Commit Graph

22344 Commits

Author SHA1 Message Date
Guo Xiang Tan e6d75f6844 Revert "Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email.""
This reverts commit 0e3def7d2b.
2017-02-28 11:27:14 +08:00
Régis Hanol 41c850f31d fix pull_translation script 2017-02-27 22:48:50 +01:00
Sam 49a0f16ce4 Merge pull request #4723 from mcwumbly/fix-import-scripts
FIX: Import scripts were failing to load onebox sanitize config
2017-02-27 16:18:29 -05:00
Sam 1e980ad4e6 Merge pull request #4721 from oblakeerickson/sort_admin_users_api
FEATURE: Add order logic to admin users controller
2017-02-27 16:13:42 -05:00
Robin Ward b2b7f4d905 FIX: Query parameters were not being cleared when changing filtering. 2017-02-27 15:49:14 -05:00
Neil Lalonde cfedbad0e9 FIX: hamburger shouldn't show subcategories if show_subcategory_list is enabled on the parent 2017-02-27 15:34:07 -05:00
Arpit Jalan 5a48cea395 FIX: correct path for LocaleFileWalker 2017-02-28 01:42:55 +05:30
Arpit Jalan 6661cebff8 FIX: do not log duplicate username changes 2017-02-28 01:32:00 +05:30
Neil Lalonde e634b37f9a FIX: from field of emails should be including email_site_title or site title settings 2017-02-27 14:23:07 -05:00
Arpit Jalan f7d413bb1b Merge pull request #4727 from techAPJ/log-name-changes
FEATURE: log all username and name changes
2017-02-28 00:53:00 +05:30
Arpit Jalan b32d3d66e5 FEATURE: log all username and name changes 2017-02-28 00:23:27 +05:30
Robin Ward 0e3def7d2b Revert "SECURITY: Ensure oAuth authenticated email is the same as created user's email."
This reverts commit 1060239e2d.
2017-02-27 13:19:26 -05:00
cpradio e476614b6a FIX: Populate Category when query/search term is updated 2017-02-27 12:41:49 -05:00
cpradio 70cf36700b FIX: Collapsing/Expanding Advanced Search doesn't wipe out Advanced Search Terms from search query. 2017-02-27 12:29:54 -05:00
Robin Ward bf9626d031 FIX: Embedding was broken with non-english URLs and ports 2017-02-27 12:17:52 -05:00
Arpit Jalan 877957ae88 Merge pull request #4715 from techAPJ/login-per-ip
FEATURE: new site setting for max logins per ip per hour/minute
2017-02-27 18:24:53 +05:30
cpradio 59922a7899 Extract autocomplete initialization to a function
Create a REGEXP_TAGS_REPLACE regex to remove a chained .replace call

Fix autocomplete positioning
2017-02-27 07:48:14 -05:00
Arpit Jalan cba51e1c38 FEATURE: new site setting for max logins per ip per hour/minute 2017-02-27 16:58:03 +05:30
Guo Xiang Tan 0e8c849572 UX: "See more" on not found page should redirect to /top. 2017-02-27 13:33:19 +08:00
Guo Xiang Tan 0675f9f838 Merge pull request #4684 from tgxworld/fix_reset_context_when_context_type_changes
Fix reset context when context type changes
2017-02-27 12:24:44 +08:00
Guo Xiang Tan ac37bd3dbc FIX: Search menu results does not refresh when search context is changed. 2017-02-27 12:23:41 +08:00
Guo Xiang Tan d2b83a9682 Merge pull request #4720 from rizka10/patch-3
Fix a minor typo on a mailer template
2017-02-27 11:51:38 +08:00
Guo Xiang Tan 2fc0b35765 Merge pull request #4722 from oblakeerickson/typo_routes_file
FIX: typo in a routes.rb comment
2017-02-27 11:51:13 +08:00
Guo Xiang Tan 82595bc1ab Merge pull request #4725 from jomaxro/patch-2
Remove references to elder
2017-02-27 11:50:48 +08:00
Guo Xiang Tan 758e3e52f7 FIX: Mobile topic timeline broken on Chrome 56.
* See https://developers.google.com/web/updates/2017/01/scrolling-intervention.
  From Chrome 56 onwards, `touchstart` event listeners are treated as passive
  by default which does not call `preventDefault` resulting in the page
  scrolling when topic timeline handle is being dragged.
2017-02-27 11:39:57 +08:00
jomaxro f5673fbd47 Remove references to elder
The use of the TL4 name Elder was changed in 2014 to Leader.  The spec function was changed to `:trust_level_4`, but the it statement was not changed.
2017-02-26 17:40:42 -07:00
Sam Saffron 7e8f0dc967 FIX: attempt to handle ios edge case where token is seen but unsaved
This relaxes our security in the following way

- prev auth token is always accepted as long as rotation
date is within our window of SiteSetting.maximum_session_age.hours
(previously old token expired within a minute of new one being seen)

- new auth token is marked unseen if we are presented with an old token
after we already saw new one

This attempts to fix an issue where ios webkit is not committing new cookies
2017-02-26 17:09:57 -05:00
David McClure ed627c8233 FEATURE: Socialcast Importer: Set category and tags based on group 2017-02-26 04:54:07 -08:00
Blake Erickson 0e6cb752da Clean up valid order names
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.

Example: 'created' => 'created_at'

Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
David McClure b188c30925 FIX: Import scripts were failing to load onebox sanitize config 2017-02-25 09:27:42 -08:00
Blake Erickson 5ba8f8d1a6 FIX: typo in a routes.rb comment
sidekiq was spelled wrong
2017-02-25 10:03:19 -07:00
Blake Erickson e9d5c3265c Change param asc to ascending
For consistency, change param asc to ascending:

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson 0a41da6bad FEATURE: Add order logic to admin users controller
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649

Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.

Example:

`/admin/users/list/active.json?&order=post_count` which defaults to desc

and

`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
rizka10 e651faa397 Fix a minor typo on a mailer template
"with" is supposed to be "wish" on 'unsubscribe_mailer.text_body_template'
2017-02-24 16:13:47 +02:00
Régis Hanol fdf749770b remove unecessary '.limit(1)' 2017-02-24 12:56:13 +01:00
Régis Hanol ecdae9f863 FIX: i18n integrity specs
FIX: check all .yml files in the project for integrity
FIX: ensure localized yamls are compatible with english
2017-02-24 11:35:33 +01:00
Régis Hanol a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Guo Xiang Tan 1060239e2d SECURITY: Ensure oAuth authenticated email is the same as created user's email. 2017-02-24 13:13:10 +08:00
Guo Xiang Tan 0847b4258a Revert "SECURITY: Ensure that user has been authenticated."
This reverts commit fbe51d68a7.

Changing the commit message to correctly reflect what we're actually
fixing.
2017-02-24 13:12:29 +08:00
Guo Xiang Tan 889ab85431 Merge pull request #4719 from rimian/patch-3
fix malformed qunit url
2017-02-24 11:32:01 +08:00
Guo Xiang Tan fbe51d68a7 SECURITY: Ensure that user has been authenticated. 2017-02-24 10:47:48 +08:00
Sam Saffron 3754b038e8 fix brotli origin 2017-02-23 18:26:40 -05:00
Rimian Perkins db9840b672 fix malformed qunit url
this removes the space between the query string and the URL

```
$MODULE='Acceptance: Search' rake qunit:test\[20000\]
....
Running: {"module":"Acceptance: Search"}
... http://localhost:60099/qunit?module=Acceptance%3A%20Search 20000
```

The timeout value seems to work fine.
2017-02-24 10:19:34 +11:00
Sam Saffron ef08462b33 spaces matter 2017-02-23 17:37:53 -05:00
Rafael dos Santos Silva f68540b022 Increase QUnit timeouts to allow on slower envs 2017-02-23 19:21:06 -03:00
Sam f15f61da0a FEATURE: add immutable caching to rails site of things 2017-02-23 13:05:00 -05:00
Sam eee22bf037 FEATURE: Add immutable cache for assets that do not update
This will eliminate revalidation of avatars, css, js and uploads on reloads on supporting browsers (at the moment firefox)
2017-02-23 12:24:47 -05:00
Sam ea1007e954 FEATURE: add support for same site cookies
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Sam ad435da377 fix typo 2017-02-23 10:58:53 -05:00
Jeff Atwood ad6cb3c638 force all iOS editors to minimum height for compat 2017-02-22 16:56:19 -08:00