Commit Graph

45145 Commits

Author SHA1 Message Date
Osama Sayegh d15867463f
FEATURE: Site setting for blocking onebox of URLs that redirect (#16881)
Meta topic: https://meta.discourse.org/t/prevent-to-linkify-when-there-is-a-redirect/226964/2?u=osama.

This commit adds a new site setting `block_onebox_on_redirect` (default off) for blocking oneboxes (full and inline) of URLs that redirect. Note that an initial http → https redirect is still allowed if the redirect location is identical to the source (minus the scheme of course). For example, if a user includes a link to `http://example.com/page` and the link resolves to `https://example.com/page`, then the link will onebox (assuming it can be oneboxed) even if the setting is enabled. The reason for this is a user may type out a URL (i.e. the URL is short and memorizable) with http and since a lot of sites support TLS with http traffic automatically redirected to https, so we should still allow the URL to onebox.
2022-05-23 13:52:06 +03:00
Martin Brennan a03ae9b323
DEV: Add bookmark-icon component (#16893)
This component will be useful for chat, and also moves
the definition of the icon for with and without reminders
to the bookmark model as consts, so they can easily be
referenced in other places.
2022-05-23 15:01:44 +10:00
Gerhard Schlager 1e1b85c214
FIX: Site setting changes for boolean should be logged as true/false (#16888)
Previously true/false sometimes was logged as t or f
2022-05-23 11:23:10 +08:00
Gerhard Schlager 049f6e58c8
REFACTOR: Remove duplicate code in `SiteSettingsController` (#16889) 2022-05-23 11:21:45 +08:00
dependabot[bot] f365d106e6
Build(deps): Bump oj from 3.13.11 to 3.13.13 (#16891)
Bumps [oj](https://github.com/ohler55/oj) from 3.13.11 to 3.13.13.
- [Release notes](https://github.com/ohler55/oj/releases)
- [Changelog](https://github.com/ohler55/oj/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/ohler55/oj/compare/v3.13.11...v3.13.13)

---
updated-dependencies:
- dependency-name: oj
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-23 11:20:56 +08:00
Martin Brennan faf5b4d3e9
PERF: Speed up secure media and ACL sync rake tasks (#16849)
Incorporates learnings from /t/64227:

* Changes the code to set access control posts in the rake
  task to be an efficient UPDATE SQL query.
  The original version was timing out with 312017 post uploads,
  the new query took ~3s to run.
* Changes the code to mark uploads as secure/not secure in
  the rake task to be an efficient UPDATE SQL query rather than
  using UploadSecurity. This took a very long time previously,
  and now takes only a few seconds.
* Spread out ACL syncing for uploads into jobs with batches of
  100 uploads at a time, so they can be parallelized instead
  of having to wait ~1.25 seconds for each ACL to be changed
  in S3 serially.

One issue that still remains is post rebaking. Doing this serially
is painfully slow. We have a way to do this in sidekiq via PeriodicalUpdates
but this is limited by max_old_rebakes_per_15_minutes. It would
be better to fan this rebaking out into jobs like we did for the
ACL sync, but that should be done in another PR.
2022-05-23 13:14:11 +10:00
Martin Brennan fcc2e7ebbf
FEATURE: Promote polymorphic bookmarks to default and migrate (#16729)
This commit migrates all bookmarks to be polymorphic (using the
bookmarkable_id and bookmarkable_type) columns. It also deletes
all the old code guarded behind the use_polymorphic_bookmarks setting
and changes that setting to true for all sites and by default for
the sake of plugins.

No data is deleted in the migrations, the old post_id and for_topic
columns for bookmarks will be dropped later on.
2022-05-23 10:07:15 +10:00
Johannes Faigle bf987af3ca
FEATURE Add reset bump dates bulk action (#16885) 2022-05-22 12:32:55 -04:00
Jordan Vidrine 20d1f90edf
FIX: Refactor placement of plugin outlet & index use (#16874) 2022-05-20 11:03:47 -05:00
David Taylor a8163a5c0c
DEV: Add comment about `UserController#cards` route (#16882)
This is unusual because it is not used directly by any core UI. It was added for theme components.
2022-05-20 13:03:00 +01:00
Arpit Jalan 578955dcc9
DEV: allow running plugin tests for server_plugin_outlet (#16883)
This commit allows us to run plugin tests for `server_plugin_outlet`
method.
2022-05-20 17:14:55 +05:30
Osama Sayegh eddb8891c4
FIX: Clear inline onebox cache when a post is rebaked (#16871)
Meta topic: https://meta.discourse.org/t/prevent-to-linkify-when-there-is-a-redirect/226964/4?u=osama.
2022-05-20 14:09:50 +03:00
dependabot[bot] 1fb8fef3f8
Build(deps): Bump image_size from 3.0.1 to 3.0.2 (#16876)
Bumps [image_size](https://github.com/toy/image_size) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/toy/image_size/releases)
- [Changelog](https://github.com/toy/image_size/blob/master/CHANGELOG.markdown)
- [Commits](https://github.com/toy/image_size/compare/v3.0.1...v3.0.2)

---
updated-dependencies:
- dependency-name: image_size
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-20 12:58:01 +02:00
Arpit Jalan 77a8a4bee6
DEV: do not run plugin tests for server_plugin_outlet (#16880) 2022-05-20 14:01:14 +05:30
Arpit Jalan e8e9754a3c
FIX: pass empty hash for view locals by default (#16879)
DEV: enable plugin tests for server_plugin_outlet
2022-05-20 13:34:43 +05:30
Isaac Janzen 4b63cd3848
DEV: Add test ENV conditional back to server_plugin_outlet (#16878)
Add test ENV conditional back to server_plugin_outlet
2022-05-20 01:16:02 -05:00
Arpit Jalan defa5a4e94
FEATURE: allow locals to be passed in server_plugin_outlet (#16850) 2022-05-20 10:00:24 +05:30
Gerhard Schlager 0af05c2682
DEV: Compatibility with TruffleRuby (#16864)
Removes thread unsafe lazy initialization.
See https://meta.discourse.org/t/225447

It also removes an unused variable in `FlagSettings`.
2022-05-19 21:56:55 +02:00
David Taylor 166fe3bb34
FIX: Apply 'allowed_href_schemes' to all src/srcset attributes (#16860)
Previously we were only applying the restriction to `a[href]` and `img[src]`. This commit ensures we apply the same logic to all allowlisted media src attributes.
2022-05-19 11:18:30 +01:00
dependabot[bot] 95c85a278e
Build(deps): Bump json from 2.6.1 to 2.6.2 (#16848)
Bumps [json](https://github.com/flori/json) from 2.6.1 to 2.6.2.
- [Release notes](https://github.com/flori/json/releases)
- [Changelog](https://github.com/flori/json/blob/master/CHANGES.md)
- [Commits](https://github.com/flori/json/compare/v2.6.1...v2.6.2)

---
updated-dependencies:
- dependency-name: json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 10:56:05 +02:00
dependabot[bot] f927ac6a01
Build(deps): Bump rubocop-rspec from 2.10.0 to 2.11.1 (#16868)
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.10.0 to 2.11.1.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.10.0...v2.11.1)

---
updated-dependencies:
- dependency-name: rubocop-rspec
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-19 10:55:06 +02:00
Chapoi a6abf8d07a
UX: update hljs-builtin-name colour (#16863) 2022-05-18 16:11:59 -04:00
Gabe Pacuilla 4284ba9c27
FIX(cache_critical_dns): use correct DISCOURSE_DB_USERNAME envvar (#16862) 2022-05-18 13:01:18 -04:00
Bianca Nenciu 4d1c6396c9
FIX: Allow users to select "regular" categories (#16857)
Categories that had a CategoryUser record and the notification level
set to "Normal" were not selectable in any of the "Watched", "Tracked",
"Watching First Post" or "Muted" inputs. This happened because the
category seemed to be already selected in the "Normal" input, but that
does not exist (it is the default value if category is not present in
any of the other inputs).
2022-05-18 17:57:57 +03:00
Loïc Guitaut aa4b1d9c38 DEV: Use new defaults for ActiveSupport::Digest
Use the `OpenSSL::Digest::SHA256` class for `ActiveSupport::Digest`.
This could lead to cache invalidation.
2022-05-18 16:51:07 +02:00
Penar Musaraj 71c74a262d
FEATURE: Include participants in PN search data (#16855)
This makes it easier to find PMs involving a particular user, for
example by searching for `in:messages thisUser` (previously, that query
would only return results in posts where `thisUser` was in the post body).
2022-05-18 10:34:01 -04:00
Chapoi 96d656f450
UX: update hljs-builtin-name highlight (#16859)
* update hljs-builtin-name highlight

* Move dark-light function to better file
2022-05-18 15:55:40 +02:00
Gabe Pacuilla 9f246e6969
FIX(cache_critical_dns): use discourse database name and user by default (#16856) 2022-05-17 16:09:32 -04:00
Bianca Nenciu 9ea8a4a9af
FIX: Use CSS transition to make room for composer (#16750)
The composer is displayed over the bottom part of the page. To make sure
that no content is covered by the composer, a bottom padding is added
equal to the height of the composer. When the composer is opened or
closed that padding is added after around 300ms because of a debounce.

This commit makes sure that the padding is added as soon as the composer
state changes by using a CSS custom property (variable) and transition
property for a smooth user interface.
2022-05-17 22:44:25 +03:00
Daniel Waterworth 6e53f4d913
DEV: New readonly mode. Only applies to non-staff (#16243) 2022-05-17 13:06:08 -05:00
Bianca Nenciu 985afe1092
FEATURE: Add page title to 404 pages (#16846)
The title had to be added both on the 404 page generated by the server
side, displayed when the user reaches a bad page directly and the 404
page rendered by Ember when a user reaches a missing topic while
navigating the forum.
2022-05-17 18:37:43 +03:00
Loïc Guitaut 0feffa6f88 DEV: Enable Rails 7 cache format version 2022-05-17 17:32:10 +02:00
David Taylor 8bc8dbc134
Revert "DEV: Drop our `mail` gem fork (#16622)" (#16853)
This reverts commit 0d30c19b7e.

Pending resolution of https://github.com/mikel/mail/issues/1489
2022-05-17 16:11:39 +01:00
Discourse Translator Bot ddb5d88158
Update translations (#16852) 2022-05-17 16:51:11 +02:00
Rafael dos Santos Silva 5f1c3b4c9f
FIX: `acted` state in post action like could desync with multiple likes (#16847)
If userA has multiple tab/devices on the same topic, and:

1. userA likes a post in tab1
2. userB likes the same post
3. userA post like `acted` attr would desync in tab2

This fix handles this case and also the reverse one when removing likes
interleaved with other users acting on the same post.

Reported in Meta at https://meta.discourse.org/t/-/227239/3
2022-05-17 10:21:17 -03:00
Meghna 28affa8cba
UX: consistent spacing on group interaction form (#16851) 2022-05-17 18:38:46 +05:30
Loïc Guitaut 73de203843 FIX: Apply 'hide email account' for invites 2022-05-17 09:56:06 +02:00
Penar Musaraj f31301b6de
UX: Fix status icon size in suggested topics (#16845) 2022-05-16 15:53:40 -04:00
David Taylor 38216f6f0b
DEV: Make user field validation more specific (#16746)
- Only validate if custom_fields are loaded, so that we don't trigger a db query
- Only validate public user fields, not all custom_fields

This commit also reverts the unrelated spec changes in ba148e08, which were required to work around these issues
2022-05-16 14:21:33 +01:00
Chapoi b65ecf6987
UX: Add back link on taggroup page (#16700)
* Add back button to taggroup page

* Lint update + enclosing tags

* Linting

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>

Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2022-05-16 10:34:09 +02:00
dependabot[bot] ce1f2473b9
Build(deps-dev): Bump faker from 2.20.0 to 2.21.0 (#16842)
Bumps [faker](https://github.com/faker-ruby/faker) from 2.20.0 to 2.21.0.
- [Release notes](https://github.com/faker-ruby/faker/releases)
- [Changelog](https://github.com/faker-ruby/faker/blob/master/CHANGELOG.md)
- [Commits](https://github.com/faker-ruby/faker/compare/v2.20.0...v2.21.0)

---
updated-dependencies:
- dependency-name: faker
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 00:42:31 +02:00
dependabot[bot] adbd1b5565
Build(deps): Bump rubocop-ast from 1.17.0 to 1.18.0 (#16841)
Bumps [rubocop-ast](https://github.com/rubocop/rubocop-ast) from 1.17.0 to 1.18.0.
- [Release notes](https://github.com/rubocop/rubocop-ast/releases)
- [Changelog](https://github.com/rubocop/rubocop-ast/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-ast/compare/v1.17.0...v1.18.0)

---
updated-dependencies:
- dependency-name: rubocop-ast
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 00:42:15 +02:00
dependabot[bot] 8ce29a4a22
Build(deps): Bump loofah from 2.17.0 to 2.18.0 (#16726)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.17.0 to 2.18.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.17.0...v2.18.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-14 23:00:10 +02:00
Isaac Janzen 4e622c9fd8
DEV: Remove 'htmlSafe' string prototype extensions (#16828)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 16:24:05 -05:00
Isaac Janzen 85ceafb4dc
DEV: Remove 'htmlSafe' string prototype extensions (#16766)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 14:58:26 -05:00
Daniel Waterworth 9eadabe9fc
DEV: Let's deny access to sso endpoints when disabled consistently (#16752) 2022-05-13 14:33:28 -05:00
Daniel Waterworth 6a4696eec8
DEV: Add helper method for repeated sso logging pattern (#16749) 2022-05-13 12:19:44 -05:00
Isaac Janzen ce8dd8810e
DEV: Remove 'underscore' string prototype extensions (#16748)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 11:32:38 -05:00
Isaac Janzen 839ae52c20
DEV: Remove 'decamelize' string prototype extensions (#16747) 2022-05-13 11:32:19 -05:00
Isaac Janzen aa95a3d654
DEV: Remove 'dasherize' string prototype extensions (#16740)
Context: https://deprecations.emberjs.com/v3.x/#toc_ember-string-prototype_extensions
2022-05-13 10:56:23 -05:00