Robin Ward
dc1a830d3d
SECURITY: SQL Injection in Admin List Active Users
2016-07-28 11:42:06 -04:00
Robin Ward
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
Sam
16a383ea1e
SECURITY: limit bad cookie auth attempts
...
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
Sam
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Robin Ward
2a4006fe0c
Add `YandexBot` to our list of crawlers
2016-07-26 13:21:37 -04:00
Sam
b5fbff947b
FIX: don't expire old sessions when logging in
2016-07-26 11:37:41 +10:00
Jeff Atwood
1379bd5053
fix all v=2 spec / test errors for emoji
2016-07-25 15:53:48 -07:00
Sam
12ecf8624a
FIX: tokenize words with dots correctly
...
hello.world is now tokenized as "hello.world" and "world" that way the word
"world" will find the post with "hello.world"
2016-07-25 16:26:33 +10:00
Sam
e01802a13b
FIX: strip quote from search term when searching within topic
2016-07-25 15:06:25 +10:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Sam
12dc511fea
PERF: make score calculator cheaper when site has long topics
2016-07-22 09:48:44 +10:00
Robin Ward
c279889191
FIX: Watching First Post in groups was working incorrectly
2016-07-21 15:05:10 -04:00
Neil Lalonde
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
Robin Ward
09be741820
FIX: Don't alert on new posts in a topic unless it's a new record
2016-07-19 15:57:05 -04:00
Robin Ward
12cfc8cedd
FIX: Email cooker should support links within blockquotes
2016-07-18 14:38:40 -04:00
Robin Ward
6db50b820d
FIX: Email cooker should link links that don't begin a line
2016-07-18 13:46:13 -04:00
Vinoth Kannan
e99a73e16d
New AWS S3 Storage Mumbai region added ( #4335 )
...
* ap-south-1 region added
* Update client.en.yml
* ap-south-1 region added
2016-07-18 09:03:26 +02:00
cpradio
64bdededd3
Allow plugins that implement OAuth and OAuth2 to show up under associated accounts in the Admin area. ( #4333 )
2016-07-18 09:02:41 +02:00
Guo Xiang Tan
d55da4fe1b
Revert "Revert "Update rails.""
...
This reverts commit 4d27d7e1d3
.
2016-07-18 11:00:23 +08:00
Sam Saffron
46b34e3c62
FEATURE: remove user option for edit history public
...
Users can no longer opt-in for "public" edit history
if site owner disables it.
This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Robin Ward
4d27d7e1d3
Revert "Update rails."
...
This reverts commit 898ec43989
.
2016-07-15 16:35:57 -04:00
Régis Hanol
caa1aea995
FIX: ensure emojis have absolute URLs and uses CDN
2016-07-15 18:37:51 +02:00
Régis Hanol
7848a84e0e
FIX: ensure summary emails have the 'List-Unsubscribe' header set
2016-07-15 11:39:29 +02:00
Guo Xiang Tan
9353013b40
Merge pull request #4332 from tgxworld/bunch_of_fixes_for_backup
...
Bunch of fixes for backup
2016-07-15 17:26:30 +08:00
Guo Xiang Tan
898ec43989
Update rails.
2016-07-15 13:18:30 +08:00
Guo Xiang Tan
5fe4837e28
Add `PostCreator#create!`.
2016-07-15 11:36:06 +08:00
Hu Ming
f8a12d4940
Add support for AWS cn ( #4327 )
2016-07-14 16:56:09 +02:00
Guo Xiang Tan
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
Guo Xiang Tan
41cbdb5dfa
Fix the build.
2016-07-13 19:14:40 +08:00
Guo Xiang Tan
973a7c9d3a
FIX: Redeeming an invitation fails if inviter has been destroyed.
2016-07-13 11:58:31 +08:00
Robin Ward
bb90129731
Improvements to email cook text rendering
2016-07-12 13:49:03 -04:00
Robin Ward
0c3b049176
FIX: Autolinking in email formatter was broken
2016-07-12 13:33:13 -04:00
Rafael dos Santos Silva
5915929166
FIX: Unicode aware text sentinel ( #4301 )
...
* FIX: Handle unicode text on Text Sentinel
Uses active_support to properly handle unicode text
* Adds test cases to unicode Text Sentinel
2016-07-12 11:08:55 -04:00
Robin Ward
c1d4ca4031
FIX: Raw templates in customizations were broken
2016-07-11 12:57:05 -04:00
Robin Ward
7ff5b228cd
REFACTOR: Raw Handlebars ported to ES6
2016-07-11 12:57:05 -04:00
Robin Ward
a546395397
REFACTOR: Migrate markdown functionality in ES6
2016-07-11 12:57:05 -04:00
Neil Lalonde
304f7040a3
FIX: tag filter dropdown was gone if some tags were restricted to a category.
2016-07-08 17:13:40 -04:00
Arpit Jalan
c626558d36
UX: group pages should not show Messages tab to unauthorised users ( #4318 )
2016-07-09 00:50:04 +05:30
Sam
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Guo Xiang Tan
423dc37f6c
Merge pull request #4315 from tgxworld/fix_tags_not_in_category_showing
...
Tags which are not allowed in a category showing in drop down.
2016-07-08 10:28:10 +08:00
Guo Xiang Tan
8fd0414cdf
WIP: Tags which are not allowed in a category showing in drop down.
2016-07-08 10:27:56 +08:00
Robin Ward
5f91919663
Email support for watching first post
2016-07-07 12:23:19 -04:00
Robin Ward
2005565c9c
Server side code for Watching First Post Only
2016-07-07 11:21:50 -04:00
Robin Ward
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
Arpit Jalan
2facb6190f
FEATURE: new site setting download_remote_images_max_days_old
2016-07-06 19:33:51 +05:30
Robin Ward
3fe4903e63
FIX: Support unicode replacements with multiple codepoints
2016-07-05 13:55:41 -04:00
James Kiesel
3588780ac3
Don't reject likes by email for closed topics ( #4311 )
2016-07-05 17:33:08 +02:00