Commit Graph

37669 Commits

Author SHA1 Message Date
Blake Erickson a788427b46
FIX: broken query if upload id is missing (#9900)
Log warnings if there are any errors trying to upload group flair image
and ensure upload.id exists before trying to use it in a sql query.
2020-05-27 12:39:30 -06:00
Jeff Wong a9d92f338e
SECURITY: make find topic by slug adhere to SiteSetting.detailed_404 (#9898) 2020-05-27 11:28:38 -07:00
Joffrey JAFFEUX 77801aa9be
FIX: allows to have custom emoji translation without static file (#9893) 2020-05-27 20:11:52 +02:00
Roman Rizzi 207b72ade1
UX: Don't show the suspension date if the user is permantently suspended. (#9895)
Use the same pattern used in user.hbs
2020-05-27 14:50:17 -03:00
Dan Ungureanu 570b12a903
FEATURE: Show a detailed 404 page for private topics (#9894) 2020-05-27 20:10:01 +03:00
Penar Musaraj 7bc496070f UX: Keep focus on input after selecting an autocomplete option
This is particularly helpful on mobile, now tapping on an item from
the autocomplete dropdown keeps the keyboard visible.
2020-05-27 12:45:03 -04:00
Arpit Jalan 68fdfd76f5 fix the build 2020-05-27 22:06:45 +05:30
Arpit Jalan 8d2908dd9e UX: do not show redundant user count
UX: add spacing between +member_count and "more"
2020-05-27 21:53:59 +05:30
Artem Vasiliev 12544c02c1
FIX: add X-Robots-Tag header for check_xhr-covered GET actions, too (#9868)
* FIX: add X-Robots-Tag header for check_xhr-covered GET actions, too

see https://meta.discourse.org/t/missing-x-robots-tag/152593/3 for context

* test: a spec making sure X-Robots-Tag header is present when needed

/groups path responds to anonymous requests and doesn't skip `check_xhr` method, so we can use it here.
2020-05-27 11:57:05 -04:00
Roman Rizzi 461df7d050
UX: Rename Priority to score for sorting. (#9846) 2020-05-27 12:50:28 -03:00
Joffrey JAFFEUX 488f8d914a
DEV: skip bunch of failing tests (#9896) 2020-05-27 17:36:50 +02:00
Blake Erickson da839e6d26 SECURITY: Use FinalDestination for topic embeds 2020-05-27 09:26:09 -06:00
Régis Hanol 2a4db15544 FIX: don't send digests to users with no primary email
It might happen that some User records have no associated primary emails.
In which case we don't ever want to send them a digest.

Also added a new "user_email_no_email" skipped email log to ensure these cases
are properly handled and surfaced.
2020-05-27 17:09:40 +02:00
Arpit Jalan 2152e70e0d DEV: annotate models 2020-05-27 19:05:24 +05:30
Joffrey JAFFEUX f51093dde7
FIX: correctly set values and defaults for group-form-interaction-fields (#9891) 2020-05-27 12:10:27 +02:00
Joffrey JAFFEUX 1d685c22af
REVERT: removes translate_emoji (#9889)
This API is actually used in some plugins.
2020-05-27 12:08:24 +02:00
Sam Saffron 1cf2d1f9f2
FIX: when destroying a draft always ensure saving is done
There was a race condition where drafts could be either saving
or queued to be saved and a user canceled draft leading to destroying
it.

This cancels debounce save and waits for save in the pipeline to
be over prior to firing off a DELETE on the draft
2020-05-27 18:46:19 +10:00
Sam Saffron f41fcad6c3
FIX: opening cancel draft dialog broke autosave
cancelComposer would leak a promise that never got resolved if
you aborted cancelling a composer.

This change ensured the promise will always be resolved
2020-05-27 18:16:48 +10:00
dependabot-preview[bot] 63b3155983
Build(deps): Bump onebox from 1.9.28.2 to 1.9.28.3 (#9887)
Bumps [onebox](https://github.com/discourse/onebox) from 1.9.28.2 to 1.9.28.3.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v1.9.28.2...v1.9.28.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-27 08:38:16 +05:30
Sam Saffron 5bfb6830c9
SECURITY: missing security check prior to redirect
In some rare cases, if a user knows the exact title of a topic
they could possibly determine that it really exists in the system
2020-05-27 10:58:22 +10:00
Martin Brennan 2d534bf2e0
FIX: Pass current_user to TopicQuery in for categories_and_top_topics (#9885) 2020-05-27 10:05:06 +10:00
Krzysztof Kotlarek 34e5f0a9a3
Revert "FEATURE: notify admins about old credentials (#9854)" (#9886)
This reverts commit 349a67bee6.
2020-05-27 09:52:53 +10:00
Kris 66ec634cb3 Composer whisper icon missing margin when editing replies 2020-05-26 19:17:09 -04:00
Jordan Vidrine 5f61deff80
FIX: updates variables for HTML to use `em` instead of `px` in font-size (#9883) 2020-05-26 17:48:35 -05:00
Krzysztof Kotlarek 349a67bee6
FEATURE: notify admins about old credentials (#9854)
* FEATURE: notify admins about old credentials

Security and API keys should be renewed periodically.
This additional notification should help admins keep their Discourse safe and secure.
2020-05-27 08:13:47 +10:00
Neil Lalonde 2c880b9bf9
FIX: wizard fails to start when default_theme_id is -1 2020-05-26 16:08:35 -04:00
Penar Musaraj b1c726be0d
Remove support for FontAwesome 4.7 icon names (#9871) 2020-05-26 14:53:32 -04:00
Mark VanLandingham 7820686f73
FIX: Wizard previews if color step is excluded (#9881) 2020-05-26 12:56:36 -05:00
Arpit Jalan a6189c5070 Bump onebox version
- use oEmbed for Instagram onebox
2020-05-26 22:03:51 +05:30
dependabot-preview[bot] d38e571cba
Build(deps): Bump excon from 0.72.0 to 0.73.0 (#9228)
Bumps [excon](https://github.com/excon/excon) from 0.72.0 to 0.73.0.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.72.0...v0.73.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-05-26 12:28:28 -04:00
Gerhard Schlager 69ee94b526 FIX: XML files could be detected as SVG files 2020-05-26 18:18:20 +02:00
Jeff Wong 4dc6504234 DEV: Mark fontawesome-pro plugin as official 2020-05-26 08:50:55 -07:00
Neil Lalonde 788b8becde
Version bump to v2.5.0.beta5 2020-05-26 11:13:05 -04:00
Joffrey JAFFEUX 675e9b81c6
FIX: document.activeElement can be null on IE11 (#9880) 2020-05-26 16:51:55 +02:00
Guo Xiang Tan 26c7fa2c29
FIX: `rescue_from` doesn't bubble up.
See a47e0c19e6/actionpack/lib/action_controller/metal/rescue.rb (L25)
2020-05-26 22:43:29 +08:00
Joffrey JAFFEUX 253a185769
FIX: makes focust text area after complete more resilient (#9879) 2020-05-26 16:27:02 +02:00
Neil Lalonde 3d20a1143b
Update translations 2020-05-26 10:06:07 -04:00
Jarek Radosz eb462bfb3d
FIX: Improve image downsizing script (#9549)
Correctly handles more upload formats in posts, updates post custom fields, fixes more edge cases, adds debugging capabilities. (VERBOSE=1 and INTERACTIVE=1 flags)

Includes these commits and some more:

* DEV: Show the fixed image dimensions
* FIX: Support more upload url formats
* DEV: Remove the old upload after updating posts
* FIX: Use the `process_post_#{id}` mutex
* FIX: Avoid rebaking twice
* DEV: Print out the link to the post
* DEV: Process posts chronologically
* DEV: Do a dry-run before saving, pause on any issue
* FIX: Also process deleted posts
* DEV: Make matchers case-insensitive
* DEV: Pause on "detached" uploads, add more debug info
* DEV: Print out time when finished
* DEV: Add support for WORKER_ID/WORKER_COUNT
* DEV: Fix the onebox in cooked text heuristic
* DEV: Don't report already processed posts
* DEV: Beep when done!
* DEV: Ignore issues with deleted posts
* DEV: Ignore issues with deleted topics
* DEV: Multiline SQL
* DEV: Use the bulk attribute assignment
* DEV: Add ENV["INTERACTIVE"] mode
* DEV: Handle post custom fields
* DEV: Bail on non-S3 sites
* DEV: Allow sizes smaller than 1 mpix
2020-05-26 15:38:23 +02:00
Roman Rizzi b61a291cf3
FIX: returns false if the upload url is an invalid mailto link (#9877) 2020-05-26 10:32:48 -03:00
Bianca Nenciu f47400475e
FEATURE: Send a private message when a group membership is accepted (#9822)
* FEATURE: Send a private message when a group membership is accepted

* DEV: Small code improvements

* FIX: Send PM as group owner

* Copy edits
2020-05-26 16:28:03 +03:00
Joshua Rosenfeld 41f742c2f9
FIX: Copyedit for the dominating topic warning 2020-05-26 07:18:36 -04:00
Sam Saffron 76c4bc925d
DEV: followup to prev commit
337bd9a0f7 did not account for optimized image being nil
2020-05-26 16:19:05 +10:00
Sam Saffron 337bd9a0f7
FIX: concurrency bug when creating topic thumbnails
We were failing erratically when backfilling topic thumbnails.

This ensures that racing threads/processes will not conflict.
2020-05-26 16:10:22 +10:00
Osama Sayegh 2211581a85
FIX: Don't responde with error 500 if domain is invalid when adding automatic membership domain (#9655) 2020-05-26 15:40:09 +10:00
Arpit Jalan 5462fe9462
FIX: do not allow tag with name 'none' (#9867)
https://meta.discourse.org/t/none-tag-is-uneditable/152003
2020-05-26 08:15:45 +05:30
Guo Xiang Tan 878f06f1fe DEV: Remove custom connection reaper.
Rails 6 fixed the reaper to use one thread to reap all the connection pools.
2020-05-26 09:09:46 +08:00
Sam Saffron fc97f7e0e7
FIX: properly ban non human users from draft system
Previously we had a partial fix in place where non human users
were not allowed draft sequences, this left edges around where non
human users asked for drafts yet had none.

For example system could already have a few drafts in place.

This also removes and extensibility point we added that is not in use
2020-05-26 10:07:09 +10:00
Kane York 979093787f
FIX: Include lazyYT-container in cooked post HTML (#9870)
This applies the new styles without waiting for the JS to run.
2020-05-25 14:24:40 -07:00
Rafael dos Santos Silva b48299f81c
FEATURE: Add setting to disable automatic CORS rule install in S3 buckets (#9872) 2020-05-25 17:09:34 -03:00
Joffrey JAFFEUX d9f915b195
FIX: documentation was using incorrect function (#9876) 2020-05-25 21:55:30 +02:00