Victor van Poppelen
9e60f9f093
JSON API parsing error on CSRF exception: single quotes in ['BAD CSRF'] is invalid JSON:
...
https://meta.discourse.org/t/json-api-parsing-error-single-quotes-used-for-errors-like-bad-csrf/58869
2017-03-16 16:47:18 -07:00
Régis Hanol
fdf749770b
remove unecessary '.limit(1)'
2017-02-24 12:56:13 +01:00
Sam
f15f61da0a
FEATURE: add immutable caching to rails site of things
2017-02-23 13:05:00 -05:00
Sam
1935f624b8
FEATURE: reset active record cache in sidekiq if needed
...
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Guo Xiang Tan
81d333289e
FIX: Return 503 when in readonly mode.
2016-12-07 14:04:42 +08:00
Sam
1db9d17756
Make removal of topic columns more resilient to deploys
2016-12-05 12:11:46 +11:00
Sam
c04d4171ff
FIX: whisper no longer experimental
...
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Guo Xiang Tan
d95fbd89d0
Enable miniprofiler in development automatically.
2016-11-29 10:59:10 +08:00
Sam
63d9d4f301
FIX: properly specify default on no cache on all resources
2016-11-15 17:00:44 +11:00
Sam
6031e692f0
Merge pull request #4366 from xfalcox/print
...
Print Support
2016-10-11 11:47:20 +11:00
Neil Lalonde
600b23c0a4
FIX: permalink redirects should work on tag paths
2016-10-04 12:01:42 -04:00
Rafael dos Santos Silva
c12e533273
Feature: Adds a button to print a topic
2016-09-26 20:44:50 -03:00
Robin Ward
7f66cf618c
FIX: You should be an admin to do the wizard
2016-09-22 11:12:51 -04:00
Robin Ward
29cf47cfb2
Track steps the user has completed, nag them to finish it.
2016-09-22 09:52:19 -04:00
Sam
75f3f7fcbd
FEATURE: clean API method for reading a single notification
2016-09-16 16:14:15 +10:00
Sam
eaf87f0770
FIX: correctly handle api key so it uses current user provider
2016-08-26 10:39:13 +10:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Guo Xiang Tan
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
Guo Xiang Tan
e221414935
PERF: Remove N+1 queries on user messages page.
2016-06-29 09:30:54 +08:00
James Cook
c0e25b5a9a
Replace certain uses of 'gsub' with 'tr' or 'chomp' for a speed
...
improvement
2016-06-10 22:08:37 -05:00
Robin Ward
4180e207c3
FIX: Crazy large ids should not raise exceptions
2016-03-23 12:13:47 -04:00
Sam
84d234a98a
Merge pull request #4076 from scossar/locale-from-header-setting
...
FEATURE: add site setting for setting locale from header
2016-03-17 07:53:20 +11:00
Robin Ward
06591022fe
FEATURE: Generous badge
2016-03-15 16:08:29 -04:00
scossar
0cbeda8414
add site setting for setting locale from header
2016-03-14 16:18:19 -07:00
Sam Saffron
7598037080
Only pull in gem if it is being used, remove middleware
2016-03-04 23:17:14 +11:00
Régis Hanol
1135d2094a
Merge pull request #4006 from scossar/set-locale-from-header
...
Feature: (WIP) Set locale from Accept-Language header
2016-03-04 09:12:30 +01:00
Sam
610954ecce
Merge pull request #4035 from tgxworld/dont_return_500_when_plugin_is_disabled
...
Return 404 instead 500 when plugin is disabled.
2016-02-27 16:55:50 +11:00
scossar
0a396583ed
set locale for anonymous from header
...
set locale on signup
update spec
add locale option
2016-02-26 13:45:00 -08:00
Guo Xiang Tan
a3fa80847e
Return 404 instead 500 when plugin is disabled.
2016-02-24 17:09:30 +08:00
Arpit Jalan
d77511319e
show monthly top topics on 404 page
2016-02-24 13:46:55 +05:30
Sam
4c0a40f2b0
FIX: publish notification state when notifications are read
...
(this clears green and blue bubbles)
2016-02-22 12:24:51 +11:00
Sam
dd6ebde824
FIX: Always ensure notifications are treated as read once clicked
...
UX: improve messaging so notifications list is far more stable
PERF: improve performance of notifcation lookup queries
- Add feature "SetTransientHeader" that allows shipping info to server
in the next Ajax request
- remove local storage hack used for notifications
- amend lookupStale to return hydrated objects, move logic into store
- stop magically clearing various notifications (likes, invitee accepted, group_summary, granted badge)
2016-02-15 19:29:47 +11:00
Régis Hanol
825a01cec3
fix the build
2016-01-15 12:34:28 +01:00
Régis Hanol
c9c6b09f36
FIX: allow staff members to edit staged users preferences
2016-01-15 12:16:00 +01:00
Faisal Abbas
f2480aa81f
FIX: When 410 is received, display proper error message instead of generic.
2015-12-30 17:18:32 +05:00
Robin Ward
d1ebb9d0b5
FIX: I18n Fallbacks were not applying correctly
2015-12-23 12:09:18 -05:00
Robin Ward
de88be2fbc
Support for "Only show overridden" in site text customization
2015-11-30 15:25:08 -05:00
Régis Hanol
16b3d26d7b
allow staff members to view staged accounts user card/profile
2015-11-27 20:02:24 +01:00
Robin Ward
1506eba28d
Support for overriding client side translation keys
2015-11-20 17:14:01 -05:00
Robin Ward
3720783c1b
Refactor to our own Discourse I18n backend
...
This removes some monkey patches and makes testing easier.
It will also support database backed I18n changes.
2015-11-13 16:35:02 -05:00
Arpit Jalan
106cb9874a
FIX: show 404 page when user is logged out and navigates to private message
2015-10-30 17:41:55 +05:30
Robin Ward
db5379508e
FIX: Don't show an anonymous cache if there is a flash
2015-10-28 15:12:05 -04:00
Sam
6f43b575a8
FEATURE: no need to cap new and unread together anymore
...
- leave unread alone
- cap new at 500 per site, with a site setting
2015-10-01 17:17:15 +10:00
Robin Ward
3620c8c85e
Move descriptions for rate limiting errors into the exception
2015-09-24 13:52:46 -04:00
Sam
335be272ff
FEATURE: implement capping of new/unread
...
We cap new and unread at 2/5th of SiteSetting.max_tracked_new_unread
This dynamic capping is applied under 2 conditions:
1. New capping is applied once every 15 minutes in the periodical job, this effectively ensures that usually even super active sites are capped at 200 new items
2. Unread capping is applied if a user hits max_tracked_new_unread,
meaning if new + unread == 500, we defer a job that runs within 15 minutes that will cap user at 200 unread
This logic ensures that at worst case a user gets "bad" numbers for 15 minutes and then the system goes ahead and fixes itself up
2015-09-07 12:03:17 +10:00
Dan Singerman
8055d065f2
Refactor ApplicationController#redirect_to_login_if_required to use session for SSO
2015-08-11 16:48:55 +01:00
Robin Ward
9911e92e24
Merge pull request #3609 from riking/patch-7
...
FEATURE: Localization fallbacks
2015-07-30 10:44:29 -04:00
Arpit Jalan
d6069e8c90
UX: fix container layout
2015-07-28 13:58:30 +05:30
Sam
4491813d22
Revert "Revert "PERF: optimise query that gathers topic tracking state""
...
This reverts commit 909be09f1a
.
2015-07-21 21:48:07 +10:00
Sam
909be09f1a
Revert "PERF: optimise query that gathers topic tracking state"
...
This reverts commit 343e417a55
.
2015-07-21 17:35:50 +10:00
Sam
343e417a55
PERF: optimise query that gathers topic tracking state
...
(this query runs on the front page to figure out new and unread topics)
2015-07-21 17:14:30 +10:00
Kane York
ecfa17b5a7
FEATURE: Localization fallbacks (server-side)
...
The FallbackLocaleList object tells I18n::Backend::Fallbacks what order the
languages should be attempted in. Because of the translate_accelerator patch,
the SiteSetting.default_locale is *not* guaranteed to be fully loaded after the
server starts, so a call to ensure_loaded! is added after the locale is set for
the current user.
The declarations of config.i18n.fallbacks = true in the environment files were
actually garbage, because the I18n.default_locale was
SiteSetting.default_locale, so there was nothing to fall back to. *derp*
2015-07-15 10:17:36 -07:00
Sam
b052179ae6
Merge pull request #3163 from rcfox/fix-by-external
...
Allow periods in the external_id value used in the /users/by-external route.
2015-06-24 13:07:12 +10:00
Sam
f26eee8431
FEATURE: add username to NGINX logs
2015-06-16 17:43:53 +10:00
Sam
690f4a4c37
add X so it shows up at the end of chrome
2015-06-16 10:27:42 +10:00
Sam
9b8b1d0034
FEATURE: add special header that names the action for the request
2015-06-16 09:54:44 +10:00
Robin Ward
5da5269652
FIX: Bad page title for categories view by google crawler
2015-06-08 12:07:35 -04:00
Sam
fe46d1dd3b
PERF: avoid cookies for all static, public, cached forever assets
2015-05-22 16:15:46 +10:00
Robin Ward
0ed1c8011c
FIX: About page error when `login_required`
2015-05-21 14:37:49 -04:00
Sam
e5888cf090
PERF: avoid preloading json in cases where it is not needed
...
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Ryan Fox
14d2b76354
Merge branch 'master' into fix-by-external
...
Conflicts:
app/controllers/users_controller.rb
2015-05-15 19:54:11 -04:00
Sam
8277a586bb
usage of raise corrected
2015-05-07 11:00:51 +10:00
Robin Ward
16408cee06
Allow Postgres to trigger readonly mode for the site.
2015-04-29 11:49:58 -04:00
Robin Ward
3cb4554bbb
Can refresh queued posts via button
2015-04-27 13:52:54 -04:00
Robin Ward
3a6efa25f0
Allow ReadOnly to propogate up to the Ember app via Response Header
2015-04-24 14:37:16 -04:00
Robin Ward
0c233e4e25
Interface is wired up for Approving/Rejecting posts
2015-04-15 14:54:37 -04:00
Robin Ward
96d2c5069b
Interface for reviewing queued posts
2015-04-15 14:54:37 -04:00
Robin Ward
19a9a8b408
`NewPostManager` determines whether to queue a post or not
2015-04-15 14:54:36 -04:00
Sam
bb20f64cb2
use standard error so its easier to catch
2015-03-23 12:20:50 +11:00
Régis Hanol
df3b1f6968
FIX: editing a post wasn't showing error messages from the server
2015-03-19 12:25:15 +01:00
Robin Ward
3ad12d44f3
Use a mixin for the `path` function to DRY it up
2015-03-09 15:24:16 -04:00
Sam
f5af4768eb
FEATURE: add clean support for running Discourse in a subfolder
...
To setup set DISCOURSE_RELATIVE_URL_ROOT to the folder you wish
2015-03-09 13:14:29 +11:00
Sam
71d6266f98
REGRESSION: exceptions are handled natively by logster
2015-02-27 13:05:51 +11:00
Sigurður Guðbrandsson
96e6fd3449
Cleaned up the sso codefix, thanks @SamSaffron
...
@SamSaffron showed me a cleaner way to use the if statements in the sso redirect code.
Thanks sam ;)
2015-02-23 22:10:44 +00:00
Sigurður Guðbrandsson
334a357363
FIX: Forward to SSO login automatically
...
Forward to SSO login URL automatically if SSO is enabled and login is required.
Makes it simpler for users to log in automatically.
2015-02-23 21:20:36 +00:00
Sam
5266ad4539
Merge pull request #3183 from riking/json-errors-2
...
Consolidate custom exception handling
2015-02-23 16:58:05 +11:00
riking
ecb911285d
Fix the render_json_error api
2015-02-22 21:28:50 -08:00
riking
68ccd2d664
FEATURE: All 500 errors now show up in Logster
...
Added Discourse.handle_request_exception()
2015-02-09 12:48:33 -08:00
riking
8d39480831
use symbols for error types (squash me)
2015-02-09 10:20:00 -08:00
Lincoln Lee
02f3f8c1b3
Fix customize HTML/CSS only show desktop code
...
custom_top and custom_footer method in SiteCustomization is setting
:desktop as default argument for `target`
It output the desktop version of the custom_top, custom_footer even
user in mobile_view.
This fix is adding the missing target into method argument.
2015-02-10 00:48:42 +08:00
riking
a16aa9fde8
HACK: Keep old behavior for topics#show
2015-02-08 13:56:56 -08:00
riking
8cf21f2363
FEATURE: Refactor error returns in application_controller
2015-02-08 13:40:38 -08:00
riking
06f02ce9fc
FIX: 🈂️ Allow closing polls in multi-locale sites
2015-02-05 19:55:03 -08:00
Robin Ward
25daca8f23
Helpers for plugins to support enabling/disabling
2015-02-04 16:23:56 -05:00
Arpit Jalan
68377ba4ab
add class for container div on 404 page
2015-02-04 00:40:21 +05:30
Ryan Fox
c3f21dcdfc
Remove the .json part from the external_id value when using it to lookup a user.
2015-02-02 12:58:02 -05:00
riking
fb72e2665f
PERF 🐎 Don't calculate preload data for non-xhr json requests
...
This will help out anyone querying as API instead of through a
browser.
2015-01-23 21:14:58 -08:00
Robin Ward
987504c6ab
Rename `no_js` layout to `no_ember`
...
While *sometimes* `no_js` was used for visitors without js (for example
disabling it on your browser) it was also used for some pages that were
disabled to JS capable browsers, including the 404 page.
Even worse, sometimes it was used on pages that *had* Javascript, such
as our `/activate-account` route. It has been renamed to `no_ember` to
indicate what it really is, a layout for the site that doesn't load our
Ember.js application.
2015-01-15 15:56:53 -05:00
Régis Hanol
6734a51b6a
move SiteText.{head,top,bottom} to SiteCustomization
2015-01-14 12:15:53 +01:00
Robin Ward
f3b72f5d96
Revert "move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top"
...
This reverts commit 6ee2849df6
.
2015-01-12 20:21:22 -05:00
Régis Hanol
6ee2849df6
move SiteText.{head,bottom} to SiteCustomization and remove redundant SiteText.top
2015-01-12 19:59:43 +01:00
Sam
a99c3c3df9
FEATURE: allow users to persist customization with &sticky=true
2015-01-06 17:39:08 +11:00
Régis Hanol
45dbdb6896
FEATURE: custom emojis
2014-12-23 01:12:26 +01:00
Régis Hanol
cdbee4f5d9
Merge pull request #3045 from techAPJ/patch-2
...
FIX: redirect client to the original url after logging in for private in...
2014-12-17 11:21:56 +01:00
Arpit Jalan
9f8e73303a
FIX: redirect client to the original url after logging in for private instances
2014-12-16 13:19:26 +05:30
Robin Ward
b1bc4741b1
FEATURE: Load fewer topics in the topic list on slow platforms (Android)
2014-12-15 11:54:26 -05:00
Sam
c7bc692f40
PERF: stop querying banner topic on every page hit
2014-11-14 15:39:17 +11:00
Régis Hanol
ec76be964e
UX: better footer handling
2014-11-10 21:51:55 +01:00