Commit Graph

22 Commits

Author SHA1 Message Date
Roman Rizzi df3eb93973
DEV: Sanitize HTML admin inputs (#14681)
* DEV: Sanitize HTML admin inputs

This PR adds on-save HTML sanitization for:

Client site settings
translation overrides
badges descriptions
user fields descriptions

I used Rails's SafeListSanitizer, which [accepts the following HTML tags and attributes](018cf54073/lib/rails/html/sanitizer.rb (L108))

* Make sure that the sanitization logic doesn't corrupt settings with special characters
2021-10-27 11:33:07 -03:00
Mark VanLandingham 0cba4d73c1
FEATURE: Add user custom fields to user directory (#13238) 2021-06-07 12:34:01 -05:00
Krzysztof Kotlarek e29605b79f
FEATURE: the ability to search users by custom fields (#12762)
When the admin creates a new custom field they can specify if that field should be searchable or not.

That setting is taken into consideration for quick search results.
2021-04-27 15:52:45 +10:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Maja Komel 65f3ed0689 UX: make name optional for confirmation user field (#7149) 2019-03-13 18:40:43 +01:00
Robin Ward 95f263995d FIX: Previous annotations were broken 2019-01-11 14:30:19 -05:00
Robin Ward a3839495e0 Update annotations 2019-01-11 12:19:43 -05:00
Arpit Jalan 72be638728 FEATURE: add external details to user fields 2018-09-20 08:10:51 +05:30
Guo Xiang Tan 226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Arpit Jalan daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Sam c68999e128 annotate models
WARNING annotators out there, be to run bin/annotate on RAILS_ENV=test on a clean db
2017-08-16 10:38:11 -04:00
Sam c531f4ded5 remove rails-observers
Rails yanked out observers many many years ago, instead the functionality
was yanked out to a gem that is very lightly maintained.

For example: if we want to upgrade to rails 5 there is no published gem

Internally the usage of observers had quite a few problem.

The series of refactors renamed a bunch of classes to give us more clarity
and removed some magic.
2016-12-22 16:46:53 +11:00
Sam aee7489a5a annotate models 2016-06-17 11:28:49 +10:00
Thorben Egberts cf8b3fbd56 FEATURE: add user custom fields to user card
The user's custom fields are now displayed on the user card. This has to be enabled for each custom field in the custom field settings. See https://meta.discourse.org/t/custom-user-fields-on-usercard/22662/
2016-04-08 14:35:41 +02:00
Sam 32c681c96b annotate models 2016-02-23 10:33:53 +11:00
Sam c1ecd6f4ce update annotations 2015-09-18 10:41:10 +10:00
Robin Ward dc8a68fd29 FEATURE: New "Dropdown" user field type 2015-07-28 12:30:21 -04:00
Robin Ward 8186d86f38 FIX: Enforce max length for custom user fields 2015-02-23 13:02:30 -05:00
Sam 21402d9d9e annotations 2015-02-04 16:34:25 +11:00
Sam 6bed4e1bf0 add allowed_ips to api_keys
update annotations
2014-11-20 14:53:15 +11:00
Robin Ward 381814fd5d Adds support for a description to user fields. 2014-10-02 15:56:52 -04:00
Robin Ward 0fc0533134 FEATURE: Admin interface for adding custom fields for users 2014-09-25 16:17:51 -04:00