Commit Graph

286 Commits

Author SHA1 Message Date
Sam f028ffaf29 SECURITY: correct local onebox category checks
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
2018-02-14 10:40:46 +11:00
Robin Ward 569e57f0a9 FIX: Delete the invalid auth cookie even if you hit the rate limit 2018-02-09 19:09:54 -05:00
Sam 4f946319b4 improve warning text 2018-01-19 08:32:15 +11:00
Sam 25f4d98307 improve error logging for warn_exception 2018-01-05 09:54:42 +11:00
Robin Ward aed37770e3 FIX: Load the route format before discourse 2017-12-21 16:29:11 -05:00
Sam 6c82a50903 Improve error handling in hijacked code 2017-12-01 16:23:32 +11:00
Sam f52111f787 FEATURE: allow plugins to easily detect if running in Rack
Usage: Discourse.running_in_rack? to tell if rack was booted
2017-11-16 08:39:29 +11:00
Sam 70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Sam a4d4db4f0c PERF: code not correctly caching git commands
Every check for Discourse version could result in shelling out.
2017-10-04 14:22:38 +11:00
Robin Ward 460ed3c8cf Revert "Allow `NotFound` to specify an optional `Location` for the resource"
This reverts commit 4ae66c9e01.
2017-09-26 12:58:24 -04:00
Robin Ward 4ae66c9e01 Allow `NotFound` to specify an optional `Location` for the resource 2017-09-26 09:10:18 -04:00
Robin Ward d1ebc62065 The ability to display errors on flagging actions. 2017-09-25 12:28:01 -04:00
Robin Ward 717ed75fc4 Add warning when plugins changed by `tmp` was not removed 2017-09-08 13:38:46 -04:00
Guo Xiang Tan 4d840d10db PERF: Reduce number of Redis hits per requests. 2017-09-07 13:34:27 +08:00
Sam Saffron 7f8a90ef63 remove non english comment 2017-08-31 17:00:37 -04:00
Sam 552fbd3c8d lint 2017-08-28 12:25:34 -04:00
darix 4b5724ec02 Extend config/version.rb with more informations (#5061)
This gives installations not using git checkouts
to provide all the informations needed for the
internal version checks and version display in
the dashboard.

The build:stamp rake task was extended to also
add the new informations.
2017-08-28 12:24:56 -04:00
Guo Xiang Tan 0e656ff213 FIX: Can't reset AR schema cache due to versions table. 2017-08-17 19:27:35 +09:00
Guo Xiang Tan 86adc8d717 Fix typo. 2017-08-16 13:06:47 +09:00
Guo Xiang Tan ed851dbfff FIX: Avoid publishing a gigantic payload.
* Certain sites have way too many categories.
2017-08-16 11:38:30 +09:00
Guo Xiang Tan 3f24ed2b3e Can't revert due to incompatibility of new site setting types.
Revert "Revert "FEATURE: Site settings defaults per locale""

This reverts commit 439fe8ba24.
2017-08-07 10:43:09 +09:00
Guo Xiang Tan 439fe8ba24 Revert "FEATURE: Site settings defaults per locale"
This reverts commit 468a8fcd20.
2017-08-07 10:31:50 +09:00
Erick Guan 468a8fcd20 FEATURE: Site settings defaults per locale
This change-set allows setting different defaults for different locales. 

It also:

- Adds extensive testing around site setting validation

- raises deprecation error if site setting has the default property based on env

- relocated site settings for dev and tests in the initializer

- deprecated client_setting in the site setting's loading process

- ensure it raises when a enum site setting being set

- default_locale is promoted to `required` category.

- fixes incorrect default setting and validation

- fixes ensure type check for site settings

- creates a benchmark for site setting

- sets reasonable defaults for Chinese
2017-08-02 12:24:19 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Robin Ward d2490cbbb8 Test failures for Inline Onebox 2017-07-20 16:01:16 -04:00
Robin Ward 3882722195 FEATURE: Inline (Mini) Oneboxing
see:
https://meta.discourse.org/t/mini-inline-onebox-support-rfc/66400?source_topic_id=66066
2017-07-20 15:38:04 -04:00
Guo Xiang Tan e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Sam 1935f624b8 FEATURE: reset active record cache in sidekiq if needed
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Robin Ward adb73180f7 FEATURE: Let plugins register themes easily 2017-01-13 11:50:52 -05:00
Régis Hanol dfb633fde3 remove 'already initialized constant' warning 2017-01-11 11:03:36 +01:00
Guo Xiang Tan cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Guo Xiang Tan 22059d4df9 Add Rake task to clean up unused multisite Redis keys. 2016-12-05 11:46:34 +08:00
Guo Xiang Tan e8a3043129 Spawn a single thread that checks for PostgreSQL fallback. 2016-11-17 13:52:08 +08:00
Sam f4c754b389 FEATURE: split JavaScript application bundle, so plugins live in own file
This adds plugin.js and plugin_third_party.js files
2016-11-15 11:43:13 +11:00
Sam c995fd65be fix oops 2016-11-02 17:00:24 +11:00
Sam 7e43e73df6 FIX: properly reset all contexts after forking
Fixes hang on backup
2016-11-02 13:34:20 +11:00
Guo Xiang Tan 2f39293867 FIX: User enabled readonly mode was not working. 2016-08-25 23:31:59 +08:00
Robin Ward 2891f230d1 SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 13:54:17 -04:00
Sam Saffron 6777bd2629 warm up v8 after fork 2016-07-16 15:11:34 +10:00
Guo Xiang Tan f256e3afb6 Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Régis Hanol 5169bcdb6e FIX: httpshttps ultra secure URLs 2016-06-30 16:55:01 +02:00
Guo Xiang Tan 64858c10fe
FIX: Set a not expiring key for user enabled readonly mode. 2016-06-29 15:10:01 +08:00
Guo Xiang Tan 20359788dc
Rename `SiteSetting#use_https` to `force_https`. 2016-06-29 15:02:43 +08:00
Guo Xiang Tan 7619c2fa2f
FIX: Make sure we add a TTL when we enable readonly mode. 2016-06-29 13:55:17 +08:00
Régis Hanol 2194ccec6e slightly better automatic flag reason messages 2016-04-25 23:03:17 +02:00
Régis Hanol 56c870cca2 add support for 1.5 pixel ratio 2016-04-06 10:57:59 +02:00
Guo Xiang Tan b41aa27a84 FEATURE: Support multisite in PostgreSQL fallback adapter. 2016-03-02 21:37:37 +08:00
Neil Lalonde f4d44187c8 FIX: site_contact_user should default to system user, not first admin user 2015-11-24 14:37:41 -05:00
Sam 805120fc95 FEATURE: add connnection reaping based on maximum age
This feature ensures connections to the db are always attempted to be closed
after 600 seconds of idle time.
2015-10-17 11:29:16 +11:00
Régis Hanol fe656fb04d FIX: select appropriate period when redirecting to top 2015-09-21 20:28:20 +02:00
Kane York c9e4745fe8 FIX: Return 410 Gone for deleted topics you could otherwise see 2015-09-18 00:14:43 -07:00
Régis Hanol a501947d67 FEATURE: suppress categories from the homepage 2015-09-02 20:25:18 +02:00
Sam 2876725e1b REFACTOR: remove hacky search from discovery 2015-07-27 16:47:06 +10:00
Robin Ward 8a9fa3e5bf FIX: Error reloading dev due to conditional require 2015-07-14 14:52:35 -04:00
Sam 8252f4e110 FEATURE: allow use of redis sentinel via redis_sentinels
Use: DISCOURSE_REDIS_SENTINELS and DISCOURSE_REDIS_HOST to configure redis
sentinel
2015-06-25 16:51:48 +10:00
Régis Hanol c3227b69fa FIX: proper support for pixel ratios up to 3 2015-05-29 09:57:54 +02:00
Régis Hanol 85d4d3223c FIX: crop avatars on the server instead of the client
FIX: support for dots in S3 bucket names
2015-05-26 15:54:25 +02:00
Sam 147ea002f7 FIX: allow handling for avatars that are not in the set of "resized sizes" 2015-05-26 15:41:50 +10:00
Régis Hanol bb0c2813ac FEATURE: generate (avatar) thumbnails in a background task
FIX: keep the "uploading..." indicator until the server replies via the MessageBus
FIX: text was disapearing when uploading an avatar

PERF: always use a region for S3 (defaults to 'us-east-1')
FEATURE: ApplyCDN middleware when using S3
FIX: use the same pattern to store files on S3 and locally
PERF: keep a local cache of uploads when generating thumbnails
FEATURE: migrate_to_s3 rake task
2015-05-25 17:59:00 +02:00
Sam df5be88a77 fallback to hardcoded version if installed and not using git 2015-05-22 11:22:12 +10:00
Régis Hanol 9a96cd9f3b CRUSHED: duplicate key value violates unique constraint 'index_uploads_on_sha1' 2015-05-07 01:00:13 +02:00
Sam b7e7da766d avoid static method so we can easily inherit off this class 2015-05-06 09:53:29 +10:00
Sam 803feefd54 MessageBus handles readonly redis now, no need to wrap it 2015-05-04 12:21:00 +10:00
Robin Ward 16408cee06 Allow Postgres to trigger readonly mode for the site. 2015-04-29 11:49:58 -04:00
Robin Ward de42c627c5 Allow plugins to specify a minimum `requires version` 2015-04-27 13:07:12 -04:00
Robin Ward 3a6efa25f0 Allow ReadOnly to propogate up to the Ember app via Response Header 2015-04-24 14:37:16 -04:00
Robin Ward 5b3f99aa50 Don't blow up if Redis switches to READONLY 2015-04-24 14:37:16 -04:00
Robin Ward 19a9a8b408 `NewPostManager` determines whether to queue a post or not 2015-04-15 14:54:36 -04:00
Sam 2a2bd3e946 regression and missing filter 2015-04-02 16:30:34 +11:00
Sam 4dbd065026 work-in-progress full page search 2015-04-02 16:02:07 +11:00
Sam 23ed7e9db8 Exceptions we use in the app should inherit off StandardError 2015-03-23 12:16:21 +11:00
Sam 71d6266f98 REGRESSION: exceptions are handled natively by logster 2015-02-27 13:05:51 +11:00
Sam 6960639c58 Merge pull request #3190 from riking/thrown_logging
Delete old ErrorLog, use Logster for 500 errors
2015-02-23 14:19:16 +11:00
Sam d56b71851b FEATURE: configurable connection reaping settings 2015-02-17 09:58:43 +11:00
Régis Hanol 9a637836d0 FEATURE: readonly safeguard 2015-02-11 21:50:17 +01:00
Robin Ward 8d46de4819 Add a spec for the new plugins controller 2015-02-10 12:35:53 -05:00
riking 68ccd2d664 FEATURE: All 500 errors now show up in Logster
Added Discourse.handle_request_exception()
2015-02-09 12:48:33 -08:00
riking 5657006aca Rename handle_exception to handle_job_exception 2015-02-09 12:47:46 -08:00
Robin Ward 25daca8f23 Helpers for plugins to support enabling/disabling 2015-02-04 16:23:56 -05:00
Sam ba186b25a7 FEATURE: optional top level bookmarks tab 2015-01-25 15:53:11 +11:00
Sam efc717c14a FEATURE: remove star concept from Discourse 2015-01-07 13:43:27 +11:00
Robin Ward eb512f07a7 FIX: Spec failures for feeds related to enabling categories as default
page for anons when latest is deleted.
2014-09-11 15:30:41 -04:00
Robin Ward 0eaf023025 FIX: If `latest` is removed (why?) don't 404 on root 2014-09-11 14:42:45 -04:00
Neil Lalonde 19cba7bb0f Version checks include the branch 2014-09-09 17:35:51 -04:00
Sam f897c89d48 FIX: run reaper after fork 2014-08-11 17:51:55 +10:00
Neil Lalonde fc22127726 FIX: only admin can edit faq, tos, and privacy policy 2014-07-29 10:40:09 -04:00
riking a69efada85 Realign method comment 2014-07-17 15:07:25 -07:00
riking 12cb682548 Start passing more context to Discourse.handle_exception 2014-07-17 14:11:56 -07:00
riking 2b5a955c18 Pass more context from Sidekiq jobs to Logster 2014-07-17 11:19:59 -07:00
Sam 7e1bd88c33 BUGFIX: eliminate drafts for system user 2014-06-25 10:55:35 +10:00
Sam 48790368a0 BUGFIX: system user needs no drafts. 2014-06-25 10:45:20 +10:00
Sam a2e2d0e886 Merge pull request #2316 from mutiny/refactor-where-first
Refactor `where(...).first` to `find_by(...)`
2014-05-08 09:10:45 +10:00
Sam d648b04eef forgot to reconnect logster post fork 2014-05-08 08:05:28 +10:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Sam c6f9cc0787 UPGRADE: sidekiq to sidekiq 3.0 2014-04-23 11:01:17 +10:00
Sam ead7c52a06 Refactor demonizer in prep for unicorn forking
Upgrade sidekiq
2014-04-17 15:58:00 +10:00
Régis Hanol bb0baa6d7c BUGFIX: properly reconnect to the current db after forking 2014-04-07 19:38:47 +02:00
Sam f3cc7360e0 BUGFIX: Correct after_fork semantics
After fork SiteSettings was not getting a new process id,
causing site settings not to refresh properly in unicorn

This code also centralizes the logic
2014-03-31 12:34:13 +11:00
riking ccd3e635d2 Refresh the site after updating certain site settings 2014-03-06 20:24:23 -08:00
Sam Saffron 2ab76f60d1 FEATURE: Discoruse.handle_exception
to report exception via sidekiq helper, adds extra context
2014-02-21 14:30:25 +11:00
Régis Hanol a682c8fc91 BUGFIX: do not push read-only signal to ALL sites 2014-02-19 18:21:41 +01:00
Régis Hanol e7472dc374 readonly mode 2014-02-13 13:31:13 -08:00
Régis Hanol bfc9664231 BUGFIX: site_contact_username was case-sensitive 2014-01-23 11:26:31 +01:00
Robin Ward 4981525047 REFACTOR: Fixes poor class hierarchy for listing topics
- Upgrades Ember to latest
- Fixes a bunch of bugs with page titles and missing "active" states
2014-01-18 19:26:24 +01:00
Sam a247389d4e FEATURE: automatically update site to latest version of assets
if a user neglects to move around the site it will prompt to do so 2 hours in
2014-01-15 12:08:35 +11:00
Neil Lalonde 52580f09af Rename favorite to starred everywhere 2014-01-10 14:54:19 -05:00
Sam 1533a1163c use_ssl is just confusing, it means use_https , fix name of setting 2014-01-09 10:51:38 +11:00
Régis Hanol 567d2bd23c add top page 2013-12-24 00:50:36 +01:00
Sam 3fa48f8d76 Style fix: https://twitter.com/andrzejkrzywda/status/404943844896423937 2013-11-26 10:21:41 +11:00
Régis Hanol 37fd7ab574 pull hotlinked images 2013-11-05 19:07:29 +01:00
Sam 7993845bfa add current_user_provider so people can override current_user bevior cleanly, see
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Sam 2ce4468aa5 rename system_username to site_contact_username , system_user is a special user with -1 id that is only used for certain admin tasks
for example system_user will autoclose stuff if needed, it will delete stubs and be the target for flag pms
2013-09-06 17:28:37 +10:00
Sam 41a1b6942d notify moderators now goes to the "community" user, that saves our poor mods from a flood of pms
if any staff respond to a pm they are automatically added to the list of recipients and will start
getting email notifications
2013-09-06 14:07:23 +10:00
Sam 213ce33af2 Fixed all broken specs
Moved middleware config into authenticators
2013-08-26 12:59:17 +10:00
Sam 075002a6d5 refactoring the plugin interfaces to allow for better extensible 2013-08-26 12:59:17 +10:00
Régis Hanol 4ec9b3ea39 fix: git-version isn't showing up 2013-08-02 23:25:57 +02:00
Robin Ward 4f0713b9da Merge pull request #1275 from ZogStriP/enable-thumbnailing-on-s3
Enable thumbnailing on s3
2013-08-01 07:35:35 -07:00
Sam 4fcba7a6f1 when there are no providers do not blow up 2013-08-01 16:05:46 +10:00
Sam 160107a712 working plugin interface for custom openid auth, custom css and custom js 2013-08-01 16:02:43 +10:00
Régis Hanol ed9417fa3b enable thumbnailing on S3
- added url to optimized image model
- refactored s3_store & local_store
2013-07-31 23:26:34 +02:00
Sam aa6c92922d SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 15:13:13 +10:00
Sam 799b402778 fix horribly broken invite code, could lead to inviting the wrong person to a conversation 2013-06-19 10:31:19 +10:00
Régis Hanol e3e55d4dad fix image uploads on s3/imgur 2013-06-05 00:35:42 +02:00
Sam 2e87974cb5 fix very wonky logic around hostname calculation 2013-05-31 08:48:34 +10:00
Sam 160567e372 Revert "fix wonky logic figuring out host name"
This reverts commit 114fcb4734.
2013-05-31 08:41:29 +10:00
Sam 114fcb4734 fix wonky logic figuring out host name 2013-05-31 08:39:52 +10:00
Robin Ward d554a59102 Support for a new site setting: `newuser_spam_host_threshold`. If a new user posts a link
to the same host enough tiles, they will not be able to post the same link again.

Additionally, the site will flag all their previous posts with links as spam and they will
be instantly hidden via the auto hide workflow.
2013-05-16 12:19:50 -04:00
Sam b6bf95e741 speed up startup (avoid loading some gems on startup)
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
Wojciech Kocjan 68bdab6635 Post processing of images adds prefix second time when post processing a post with one or more images if running with a prefix 2013-04-05 12:38:20 +02:00
Wojciech Kocjan a875b1c44a Store base URI in Discourse.BaseUri and use it in all places where rootURL was previously used 2013-04-04 11:16:38 +02:00
Wojciech Kocjan e6ccc300dc Support for running discourse with a prefix (i.e. as http://servername/discourse) 2013-03-16 00:01:21 +01:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Sam Saffron 0e48e1c346 clean up git version stuff a tad 2013-02-18 18:01:36 +11:00
Sam Saffron d9a84ddd01 chuck git version at the bottom of the page 2013-02-18 17:39:54 +11:00
Sam Saffron 0f88947279 fix onebox for your own site 2013-02-06 16:22:11 +11:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00