23 18:26:40 -05:00
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
5296f00c28
FEATURE: Allow checking the raw response of a bounced email
2017-02-22 14:51:33 -03:00
a702330ccd
FEATURE: make show_subcategory_list a per-category setting
2017-02-22 11:42:36 -05:00
3ce3abef8f
FIX: add Content-Disposition and Content-Type headers when downloading attachments
2017-02-20 15:59:01 +01:00
f51e3b2131
FIX: should not be able to rename a system badge
2017-02-20 14:35:05 +01:00
cb99f59ec3
reset bounce score when email is successfully changed
2017-02-20 10:37:01 +01:00
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
040e10a627
reduce duplication
2017-02-15 17:27:10 -05:00
d0fbb27f3e
FEATURE: new invite acceptance page, where username can be chosen and password can be set
2017-02-15 16:51:57 -05:00
3818c196e0
remove disallowed params
2017-02-15 16:47:14 -05:00
74d4209d24
FEATURE: allow plugins to register custom topic list filters
2017-02-15 15:25:43 -05:00
1deec95ccb
Use `natural` orientation for web app manifest.
...
The `any` orientation forces the rotation even when the device's screen
rotation is disabled. Using `natural` respects that and restores the
expected behaviour.
2017-02-12 18:04:06 +00:00
3ee7a9266c
Merge pull request #4686 from tgxworld/group_is_visible_if_user_is_group_owner
...
FIX: Show groups that user is owner of on groups page.
2017-02-11 22:18:44 -08:00
4332f0dde1
FEATURE: allow user search API to restrict to group
2017-02-09 18:45:39 -05:00
ff49f72ad9
FEATURE: per client user tokens
...
Revamped system for managing authentication tokens.
- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes
New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.
Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
2dec731da3
SECURITY: correctly validate input when admin searches for screened ips
2017-02-06 16:11:16 -05:00
27fb9c8804
FIX: bounce webhooks should also use recipient address
2017-02-05 19:06:35 +01:00
c4e10f2a9d
FEATURE: redesign the change password page to use javascript and validations
2017-02-03 16:09:24 -05:00
5523d0dbf9
fix the build
2017-02-03 15:35:33 +05:30
26ccf61ab1
FIX: sane error message when inviting an existing user
2017-02-03 14:27:27 +05:30
61111a3f9b
FIX: Show groups that user is owner of on groups page.
2017-02-03 16:51:32 +08:00
18007ed34b
FIX: Can't use an internal name here if `SiteSetting.convert_pasted_images_to_hq_jpg` is `false`.
2017-02-01 14:51:56 +08:00
f6d9745c5f
Bye bye byebug.
2017-02-01 14:50:14 +08:00
6c8c91dca4
UX: Change default filename for images that have been pasted.
2017-02-01 14:44:41 +08:00
9dd09e453b
FEATURE: add explicit confirmation button to accept the invite
2017-01-25 15:50:30 +05:30
781d83a46f
FIX: Toggling a post's wiki status should not skip revision.
2017-01-25 13:34:55 +08:00
Robin Ward
Sam
Guo Xiang Tan
Arpit Jalan
Régis Hanol
Neil Lalonde
Pat David
Guo Xiang Tan
Erick Guan
Ryan C. Gordon
Aashaka Shah
Victor van Poppelen
Rafael dos Santos Silva
Blake Erickson
Nicolas
Jeff Atwood