Guo Xiang Tan
e262a08350
Add `UploadRecovery#recover_user_profile_backgrounds`.
2018-10-01 10:51:54 +08:00
Robin Ward
02da022c70
PERF: Quit out of the email job quickly if disabled ( #6423 )
...
This prevents sidekiq from doing a bunch of queries when email is
disabled.
Critical emails are a special case and will be sent.
2018-10-01 01:15:45 +08:00
Kyle Zhao
819f090d6a
move large blobs out of `<head>` ( #6428 )
...
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Penar Musaraj
70d74f8fc1
FIX: advanced search ordering broken when using tags
2018-09-28 17:27:08 +08:00
Bianca Nenciu
5407036ef9
DEV: Run prettier. ( #6420 )
2018-09-21 11:02:23 +00:00
Kyle Zhao
e402394375
FEATURE: auto grant an available title when removing old title
...
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Kyle Zhao
4bb980b9f7
FEATURE: do not allow moderators to export user list ( #6418 )
2018-09-21 09:07:13 +08:00
Guo Xiang Tan
1a64b3a487
FIX: Don't try to recover an invalid sha1.
2018-09-20 14:21:57 +08:00
Sam
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Guo Xiang Tan
195bd02fce
FIX: Avoid race condition when enqueuing job.
2018-09-20 11:24:01 +08:00
Jeff Wong
d5442fbf08
FIX: do not send tl1 welcome message when a user has the basic user badge
2018-09-19 12:53:36 -07:00
Guo Xiang Tan
767f27929d
Rename `Jobs::RecoverPostUploads` to rerun the job take 2.
2018-09-19 22:40:32 +08:00
Guo Xiang Tan
d403883d16
DEV: Improve specs for 293cf600f0
.
2018-09-19 16:03:52 +08:00
Sam
5302709343
FIX: in redis readonly raise an exception from DistributedMutex
...
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller
When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb
In redis readonly no thumbnails will be generated
2018-09-19 15:50:58 +10:00
Guo Xiang Tan
bc7f58191e
FIX: `UploadRecovery` should look at links too.
2018-09-19 11:52:57 +08:00
Guo Xiang Tan
4a92c5b2d6
`UploadRecovery` should recover attachments too.
2018-09-19 10:44:36 +08:00
Vinoth Kannan
9281b72308
FEATURE: Log entity export in staff logs
2018-09-19 03:16:45 +05:30
Arpit Jalan
fadcd36f92
FIX: do not treat ignore_redirects domains as blacklisted
...
This fix prevents domains present in `ignore_redirects` to be treated as
blacklisted domains and makes sure that onboxing happens for those domains.
Issue reported here: https://meta.discourse.org/t/steam-store-oneboxing-no-longer-works/97266
2018-09-18 10:38:02 +05:30
Guo Xiang Tan
ce6a0a5e9e
FIX: Moving upload to tombstone should update modification time.
...
A upload created a long time ago will be nuked from the tombstone
immediately if it gets deleted.
2018-09-18 10:48:29 +08:00
Guo Xiang Tan
f2fbf1fdb0
DEV: Basic specs for `TagGroupsController`.
2018-09-18 08:22:03 +08:00
Sam
7d6b348d0b
SECURITY: correct XSS on long topic titles
2018-09-18 08:54:44 +10:00
Régis Hanol
4481836de2
FEATURE: new 'search_ignore_accents' site setting
2018-09-17 10:42:30 +02:00
Kyle Zhao
7a0232249a
extract inline JS that's used to store preloaded data ( #6370 )
2018-09-17 16:31:46 +08:00
Kyle Zhao
7b19ed06c1
reworked specs of existing group behavior
2018-09-17 17:46:43 +10:00
Kyle Zhao
6659417807
FEATURE: match user title when primary group changes
...
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Sam
33541c4096
FEATURE: unconditionally omit no-follow for staff
...
Previously TL2 and below staff would have links
no-followed which was never intended
2018-09-17 12:02:20 +10:00
Sam
37c5280f73
correct spec
2018-09-17 11:37:01 +10:00
Rishabh
4f46aa1ba3
FEATURE: Add SiteSetting for s3_configure_tombstone_policy
...
Add SiteSetting for s3_configure_tombstone_policy, skip policy generation if turned off (default on)
2018-09-17 10:57:50 +10:00
Sam
725d2c0d47
correct spec
2018-09-17 10:54:35 +10:00
Sam
173d0d53d5
correct erratic spec
2018-09-17 10:12:00 +10:00
OsamaSayegh
c7d81e2682
FIX/FEATURE: don't blow up when can't reach theme's repo, show problem themes on dashboard
2018-09-17 09:49:53 +10:00
Neil Lalonde
526ffc4966
FIX: error in response body to blocked crawlers, showing 500 Internal Server Error with status of 403
2018-09-14 15:40:20 -04:00
Neil Lalonde
b87a089822
FIX: don't block api requests when whitelisted_crawler_user_agents is set
2018-09-14 15:40:20 -04:00
Guo Xiang Tan
c3f6b4d966
DEV: Test against real `Upload#url` format.
2018-09-14 13:43:33 +08:00
Sam
419b14e58b
FIX: correctly keep stylesheet cache entries
...
The intent from day one was to keep MAX_TO_KEEP stylesheets per target
however the DELETE statement did not perform target filtering
This meant we often deleted the wrong stylesheets from the cache
2018-09-14 12:54:11 +10:00
Guo Xiang Tan
6a2589353b
Merge pull request #6394 from tgxworld/recover_broken_uploads
...
FIX: Onceoff job to recover missing post uploads.
2018-09-13 18:16:56 -07:00
Guo Xiang Tan
aa1af9fc22
FIX: Onceoff job to recover missing post uploads.
...
This fixes the regression due to 1f636c445b
2018-09-14 09:04:01 +08:00
Gerhard Schlager
fd931b948d
Use a more helpful failure message in spec
2018-09-13 21:31:44 +02:00
Régis Hanol
30619c244c
FIX: don't index urls to local files
2018-09-13 18:53:53 +02:00
Joffrey JAFFEUX
a6502ce879
FIX: ensures errors in report initialization fail nicely ( #6392 )
2018-09-13 17:36:55 +02:00
Guo Xiang Tan
2ae7d3a118
Merge pull request #6388 from pmusaraj/drafts-second-user-test
...
Add test to ensure a user cannot see drafts stream of another user
2018-09-13 06:53:44 -07:00
Arpit Jalan
d288462abf
Merge pull request #6393 from techAPJ/bad-json
...
FIX: ignore and log bad json values for custom fields
2018-09-13 15:54:01 +05:30
Arpit Jalan
e364547ff7
FIX: ignore and log bad json values for custom fields
2018-09-13 14:26:30 +05:30
Guo Xiang Tan
0a06b3d977
Accept custom AR relation for `UploadRecovery`.
2018-09-13 16:33:14 +08:00
Guo Xiang Tan
6c65718301
Include response body when raising an error in `FileHelper#download`.
2018-09-13 15:43:58 +08:00
Guo Xiang Tan
05a57d4f27
DEV: Clear cache after not before.
...
* Clearing after ensures that state does not leak
to specs in other files.
2018-09-13 14:23:32 +08:00
Guo Xiang Tan
5eb65ad612
FIX: Do not try to recover invalid `Upload#short_url` in `UploadRecovery`.
2018-09-13 13:59:17 +08:00
Guo Xiang Tan
1afe7162e1
Fix the build.
2018-09-13 13:41:38 +08:00
Guo Xiang Tan
d99dd840e4
Add basic test case for `UploadRecovery`.
2018-09-13 13:26:23 +08:00
pmusaraj
7f05af5995
cleanup
2018-09-12 13:10:14 -04:00
pmusaraj
aa614e393c
return 403 when trying drafts of another user
2018-09-12 13:08:02 -04:00
pmusaraj
b8c0a29bec
better test name
2018-09-12 11:09:30 -04:00
pmusaraj
11fd18b254
code-styling fixes
2018-09-12 11:06:30 -04:00
pmusaraj
3a00c2adeb
add test to ensure that userA cannot see drafts stream of userB
2018-09-12 10:13:20 -04:00
Guo Xiang Tan
3884e99e88
Add extra protection in `Upload#get_from_url`.
...
In case the extension goes missing from the URL.
2018-09-12 00:12:14 -07:00
Guo Xiang Tan
b3469bea2d
FIX: Uploads not being linked correctly to posts.
...
Regression due to 1f636c445b
.
2018-09-11 23:50:23 -07:00
Sam
d1984a0b4d
FIX: display a correct error when attempting to agree on a deferred flag
...
Previously we would raise a 500 error if a moderator tried to agree on a
flag another moderator deferred.
This can happen cause the UX for flags does not live refresh as flags
are handled
2018-09-12 13:16:59 +10:00
Guo Xiang Tan
71185c13b5
Merge pull request #6377 from tgxworld/remove_tif_tiff
...
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
2018-09-12 09:32:32 +08:00
Guo Xiang Tan
71caf7521d
Drop `tif`, `tiff`, `webp` and `bmp` from supported images.
...
https://meta.discourse.org/t/cr2-raw-files-are-being-treated-as-tiff-files/96775/3?u=tgxworld
2018-09-12 09:29:54 +08:00
Osama Sayegh
16bd3f2cf2
FIX: use current user color scheme when filling `theme-color` attribute ( #6384 )
...
* FIX: use current user color scheme when filling `meta` attribute `theme-color`
* update manifest.webmanifest colors
2018-09-12 11:04:58 +10:00
Robin Ward
3bb4f4c5ef
Adds test to make sure moderators can't make master keys
...
It wasn't obvious from the code, plus we'd never want this to regress!
2018-09-11 12:02:06 -04:00
Gerhard Schlager
1a01385e88
FIX: "false" didn't work as locale_default
2018-09-11 13:42:10 +02:00
Guo Xiang Tan
85620abb71
DEV: Clear connections after multisite specs.
2018-09-11 10:15:06 +08:00
Sam
e64402cb3b
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:24:02 +10:00
Rishabh
80eace4268
Merge pull request #6383 from discourse/fix_username_suggester
...
FIX: don't raise an error on integer usernames in user_name_suggester
2018-09-11 00:30:29 +05:30
Rishabh Nambiar
81c87df18a
FIX: don't raise an error on integer usernames
2018-09-10 22:17:56 +05:30
David Taylor
84fc7abb73
FIX: Allow `rake destroy:topics` to delete topics in sub-categories
2018-09-10 12:52:14 +01:00
Guo Xiang Tan
df04e69cde
FIX: `S3Helper#list` creates incorrect prefix.
2018-09-10 16:34:40 +08:00
Neil Lalonde
9e77fd8fc3
FIX: wrong category links on subfolder install in rss feed for a category topic list
2018-09-07 10:03:30 -04:00
Sam
879067d000
FIX: check admin theme cookie against user selectable
...
previously admin got a free pass and could set theme via cookie to anything
including themes that are not selectable
this refactor ensures that only "preview" gets a free pass, all the rest
goes through the same pipeline
2018-09-07 10:47:28 +10:00
Gerhard Schlager
797cbf8653
FIX: Remove user fields when anonymizing user
2018-09-07 00:02:56 +02:00
Guo Xiang Tan
1f636c445b
PERF: Add fast path to find uploads before resorting to `LIKE` query.
...
For a normal upload url
Before
```
Warming up --------------------------------------
264.000 i/100ms
Calculating -------------------------------------
2.754k (± 8.4%) i/s - 13.728k in 5.022066s
```
After
```
Warming up --------------------------------------
341.000 i/100ms
Calculating -------------------------------------
3.435k (±11.6%) i/s - 17.050k in 5.045676s
```
2018-09-06 14:44:24 +08:00
Guo Xiang Tan
d4b05d7bc5
Always link post to uploads in post process.
...
The operation is cheap anyway so no point skipping.
2018-09-06 14:08:03 +08:00
Guo Xiang Tan
434035f167
FIX: Link post to uploads in `PostCreator`.
...
* This ensures that uploads are linked to their post on creation
instead of a background job which may be delayed if Sidekiq
is facing difficulties.
2018-09-06 11:18:11 +08:00
Gerhard Schlager
26082688d1
FIX: Zero is a valid value for the page parameter
2018-09-05 20:43:05 +02:00
Guo Xiang Tan
f3aef2cc83
FIX: Incorrect/missing extension in short_url fails to map to upload.
...
`Hash#invert` causes us to lose keys if the hash contains similar
values.
2018-09-05 21:48:58 +08:00
Gerhard Schlager
2c5d9269a0
FIX: Notifications shouldn't use user locale unless allow_user_locale is enabled
2018-09-05 11:44:28 +02:00
Sam
d9c0dc8687
correct prev commit
...
s3. did not exists it is s3-
2018-09-05 16:11:44 +10:00
Sam
83e1315e42
FIX: correct urls in uploads table to point at dualstack
...
Last week we added support for dual stack urls but did not remap the
the old records in the uploads and optimized images table
This caused a few minor edge cases worst was that if you rebaked old
images S3 CDN was not repopulated.
2018-09-05 15:58:04 +10:00
Gerhard Schlager
b8fc699164
FIX: Detect {{foo}} as interpolation key
2018-09-05 00:47:39 +02:00
Vinoth Kannan
d9be4f47e8
SPEC: redirect to original URL after social signup
2018-09-05 03:24:50 +05:30
Vinoth Kannan
d8b543bb67
FIX: redirect to original URL after social signup
2018-09-05 01:44:23 +05:30
David Taylor
4382fb5fac
DEV: Allow plugins to whitelist specific user custom_fields for editing ( #6358 )
2018-09-04 20:45:36 +10:00
Guo Xiang Tan
3b337bfc6b
Revert "FIX: Don't rate limit admin and staff constraints when matching routes."
...
This reverts commit 651b50b1a1
.
2018-09-04 14:27:21 +08:00
Guo Xiang Tan
19182c0c8f
DEV: Skip fragile tests for now.
2018-09-04 13:58:09 +08:00
Guo Xiang Tan
651b50b1a1
FIX: Don't rate limit admin and staff constraints when matching routes.
...
* When an error is raised when checking route constraints, we
can only return true/false which either lets the request
through or return a 404 error. Therefore, we just skip
rate limiting here and let the controller handle the
rate limiting.
2018-09-04 13:52:58 +08:00
Guo Xiang Tan
08b268c5bc
Be more forceful in disconnecting connections during failover.
2018-09-04 10:32:43 +08:00
Sam
ad70502ab8
FIX: ignore invalid usernames in incoming link tracker
...
If an incoming link username has NULL in it simply ignore it
2018-09-04 12:28:32 +10:00
Guo Xiang Tan
8dc1463ab3
Enable `Lint/ShadowingOuterLocalVariable` for Rubocop.
2018-09-04 10:16:42 +08:00
Sam
2f5c21e28c
FIX: return a 400 error instead of 500 for null injections
...
Many security scanners like to inject NULL in inputs causing application
to exception out and return a 500
We now handle this exception and render a 400 status back
2018-09-04 12:11:52 +10:00
Gerhard Schlager
eeedc3901e
FIX: Replying to deleted post via email should create new reply to topic
2018-09-03 23:06:40 +02:00
Vinoth Kannan
24a14af15a
FIX: Respect invalidate_oneboxes option for inline oneboxes
2018-09-03 22:33:43 +05:30
Guo Xiang Tan
ecf60c0c33
DEV: More attempts at stablizing specs in Travis.
...
Re-enable skipped test because it doesn't fail locally
for me to debug it.
2018-09-03 14:52:15 +08:00
Gerhard Schlager
f33433bf9e
Validation of params should restrict to max int ( #6331 )
...
* FIX: Validation of params should restrict to max int
* FIX: Send status 400 when "page" param isn't between 1 and max int
2018-09-03 14:45:32 +10:00
Guo Xiang Tan
747c9bb47f
Merge pull request #6317 from nbianca/ignore_blacklisted_domains
...
FIX: Ignore OneBox blacklisted domains.
2018-09-03 11:10:52 +08:00
Guo Xiang Tan
0fac6cdba9
DEV: Better debugging information when test fails.
2018-09-03 10:55:25 +08:00
Maja Komel
182d9a4666
FIX: escape regex chars when searching site texts
2018-09-02 17:25:57 +10:00
Bianca Nenciu
f5e0356fb2
correct miscellaneous issues with user login history
2018-09-02 17:24:54 +10:00
Osama Sayegh
60eff9421a
FIX: precompile `desktop_theme` and `mobile_theme` stylesheets
...
required for environments that pre stage docker images and keep old image running during the deploy
2018-08-31 21:23:55 +10:00
Guo Xiang Tan
5a214a687c
FIX: Exclude `UserAuthToken` and `UserAuthTokenLog` in user webhook.
2018-08-31 17:25:56 +08:00