Commit Graph

5799 Commits

Author SHA1 Message Date
Sam 665ade50c6 SECURITY: extra CORS headers should be set on correct host 2018-07-11 09:29:02 +10:00
Sam b97b426d34 Revert "FIX: wrong site origin in message bus header"
This reverts commit 93b49a0dd5.
2018-07-11 09:26:43 +10:00
Neil Lalonde 93b49a0dd5 FIX: wrong site origin in message bus header 2018-07-10 15:01:03 -04:00
Guo Xiang Tan 96aca6d7e6
Remove legacy vote post action code. (#6009) 2018-07-09 16:54:18 +08:00
David Taylor 9a813210b9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071)
Do not allow authentication with disabled plugin-supplied auth providers
2018-07-09 14:25:58 +10:00
michael@discoursehosting.com 81188060d6 Add S3 region eu-west-3 (Paris) 2018-07-09 14:18:35 +10:00
Sam 4f41ccd975 FEATURE: MauiBot is abusive and is now blocked
We have now seen multiple forums where MauiBot uses a large amount of
traffic, due to this bad behavior it is blocked out-of-the-box
2018-07-06 16:46:33 +10:00
Neil Lalonde eabc8f7fbd
Merge pull request #6023 from misaka4e21/only-staff-can-create-tag
FEATURE: Support disabling tag creation for non-staff users.
2018-07-05 11:12:44 -04:00
Patrick Gansterer 28dd7fb562 FEATURE: Create hidden posts for received spam emails (#6010)
* Add possibility to add hidden posts with PostCreator

* FEATURE: Create hidden posts for received spam emails

Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
2018-07-05 11:07:46 +02:00
Maja Komel cb89797e9a FEATURE: shows remaining backup codes in user preferences 2018-07-04 10:45:42 +02:00
Guo Xiang Tan b59c17d484 Update title site setting defaults for ja locale.
https://meta.discourse.org/t/updating-title-when-using-japanese-characters-does-not-work/88718/7
2018-06-28 23:23:00 +08:00
Arpit Jalan a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Dax74 ccc2d94ae8
Update link
See https://meta.discourse.org/t/wrong-link-on-manual-admin-creation/90849
2018-06-27 11:38:01 +02:00
misaka4e21 47cb46671a FEATURE: Support disabling tag creation for non-staff users. 2018-06-27 07:15:02 +08:00
Jeff Atwood 7dce8290ed copyedit on category drop down 2018-06-26 12:43:45 -07:00
Jeff Atwood 67a986f30d centralize trust level doc to blog 2018-06-25 17:34:47 -07:00
Neil Lalonde b3073175a7 FIX: missing translations for mobile flag modal 2018-06-25 10:59:44 -04:00
Ernesto Serrano d1297b7296 Update server.en.yml 2018-06-25 16:18:07 +10:00
Gerhard Schlager e5f62f7965 Update server.es.yml (reverted from commit 1ea380e30e) 2018-06-25 16:18:07 +10:00
Ernesto Serrano 64941e7f91 Update server.en.yml 2018-06-25 16:18:07 +10:00
Ernesto Serrano 8809984d83 Update server.es.yml 2018-06-25 16:18:07 +10:00
Ernesto Serrano f57375a5ce Update site_settings.yml 2018-06-25 16:18:07 +10:00
Jeff Atwood 549a47e801 copyedit on TL1 welcome (again) 2018-06-23 22:29:13 -07:00
Jeff Atwood d634486870 copyedit on TL1 congrats PM 2018-06-23 14:30:04 -07:00
Jeff Wong 41f76a74f8 FEATURE: send message when a user reaches tl1 2018-06-22 13:20:00 -07:00
Robin Ward c08c725c54 Allow plugins to omit base locales if they want 2018-06-22 09:46:23 -04:00
Joffrey JAFFEUX fed86225c8
FEATURE: differentiate total and total for period on admin table report 2018-06-21 22:46:53 +02:00
Joffrey JAFFEUX a41057aa6e
FEATURE: display report total value when showing report 2018-06-21 18:17:22 +02:00
Neil Lalonde 072659c22a Update translations 2018-06-21 10:34:09 -04:00
Sam f66efc601d FIX: cubot android devices were detected as crawlers 2018-06-21 10:56:46 +10:00
Sam 591512fcb8 adjust defaults for search log retention 2018-06-20 10:46:07 +10:00
riking 38a8e52ca4 FIX: Add time retention limit to search logs
3 years is a very conservative limit that allows for a very wide buffer
for year-over-year analysis. The max is set to 5 years because that is
the policy listed for logging in hosted Discourse.
2018-06-20 10:44:11 +10:00
Arpit Jalan aedc61a3b4 FEATURE: allow large icon to be uploaded in wizard 2018-06-19 21:08:02 +05:30
Michael Brown ae5d255f83 FIX: Reference example.com instead of somesite.com in examples
* somesite.com actually exists...
* example.com should be used in examples and is harmless to visit
2018-06-19 10:37:24 -04:00
Sam 5f64fd0a21 DEV: remove exec_sql and replace with mini_sql
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
2018-06-19 16:13:36 +10:00
Neil Lalonde 320cd9a19e UX: rate limiter message will say to wait "a few seconds" instead of 0 to 3 seconds 2018-06-18 14:14:47 -04:00
Joffrey JAFFEUX 3fc82bf200
FIX: adds a title to composer actions header 2018-06-18 19:01:37 +02:00
Joffrey JAFFEUX f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Arpit Jalan f1d1207725 FIX: improve context when user deletes self 2018-06-18 11:36:22 +05:30
Arpit Jalan c7ee70941e FEATURE: show category page options on wizard 'homepage' step 2018-06-15 19:11:41 +05:30
Sam 87fabdc2f3 FIX: correct pool reaper
This removes a freedom patch and replaces with a custom reaper thread
it also captures an issue where reaper would fail when connections where
empty
2018-06-14 18:22:02 +10:00
Rafael dos Santos Silva 8fc08aad09 FEATURE: Update the webmanifest
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
2018-06-14 00:13:28 -03:00
Sam 66982c7800 FIX: stop using Rails connection reaper in multisite
The Rails 5.2 connection reaper appears to be leaking threads
this is a quick fix to stop it, though we need to make sure we
never leak connection pools as well.
2018-06-14 12:49:30 +10:00
Robin Ward fd54c92a52 FEATURE: New site setting, whitelisted_link_domains
If provided, users who normally couldn't post links (say, due to a
low trust level), can post links to those specific hosts.
2018-06-13 16:11:22 -04:00
Jeff Atwood 0dee603ffc
Merge pull request #5985 from featheredtoast/pm-participants-two-lines
FIX: PM participants listed inline
2018-06-11 18:33:15 -07:00
Guo Xiang Tan 805fd17b23 ActiveRecord in Rails 5.2 discards connection pools after fork. 2018-06-12 09:30:52 +08:00
Jeff Wong 4599cc8435 FIX: PM participants listed inline 2018-06-11 18:14:25 -07:00
Gerhard Schlager 8fc6605d4f UX: No need to warn about username changes anymore 2018-06-11 18:43:56 +02:00
Gerhard Schlager 150ae21489 FEATURE: Log user merge in staff logs 2018-06-11 18:43:56 +02:00