Commit Graph

50 Commits

Author SHA1 Message Date
Krzysztof Kotlarek e7c72cd1e4
FIX: deprecate whitelist constants (#10716)
Deprecation of:
WHITELISTED_REDIRECT_HOSTNAMES
CUSTOM_INTERPOLATION_KEYS_WHITELIST
WHITELISTED_SVG_ELEMENTS
2020-09-28 13:52:05 +10:00
Krzysztof Kotlarek e0d9232259
FIX: use allowlist and blocklist terminology (#10209)
This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 10:23:54 +10:00
Joffrey JAFFEUX 0d3d2c43a0
DEV: s/\$redis/Discourse\.redis (#8431)
This commit also adds a rubocop rule to prevent global variables.
2019-12-03 10:05:53 +01:00
Krzysztof Kotlarek 427d54b2b0 DEV: Upgrading Discourse to Zeitwerk (#8098)
Zeitwerk simplifies working with dependencies in dev and makes it easier reloading class chains. 

We no longer need to use Rails "require_dependency" anywhere and instead can just use standard 
Ruby patterns to require files.

This is a far reaching change and we expect some followups here.
2019-10-02 14:01:53 +10:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Robin Ward 95f263995d FIX: Previous annotations were broken 2019-01-11 14:30:19 -05:00
Robin Ward a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
Sam 671469bcc7 FIX: URLs containing two # would fail to work
Some URLs in browsers are non compliant and contain twos `#` this commit adds
special handling for this edge case by auto encoding any fragments containing `#`
2018-12-11 18:03:13 +11:00
Régis Hanol de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
riking 9b0efe9c84 FIX: TopicLinkClick: do not log IP of logged in users 2018-05-22 16:05:38 +10:00
Guo Xiang Tan 142571bba0 Remove use of `rescue nil`.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Guo Xiang Tan 226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Neil Lalonde 712c9fca1b sorry rubocop 2017-12-13 15:47:42 -05:00
Neil Lalonde 3f1d6a302e FIX: links with query params to external sites fail to load if ga universal auto link domains is used 2017-12-13 13:58:44 -05:00
Arpit Jalan daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Sam 70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward 1468616465 FIX: Support links with google analytics tracking and hashes 2016-08-23 12:13:31 -04:00
Régis Hanol 5169bcdb6e FIX: httpshttps ultra secure URLs 2016-06-30 16:55:01 +02:00
Robin Ward 61ce5c210c FIX: S3Cdn link clicks weren't working 2016-06-28 15:52:38 -04:00
Robin Ward 43c7320f55 FIX: Allow really long links to work 2015-09-25 14:07:20 -04:00
Sam a3c6cd7b38 FIX: handle link tracking correctly for cdn based urls
(usually attachments)
2015-08-05 12:15:08 +10:00
Sam 54b780439d FIX: CDN should always be whitelisted correctly 2015-08-05 11:49:11 +10:00
Régis Hanol 189cb3ff12 FEATURE: move migrate_to_new_scheme into a background job
- new hidden site setting 'migrate_to_new_scheme' (defaults to false)
- new rake tasks to toggle migration to new scheme
- FIX: migrate_to_new_scheme also works with CDN
- PERF: improve perf of the DbHelper.remap method
- REFACTOR: UrlHelper is now a class
2015-06-12 12:07:57 +02:00
Sam 0bbf6354eb FIX: in some cases link was not followable due to click tracker 2015-05-06 11:22:53 +10:00
Régis Hanol 682656fa6c FIX: only redirect to whitelisted hostnames 2015-04-01 22:59:25 +02:00
Régis Hanol 0f4a4651a9 FIX: youtube preview video title link doesn't work 2015-04-01 18:23:27 +02:00
Régis Hanol 20c9a312c7 FIX: clicks counter on attachments wasn't always working 2015-02-22 20:47:18 +01:00
Robin Ward dd1ebb535b FIX: Could not download exported data on some sites 2014-11-20 14:02:10 -05:00
Sam 414c6d191f FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 15:19:25 +10:00
Sam b1d5f4440b Annotate models 2014-05-28 12:30:57 +10:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam 862a6696c0 Correct annotations
allow longer usernames (up to 60)
2014-04-15 15:53:48 +10:00
Régis Hanol 6373de550f update annotations 2014-04-08 17:35:44 +02:00
Robin Ward d200e68bab FIX: Link counter was broken for some https links 2014-03-10 11:16:21 -04:00
Robin Ward 9097368038 FIX: Incorrect string match 2014-01-14 15:38:12 -05:00
Robin Ward 4f6283ba56 FIX: Accept HTTPS or HTTP urls on redirect 2014-01-14 15:02:05 -05:00
Sam 2db3cfb16b annotate models 2013-12-05 17:40:35 +11:00
Robin Ward 769223014c FIX: Allow link redirects inside oneboxed posts 2013-11-29 14:29:49 -05:00
Sam 32e3e3f382 update annotations 2013-09-06 17:38:50 +10:00
Sam dfa5a8a83f annotate models 2013-08-28 10:52:06 +10:00
Robin Ward 3a861c0823 FIX: Allow clicks on @names 2013-07-27 13:18:37 -04:00
Robin Ward 01a6b45231 FIX: Can click on your own links again 2013-07-26 17:29:43 -04:00
Dan Johnson 2e478d8537 TopicLinkClick: convert 'ip' (bigint) -> 'ip_address' (inet)
When accessed over IPv6, the ip address of the user is a 128-bit number,
too big for PostgreSQL's bigint data type. Since PostgresSQL has the
built-in inet type, which handles both IPv4 and IPv6 addresses, we
should use that instead. Where this is done elsewhere in the codebase,
the column is called ip_address, so we should follow that convention as
well.

This migration uses a SQL command to populate the new field from the old
one, so as not to rely on the TopicLinkClick model class, which should
keep the migration from failing if that class is modified in the future.
2013-06-25 19:41:19 -04:00
Sam 870e59883b secure the links on the topic pages, eliminated deleted topics as well. 2013-06-05 16:10:26 +10:00
Sam ca2dee52db moved comments to the bottom, they are way less intrusive there 2013-05-24 12:48:32 +10:00
Sam 2cd95bc649 lets try out annotations 2013-05-24 12:35:14 +10:00
Gosha Arinich 6e5399d544 minor cleanup, using AR querying DSL over raw SQL in some places 2013-02-28 21:54:12 +03:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00