Commit Graph

8001 Commits

Author SHA1 Message Date
Vinoth Kannan c62242c6b3
FIX: should not receive topic invites from ignored users. (#14746)
Previously, ignored users can send notifications by inviting the ignorer to topics or PMs.
2021-10-28 21:03:00 +05:30
Discourse Translator Bot efc23b6a8d
Update translations (#14757) 2021-10-28 11:24:55 +02:00
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681)
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
Discourse Translator Bot 0f71a43434
Update translations (#14714) 2021-10-27 14:24:43 +02:00
David Taylor 9882aa840a
UX: Re-order auth-related site settings for clarity (#14716)
This commit groups `auth_overrides_*`, `discourse_connect_*` and `discourse_connect_provider_*` settings separately, rather than interspersing them.

There will be no functional change. This only affects the order in which they're shown in the admin panel
2021-10-26 11:24:10 +01:00
janzenisaac dd5b0543c7
FEATURE: Add fullscreen-tables to post (#14709)
Overflown tables will have a "expand table" option added to open x table in a modal
2021-10-25 14:06:28 -05:00
Martin Brennan fffbb69606
DEV: Remove enable_experimental_image_uploader site setting (#14691)
This setting was already removed in the UI and the DB in
2364626ded,
but I forgot to remove the actual setting from yml.
2021-10-22 09:39:49 +10:00
Joshua Rosenfeld 61a7fbdd9e
FIX: Correct site setting name (#14686) 2021-10-21 16:32:27 -04:00
Simon Cossar 7eea58ca9e
Update copy of the max_new_accounts_per_registration_ip description to indicate that the setting can be disabled (#14687) 2021-10-21 13:15:04 -07:00
Gavin f60711488f
UPDATE: correct path to messages (#14668) 2021-10-21 10:47:06 +08:00
Osama Sayegh 8fb823c30f
FIX: Make the `verbose_auth_token_logging` setting off by default (#14664)
The `generate`, `rotate` and `suspicious`  auth token logs are now always logged regardless of the `verbose_auth_token_logging` setting because we rely no these to detect suspicious logins.
2021-10-20 17:20:39 +03:00
Discourse Translator Bot 25097fa0af
Update translations (#14648) 2021-10-19 15:23:54 +02:00
Arpit Jalan d1fc759ac4
FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
Andrei Prigorshnev b9164d22ee
FEATURE: add a hidden setting that enables using email as a source for username suggestions (#14623)
This is a follow-up to https://github.com/discourse/discourse/pull/14541. This adds a hidden setting for restoring the old behavior for those users who rely on it. We'll likely deprecate this setting at some point in the future.
2021-10-19 14:37:39 +04:00
Martin Brennan 1d131fcaff
FIX: Clarify None Needed option when editing bookmarks (#14633)
This commit makes the following change to the Edit Bookmark
modal window for clarity:

* If the user is editing an existing bookmark without a reminder set,
hide the "none needed" option. This will draw more attention to the
delete button.
* If the user is editing an existing bookmark with a reminder set for the
future, change the "none needed" option to say "remove reminder, keep bookmark"

To do this, I needed to provide an option to override the labels
for time shortcuts in certain cases, so I could keep the NONE shortcut
but have the different wording.
2021-10-19 10:32:20 +10:00
Penar Musaraj 073e5ccd83
UX: Better topic search experience (#14625) 2021-10-18 13:17:27 -04:00
Jean 6275658e3d
FEATURE: Add setting to disable notifications for topic category edits (#14632) 2021-10-18 09:04:01 -04:00
Rafael dos Santos Silva 6ad76520b8
FEATURE: Cache CORS preflight for MessageBus (#14616)
* FEATURE: Cache CORS preflight for MessageBus

Followup for b301a6b for MessageBus
2021-10-15 00:23:53 -03:00
Rafael dos Santos Silva b301a6b3db
FEATURE: Cache CORS preflight requests for 2h (#14614)
* FEATURE: Cache CORS preflight requests for 2h

Browsers will cache this for 5 seconds by default. If using MessageBus
in a different domain, Discourse will issue a new long polling, by
default, every 30s or so. This means we would be issuing a new preflight
request **every time**. This can be incredibly wasteful, so let's cache
the authorization in the client for 2h, which is the maximum Chromium
allows us as of today.

* fix tests
2021-10-14 22:37:53 -03:00
Krzysztof Kotlarek 9062fd9b7a
FIX: improvements for download local dates (#14588)
* FIX: do not display add to calendar for past dates

There is no value in saving past dates into calendar

* FIX: remove postId and move ICS to frontend

PostId is not necessary and will make the solution more generic for dates which doesn't belong to a specific post.

Also, ICS file can be generated in JavaScript to avoid calling backend.
2021-10-14 09:22:44 +11:00
Penar Musaraj 74706bab10
UX: Add `Enter` hint to search dropdown (#14587) 2021-10-13 12:09:28 -04:00
Bianca Nenciu c4843fc1c1
FEATURE: Allow admins to permanently delete posts and topics (#14406)
Sometimes administrators want to permanently delete posts and topics
from the database. To make sure that this is done for a good reasons,
administrators can do this only after one minute has passed since the
post was deleted or immediately if another administrator does it.
2021-10-13 12:53:23 +03:00
Gerhard Schlager 76c9de2d04
UX: Add missing translation (#14592) 2021-10-13 11:23:53 +02:00
Discourse Translator Bot b44119cdb2
Update translations (#14579) 2021-10-12 16:00:22 +02:00
Roman Rizzi 7bc7e1aceb
FIX: update translation key to match flag reason. (#14573)
The refactor introduced in https://github.com/discourse/discourse/pull/14475 made this visible. Adds a safeguard to make sure translation is present before trying to linkify backticks.
2021-10-11 10:24:41 -03:00
David Taylor 9efc57f0c6 FEATURE: shortcuts for quote (q) and fast edit (e)
Reimplemented following the revert in ce0daae636

This approach uses the global `e`/`q` shortcuts, rather than shifting focus to the `quote-button` component. The current `quoteState` is used to determine whether the quote-button is currently visible. If yes, an appEvent transmits the intention to the quote-button component. If no, the old behavior is maintained.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2021-10-11 10:46:38 +01:00
Rafael dos Santos Silva 3eb737c014
FIX: Correct password change path for password managers (#14561) 2021-10-08 14:53:14 -03:00
David Taylor ce0daae636
FIX: Resolve quoting issues by reverting new shortcuts (#14560)
This reverts the new e and q shortcuts for quick-edit, and quote. The current implementation of these is causing issues with quoting on mobile devices.

We intend restore these new shortcuts soon.

* Revert "FIX: Apply quote selection workaround to all browsers (#14558)"

This reverts commit 488f716c16.

* Revert "FIX: selection going missing in Safari (#14557)"

This reverts commit 538fe2cc31.

* Revert "UX: adds shortcuts for quote (q) and fast edit (e) (#14552)"

This reverts commit 2af6052307.
2021-10-08 15:31:43 +01:00
Roman Rizzi 9f3b82eeb2
DEV: Move settings to linkify to the serializer code. (#14553)
We aren't translating these settings, so it makes more sense to move them into the code. I added an instance method so plugins can add mappings for custom reasons.
2021-10-07 12:41:57 -03:00
Joffrey JAFFEUX 2af6052307
UX: adds shortcuts for quote (q) and fast edit (e) (#14552) 2021-10-07 17:22:28 +02:00
Penar Musaraj 6141ed31c7
UX: More consistent shortcut labels for macOS (#14538) 2021-10-06 16:20:43 -04:00
Daniel Waterworth 55dd9309e4
FIX: Check env for multisite config path even if config file exists (#14536)
... so that it can be overridden for rake tasks without changing the
config file.
2021-10-06 13:24:50 -05:00
Penar Musaraj e9b1d29d8b
UX: Revamp quick search (#14499)
Co-authored-by: Robin Ward <robin.ward@gmail.com>
Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2021-10-06 11:42:52 -04:00
Krzysztof Kotlarek cb5b0cb9d8
FEATURE: save local date to calendar (#14486)
It allows saving local date to calendar.
Modal is giving option to pick between ics and google. User choice can be remembered as a default for the next actions.
2021-10-06 14:11:52 +11:00
Roman Rizzi e5c257e5b5
FIX: Reenable global setting HTML support. (#14521) 2021-10-05 16:25:41 -03:00
Discourse Translator Bot 0f5d737a61
Update translations (#14513) 2021-10-05 15:59:26 +02:00
Roman Rizzi 437410e269
UX: Global notice no longer accepts HTML. (#14515) 2021-10-05 10:34:26 -03:00
Meghna 1552d06008
UX: capitalize unsubscribed email locale (#14512)
https://meta.discourse.org/t/unsubscribed-description-text-needs-a-capital-letter/205239
2021-10-05 17:13:22 +05:30
Arpit Jalan fbeb854ffc
DEV: replace mailcatcher references with mailhog (#14500) 2021-10-05 15:48:06 +05:30
Penar Musaraj 23df78acb3
UX: Fix label in search when tagging is disabled (#14503) 2021-10-04 17:04:34 -04:00
Roman Rizzi a9d20610d4
FIX: Make score's reason link building more explicit (#14475)
We relied on backticks to identify and replace site setting names with links. Unfortunately, some translations don't follow this convention, breaking this feature.

Additionally, this lets us linkify `category settings` and `watched words` without using HTML in the translations.

You may notice that I split the texts we want to linkify into two groups. I did this on purpose to emphasize those that should be translated (regular_links) from those who don't (site_settings_link). If you can think of a better solution, I'm open to suggestions.
2021-10-04 16:55:09 -03:00
Roman Rizzi 90a3fbc07b
DEV: Remove HTML setting type and sanitization logic. (#14440)
* DEV: Remove HTML setting type and sanitization logic.

We concluded that we don't want settings to contain HTML, so I'm removing the setting type and sanitization logic. Additionally, we no longer allow the global-notice text to contain HTML.

I searched for usages of this setting type in the `all-the-plugins` repo and found none, so I haven't added a migration for existing settings.

* Mark Global notices containing links as HTML Safe.
2021-10-04 15:40:35 -03:00
Andrei Prigorshnev 149e869c22
FEATURE: make username suggester suggest `user1`, `user2` etc. for input that contains invalid characters only (#14179)
We were suggesting 111, 1111, 1112 before.

See the discussion on Meta – https://meta.discourse.org/t/curious-account-creation-behaviour/199970/14.
2021-10-04 16:47:55 +04:00
Discourse Translator Bot a0cb340eef
Update translations (#14460) 2021-09-28 16:44:23 +02:00
Alan Guo Xiang Tan 9d5da2b383
PERF: Revert all inboxes from messages route. (#14445)
The all inboxes was introduced in
016efeadf6 but we decided to roll it back
for performance reasons. The main performance challenge here is that PG
has to basically loop through all the PMs that a user is allowed to view
before being able to order by `Topic#bumped_at`. The all inboxes was not
planned as part of the new/unread filter so we've decided not to tackle
the performance issue for the upcoming release.

Follow-up to 016efeadf6
2021-09-28 11:58:04 +08:00
Penar Musaraj 01e50f325d
A11Y: Use shorter label for hamburger menu (#14439) 2021-09-24 14:22:40 -04:00
Penar Musaraj 9235e2ad5d
A11Y: Fix several minor issues (#14436) 2021-09-24 11:52:07 -04:00
Penar Musaraj 8cef6dabb5
A11Y: Add labels to some search fields, category notification selector (#14430) 2021-09-23 14:52:34 -04:00
Joffrey JAFFEUX dd091fbf36
FEATURE: enables fast edit by default (#14417) 2021-09-22 10:15:17 +02:00
Martin Brennan dba6a5eabf
FEATURE: Humanize file size error messages (#14398)
The file size error messages for max_image_size_kb and
max_attachment_size_kb are shown to the user in the KB
format, regardless of how large the limit is. Since we
are going to support uploading much larger files soon,
this KB-based limit soon becomes unfriendly to the end
user.

For example, if the max attachment size is set to 512000
KB, this is what the user sees:

> Sorry, the file you are trying to upload is too big (maximum
size is 512000KB)

This makes the user do math. In almost all file explorers that
a regular user would be familiar width, the file size is shown
in a format based on the maximum increment (e.g. KB, MB, GB).

This commit changes the behaviour to output a humanized file size
instead of the raw KB. For the above example, it would now say:

> Sorry, the file you are trying to upload is too big (maximum
size is 512 MB)

This humanization also handles decimals, e.g. 1536KB = 1.5 MB
2021-09-22 07:59:45 +10:00