Expand SiteSetting.allow_index_in_robots_txt so it also adds a
noindex header if set to false.
This makes sure that nothing is indexed even if it somehow reaches
Google.
* This is to prevent user's timezones being changed accidentally
e.g. by admin looking at a user
* This problem only occurred via the user card, however the user card
was still calling userTimezone even if the setting to display user
time in card was disabled
Previously originalTitle was set to undefined leading to
titleDirty being unconditionally undefined for new topics
That mean you could not dismiss the composer via ESC
Adds a new rake task to auto generate a constants.js file with the
constants present. This makes migrating to Ember CLI easier, but also
slightly speeds up asset compilation by having to do less work.
If the constants change you need to run:
`rake javascripts:update_constants`
1. Total 6 attempts per day per user
2. Total of 5 per unique email/login that is not found per hour
3. If an admin blocks an IP that IP can not request a reset
There were two constants here, `INLINE_ONEBOX_LOADING_CSS_CLASS` and
`INLINE_ONEBOX_CSS_CLASS` that were both longer than the strings they
were DRYing up: `inline-onebox-loading` and `inline-onebox`
I normally appreciate constants, but in this case it meant that we had
a lot of JS imports resulting in many more lines of code (and CPU cycles
spent figuring them out.)
It also meant we had an `.erb` file and had to invoke Ruby to create the
JS file, which meant the app was harder to port to Ember CLI.
I removed the constants. It's less DRY but faster and simpler, and
arguably the loss of DRYness is not significant as you can still search
for the `inline-onebox-loading` and `inline-onebox` strings easily if
you are refactoring.
We now show an options gear icon next to the bookmark name.
When expanded we show the "delete bookmark when reminder sent" option. The value of this checkbox is saved in local storage for the user.
If this is ticked, when a reminder is sent for the bookmark the bookmark itself is deleted. This is so people can use the reminder functionality by itself.
Also remove the blue alert reminder section from the "Edit Bookmark" modal as it just added clutter, because the user can already see they had a reminder set:
Adds a default false boolean column `delete_when_reminder_sent` to bookmarks.
Followup to 999e2ff5
Switching between the topic timeline and the progress bar was buggy when
resizing the composer. The root of the problem is that we can't know
the height of the timeline once it's hidden from view.
This uses a magic number for the calucation, which in this case is
necessary. Additionally, the calculation now takes place when
the resizing of the composer ends (previously, it was triggered when
dragging was started, which caused issues when resizing slowly).
- reduces the API to 3 actions for now: appendContent/prependContent/onChange
- well tested
- removes all previous APIS which were only half supported or too dangerous as they could collide with other plugins or core behaviors
- this plugins also puts every sk test helpers in one file
We now add together unread notifications (which are low-priority only) and unread high priority notifications (PMs and bookmark reminder notifications), and removed the separate "X unread high priority notifications" count in the user digest email.
Previously the image was imported from a Discourse hosted CDN but the
URL has since become invalid. However, it was not caught since all
errors are rescued. This commit fixes the issue by shipping the user
avatar with the plugin.
We were sharing `Discourse` both as an application object and a
namespace which complicated things for Ember CLI. This patch
moves raw templates into `__DISCOURSE_RAW_TEMPLATES` and adds
a couple helper methods to create/remove them.
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
If the user chooses "Later Today" as the reminder for a bookmark, then edits that bookmark, we should pre-select "Later Today" if that time has not changed (e.g. later is still 6pm). We do this to avoid confusion instead of opening the custom date + time section.
* Do not show confirmation modal if deleting bookmark from list unless the bookmark has a reminder
* Remove the deleted bookmark from the in-memory array for the user list so a full reload of the list is not needed and scrolling is maintained
This will make a few minor improvements to the second factor user interface. Highlights include:
- Using the site's title to prefix the backup code filename. If non-ascii characters are detected, then prefix "discourse" instead.
- Add icons and change the text on some of the buttons for better clarity and consistency
- Add an education link to the security key modal
This allows things like `Ember.inject.service` to be used within the raw view. setOwner simply sets one property on the object, and the result is cached along with the other injected properties, so this should have negligible performance impact.
This ensures that at a minimum you are notified once a day of
repeat edits by the same user.
Long term we may consider winding this down to say 1 hour or
making it configurable.
Due to a refactor in e90f9e5cc4 we stopped notifying on edits if
a user liked a post and then edited.
The like could have happened a long time ago so this gets extra
confusing.
This change makes the suppression more deliberate. We only want
to suppress quite/link/mention if the user already got a reply
notification.
We can expand this suppression if it is not enough.
* When hovering over the bookmark icon for a post, show the name of the bookmark at the end of the tooltip _if_ it has been set.
* Order bookmarks by `updated_at DESC` in the user list and show that instead of created at.
Recently, we added feature that we are sending `/muted` to users who muted specific topic just before `/latest` so the client knows to ignore those messages - https://github.com/discourse/discourse/pull/9482
Same `/muted` message should be included when the post is edited
* Remove Handlebars.SafeString usage
* DEV: Support for `import Handlebars from 'handlebars'`;
* FIX: Sprockets was broken when `node_modules` was present
By default the old version of sprockets looks for application.js
anywhere, including in a node_modules folder if this exists
(which it will when we move to Ember CLI.)
* FEATURE: add category banner for why a user cannot post
Adds a category banner for why a user is unable to post in a category.
Also adds an extra alert for the user when a user is unable to create a topic in a
category and they still try and click on the disabled-looking new topic
button.
We have the `# frozen_string_literal: true` comment on all our
files. This means all string literals are frozen. There is no need
to call #freeze on any literals.
For files with `# frozen_string_literal: true`
```
puts %w{a b}[0].frozen?
=> true
puts "hi".frozen?
=> true
puts "a #{1} b".frozen?
=> true
puts ("a " + "b").frozen?
=> false
puts (-("a " + "b")).frozen?
=> true
```
For more details see: https://samsaffron.com/archive/2018/02/16/reducing-string-duplication-in-ruby
avg_time on posts and topics have not been used in a year.
This uses a re-runnable ddl transaction diasabled migration to
drop the column, cause it touchs very high traffic table and may
deadlock
* Rename all instances of bookmarkWithReminder and bookmark_with_reminder to just bookmark
* Delete old bookmark code at the same time
* Add migration to remove the bookmarkWithReminder post menu item if people have it set in site settings
This is to help with the migration to Ember CLI. In the current running
version of Discourse everything should be the same as before, just with
a few extra files that are not used. However, using Ember CLI this can
be installed as an Ember addon.
Co-Authored-By: Jarek Radosz <jradosz@gmail.com>
Repro steps for current failure:
- use mobile view
- click on a different user avatar to show user card
- click message
- close composer
- cloak is still showing and prevents any click
* Bookmarks with reminders is a core feature now, no need to have a separate URL
* Keep around the old /u/:username/activity/bookmarks-with-reminders route for backwards compat in Ember but just redirect to user activity bookmarks.
For clarity and to save space remove the timezone in brackets e.g. (EDT) from the user card. Also add a title to the user time span to say it is Local Time.
* After this change the bookmark will still be saved if clicking out of the modal or pressing escape
* To achieve this I implemented an initiatedBy parameter for modal closing from d-modal. If clicking on the cross it is initiated by close, if clicking out of the modal it is by click out.
* These options can then be compared in controllers consuming onClose
Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
This will allow to post a link to published page in a post. Before this, users clicking this link would have seen a 404.
ATM /pub is server sider only.
We weren't using this very much and introduces a dependency between
discourse-common and discourse which makes moving to yarn workspaces
more difficult.
In the future we might user ember-addons properly but for now it's
easier to move the code into discourse-common.
Note the old folder is still there because at least one plugin was still
requiring the old files. It will be removed in the future.
The local time was not updating between user cards because the computed property was not used correctly.
There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once computed properties, shame on — shame on you. Fool me — you can't get fooled again.
This commit reworks slightly the `toggleBookmark` and `toggleBookmarkTopic` functions.
- Pressing [f] (toggleBookmarkTopic)
- a topic list item is selected, we attempt to toggle the related topic
- a post is selected, we bookmark the current topic
- nothing is selected, if there's a currentTopic we bookmark it
- Pressing [b] (toggleBookmark)
- a post is selected, we bookmark it
- a topic list item is selected, we attempt to toggle the related topic
- nothing is selected, if there's a currentTopic we bookmark it
Note this, commit also reduces jquery usage, a bug where the [f] shortcut was propagated to the modal input, and fixes bug when bookmarking a topic list item on the front page and the firstPost couldn't be found.
This adds a site setting (default off) to optionally show a user's local time and timezone in their user card. For example, I live in Brisbane, and if at 3:30PM my time I were to open a user who lives in California's card I would see 22:30 (PST).
FEATURE: dismiss first notification on click anywhere
Quicker jumpstart for those already familiar with the platform:
Allow dismissal of first notification mask from any click.
On the dismissal click, we also need to send a "yes I saw it" confirmation
by grabbing a batch of notifications. This prevents the dialog from appearing
again on refresh, or other browsers and ensures we only see it once.
This is a replacement for `decorateCooked` which will work without jquery.
A backwards compatibility layer is provided for existing plugins/themes which are currently using `decorateCooked`
Previously we relied entirely on levenshtein_distance_spammer_emails site
setting to handle "similar looking" emails.
This commit improves the situation by always preferring to block (and check)
canonical emails.
This means that if:
`samevil+test@domain.com` is blocked the system will block `samevil@domain.com`
This means that `samevil+2@domain.com` (ad infinitum) will be blocked
This reverts commit 6f9177e2ed.
We decided on a completely different approach to the problem.
Instead we will let blocked emails be treated as canonical.
* When copying the markdown for an image between posts, we were not adding the srcset and data-small-image attributes which are done by calling optimize_image! in cooked post processor
* Refactored the code which was confusing in its current state (the consider_for_reuse method was super confusing) and fixed the issue
In order to be able to use ember-cli we need to fix the import
statements for `TextField` and `TextArea` in the code base.
The only change I don't fully understand is the one in
`discourse-loader.js`, but adding the components to that file make it
all work.
This means that decorateCooked can be used to modify HTML without triggering the download of remote resources (e.g. images)
In some rare cases (e.g. IntersectionObservers in Chromium), decorating needs to happen in the real DOM. For this, pass `afterAdopt: true` to `decorateCooked`
This reverts commit fa96054acf.
Sadly this fails a test case, we may have to hunt up all the
parentElements to check for the cooked class to perform the
bypass
onSelectionChanged fires a debounced event that calls window.getSelection()
window.getSelection() is reasonably expensive. There is no reason to do any
of this work if we have an input field focused, that is not how quote works
* FEATURE: don't display new/unread notification for muted topics
Currently, even if user mute topic, when a new reply to that topic arrives, the user will get "See 1 new or updated topic" message. After clicking on that link, nothing is visible (because the topic is muted)
To solve that problem, we will send background message to all users who recently muted that topic that update is coming and they can ignore the next message about that topic.
It's possible to cause a 500 error by putting in weird characters in the
input field for updating a users website on their profile.
Normal invalid input like not including the domain extension is already
handled by the user_profile model validation. This fix ensures a server
error doesn't occur for weird input characters.
If for some reason an update did not go through (for example,
concurrently updating the same topic twice), we were logging something
like:
```
create_errors_json called with unrecognized type: #<Topic
```
This happened because we knew an error occurred but the active record
object had no errors attached.
This patch fixes the issue by attaching a proper error message in the
event that this happens.
The main thrust of this PR is to take all the conditional checks based on the `enable_bookmarks_with_reminders` away and only keep the code from the `true` path, making bookmarks with reminders the core bookmarks feature. There is also a migration to create `Bookmark` records out of `PostAction` bookmarks for a site.
### Summary
* Remove logic based on whether enable_bookmarks_with_reminders is true. This site setting is now obsolete, the old bookmark functionality is being removed. Retain the setting and set the value to `true` in a migration.
* Use the code from the rake task to create a database migration that creates bookmarks from post actions.
* Change the bookmark report to read from the new table.
* Get rid of old endpoints for bookmarks
* Link to the new bookmarks list from the user summary page
Safari starts loading images as soon as attributes are modified. Modern browsers all prefer the srcset attribute over src, so we should remove srcset last, and add it first.
* DEV: Use `render_json_error` (Adds specs for Admin::GroupsController)
* DEV: Use a specific error on blank category slug (Fixes a `render_json_error` warning)
* DEV: Use a specific error on reviewable claim conflict (Fixes a `render_json_error` warning)
* DEV: Use specific errors in Admin::UsersController (Fixes `render_json_error` warnings)
* FIX: PublishedPages error responses
* FIX: TopicsController error responses (There was an issue of two separate `Topic` instances for the same record. This makes sure there's only one up-to-date instance.)
It previously failed to match URLs with characters other than `[a-zA-z0-9\.\/:-]`. This meant that `PullHotlinkedImages` would sometimes download an external image and then never use it in any posts.
Currently, when category or tag is muted, only after hard refresh, these new muted categories are really muted. Without a hard refresh, you will still receive "new topic" messages.
Therefore, when tag or category is muted, we should update the user object right away.
It was removed altogether from ApplicationRoute, which only triggered
an `activate` event which never seems to be used.
We can replace it with Evented which is still present.
* FEATURE: Add created_at column to user_badges
This makes scraping for newly granted badges easier.
Patch from @eviltrout applied.
Co-authored-by: Robin Ward <robin.ward@gmail.com>
- Eliminate superfluous "author wrote" block
- Eliminate block-quote for all posts
- Move participant count and reply count to 1 line
- Prioritize name over username if forum requests
- Use fabrication in list controller spec to speed up spec
There is now an explicit "Delete Bookmark" button in the edit modal. A confirmation is shown before deleting.
Along with this, when the bookmarked post icon is clicked the modal is now shown instead of just deleting the bookmark. Also, the "Delete Bookmark" button from the user bookmark list now confirms the action.
Add a `d d` shortcut in the modal to delete the bookmark.
This change broke IE11 support, even with the polyfills enabled. We may need to add a WeakSet polyfill, but reverting this change for now.
This reverts commit 1cd8c6ce4c.
Users can now edit the bookmark name and reminder time from their list of bookmarks.
We use "Custom" for the date and time in the modal because if the user set a reminder for "tomorrow" then edit the reminder "tomorrow", the definition of what "tomorrow" is has changed.
- Delete a positive tabindex from a reused component
- Copy :hover styles to :focus
- Replace an 'outline: 0' rule with a TODO for a custom :focus style
Discovered while fixing the no-positive-tabindex lint.
Within 24 hours of signing up, new users were losing their
default trust level of 3. With this fix, demotions from
trust level 3 won't happen when the "default trust level"
setting is 3 or 4.
* Count user summary bookmarks from new Bookmark table if bookmarks with reminders enabled
* Update topic user bookmarked column when new topic bookmark changed
* Make in:bookmarks search work with new bookmarks
* Fix batch inserts for bookmark rake task (and thus migration). We were only inserting one bookmark at a time, completely defeating the purpose of batching!
* Show the correct bookmark with clock icon when topic-level bookmark reminder time is set and show the time of the reminder in the title on hover.
* Add a new bookmark lib and reminder time formatting function to show time with today/tomorrow shorthand for readability. E.g. tomorrow at 8:00am instead of Apr 16 2020 at 8:00am. This only applies to today + tomorrow, future dates are still treated the same.
Sam Saffron
Martin Brennan
Bianca Nenciu
Joffrey JAFFEUX
Penar Musaraj
Robin Ward
Mark VanLandingham
Jordan Vidrine
Dax74
Kris
Guo Xiang Tan
Krzysztof Kotlarek
Arpit Jalan
Kane York
Dan Ungureanu
Zdravko Curic
David Taylor
tshenry
Roman Rizzi
Vinoth Kannan
Ahmed Gagan
Artem Vasiliev
Jeff Wong
Andrew Schleifer
Joshua Rosenfeld
Neil Lalonde
mentalstring
Jarek Radosz
Blake Erickson
Eric Mueller
Justin DiRose
Daniel Waterworth
Jeff Atwood