Commit Graph

398 Commits

Author SHA1 Message Date
riking 783454ebe1 Fix /p/post/user route not saving referrals
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
Neil Lalonde 5bcfb6ee38 FIX: don't show 'About category' topics on the 404 page 2014-07-04 16:18:17 -04:00
riking 2d5f667160 Make ?preview-style make sense
New behavior:
?preview-style=(sha) -- see that stylesheet
?preview-style= -- see the currently selected stylesheet
?preview-style=default -- see the default stylesheet ("rescue mode")
2014-06-20 09:06:36 -07:00
Neil Lalonde ad2bd11d6e Add a way to get user based on sso external id 2014-06-18 14:40:25 -04:00
Régis Hanol 00117c18c3 FEATURE: dismissable banner topic 2014-06-18 20:05:19 +02:00
Sam f1a28d62a3 FEATURE: support registration of custom html by plugins 2014-06-05 11:39:33 +10:00
Sam fa6f22dd39 Move letter avatars out of upload system
FIX: S3 issues around system avatars
FIX: reduced backup file size
2014-05-30 14:45:55 +10:00
Sam f8b7f0d73f FEATURE: logster env tab, log current user 2014-05-12 15:28:23 +10:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Vikhyat Korrapati 8f53b7a65b Detect arrays for serialization using respond_to?(:to_ary).
This is the way AMS detects arrays, and is more robust than checking
is_a? for whitelisted classes. For example, this works for
ActiveRecord::AssociationRelation which the current logic does not
handle.
2014-04-16 20:48:09 +05:30
Robin Ward 558a06a117 Adds better reusable error message support. Added to fetching remote
posts. /cc @riking
2014-04-02 13:22:10 -04:00
Robin Ward b0f3061113 It doesn't make sense to redirect when not logged in on a non-GET
request. We should report a failure then. They likely logged out or
in another tab or timed out.
2014-03-05 12:12:53 -05:00
Neil Lalonde 7322345039 FIX: when shown 403 error page and logging in, it will take you to the same page 2014-02-26 17:53:53 -05:00
Robin Ward 3151f59bc9 REFACTOR: We don't cache the json for the Site model anymore, so let's
rename and remove the methods leftover from that.
2014-02-24 14:25:37 -05:00
Neil Lalonde 9545e2e46e FIX: broken 404 page. don't bother showing current_usre stuff 2014-02-21 12:24:45 -05:00
Robin Ward d95887c57d CHANGE: We now include the `_escaped_fragment_` support by default, but
only if the crawler check fails. It is a fallback for non-google search
engines that support the Ajax crawling API.
2014-02-20 17:02:26 -05:00
Robin Ward c4b5455c21 REFACTOR: Rename `GooglebotDetection` to `CrawlerDetection` because we
will likely whitelist more crawlers in the future.
2014-02-20 16:07:02 -05:00
Régis Hanol d443ddd43d Merge pull request #1922 from joallard/language-toggle
Allow users to toggle interface language in their preferences
2014-02-19 18:28:00 +01:00
Neil Lalonde 7f6b2e5563 Show login button on 404 page. Add routes to show login and signup modals when page/route loads. If logged in and showing 404 page, load ember app. 2014-02-18 17:18:53 -05:00
Jonathan Allard 0592420e52 Add a site setting to allow users to toggle I18n.locale
It is false by default.
2014-02-18 14:54:00 -05:00
Jonathan Allard c513725f26 Allow users to toggle interface language in their preferences 2014-02-18 14:53:59 -05:00
Neil Lalonde d298e2e065 Detect Googlebot from user agent and use a different layout that doesn't load javascript 2014-02-15 17:54:34 -05:00
Régis Hanol 5725f02d9e allow full access to /admin/backups while in read-only mode 2014-02-13 13:31:14 -08:00
Régis Hanol e7472dc374 readonly mode 2014-02-13 13:31:13 -08:00
Neil Lalonde e0df404d7e Add site setting tos_accept_required. If enabled, users must check a box saying that they've read and accept the terms of service. 2014-02-07 16:04:13 -05:00
slainer68 748e1e0748 Allow using the API when Login required site setting is on. 2014-01-24 14:02:49 +01:00
Neil Lalonde 259295d865 Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year. 2014-01-09 11:55:04 -05:00
christophe dfb9b8fa58 Fix unused parameter 2014-01-04 08:53:27 +01:00
Neil Lalonde 1f0a59584b Revert "Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations." 2013-12-18 14:47:22 -05:00
Régis Hanol 94fda12795 use a helper instead of a view for custom HTML content 2013-12-17 18:56:59 +01:00
Régis Hanol 4c6b535cc0 move arbitrary html content out of noscript and into the preloadstore 2013-12-17 18:25:27 +01:00
Neil Lalonde 5171a23a9c Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations. 2013-12-11 11:19:22 -05:00
Neil Lalonde 2596f7dec2 Revert "Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations." 2013-12-09 16:28:11 -05:00
Neil Lalonde ca5d4d5e54 Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations. 2013-12-09 13:28:42 -05:00
Harry Seo 2d9876a6ac FIX: set_locale filter must be executed before check_xhr filter because check_xhr filter renders html in some cases 2013-12-04 20:49:54 +09:00
Robin Ward 7207cef7aa TopicQuery cleanup in advance of custom sorting:
- Move SQL method constants into a module
- Removed unused count methods
- Moved methods that don't return a TopicList into Topic
- Replaced some confusing method signatures
2013-11-13 12:26:32 -05:00
Régis Hanol e9f9d22482 add query parameter to temporarily disable customization 2013-11-12 18:14:22 +01:00
Robin Ward de30af9302 Support for inviting to a forum from a user's invite page. 2013-11-06 12:56:50 -05:00
Vikhyat Korrapati 855ee3b43d Fix ActiveRecord::Associations::CollectionProxy serialization in Rails 4. 2013-11-03 10:41:38 +05:30
Robin Ward 348e2e3ef2 Support for per-user API keys 2013-10-22 17:34:39 -04:00
Sam 3d647a4b41 remove rack cache, it has been causing trouble
instead implement an aggressive anonymous cache that is stored in redis
this cache is sitting in the front of the middleware stack enabled only in production
TODO: expire it more intelligently when stuff is created
2013-10-16 16:39:18 +11:00
Sam 939a452293 require dependency was leading to errors in dev 2013-10-09 17:22:41 +11:00
Sam 7993845bfa add current_user_provider so people can override current_user bevior cleanly, see
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Neil Lalonde 45d7765936 Merge branch 'master' into mobile 2013-09-05 15:54:22 -04:00
Robin Ward f157ec1f91 Select +Replies for bulk operations 2013-09-05 11:03:29 -04:00
Neil Lalonde 9efa29e688 Detect whether to use mobile view. Session var mobile_view can override automatic detection. 2013-08-27 14:57:42 -04:00
Sam c4a0152dc6 recover from bad CSRF tokens without requiring a hard refresh of the browser 2013-08-27 15:56:12 +10:00
Sam 11dca1fd92 make code climate a bit happier 2013-08-06 06:25:44 +10:00
Sam aa6c92922d SECURITY: correct our CSRF implementation to be much more aggressive 2013-07-29 15:13:13 +10:00
Sam ecf17cfebb work in progress, add fidelity to category group permissions (full, create posts, readonly) 2013-07-16 15:46:11 +10:00
Robin Ward 19c169540c Staff can enter and view deleted topics 2013-07-11 16:39:35 -04:00
Stephan Kaag e39cc464b1 Refactor routes in order to be compatible with Rails 4 2013-07-01 20:00:06 +02:00
Sam 92562c2090 Merge pull request #1057 from house9/list-controller-1
refactor list_controller
2013-06-25 17:36:56 -07:00
Neil Lalonde a86b35c873 Remove the access_password site setting 2013-06-25 15:05:25 -04:00
Jesse House 2e12eb2b62 refactor list_controller
- minor refactoring of actions 'category' and 'category_feed'
- fix defect in 'category' where check was for literal
  string 'uncategorized' instead of SiteSetting.uncategorized_name
- major refactoring on defined topic actions
2013-06-25 08:29:00 -07:00
Vipul A M 4ddc0825f5 Remove code duplication in ApplicationController 2013-06-20 21:17:33 +05:30
Sam 7ca5ab3da3 allow api for restricted by global password sites 2013-06-17 16:09:59 +10:00
Sam b97d186cb5 automatic groups should not allow you to muck with the listed users in the group 2013-06-17 12:54:25 +10:00
Sam e6e81efe85 correct information leak in page not found 2013-06-13 10:27:17 +10:00
Robin Ward 5217602ec3 FIX: RSS paths render a 404 for missing topics. 2013-06-07 12:52:12 -04:00
Neil Lalonde 62041da7e0 Handle /t/only-the-slug urls by trying to find the topic by slug (second try) 2013-06-06 14:41:37 -04:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt 92a4828f72 Redirect all controllers to login if required
We want to skip the filter for sessions controller so that we can login
and we want to skip the filter for static pages because those should be
visible to visitors.
2013-06-04 16:10:10 -07:00
Robin Ward 02b1f78410 FIX: Include preloaded data even if the request type isn't explicitly text/html 2013-06-04 12:56:12 -04:00
Neil Lalonde 42714b424f For 403 errors, show the same html page as 404 2013-05-30 16:39:39 -04:00
Sam e93b7a3b20 more progress towards live unread and new counts, unread message implemented, still to implement delete messages 2013-05-30 16:49:57 +10:00
Robin Ward 830b93a16b Reduced complexity of admin flags controller, split up into methods, moved reports into model. 2013-05-29 16:49:34 -04:00
Robin Ward 0f296cd42b Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now. 2013-05-22 12:06:37 -04:00
Sam fc57578c85 proper 404 for json request 404 2013-05-20 17:28:32 +10:00
Sam 80fb20816c get rid of nonsense 404.html
correct 404 handling for invalid pages
2013-05-20 10:29:49 +10:00
Sam b6bf95e741 speed up startup (avoid loading some gems on startup)
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
Sam cef9a74053 route for markdown /md/topic_id/post_number 2013-04-30 16:30:41 +10:00
Régis Hanol 017ee7c2da FIX: [security bug] XHR check bypass 2013-04-30 02:34:19 +02:00
Sam f9e33ec6b8 store ip address and current user with incoming links
make links long an readable in share dialog
2013-04-26 16:18:55 +10:00
Sam 37867af1bb track incoming links, amend share link to include user
fix pm styling
2013-04-24 18:05:35 +10:00
Sam 6974ad487c fix not found error when spiders were hitting with .php 2013-04-18 09:55:47 +10:00
Sam 0f362c5474 this has been bugging me for ages, broken "fill your profile link" fixed AND bio updates when you save 2013-04-12 10:07:58 +10:00
Sam 850b042cab introduce rack:cache as a default, so users don't need to configure apache or nginx
under rack cache we are able to serve 620reqs a second per thin (on my machine) before it 12 (on my machine)

reorganised so mini profilers can be cleanly disabled from config file

added caching for categories index

move production.rb to production.sample.rb
2013-04-11 16:24:21 +10:00
Régis Hanol 41b7f741d0 extract hard-coded strings 2013-04-07 18:14:50 +02:00
Sam c57ec611e1 basic api support 2013-03-25 18:04:46 -07:00
Sam deb603f41c Merge pull request #547 from kid0m4n/convert-ruby-1-9-syntax
Convert a lot of :a => b to a: b and bring peace to the world
2013-03-24 16:43:17 -07:00
Karan Misra 5dfb04e4b3 Convert a lot of :a => b to a: b and bring peace to the world 2013-03-25 05:07:36 +05:30
Régis Hanol 0da8f35659 [fixes #391] exception when wrong resource type in URL 2013-03-24 22:25:24 +01:00
Régis Hanol 239cbd2d58 enforce coding convention
replaced every `and` by `&&` and every `or` by `||`
2013-03-05 01:42:44 +01:00
Robin Ward d2596c3c4c Remove unusued site_settings, show checkbox in UI for boolean values, remove restrict_access
boolean to avoid locking yourself out by setting access_password to empty string. Minor
UI tweaks.
2013-03-01 14:27:41 -05:00
Robin Ward 628927a79f Added Site Setting to change locale. 2013-02-28 14:34:38 -05:00
Gosha Arinich cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Sam Saffron b66db4153d refactor and organise current_user better 2013-02-24 21:42:04 +11:00
tms 3e6641c07e Unsign auth token cookies per discussion on #215 2013-02-23 13:40:21 -05:00
tms 5616fdc475 Sign the auth token cookie and make it httpOnly 2013-02-20 17:24:19 -05:00
xdite cab4d95eaf use canonical-url plugin to make view more clean 2013-02-13 19:04:43 +08:00
Robin Ward 57049b55a2 Little things:
- Retries on deadlock when calculating average time
- Removes Warning: When specifying html format for errors
- Doesn't use manual SQL to update user's ip address
2013-02-11 15:47:28 -05:00
Robin Ward 6ce32b8bc4 Trivial: Was not finding files in public for errors due to missing extensions. 2013-02-11 14:39:26 -05:00
Sam Saffron 80929ead4b security hole fixed 2013-02-11 17:28:21 +11:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward 6043a370ad Oops, that should be 1.minute 2013-02-06 12:07:22 -05:00
Robin Ward 8d568b05c4 Don't enable Cache-Control if the site has restricted access. 2013-02-06 11:55:54 -05:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00