b04a52676e
FIX: Don't show wrong flag choices after undo
2014-09-02 17:37:54 -04:00
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
9a1580244a
FIX: Don't show profile pages for inactive users and don't show them in
...
search results.
2014-08-13 13:30:25 -04:00
0920c4bea6
PERF: reduce storage requirements for incoming links
...
Only store incoming links for topics.
2014-08-04 11:06:48 +10:00
9468ebeb2e
CHANGE: Mini Profiler only enabled for developers in prd
2014-07-17 08:34:41 +10:00
783454ebe1
Fix /p/post/user route not saving referrals
...
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
5bcfb6ee38
FIX: don't show 'About category' topics on the 404 page
2014-07-04 16:18:17 -04:00
2d5f667160
Make ?preview-style make sense
...
New behavior:
?preview-style=(sha) -- see that stylesheet
?preview-style= -- see the currently selected stylesheet
?preview-style=default -- see the default stylesheet ("rescue mode")
2014-06-20 09:06:36 -07:00
ad2bd11d6e
Add a way to get user based on sso external id
2014-06-18 14:40:25 -04:00
00117c18c3
FEATURE: dismissable banner topic
2014-06-18 20:05:19 +02:00
f1a28d62a3
FEATURE: support registration of custom html by plugins
2014-06-05 11:39:33 +10:00
fa6f22dd39
Move letter avatars out of upload system
...
FIX: S3 issues around system avatars
FIX: reduced backup file size
2014-05-30 14:45:55 +10:00
f8b7f0d73f
FEATURE: logster env tab, log current user
2014-05-12 15:28:23 +10:00
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
8f53b7a65b
Detect arrays for serialization using respond_to?(:to_ary).
...
This is the way AMS detects arrays, and is more robust than checking
is_a? for whitelisted classes. For example, this works for
ActiveRecord::AssociationRelation which the current logic does not
handle.
2014-04-16 20:48:09 +05:30
558a06a117
Adds better reusable error message support. Added to fetching remote
...
posts. /cc @riking
2014-04-02 13:22:10 -04:00
b0f3061113
It doesn't make sense to redirect when not logged in on a non-GET
...
request. We should report a failure then. They likely logged out or
in another tab or timed out.
2014-03-05 12:12:53 -05:00
7322345039
FIX: when shown 403 error page and logging in, it will take you to the same page
2014-02-26 17:53:53 -05:00
3151f59bc9
REFACTOR: We don't cache the json for the Site model anymore, so let's
...
rename and remove the methods leftover from that.
2014-02-24 14:25:37 -05:00
9545e2e46e
FIX: broken 404 page. don't bother showing current_usre stuff
2014-02-21 12:24:45 -05:00
d95887c57d
CHANGE: We now include the `_escaped_fragment_` support by default, but
...
only if the crawler check fails. It is a fallback for non-google search
engines that support the Ajax crawling API.
2014-02-20 17:02:26 -05:00
c4b5455c21
REFACTOR: Rename `GooglebotDetection` to `CrawlerDetection` because we
...
will likely whitelist more crawlers in the future.
2014-02-20 16:07:02 -05:00
d443ddd43d
Merge pull request #1922 from joallard/language-toggle
...
Allow users to toggle interface language in their preferences
2014-02-19 18:28:00 +01:00
7f6b2e5563
Show login button on 404 page. Add routes to show login and signup modals when page/route loads. If logged in and showing 404 page, load ember app.
2014-02-18 17:18:53 -05:00
0592420e52
Add a site setting to allow users to toggle I18n.locale
...
It is false by default.
2014-02-18 14:54:00 -05:00
c513725f26
Allow users to toggle interface language in their preferences
2014-02-18 14:53:59 -05:00
d298e2e065
Detect Googlebot from user agent and use a different layout that doesn't load javascript
2014-02-15 17:54:34 -05:00
5725f02d9e
allow full access to /admin/backups while in read-only mode
2014-02-13 13:31:14 -08:00
e7472dc374
readonly mode
2014-02-13 13:31:13 -08:00
e0df404d7e
Add site setting tos_accept_required. If enabled, users must check a box saying that they've read and accept the terms of service.
2014-02-07 16:04:13 -05:00
748e1e0748
Allow using the API when Login required site setting is on.
2014-01-24 14:02:49 +01:00
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
dfb9b8fa58
Fix unused parameter
2014-01-04 08:53:27 +01:00
1f0a59584b
Revert "Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations."
2013-12-18 14:47:22 -05:00
94fda12795
use a helper instead of a view for custom HTML content
2013-12-17 18:56:59 +01:00
4c6b535cc0
move arbitrary html content out of noscript and into the preloadstore
2013-12-17 18:25:27 +01:00
5171a23a9c
Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations.
2013-12-11 11:19:22 -05:00
2596f7dec2
Revert "Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations."
2013-12-09 16:28:11 -05:00
ca5d4d5e54
Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations.
2013-12-09 13:28:42 -05:00
2d9876a6ac
FIX: set_locale filter must be executed before check_xhr filter because check_xhr filter renders html in some cases
2013-12-04 20:49:54 +09:00
7207cef7aa
TopicQuery cleanup in advance of custom sorting:
...
- Move SQL method constants into a module
- Removed unused count methods
- Moved methods that don't return a TopicList into Topic
- Replaced some confusing method signatures
2013-11-13 12:26:32 -05:00
e9f9d22482
add query parameter to temporarily disable customization
2013-11-12 18:14:22 +01:00
de30af9302
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:50 -05:00
855ee3b43d
Fix ActiveRecord::Associations::CollectionProxy serialization in Rails 4.
2013-11-03 10:41:38 +05:30
348e2e3ef2
Support for per-user API keys
2013-10-22 17:34:39 -04:00
3d647a4b41
remove rack cache, it has been causing trouble
...
instead implement an aggressive anonymous cache that is stored in redis
this cache is sitting in the front of the middleware stack enabled only in production
TODO: expire it more intelligently when stuff is created
2013-10-16 16:39:18 +11:00
939a452293
require dependency was leading to errors in dev
2013-10-09 17:22:41 +11:00
7993845bfa
add current_user_provider so people can override current_user bevior cleanly, see
...
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
45d7765936
Merge branch 'master' into mobile
2013-09-05 15:54:22 -04:00
f157ec1f91
Select +Replies for bulk operations
2013-09-05 11:03:29 -04:00
9efa29e688
Detect whether to use mobile view. Session var mobile_view can override automatic detection.
2013-08-27 14:57:42 -04:00
c4a0152dc6
recover from bad CSRF tokens without requiring a hard refresh of the browser
2013-08-27 15:56:12 +10:00
11dca1fd92
make code climate a bit happier
2013-08-06 06:25:44 +10:00
aa6c92922d
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 15:13:13 +10:00
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
19c169540c
Staff can enter and view deleted topics
2013-07-11 16:39:35 -04:00
e39cc464b1
Refactor routes in order to be compatible with Rails 4
2013-07-01 20:00:06 +02:00
92562c2090
Merge pull request #1057 from house9/list-controller-1
...
refactor list_controller
2013-06-25 17:36:56 -07:00
a86b35c873
Remove the access_password site setting
2013-06-25 15:05:25 -04:00
2e12eb2b62
refactor list_controller
...
- minor refactoring of actions 'category' and 'category_feed'
- fix defect in 'category' where check was for literal
string 'uncategorized' instead of SiteSetting.uncategorized_name
- major refactoring on defined topic actions
2013-06-25 08:29:00 -07:00
4ddc0825f5
Remove code duplication in ApplicationController
2013-06-20 21:17:33 +05:30
7ca5ab3da3
allow api for restricted by global password sites
2013-06-17 16:09:59 +10:00
b97d186cb5
automatic groups should not allow you to muck with the listed users in the group
2013-06-17 12:54:25 +10:00
e6e81efe85
correct information leak in page not found
2013-06-13 10:27:17 +10:00
5217602ec3
FIX: RSS paths render a 404 for missing topics.
2013-06-07 12:52:12 -04:00
62041da7e0
Handle /t/only-the-slug urls by trying to find the topic by slug (second try)
2013-06-06 14:41:37 -04:00
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
92a4828f72
Redirect all controllers to login if required
...
We want to skip the filter for sessions controller so that we can login
and we want to skip the filter for static pages because those should be
visible to visitors.
2013-06-04 16:10:10 -07:00
02b1f78410
FIX: Include preloaded data even if the request type isn't explicitly text/html
2013-06-04 12:56:12 -04:00
42714b424f
For 403 errors, show the same html page as 404
2013-05-30 16:39:39 -04:00
e93b7a3b20
more progress towards live unread and new counts, unread message implemented, still to implement delete messages
2013-05-30 16:49:57 +10:00
830b93a16b
Reduced complexity of admin flags controller, split up into methods, moved reports into model.
2013-05-29 16:49:34 -04:00
0f296cd42b
Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now.
2013-05-22 12:06:37 -04:00
fc57578c85
proper 404 for json request 404
2013-05-20 17:28:32 +10:00
80fb20816c
get rid of nonsense 404.html
...
correct 404 handling for invalid pages
2013-05-20 10:29:49 +10:00
b6bf95e741
speed up startup (avoid loading some gems on startup)
...
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
cef9a74053
route for markdown /md/topic_id/post_number
2013-04-30 16:30:41 +10:00
017ee7c2da
FIX: [security bug] XHR check bypass
2013-04-30 02:34:19 +02:00
f9e33ec6b8
store ip address and current user with incoming links
...
make links long an readable in share dialog
2013-04-26 16:18:55 +10:00
37867af1bb
track incoming links, amend share link to include user
...
fix pm styling
2013-04-24 18:05:35 +10:00
6974ad487c
fix not found error when spiders were hitting with .php
2013-04-18 09:55:47 +10:00
0f362c5474
this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save
2013-04-12 10:07:58 +10:00
850b042cab
introduce rack:cache as a default, so users don't need to configure apache or nginx
...
under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine)
reorganised so mini profilers can be cleanly disabled from config file
added caching for categories index
move production.rb to production.sample.rb
2013-04-11 16:24:21 +10:00
41b7f741d0
extract hard-coded strings
2013-04-07 18:14:50 +02:00
c57ec611e1
basic api support
2013-03-25 18:04:46 -07:00
deb603f41c
Merge pull request #547 from kid0m4n/convert-ruby-1-9-syntax
...
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-24 16:43:17 -07:00
5dfb04e4b3
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-25 05:07:36 +05:30
0da8f35659
[ fixes #391 ] exception when wrong resource type in URL
2013-03-24 22:25:24 +01:00
239cbd2d58
enforce coding convention
...
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
d2596c3c4c
Remove unusued site_settings, show checkbox in UI for boolean values, remove restrict_access
...
boolean to avoid locking yourself out by setting access_password to empty string. Minor
UI tweaks.
2013-03-01 14:27:41 -05:00
628927a79f
Added Site Setting to change locale.
2013-02-28 14:34:38 -05:00
cafc75b238
remove trailing whitespaces ❤️
2013-02-26 07:31:35 +03:00
b66db4153d
refactor and organise current_user better
2013-02-24 21:42:04 +11:00
3e6641c07e
Unsign auth token cookies per discussion on #215
2013-02-23 13:40:21 -05:00
5616fdc475
Sign the auth token cookie and make it httpOnly
2013-02-20 17:24:19 -05:00
cab4d95eaf
use canonical-url plugin to make view more clean
2013-02-13 19:04:43 +08:00
57049b55a2
Little things:
...
- Retries on deadlock when calculating average time
- Removes Warning: When specifying html format for errors
- Doesn't use manual SQL to update user's ip address
2013-02-11 15:47:28 -05:00
6ce32b8bc4
Trivial: Was not finding files in public for errors due to missing extensions.
2013-02-11 14:39:26 -05:00
80929ead4b
security hole fixed
2013-02-11 17:28:21 +11:00
61654ab8f0
Fix all the trailing whitespace
2013-02-07 16:45:24 +01:00
6043a370ad
Oops, that should be 1.minute
2013-02-06 12:07:22 -05:00
8d568b05c4
Don't enable Cache-Control if the site has restricted access.
2013-02-06 11:55:54 -05:00
21b5628528
Initial release of Discourse
2013-02-05 14:16:51 -05:00
Robin Ward
Sam
riking
Neil Lalonde
Régis Hanol
Louis Rose
Vikhyat Korrapati
Jonathan Allard
slainer68
christophe
Harry Seo
Stephan Kaag
Jesse House
Vipul A M
Ian Christian Myers
Chris Hunt
Karan Misra
Gosha Arinich
tms
xdite
Jakub Arnold