Commit Graph

38364 Commits

Author SHA1 Message Date
Blake Erickson e74817cbb9 DEV: Document set notification level endpoint
Another commit using rswag to document the api so that the api docs can
be automatically generated.
2020-07-09 17:41:11 -06:00
Rafael dos Santos Silva e866e3d609
FEATURE: Add global rate limit for anon searches (#10208) 2020-07-10 09:08:34 +10:00
Kane York 79b52b1e9a
DEV: Add SVG tests for 31e31ef44 (#10205) 2020-07-09 14:02:25 -07:00
Mark VanLandingham bfde665e76
DEV: Classes and plugin-outlet in admin user-list nav (#10204) 2020-07-09 15:10:25 -05:00
Robin Ward 5b276af921
Remove `Discourse.SiteSettings` from tests (#10193)
* Remove unused Discourse.SiteSettings

* Remove `Discourse.SiteSettings` from many tests

* REFACTOR: `lib:formatter` was using a lot of leaky state

* Remove more `Discourse.SiteSettings` from tests

* More SiteSettings removed from tests
2020-07-09 15:54:53 -04:00
Robin Ward b1c6ff9e1c FIX: Test output related to `Discourse::VERSION`
It's a little awkward to test constants by re-assigning them so
I've added a new parameter to `Discourse.find_compatible_resource`
which can be used by tests.
2020-07-09 14:57:27 -04:00
Robin Ward c2ce7f2673 FIX: Flaky test
The previous solution was not always working, I believe this one
will be consistent.
2020-07-09 14:48:49 -04:00
dependabot-preview[bot] dadf08fb3b
Build(deps): Bump cose from 1.0.0 to 1.1.0 (#10203)
Bumps [cose](https://github.com/cedarcode/cose-ruby) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/cedarcode/cose-ruby/releases)
- [Changelog](https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cedarcode/cose-ruby/compare/v1.0.0...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-07-09 14:13:32 -04:00
Robin Ward 10384bcdf4 FIX: Flaky tests
Locally I was getting a lot of failures from discourse-encrypt due to
leaky state in composer actions. This fixes it.
2020-07-09 12:58:57 -04:00
Mark VanLandingham 52f8eecbb9
FIX: Incorrect fix for invites breaking when no group is selected (#10202) 2020-07-09 11:58:29 -05:00
Mark VanLandingham 9d74cf6a63
FIX: Invites when no group is selected (#10201) 2020-07-09 11:41:17 -05:00
David Taylor cb1f891392
Revert "FIX: Incorrect search blurb when advanced search filters are used."
This change was causing advanced search filters to disappear from the search input

This reverts commit 2e1eafae06.
2020-07-09 16:19:18 +01:00
Daniel Waterworth 8d5750d90a FIX: Catch all kinds of exceptions when processing email 2020-07-09 13:41:51 +01:00
Daniel Waterworth 3b368a48d1 Revert "DEV: Add logging for stack level too deep exception in HtmlToMarkdown"
We can do this in a better way by storing an IncomingEmail record.

Follow-up-to: 4a9ee25c56
2020-07-09 13:41:33 +01:00
Jarek Radosz 32ee9fae40
FIX: Short URL resolution in cook-text (#10200)
Regressed in 3b51e05de2. Thanks to @romanrizzi for reporting!
2020-07-09 14:39:13 +02:00
Daniel Waterworth 4a9ee25c56 DEV: Add logging for stack level too deep exception in HtmlToMarkdown 2020-07-09 12:25:00 +01:00
Martin Brennan e0713455ca
PERF: Load topic bookmarks for the user in user_post_bookmarks (#10197)
Instead of loading all of the user bookmarks using all the post IDs in a topic, load all the bookmarks for a user using the topic ID. This eliminates a costly WHERE ID IN query.
2020-07-09 15:46:52 +10:00
Guo Xiang Tan d5c56a846a
DEV: Only failover the entire cluster when the default db goes down. 2020-07-09 11:49:03 +08:00
Martin Brennan 31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down. 2020-07-09 11:13:02 +08:00
Guo Xiang Tan cbe1dd8ec7
Revert "FIX: Delete related search data when record has been deleted."
This reverts commit ecc799ab56.

This commit does not fix anything because we've always been deleting
records in `Searchable`.
2020-07-09 10:08:35 +08:00
Jordan Vidrine 9eedc83e00
UI: Markdown Code Wrapping (#10195) 2020-07-08 20:50:42 -04:00
Blake Erickson abb01148fa DEV: Rubocop fixes
Follow up to: 3314654ab3
2020-07-08 18:27:19 -06:00
Blake Erickson 3314654ab3 DEV: Add API Doc specs for topic endpoints
Added some more specs that will be used to auto generate the api docs.
2020-07-08 18:08:14 -06:00
romanrizzi 720a7f88e2 Revert "Add License"
This reverts commit ba1c4b3ee9.
2020-07-08 15:11:04 -03:00
Roman Rizzi ba1c4b3ee9
Add License 2020-07-08 15:09:42 -03:00
Penar Musaraj bd511c004c
UX: Fix missing icon when merging selected posts 2020-07-08 13:57:05 -04:00
Penar Musaraj 67582e7d27
FIX: Do not send system emails to suspended users (#10192) 2020-07-08 13:30:32 -04:00
Mark VanLandingham 90512d723c
UX: Use group-chooser in invite modal (#10186) 2020-07-08 12:02:26 -05:00
Robin Ward f3ff9d5625 FIX: `getURL` deprecation 2020-07-08 11:40:53 -04:00
Arpit Jalan 78beb4368a FIX: 'resend all invite' button was not working as expected 2020-07-08 15:52:44 +05:30
marielaSAG e45307a105
DEV: Added before-create-topic-button plugin-outlet (#10109) 2020-07-08 18:21:30 +10:00
Mark VanLandingham a9292086f4
DEV: Add classes to quick-access-profile items (#10185) 2020-07-08 17:30:12 +10:00
Martin Brennan 6be7a66ba7
FIX: Cap bookmark name at 100 chars and truncate existing names (#10189)
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.

This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
2020-07-08 17:19:01 +10:00
Sam Saffron bac25e6dd7
DEV: upgrade rack to version 2.2.3
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52

An attacker can elevate own cookie usage to bypass server cookie restrictions

Technically this is a security commit, but the surface area is extremely
low, we do not expect any real world impact.
2020-07-08 16:42:31 +10:00
Sam Saffron 8af5194e39
DEV: upgrade rails to version 6.0.3.2
This includes a fix for CVE-2020-8185 we are not vulnerable as we do not use
the impacted middleware. However it still makes sense to stay upgraded, other
small fixes exist in this release.
2020-07-08 16:34:29 +10:00
Bianca Nenciu bd842cd2b0
FEATURE: Parse images in email signatures (#10137)
* FEATURE: Parse images in email signatures

* DEV: Fix tests

* Code review
2020-07-08 15:50:30 +10:00
Martin Brennan 07ad243603
FIX: Stop updating bookmarked column from TopicUser.update_post_action_cache (#10188)
* This is causing issues where sometimes bookmarked is out of sync with what is in the Bookmark table. The BookmarkManager handles updating this column now.
* Add migration to fix bookmarked column that is incorrectly marked false when a Bookmark record exists.
2020-07-08 15:27:42 +10:00
Guo Xiang Tan 2e1eafae06
FIX: Incorrect search blurb when advanced search filters are used. 2020-07-08 11:59:49 +08:00
dependabot-preview[bot] 26dc981285 Build(deps): Bump rubocop from 0.86.0 to 0.87.1
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.87.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.87.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:38 +08:00
dependabot-preview[bot] b973ffe8e0 Build(deps): Bump onebox from 1.9.29 to 1.9.30
Bumps [onebox](https://github.com/discourse/onebox) from 1.9.29 to 1.9.30.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v1.9.29...v1.9.30)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:20 +08:00
Kane York c86b1ee9d1
FIX: Disable security keys at same time as TOTP 2FA (#10144)
Previously, the "Remove 2FA" button could result in an error. This syncs button visibility with behavior.

* FIX: Only offer disabling 2FA to admins
2020-07-07 12:19:30 -07:00
Mark VanLandingham 81fe8a50d4
DEV: Plugin API function to add items to quick access profile (#10182) 2020-07-07 13:53:40 -05:00
Kris d09a953f53 UX: Fix layout for long bookmark notes 2020-07-07 13:42:51 -04:00
Kris 66257ca8b6 FEATURE: Add "smallest" option to user text size preferences 2020-07-07 13:08:19 -04:00
Régis Hanol 44aaf4415d DEV: ensure discobot has a user_option & user_profile
When doing a migration, there might be some cases where the discobot user
doesn't have a user_option / user_profile record(s).

This ensures we always create one during the seed phase.
2020-07-07 18:24:31 +02:00
Mark VanLandingham d2e320d4f7
FIX: Bookmarks shortcut goes to new bookmarks with reminders (#10181) 2020-07-07 11:12:41 -05:00
Bianca Nenciu 4a90464619
FIX: Do not highlight large code blocks (#10125) 2020-07-07 18:51:19 +03:00
Bianca Nenciu 6705c45156
FEATURE: Add reply_as_new_group_message composer action (#10168) 2020-07-07 18:30:48 +03:00