Commit Graph

21610 Commits

Author SHA1 Message Date
Blake Erickson 241d8f6452 FIX: Edit title respects min trust to edit post
This fix ensures that the site setting `post_edit_time_limit` does not
bypass the limit of the site setting `min_trust_to_edit_post`. This
prevents a bug where users that did not meet the minimum trust level to
edit could edit the title of topics.
2020-02-04 16:31:16 -07:00
Joffrey JAFFEUX 666a4be888
UX: prevents mini tag chooser header to wrap (#8858) 2020-02-04 23:55:50 +01:00
Joffrey JAFFEUX 7fd5a8db72
UX: adds arrow navigation support to mini-tag-chooser (#8857) 2020-02-04 23:54:59 +01:00
Joffrey JAFFEUX 9252bbbd7d
FIX: prevents firefox to generate a click event on space (#8856) 2020-02-04 23:41:40 +01:00
Kris 7ac81a6019 UX: Center titles in docked header when there aren't two rows 2020-02-04 13:40:28 -05:00
Joffrey JAFFEUX 2c2ab474a4
FIX: ensures tags-admin-dropdown is working correctly with sk2 (#8852) 2020-02-04 19:23:44 +01:00
Kris 35a1912e2d FIX: Links in category box descriptions should be clickable 2020-02-04 13:02:55 -05:00
Rafael dos Santos Silva 5ead60677a
FEATURE: Ensure we always fill the short_name in the web manifest 2020-02-04 14:16:00 -03:00
David Taylor fec1c0f097
DEV: Handle null notification level when generating data attribute (#8851)
This happens in tests, but handling it properly will make the production code more robust. Followup to ebdebf152d
2020-02-04 17:05:49 +00:00
Penar Musaraj 095e3d8946 DEV: Autofilter combo boxes on 10+ dropdown items by default 2020-02-04 11:23:15 -05:00
David Taylor ebdebf152d DEV: Use a string for category data-notification-level, not an integer
This makes writing CSS to target specific notification levels more intuitive. Follow-up to 7640914552
2020-02-04 16:05:45 +00:00
Vinoth Kannan dabba87954 DEV: introduce `diffLocalChangesUrl` attribute to `theme` model. 2020-02-04 21:33:19 +05:30
Mark VanLandingham c8a02161dd
FIX: Warn users of overwriting new topic draft (#8841) 2020-02-04 09:59:56 -06:00
Mark VanLandingham 91b70f8ffc
FIX: Featured topic title on profile HTML parsed (#8850) 2020-02-04 09:33:46 -06:00
Joffrey JAFFEUX 14126e9a38
UX: do not display pinned option description on mobile (#8846) 2020-02-04 15:34:56 +01:00
Joffrey JAFFEUX ca63502ce6
UX: ensures pinned options icon is not on a new line (#8845) 2020-02-04 15:34:37 +01:00
Joffrey JAFFEUX 1d54e78311
FIX: prevents exception on /admin/badges page when model is not set (#8849)
Exception:

TypeError: Cannot read property 'badge_type_id' of null
2020-02-04 15:34:19 +01:00
Joffrey JAFFEUX 5d31f353f4
remove duplicated }} (#8848) 2020-02-04 15:02:40 +01:00
Gerhard Schlager 71849242fa PERF: Speed up moving posts on large databases
Old exection plan:
```
Delete on post_replies pr  (cost=6.59..20462.62 rows=2254 width=24) (actual time=2.580..2.580 rows=0 loops=1)
  ->  Nested Loop  (cost=6.59..20462.62 rows=2254 width=24) (actual time=0.086..2.557 rows=4 loops=1)
        Join Filter: (p.topic_id <> r.topic_id)
        Rows Removed by Join Filter: 328
        ->  Nested Loop  (cost=6.16..16845.77 rows=2254 width=26) (actual time=0.020..1.886 rows=332 loops=1)
              ->  Nested Loop  (cost=5.74..13257.09 rows=2254 width=20) (actual time=0.016..1.361 rows=332 loops=1)
                    ->  Seq Scan on moved_posts mp  (cost=0.00..19.70 rows=970 width=10) (actual time=0.002..0.028 rows=263 loops=1)
                    ->  Bitmap Heap Scan on post_replies pr  (cost=5.74..13.63 rows=2 width=14) (actual time=0.004..0.005 rows=1 loops=263)
                          Recheck Cond: ((reply_post_id = mp.old_post_id) OR (post_id = mp.old_post_id))
                          Heap Blocks: exact=278
                          ->  BitmapOr  (cost=5.74..5.74 rows=2 width=0) (actual time=0.004..0.004 rows=0 loops=263)
                                ->  Bitmap Index Scan on index_post_replies_on_reply_post_id  (cost=0.00..2.87 rows=1 width=0) (actual time=0.001..0.001 rows=1 loops=263)
                                      Index Cond: (reply_post_id = mp.old_post_id)
                                ->  Bitmap Index Scan on index_post_replies_on_post_id_and_reply_post_id  (cost=0.00..2.87 rows=1 width=0) (actual time=0.002..0.002 rows=1 loops=263)
                                      Index Cond: (post_id = mp.old_post_id)
              ->  Index Scan using posts_pkey on posts p  (cost=0.42..1.59 rows=1 width=14) (actual time=0.001..0.001 rows=1 loops=332)
                    Index Cond: (id = pr.post_id)
        ->  Index Scan using posts_pkey on posts r  (cost=0.42..1.59 rows=1 width=14) (actual time=0.001..0.002 rows=1 loops=332)
              Index Cond: (id = pr.reply_post_id)
Planning Time: 0.305 ms
Execution Time: 2.600 ms
```

New execution plan:
```
Delete on post_replies pr  (cost=15.34..6538275.37 rows=364157 width=12) (actual time=1.961..1.961 rows=0 loops=1)
  ->  Nested Loop  (cost=15.34..6538275.37 rows=364157 width=12) (actual time=0.048..1.827 rows=187 loops=1)
        ->  Seq Scan on moved_posts mp  (cost=0.00..19.70 rows=970 width=10) (actual time=0.004..0.029 rows=188 loops=1)
        ->  Bitmap Heap Scan on post_replies pr  (cost=15.34..6736.72 rows=375 width=14) (actual time=0.009..0.009 rows=1 loops=188)
              Recheck Cond: ((reply_post_id = mp.old_post_id) OR (post_id = mp.old_post_id))
              Filter: ((SubPlan 1) <> (SubPlan 2))
              Heap Blocks: exact=187
              ->  BitmapOr  (cost=15.34..15.34 rows=377 width=0) (actual time=0.003..0.003 rows=0 loops=188)
                    ->  Bitmap Index Scan on index_post_replies_on_reply_post_id  (cost=0.00..4.33 rows=1 width=0) (actual time=0.001..0.001 rows=1 loops=188)
                          Index Cond: (reply_post_id = mp.old_post_id)
                    ->  Bitmap Index Scan on index_post_replies_on_post_id_and_reply_post_id  (cost=0.00..10.82 rows=376 width=0) (actual time=0.001..0.001 rows=0 loops=188)
                          Index Cond: (post_id = mp.old_post_id)
              SubPlan 1
                ->  Index Scan using posts_pkey on posts p  (cost=0.43..8.45 rows=1 width=4) (actual time=0.002..0.002 rows=1 loops=187)
                      Index Cond: (id = pr.post_id)
              SubPlan 2
                ->  Index Scan using posts_pkey on posts r  (cost=0.43..8.45 rows=1 width=4) (actual time=0.002..0.003 rows=1 loops=187)
                      Index Cond: (id = pr.reply_post_id)
Planning Time: 0.136 ms
Execution Time: 1.990 ms
```
2020-02-04 12:30:43 +01:00
Jarek Radosz 67d5ce8ed1
FIX: Sort out the route navigation in admin/email-style (#8837)
Previously it would go to the "html" page when refreshing on the "css" page, and would open an invalid empty-state page when trying to go to the "email style" tab when already on it.
2020-02-04 11:42:43 +01:00
Jarek Radosz 4ab696dd2f
DEV: Add the `@action` decorator (#8836)
This also enables`@action` use in plugin connectors.

Setting `actions` earlier allows `setupComponents` to use them, for example, when setting up event listeners.
2020-02-04 11:42:25 +01:00
Jarek Radosz 9a52a44d09
DEV: Add outlet args to `editor-preview` outlet (#8835)
Those are the same arguments that are passed into `after-d-editor` outlet. This will enable plugins that attach to editor preview to be conditionally enabled, usually only for the composer.
Plugins that will use this: discourse-canned-responses, discourse-zoom.
2020-02-04 11:41:45 +01:00
Vinoth Kannan e4f3244141 DEV: introduce `updateUrl` attribute to `theme-setting-editor` component. 2020-02-04 15:19:17 +05:30
Robin Ward ee17138c0f FIX: Better error messages when name is too long
Previously you'd get a server side generic error due to a password check
failing. Now the input element has a maxlength attribute and the server
side will respond with a nicer error message if the value is too long.
2020-02-03 14:14:32 -05:00
Penar Musaraj 375f4c09ce FIX: Restore up/down icons in period-chooser 2020-02-03 13:56:58 -05:00
Robin Ward 37888d9818 FIX: Never return the same reply more than once via reply_ids
If our reply tree somehow ends up with cycles or other odd
structures, we only want to consider a reply once, at the first
level in the tree that it appears.
2020-02-03 13:41:18 -05:00
David Taylor 7640914552
UX: Include muted categories on the category page by default (#8842)
* DEV: Add data-notification-level attribute to category UI

* Show muted categories on the category page by default

This reverts commit ed9c21e42c.

* Remove redundant spec - muted categories are now visible by default
2020-02-03 10:40:02 -08:00
Penar Musaraj 6301477b4c FIX: Make dropdown custom user fields compatible with select-kit 2 2020-02-03 13:19:38 -05:00
Robin Ward f83362b05b FIX: Don't return post replies from other topics
It seems in some situations replies have been moved to other topics but
the `PostReply` table has not been updated. I will try and fix this in a
follow up PR, but for now this fix ensures that every time we ask a post
for its replies that we restrict it to the same topic.
2020-02-03 13:12:27 -05:00
Matt Marjanović ad2aa7b52c
FEATURE: Add logout functionality to SSO Provider protocol (#8816)
This commit adds support for an optional "logout" parameter in the
payload of the /session/sso_provider endpoint.  If an SSO Consumer
adds a "logout=true" parameter to the encoded/signed "sso" payload,
then Discourse will treat the request as a logout request instead
of an authentication request.  The logout flow works something like
this:

 * User requests logout at SSO-Consumer site (e.g., clicks "Log me out!"
   on web browser).
 * SSO-Consumer site does whatever it does to destroy User's session on
   the SSO-Consumer site.
 * SSO-Consumer then redirects browser to the Discourse sso_provider
   endpoint, with a signed request bearing "logout=true" in addition
   to the usual nonce and the "return_sso_url".
 * Discourse destroys User's discourse session and redirects browser back
   to the "return_sso_url".
 * SSO-Consumer site does whatever it does --- notably, it cannot request
   SSO credentials from Discourse without the User being prompted to login
   again.
2020-02-03 12:53:14 -05:00
Stephen Chung 98e9302c26
Log error when optimized image file fails to store. (#8840) 2020-02-03 12:28:45 -05:00
Penar Musaraj 231617ff70 DEV: Rename deprecated "warning" icon to "exclamation-triangle" 2020-02-03 10:43:05 -05:00
Joffrey JAFFEUX 0431942f3d
DEV: select-kit 2 (#7998)
This new iteration of select-kit focuses on following best principales and disallowing mutations inside select-kit components. A best effort has been made to avoid breaking changes, however if you content was a flat array, eg: ["foo", "bar"] You will need to set valueProperty=null and nameProperty=null on the component.

Also almost every component should have an `onChange` handler now to decide what to do with the updated data. **select-kit will not mutate your data by itself anymore**
2020-02-03 14:22:14 +01:00
Arpit Jalan 0e2cbee339 UX: add icon for Google Map onebox. 2020-02-03 18:12:42 +05:30
Dan Ungureanu a2f8ac9aac
FIX: Check parameter types
/u/is_local_username used to throw a 500 error
2020-02-03 12:36:08 +02:00
Martin Brennan dd3a7f4825
FIX: Admin user list not showing 2FA icon for only security keys enabled (#8839)
If someone only had security keys enabled, the icon to say they had 2FA enabled would not show in the admin staff user list. It would only show if they had TOTP enabled.
2020-02-03 14:37:46 +10:00
Krzysztof Kotlarek 5b03f35614
FIX: suppress notification flood when post is edited (#8838) 2020-02-03 11:27:18 +11:00
Roman Rizzi df43ac901d
FIX: We don't want to update the post read count and user stats if the post timing wasn't created due to a conflict. (#8824) 2020-01-31 10:23:24 -03:00
Penar Musaraj 999e2ff514
UX: Show vertical topic timeline while composing (#8813)
Keeps topic timeline visible if space permits when composing, and adjusts its height dynamically.
2020-01-30 13:52:48 -05:00
Dan Ungureanu e470b27b41
FIX: Ensure 'unless' helper resolves variable name once (#8820)
This fixes a bug which caused '{{#unless var}}' to act the same as
'{{#if true}}' because 'unless' was transforming the conditional value
to 'undefined'.
2020-01-30 18:41:39 +02:00
Mark VanLandingham 089d38e9d3
FIX: Disallow featuring hidden topics (#8814) 2020-01-30 10:00:49 -06:00
Rafael dos Santos Silva f15264e977 FEATURE: Add Tactile feedback on likes 2020-01-30 12:01:52 -03:00
Martin Brennan 1150cd4621
FIX: Stop secure media URLs being censored too liberally in emails (#8817)
For example /t/ URLs were being replaced if they contained secure-media-uploads so if you made a topic called "Secure Media Uploads Are Cool" the View Topic link in the user notifications would be stripped out.

Refactored code so this secure URL detection happens in one place.
2020-01-30 16:19:14 +10:00
Martin Brennan c84652eb8b Get rid of no longer needed target_usernames warning log 2020-01-30 12:30:11 +10:00
Roman Rizzi 2ee6a615b7
FEATURE: Send suspect users to the review queue (#8811) 2020-01-29 15:38:27 -03:00
Dan Ungureanu 09e8be3209
UX: Introduce automatic 'categories topics' setting (#8804)
When 'categories topics' setting is set to 0, the system will
automatically try to find a value to keep the two columns (categories
and topics) symmetrical.

The value is computed as 1.5x the number of top level categories and at
least 5 topics will always be returned.
2020-01-29 20:30:48 +02:00
Kris d24d47b2ee
FIX: set showFooter to true on group topic list (#8795)
If using {{#if showFooter}} in a template, showFooter is never set to true on a group's g/groupname/activity/topics route (it's correctly set on other group routes like group-activity-posts)
2020-01-29 12:12:38 -05:00
Joffrey JAFFEUX e19459185a
DEV: new widget hooks mousemove/mouseup/mousedown/doubleclick (#8807) 2020-01-29 17:19:12 +01:00
Mark VanLandingham e29fef9e99
FEATURE: Users can feature any public topic on his/her profile (#8809) 2020-01-29 10:10:23 -06:00
Martin Brennan 397adfd128
FIX: Wrap markdown videos with video-container class to stop post height jumping (#8806)
This will lock video aspect ratio to 16:9 and stop them from making posts jump around on load.

See also discourse/onebox@6f58545 and fe20cb4.
2020-01-29 15:52:02 +10:00
Martin Brennan ab3bda6cd0
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802)
Basically, say you had already downloaded a certain image from a certain URL
using pull_hotlinked_images and the onebox. The upload would be stored
by its sha as an upload record. Whenever you linked to the same URL again
in a post (e.g. in our case an og:image on review.discourse) we would
would reuse the original upload record because of the sha1.

However when you turned on secure media this could cause problems as
the first post that uses that upload after secure media is enabled
will set the access control post for the upload to the new post.
Then if the post is deleted every single onebox/link to that same image
URL will fail forever with 403 as the secure-media-uploads URL fails
if the access control post has been deleted.

To fix this when cooking posts and pulling hotlinked images, we only
allow using an original upload by URL if its access control post
matches the current post, and if the original_sha1 is filled in,
meaning it was uploaded AFTER secure media was enabled. otherwise
we just redownload the media again to be safe, as the URL will always
be new then.
2020-01-29 10:11:38 +10:00
Krzysztof Kotlarek 20e7fb1c95
FIX: correct notification when tag or category is added (#8801)
Regression was created here:
https://github.com/discourse/discourse/pull/8750

When tag or category is added and the user is watching that category/tag
we changed notification type to `edited` instead of `new post`.

However, the logic here should be a little bit more sophisticated.

If the user has already seen the post, notification should be `edited`.

However, when user hasn't yet seen post, notification should be "new
reply". The case for that is when for example topic is under private
category and set for publishing later. In that case, we modify an
existing topic, however, for a user, it is like a new post.

Discussion on meta:
https://meta.discourse.org/t/publication-of-timed-topics-dont-trigger-new-topic-notifications/139335/13
2020-01-29 11:03:47 +11:00
Gerhard Schlager 9621af2214 FIX: Award "User of the month" badge at the beginning of month
Previously the badge was granted one month after the last time the badge was granted. The exact date shifted by one day each month. The new logic tries to grant the badge always at the beginning of a new month by looking at new users of the previous month. The "granted at" date is set to the end of the previous month.
2020-01-28 22:59:13 +01:00
David Taylor a9d0d55817 FEATURE: Add message to log when admins are automatically deactivated 2020-01-28 12:16:24 +00:00
David Taylor 25fd2b544a
PERF: Use a separate route for user cards, and split user serializer (#8789)
Adds a new route `/u/{username}/card.json`, which has a reduced number of fields. This change is behind a hidden site setting, so we can test compatibility before rolling out.
2020-01-28 11:55:46 +00:00
Dan Ungureanu 5060811464
FIX: Export all category names in user archives (#8790) 2020-01-28 12:52:07 +02:00
Mark VanLandingham 9fa2016d2a
DEV: Plugin outlet for admin backup view (#8793) 2020-01-27 12:31:08 -06:00
Vinoth Kannan 602f965070 FIX: undefined method 'title' for nil:NilClass in PostAlerter#create_notification 2020-01-27 23:54:11 +05:30
David Taylor fe0d912b97
FIX: getURL on a subfolder site should ignore prefix in middle of URL (#8794) 2020-01-27 17:51:46 +00:00
Gerhard Schlager ea11ad4d99 DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
Rafael dos Santos Silva ce83fd93bb FEATURE: Use Contact Picker API for invites 2020-01-27 11:07:28 -03:00
Jarek Radosz 8a82ceb3bc
FIX: Improve downsize_uploads (#8409)
With this change the script:
* Actually removes original large-sized images
* Doesn't save processed files if their size has increased
* Prevents inconsistent state
2020-01-27 03:31:11 +01:00
Jarek Radosz b843aa7b05
FIX: Adjust the broken image placeholder border (#8781)
* DEV: Remove `.large-image` selector

This selector is no longer used in core and there's no reference to it in any of `all-the-plugins`.

* FIX: Adjust the broken image placeholder border
2020-01-27 02:39:05 +01:00
Vinoth Kannan b6765aac4b FIX: add 'noindex' header to rss feed responses. 2020-01-24 09:30:27 +05:30
Martin Brennan 45b37a8bd1
FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777)
When pull_hotlinked_images tried to run on posts with secure media (which had already been downloaded from external sources) we were getting a 404 when trying to download the image because the secure endpoint doesn't allow anon downloads.

Also, we were getting into an infinite loop of pull_hotlinked_images because the job didn't consider the secure media URLs as "downloaded" already so it kept trying to download them over and over.

In this PR I have also refactored secure-media-upload URL checks and mutations into single source of truth in Upload, adding a SECURE_MEDIA_ROUTE constant to check URLs against too.
2020-01-24 11:59:30 +10:00
Vinoth Kannan e4b8121650 Fix the build.
Make prettier happy.
2020-01-24 04:39:07 +05:30
Vinoth Kannan 26186ee6af FIX: topics sorting in tag pages is broken. 2020-01-24 04:26:14 +05:30
Roman Rizzi 9eb622985a
FEATURE: Replace existing badge owners when using the bulk award feature (#8770)
* FEATURE: Replace existing badge owners when using the bulk award feature

* Use ActiveRecord to sanitize title update query, Change replace checkbox text

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:14:58 -03:00
Roman Rizzi db5373a87c
UX: Invalid CSV error message now includes information about the malformed line (#8773)
* UX: Invalid CSV error message now includes information about the malformed line

* Update config/locales/server.en.ym and use line_number instead of lineno

Co-Authored-By: Robin Ward <robin.ward@gmail.com>

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2020-01-23 14:04:06 -03:00
Dan Ungureanu 6279d0e8b5 UX: Use '-' as default category slug (#8607)
This replaces the default slug from 'ID-category' to '-'.
2020-01-23 15:44:29 +01:00
Martin Brennan 1b3b0708c0
FEATURE: Update upload security status on post move, topic conversion, category change (#8731)
Add TopicUploadSecurityManager to handle post moves. When a post moves around or a topic changes between categories and public/private message status the uploads connected to posts in the topic need to have their secure status updated, depending on the security context the topic now lives in.
2020-01-23 12:01:10 +10:00
Martin Brennan 65481858c2
FEATURE: Use upload:// short URL for videos and audio in composer (#8760)
For consistency this PR introduces using custom markdown and short upload:// URLs for video and audio uploads, rather than just treating them as links and relying on the oneboxer. The markdown syntax for videos is ![file text|video](upload://123456.mp4) and for audio it is ![file text|audio](upload://123456.mp3).

This is achieved in discourse-markdown-it by modifying the rules for images in mardown-it via md.renderer.rules.image. We return HTML instead of the token when we encounter audio or video after | and the preview renders that HTML. Also when uploading an audio or video file we insert the relevant markdown into the composer.
2020-01-23 09:41:39 +10:00
Mark VanLandingham c5eec19368
FIX: Featuring topic on other users profile shows their topics (#8769) 2020-01-22 14:16:17 -06:00
Dan Ungureanu c7a8bbd6a5
FIX: Show category list on subcategory page if it has subcategories too (#8768)
The category list was displayed only for top level categories, which
had no parent.
2020-01-22 20:27:30 +02:00
Neil Lalonde b63d146128 UX: add confirmation when adding tag synonyms
The new confirmation modal explains that adding a tag as a synonym to
another tag will change all topics to replace the synonyms with the
base tag.
2020-01-22 12:35:42 -05:00
Dan Ungureanu b25d9e96c1
FIX: Show all parent categories on topic page (#8767) 2020-01-22 17:39:50 +02:00
Bianca Nenciu 7b7e1717f2
FIX: Quoting a quote preserves the original post information (#8746)
Let's say post #2 quotes post number #1. If a user decides to quote the
quote in post #2, it should keep the information of post #1
("user_1, post: 1, topic: X"), instead of replacing with current post
info ("user_2, post: 2, topic: X").
2020-01-22 16:10:23 +02:00
Blake Erickson 8a89b7e108 FIX: Ensure only edited badge titles update a users title
When editing site texts from

/admin/customize/site_texts/

you can edit badge titles (aka name) and this will update any users that
have that badge currently set as their title. This fix prevents a badge
description text from being set as their title if an admin updates the
badge description text or any other badge fields that aren't the title.
2020-01-21 19:09:42 -07:00
Régis Hanol 96b64df4d4 FIX: use schema.org's BreadcrumList
The data-vocabulary.org schema is being deprecated.
We're now using the BreadcrumList data from the latest and greatest schema.org.

FIX: categories_breadcrumb helper to support more than 2 levels of categories.
2020-01-21 22:27:21 +01:00
Dan Ungureanu 89bd7ba45f
FIX: Use new tag routes (#8683)
Commit 1fb7a62 added unambiguous routes for tags. This commit ensures
that the new routes are used.
2020-01-21 19:23:08 +02:00
Bianca Nenciu 9c628f0897
FIX: Workaround limitation in jquery.autoellipsis (#8747)
Calling $.ellipsis() on an element containing <br> elements would throw
an exception.
2020-01-21 18:44:50 +02:00
Bianca Nenciu 0a27086764
FEATURE: Export all types of reports (#8748)
There is a single stacked_chart which was not exportable
2020-01-21 18:43:19 +02:00
Kris 411512c0e3 FIX: higher z-index for usercards in the header 2020-01-21 10:57:32 -05:00
David Taylor 84a2aae77f
FIX: Allow the app to generate and accept longer backup codes (#8761)
- Increase size of textarea when displaying generated codes
- Adjust maxlength of input field in JS UI
- Adjust maxlength of input field in no_ember UI

Follow-up to bff9880d63
2020-01-21 14:28:31 +00:00
Martin Brennan 9db59deb11 Only warn about missing recipients for PM archetype 2020-01-21 16:38:16 +10:00
Martin Brennan 88e23d4cfa Change logger.debug to logger.warn for PM debug messages 2020-01-21 16:11:52 +10:00
Sam Saffron bff9880d63 DEV: increase the length of backup codes
16 ^ 8 though not tiny but is a workable search space in the event of
breach, 16 ^ 16 is not.
2020-01-21 15:32:06 +11:00
Martin Brennan c677f8ee6a
DEV: Add debug lines for mystery no_user_selected error (#8759)
On some customer forums we are randomly getting a "You must select a valid user" error when sending a PM even when all parameters seem to be OK. This is an attempt to track it down with more data.
2020-01-21 10:50:44 +10:00
Krzysztof Kotlarek aa04349cfd
FIX: Incorrect locale in badge granter (#8749)
We want to use default locale when:
a) Site settings are not allowing for user locale
OR
b) User locale are blank
2020-01-21 09:08:48 +11:00
Krzysztof Kotlarek 0420be88a6
FIX: when tag or category is added notify users that topic was modified (#8750)
There is a feature, that when tag or category is added to the topic,
customers who are watching that category or tag are notified.

The problem is that it is using default notification type "new post"

It would be better to use "new post" only when there really is a new
post and "edited" when categories or tags were modified.
2020-01-21 08:41:13 +11:00
Martin Brennan 1014e56e80
DEV: Respond with 403 instead of 500 for disabled local login via email
Previously if local login via email was disabled because of the site setting or because SSO was enabled, we were raising a 500 error. We now raise a 403 error instead; we shouldn't raise 500 errors on purpose, instead keeping that code for unhandled errors. It doesn't make sense in the context of what we are validating either to raise a 500.
2020-01-20 16:11:58 +10:00
Dan Ungureanu eeefa1177f
FIX: Make category-chooser show all parent categories (#8706) 2020-01-19 13:07:54 +02:00
Blake Erickson 79ec686ec9 DEV: Use blank instead of NOT present
Follow up to: 75069ff179
2020-01-18 07:34:15 -07:00
Blake Erickson 75069ff179 FIX: Users should be able to remove their primary group
This fix allows a user to remove their currently assigned primary group
if the Site Setting `user selected primary groups` is enabled.

Before this fix, if a user selected "none" for their primary group it
would silently fail and never be updated.
2020-01-17 15:43:54 -07:00
Gerhard Schlager 3fc589f875 FIX: Don't override timezone on every visit of profile preferences
The timezone should only be initialized when there is no timezone stored in the DB yet. This also fixes an error that happened in dev mode whenever you switch between user preference tabs.
2020-01-17 22:34:18 +01:00
romanrizzi 0d08eac1c7 UX: Users must confirm when leaving a private group 2020-01-17 17:58:47 -03:00
Kris 4089607b40 UX: Minor adjustments to choose topic modal 2020-01-17 15:02:04 -05:00
Joffrey JAFFEUX a7ae28ed88
REFACTOR: removes places where we never show glyph and DRY code (#8744) 2020-01-17 20:58:15 +01:00
Kris b56ade5043 FIX: show PM icon in docked header 2020-01-17 13:30:54 -05:00
Joffrey JAFFEUX 6abc2f5072
FIX: applies correct styles to icon and attempts to dry code (#8739) 2020-01-17 18:20:23 +01:00
Joffrey JAFFEUX 56fa77c032
FIX: do not increase size of emojis in markdown tables (#8742) 2020-01-17 18:15:05 +01:00
Gerhard Schlager ab07b945c2
Merge pull request #8736 from gschlager/rename_reply_id_column
REFACTOR: Rename `post_replies.reply_id` column to `post_replies.reply_post_id`
2020-01-17 17:24:49 +01:00
Joffrey JAFFEUX 3b5a6c9895
REFACTOR: unify naming of only emoji (#8741) 2020-01-17 17:21:08 +01:00
Roman Rizzi 28d09227f5
FIX: Reload the ReviewableScore types when extending flags (#8740)
ReviewableScore#types extend the PostActionTypes with their own, storing the result inside a class variable. To avoid overwriting an existing flag, we need to calculate the next flag ID using these types instead of the PostAction ones. Since we first call the score types to calculate the id, this list gets memoized, leaving us with an outdated list.

To fix this, we now reload ReviewableScore#types after replacing flags.
2020-01-17 11:59:38 -03:00
Kris af3dce4930 Hide PM glyph, follow-up to 02dbcac 2020-01-17 07:10:44 -05:00
Dan Ungureanu 7d8c33a094 FIX: Include sub-sub-categories in new/unread counts (#8710)
The count used to be less than the real one because the topics in
sub-sub-categories and deeper were not taken into account.
2020-01-17 10:02:57 +00:00
Kris 02dbcac861 UX: Improve appearance of pm title editing 2020-01-16 21:31:17 -05:00
Martin Brennan 9c04aa593c
Fix broken admin login fro SSO enabled sites (#8737)
* When we refactored away the admin-login route we introduced a bug where admins could not log into an SSO enabled site, because of a check in the email_login route that disallowed this.
* Allow admin to get around this check.
2020-01-17 11:25:31 +10:00
Régis Hanol 7b83237261 FIX: groups pagination was broken 2020-01-16 23:57:34 +01:00
Roman Rizzi 0c4ac2a7bc
Merge pull request from GHSA-569c-22ff-pj3x 2020-01-16 15:17:16 -03:00
Jarek Radosz fe588cc7f8
DEV: Fix function prototype deprecations (#8681)
* DEV: Fix the function prototype observers deprecation

DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.observes('foo') to observer('foo', function() {}). [deprecation id: function-prototype-extensions.observes] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-observes for more details.

* DEV: Fix the function prototype event listeners deprecation

DEPRECATION: Function prototype extensions have been deprecated, please migrate from function(){}.on('foo') to on('foo', function() {}). [deprecation id: function-prototype-extensions.on] See https://deprecations.emberjs.com/v3.x/#toc_function-prototype-extensions-on for more details.

* DEV: Simplify `default as` imports

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2020-01-16 18:56:53 +01:00
Jarek Radosz ff5a82b614
FIX: Change rootNone behavior in category-chooser (#8692)
This breaking change was originally a deprecation fix for overriding a computed property `none`.

There are 4 uses of `rootNone` in core and "all-the-plugins":
1. in discourse-chat-integration, admin-plugins-chat-edit-rule.hbs - changed behavior, that I'd consider a fix - `rootNoneLabel` is now used regardless of `siteSettings.allow_uncategorized_topics` value, which I believe was an originally intended behavior (i.e. it most likely hasn't been tested with disabled uncategorized topics)
2. in discourse-slack-official, plugins-slack.hbs - the same as 1.
3. in core, edit-category-general.hbs (in this PR) - no change in behavior
4. in discourse-googlebooks, edit-category-general.hbs - no change in behavior (since `allowUncategorized="true"` is also passed as an argument)
2020-01-16 18:51:29 +01:00
Gerhard Schlager f216c6d60b FEATURE: Drop "backup" schema 7 days after restore
The "backup" schema is used to rollback a failed restore. It isn't useful after a longer period of time and turns into a waste of disk space.
2020-01-16 17:48:47 +01:00
Joffrey JAFFEUX 948bd00340
FEATURE: line with only 1 to 3 emojis will now display as large emojis 2020-01-16 09:54:26 +01:00
Martin Brennan 18bba860b5 Fix mobile topic-timeline not closing on scrolling past last post (#8730)
* when we dragged the topic-timeline handle past the last post
  in a topic we were not closing the timeline as we would if
  scrolling to a specific post
* this also fixes the issue where when scrolling past the end of
  the topic with a massive last post, none of the post could be
  seen
2020-01-16 17:23:44 +11:00
Martin Brennan 7c32411881
FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664)
### General Changes and Duplication

* We now consider a post `with_secure_media?` if it is in a read-restricted category.
* When uploading we now set an upload's secure status straight away.
* When uploading if `SiteSetting.secure_media` is enabled, we do not check to see if the upload already exists using the `sha1` digest of the upload. The `sha1` column of the upload is filled with a `SecureRandom.hex(20)` value which is the same length as `Upload::SHA1_LENGTH`. The `original_sha1` column is filled with the _real_ sha1 digest of the file. 
* Whether an upload `should_be_secure?` is now determined by whether the `access_control_post` is `with_secure_media?` (if there is no access control post then we leave the secure status as is).
* When serializing the upload, we now cook the URL if the upload is secure. This is so it shows up correctly in the composer preview, because we set secure status on upload.

### Viewing Secure Media

* The secure-media-upload URL will take the post that the upload is attached to into account via `Guardian.can_see?` for access permissions
* If there is no `access_control_post` then we just deliver the media. This should be a rare occurrance and shouldn't cause issues as the `access_control_post` is set when `link_post_uploads` is called via `CookedPostProcessor`

### Removed

We no longer do any of these because we do not reuse uploads by sha1 if secure media is enabled.

* We no longer have a way to prevent cross-posting of a secure upload from a private context to a public context.
* We no longer have to set `secure: false` for uploads when uploading for a theme component.
2020-01-16 13:50:27 +10:00
Mark VanLandingham 135d09d671
FIX: Styling for feature topic on profile modal (#8727) 2020-01-15 15:20:12 -06:00
Arpit Jalan 0bc65fa60e
FIX: show error message if the topic deletion fails (#8723) 2020-01-16 00:58:03 +05:30
Roman Rizzi 2db7b3d9c7
FIX: Correctly wrap image and resize controls inside paragraph (#8718) 2020-01-15 14:01:14 -03:00
Arpit Jalan 0f8695958b FIX: better error message when topic deletion fails 2020-01-15 19:30:06 +05:30
Régis Hanol c4817e9ee9 DEV: lint 💅 2020-01-15 11:36:33 +01:00
Martin Brennan 66f2db4ea4 SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
Régis Hanol 5d75f90b27 FIX: group membership leak
FIX: raised a proper NotFound exception when filtering groups by username with invalid username.
FIX: properly filter the groups based on current user visibility when viewing another user's groups.
DEV: Guardian.can_see_group?(group) is now using Guardian.can_see_groups(groups) instead of duplicating the same code.
FIX: spec for groups_controller#index when group directory is disabled for logged in user.
FIX: groups_controller.sortable specs to actually test all sorting combinations.
DEV: s/response_body/body/g for slightly shorter spec code.
FIX: rewrote the "view another user's groups" specs to test all group_visibility and members_group_visibility combinations.
DEV: Various refactoring for cleaner and more consistent code.
2020-01-15 11:21:58 +01:00
Joffrey JAFFEUX ac865112a3
FIX: ensures group-navigation states changes when route changes (#8724) 2020-01-15 10:13:07 +01:00
Joffrey JAFFEUX f4744193bd
FEATURE: allows to define a dissmiss duration on global notices (#8715)
This commit also adds more documentation to various options and defines a 1 week duration for IE global notice dismiss duration.
2020-01-15 09:02:28 +01:00
Joffrey JAFFEUX ec1aeb8a55
FIX: ensures secondary menu of user notifications mobile nav reloads (#8716) 2020-01-15 09:01:44 +01:00
Kris b1508a6f44 UX: Improve appearance of lists and user fields in mobile bios 2020-01-14 16:33:50 -05:00
Mark VanLandingham 5df0ef1e98
FIX: Update user-selector excluded usernames after insert (#8711) 2020-01-14 10:28:35 -06:00
Gerhard Schlager c351ffe580 FEATURE: Add hidden setting to disable configuration of inventory bucket 2020-01-14 17:23:12 +01:00
David Taylor 12d2fe7ff6 UX: Ensure all generated backup codes are displayed on the screen 2020-01-14 15:33:27 +00:00
David Taylor 4fdfc2665d FIX: Update featured badge ranking when mass-awarding badges
Follow-up to cff6e941de
2020-01-14 14:39:20 +00:00
David Taylor cff6e941de
PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
Joffrey JAFFEUX f10078eab4
FIX: moves back padStart/padEnd to core polyfills (#8714)
Multiple users are on chrome 56 when this is only supported on chrome 57. Given it's only few lines of code, it makes sense to keep supporting this.
2020-01-14 10:54:39 +01:00
romanrizzi d3091edcea UX: Return a friendlier error when the CSV is invalid. Added a cancel button to return to the /badges view 2020-01-13 15:53:41 -03:00
Robin Ward e4a85e2a80 Minor tweaks to badge CSV upload 2020-01-13 12:44:22 -05:00
Roman Rizzi d69c5eebcf
Feature: Mass award badge (#8694)
* UI: Mass grant a badge from the admin ui

* Send the uploaded CSV and badge ID to the backend

* Read the CSV and grant badge in batches

* UX: Communicate the result to the user

* Don't award if badge is disabled

* Create a 'send_notification' method to remove duplicated code, slightly shrink badge image. Replace router transition with href.

* Dynamically discover current route
2020-01-13 11:20:26 -03:00
Martin Brennan 9e399b42b9 DEV: Remove redundant admin_login route, share with email_login 2020-01-13 12:10:07 +10:00
Blake Erickson 1a31a403ce DEV: Remove buffered-render file
This is the last and final commit in a multi-commit refactor to remove
all uses of buffered-render.

Previous commit: fc94b6cb9e in this
series.
2020-01-10 18:19:23 -07:00
Penar Musaraj 687c79ca1c FIX: Remove padding while composer is saving
Padding on `#main-outlet` while compooser was in "saving" state was causing posts to bounce after replying.
2020-01-10 12:57:16 -05:00
Mark VanLandingham 5898afaa73
FEATURE: pass in excluded usernames to user-selector (#8695) 2020-01-10 09:02:43 -08:00
Rafael dos Santos Silva 5a70f50032
FEATURE: Use new Badging API
Now that the spec is finished use the unprefixed API, which was also moved
from window to navigator.

Still uses feature detection so it fail gracefully when not available in
the user agent.
2020-01-10 13:41:35 -03:00
Dan Ungureanu 815116f6a2
FIX: Make 'findBySlugPathWithID' when URL ends with a slash (#8699)
Make URLs such as 'https://discourse/c/foo/bar/' work the same way
'https://discourse/c/foo/bar' does.
2020-01-10 17:02:36 +02:00
Joffrey JAFFEUX 5ce602ecea FIX: prevents url of file from being pasted when pasting file on iOS (#8693) 2020-01-10 08:39:01 +05:30
Martin Brennan cb660ef952 SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
Kris dd52291fb7 UX: Center featured topic on mobile profiles 2020-01-09 16:35:34 -05:00
Kris ef9828b25d UX: Remove reliance on JS for category box links 2020-01-09 16:25:41 -05:00
Robin Ward dcbe527a82 FIX: Don't log a claimed topic database error during tests
We now test the uniqueness validation, but also rescue a DB
exception in case the controller fails this check.
2020-01-09 12:32:05 -05:00
Robin Ward d043a4c6fe FIX: Stop logging errors in postgres on reviewable conflict
The previous concurrency-safe implementation relied on catching an
index conflict and following through appropriately. Unfortunately
those conflicts were logged to Postgres and there is no easy way
to turn them off.

This solution approaches the problem differently. It should still
be safe under concurrency and not log errors.
2020-01-09 12:04:17 -05:00
Jarek Radosz 531016f99b
DEV: Add missing indexes to user_profiles (#8691)
* DEV: Update model annotations
* DEV: Add missing indexes to user_profiles

The columns were changed in 24347ace10 (diff-baa5914c0c7cddf3c8b5cd9139e0d091)
2020-01-09 17:08:55 +01:00
Régis Hanol 92a9ae6ab0
REFACTOR: isValidLink
- Reduced verbose comments
- Merged 2 `if` which had the same logic
2020-01-08 18:14:24 +01:00
David Taylor 5eda44f8f2 FIX: Do not redirect to `/auth/*` urls after authentication
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
2020-01-08 17:06:03 +00:00
Robin Ward e616b92511 FIX: If the admin sso sync has no external ID, don't throw an error
Instead, return a HTTP error code and a message explaining the problem,
to avoid log pollution.
2020-01-08 11:47:37 -05:00
David Taylor 4d5b142f1d DEV: Allow `doLogin` to be called with a set of parameters
This can be used for themes/plugins to specify additional URL parameters to be used when starting authentication. Example usage:

```
LoginMethod.findAll()[0].doLogin({params: {mydata: "myvalue"}});
```
2020-01-08 16:13:12 +00:00
Jarek Radosz 502f154cfc
FIX: Don't leak event listeners in user-activity-drafts (#8682) 2020-01-08 16:55:10 +01:00
David Taylor cf60de59b1 FIX: Allow omniauth confirmation page to pass through GET parameters
Using the rails `form_tag` helper generates a form with the action attribute set to the current URL (without parameters). In this case, we want to include any GET parameters, so it is better to exclude the action attribute from the form tag, and allow browsers to submit to the current URL.
2020-01-08 15:31:51 +00:00
Vinoth Kannan 13f229808a FIX: add noindex header to user profile pages. 2020-01-08 11:26:20 +05:30
Martin Brennan bdff4561d4 FIX: Make scrolling to bottom post in topic more consistent (#8671)
* Make scrolling to bottom post in topic more consistent

* when using the slider to scroll past the bottom post,
  we now scroll to the bottom of the post/page IF the
  post height is > the window height (e.g. really long
  posts). if the post height is smaller, then we lock
  onto and jump to the top of the post
* this also removes the mobile hack that would always jump
  to the top of the last post on mobile

* Prettier lint
2020-01-08 16:37:13 +11:00
Kris a8fbf7c128 minor subcategory box padding adjustments 2020-01-07 20:54:27 -05:00
Mark VanLandingham c01c937151
DEV: Allow returning non-objects from addToolbarPopupMenuOptionsCallback (#8677) 2020-01-07 16:01:11 -06:00
Kris cae60b5900 UX: Sub-sub categories in "Boxes with subcategories" + consistency 2020-01-07 16:38:17 -05:00
Robin Ward abff3716ba
Upgrade handlebars (#8675)
* Upgrade Handlebars to 4.3.0

* Upgrade Handlebars to the latest version
2020-01-07 15:37:37 -05:00
Kris e0539d7ffe remove log 2020-01-07 11:28:56 -05:00
Bianca Nenciu eef21625c6
Rename 'target usernames' with 'target recipients' in Composer (#8606)
* Reapply "Rename 'target usernames' with 'target recipients' in Composer"

This reverts commit 9fe11d0fc3 which
reverted ebb288dc2c.

* DEV: Add test for replying to PM
2020-01-07 15:33:48 +02:00
Osama Sayegh d3a64e34e7
DEV: Remove unnecessary debugging line
I was playing with groups locally and saw this line. I suspect this method isn't needed at all because I don't see any reference to it anywhere in the code, and as far as I know ActiveRecord objects don't have an `id!` method so if this method is called dynamically somewhere it's most likely failing.
2020-01-07 15:04:43 +03:00
Joffrey JAFFEUX c495aed6ff
removes logging (#8673) 2020-01-07 12:01:21 +01:00
Joffrey JAFFEUX 7f00cefcac
FIX: onScroll method was not defined on mobile discovery (#8672) 2020-01-07 11:59:58 +01:00
Martin Brennan 5b75b8c135 Still redirect to signed URL for secure uploads
if SiteSetting.secure_media is disabled we still want to
redirect to the signed url for uploads that are marked as
secure because their ACLs are probably still private
2020-01-07 14:02:17 +10:00
Martin Brennan abca91cc4d
FEATURE: Add rake task to disable secure media (#8669)
* Add a rake task to disable secure media. This sets all uploads to `secure: false`, changes the upload ACL to public, and rebakes all the posts using the uploads to make sure they point to the correct URLs. This is in a transaction for each upload with the upload being updated the last step, so if the task fails it can be resumed.
* Also allow viewing media via the secure url if secure media is disabled, redirecting to the normal CDN url, because otherwise media links will be broken while we go and rebake all the posts + update ACLs
2020-01-07 12:27:24 +10:00
Blake Erickson fc94b6cb9e
DEV: Remove buffered rendering from topic-list-item (#8589)
* DEV: Remove buffered rendering from topic-list-item

This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.

Previous commit: 1c7305c0f1 in this
series.

This is just a refactor and should not change any functionality.

* apply prettier fix

* update syntax

* Use computed properties where possible

* switch to using didReceiveAttrs

* Simplify topic.pinned observer
2020-01-06 17:41:45 -07:00
David Taylor d1779346e8 FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
Penar Musaraj b1402d9f13 DEV: replace "warning" icons with "exclamation-triangle" 2020-01-06 12:51:44 -05:00
Penar Musaraj f755810906 DEV: replace "trash" icons with "trash-alt" 2020-01-06 12:35:00 -05:00
Penar Musaraj 93a556d9a2 DEV: replace "eye-slash" icons with "far-eye-slash" 2020-01-06 12:27:20 -05:00
Penar Musaraj e2e9420204 DEV: Update deprecated icon name 2020-01-06 11:43:32 -05:00
romanrizzi ca07a571c7 FIX: Only agree with the first post when using the 'Delete post + replies and agree' option 2020-01-06 13:38:23 -03:00
David Taylor 784da19e4c
FIX: Cached new topic data should not be deleted after dismiss new (#8660)
43ddf60cdf introduced a new method for dismissing new topics in topic-tracking-state, which works on a per-category basis.

This commit removes the old mechanism, which was to delete all 'new' topics from the local tracking state, regardless of category.
2020-01-06 16:22:40 +00:00
David Taylor 5df815c2ee
FIX: New/unread count after dismissing new topics in a regular category (#8659)
6e1fe22 introduced the possiblity for category_users to have a NULL notification_level, so that we can store `last_seen_at` dates without locking the notification level. At the time, this did not affect the topic-tracking-state query. However, the query changes in f434de2 introduced a slight change in behavior.

Previously, a subquery would look for a category_user with notification_level=mute. f434de2 refactored this to remove the subquery, and inverted some of the logic to suit.

The new query checked for `notification_level <> :muted`. If `notification_level` is NULL, this comparison will return NULL. In this scenario, notification_level=NULL means that we should fall back to the default tracking level (regular), and so we want the expression to resolve as true, not false. There was already a check for the existence of the category_users row, but it did not check for the existence of a NOT NULL notification_level.

This commit amends the expression so that the notification_level will only be compared if it is non-null.
2020-01-06 16:15:24 +00:00
Joffrey JAFFEUX ff151cb580
FIX: allows scroll on load for discovery topic list (#8661) 2020-01-06 15:43:36 +01:00
Vinoth Kannan 7dbde18f02 FIX: keep 'rb' & 'rp' tags in html to markdown conversion. 2020-01-04 17:16:23 +05:30
Robin Ward f7a7263164 FIX: Show uncategorized description on categories page 2020-01-03 11:46:18 -05:00
Robin Ward fe7bb62387 FIX: Descriptions were blank for uncategorized in hamburger menu 2020-01-03 11:10:06 -05:00
Osama Sayegh fac71da605
FIX: Don't give error 500 when invalid date param is given to admin reports (#8658)
Providing invalid dates as the end_date or start_date param causes a 500 error and creates noise in the logs. This will handle the error and returns a proper 400 response to the client with a message that explains what the problem is.
2020-01-03 17:01:38 +03:00
Sam Saffron 0d757814e5 FIX: correctly account for onebox height when lazy loading images
Page used to jitter when oneboxes loaded images lazily.

Previously we inserted the the "shadow" loading image before the "real" image.

This meant that certain styling with `firstChild` CSS selectors would apply
incorrectly to the shadow image.

Additionally we had special case code for onebox and quoted images that was
not really needed due to this fix.

We had an old fix that used computed style for image height and width in
specific scenarios, we now run it all the time.

On slow devices there was a possibility that the cache fetch after amending
src at the end of the process would cause a flash, this is avoided using a
new onload handler.
2020-01-03 15:15:42 +11:00
Joffrey JAFFEUX ec5418fbb4
FIX: any global notice text can contain HTML (#8655) 2020-01-02 19:58:27 +01:00
Roman Rizzi 98853b217f
FIX: Bots accuracy should be zero (#8654) 2020-01-02 13:24:24 -03:00
David Taylor b60b57cddd
FIX: Allow any protocol in wildcard url checker (#8651)
This is required for people using apps with custom protocols. We still verify the entire URL (including protocol) against the site setting value.

Refactored wildcard_url_checker so that it always returns a boolean, rather than sometimes returning a regex match.
2020-01-02 16:03:13 +00:00
David Taylor 45c5f56ffc
PERF: Reduce DB queries when serializing ignore/mute information (#8629)
* PERF: Cache ignored and muted user ids in the current_user object
* PERF: Avoid DB queries when checking ignore/mute permission in guardian
2020-01-02 13:04:08 +00:00
Sam Saffron 34ede90927 FIX: under rare conditions saving a new draft could error temporarily
Under rare conditions due to bad HTTP timing and so on a draft could be
set at the exact same time from 2 unicorn workers.

When this happened and all the stars aligned, one of the sets would win
and the other would raise an error.

This transparently handles the situation without adding any cost to the
draft system.

The alternative is to add a distributed mutex, tricky DB transaction or handle
the error in the controller. However this seems like a reasonable way to
work around a pretty big edge case.
2020-01-02 11:38:14 +11:00
David Taylor c7a74e574f FIX: Only show admin wrench when there are actions on mobile
Corrects typo in logic from b725252cd0
2019-12-31 12:35:44 +00:00
David Taylor a4a0d12b39 DEV: Update deprecated FA4 icon name 2019-12-31 11:21:31 +00:00
Krzysztof Kotlarek fd8b98a55e
FIX: don't display cloak on admin tool when the right wrench is clicked (#8641) 2019-12-31 15:16:24 +11:00
Joe b7ed50fe56
prettier 2019-12-31 10:59:38 +08:00
Joe 23a4936826
UX: TMP fix (CSS revert) until translations are ready for flex 2019-12-31 10:43:16 +08:00
Krzysztof Kotlarek 764e01b597
FIX: visual improvements to admin topic menu (#8638)
* 10 px padding from the bottom to look better on rounded phones
* dark cloak on other elements to emphasize admin menu
* slide up animation
2019-12-31 11:52:25 +11:00
Jarek Radosz c76e22942c
FIX: Open a card on click even if the mention has extra elements (#8626)
Plugins like https://github.com/discourse/discourse-calendar add extra HTML (e.g. icons) to user/group mentions. Clicking on those extra elements used to only flash a blank card. Now, the card opens properly.
2019-12-30 19:26:23 +01:00
Roman Rizzi c751291769
FIX: The 'reviewed' status filter should include deleted elements (#8630) 2019-12-30 14:56:17 -03:00
Robin Ward 5214f82841 API endpoints should return a response, not nil 2019-12-30 10:14:29 -05:00
David Taylor bc4c40abd4
DEV: Remove unsafe-eval from development CSP (#8569)
- Refactor source_url to avoid using eval in development
- Precompile handlebars in development
- Include template compilers when running qunit
- Remove unsafe-eval in development CSP
- Include unsafe-eval only for qunit routes in development
2019-12-30 12:17:12 +00:00
David Taylor df8444e813
FIX: Update topic/post counter correctly when category has zero topics (#8600)
Previously, categories without any topics were being excluded from the UPDATE query. This means the counter gets stuck, and the category cannot be deleted. This change ensures that the counters get correctly set to zero.
2019-12-30 11:20:44 +00:00
David Taylor 9348d2cfdf
PERF: Cache user badge count in user_stats table (#8610)
This means that we no longer need to run a `count()` on the user_badges table when serializing a user
2019-12-30 11:19:59 +00:00
Joffrey JAFFEUX 6fa5725292
FIX: makes highlighting last viewed topic more resilient (#8624)
`highlight` was called from `didInsertElement` which technically doesn't ensure the list is rendered. By wrapping the highlighting code in `afterRender` we ensure it works more consistently.
2019-12-30 08:18:36 +01:00
Martin Brennan 473e39f4a4 DEV: model annotations 2019-12-30 16:13:27 +10:00
Krzysztof Kotlarek b725252cd0
FEATURE: Topic admin menu sticks to bottom on mobile. (#8620)
Our current topic admin menu is not always fully visible on a mobile
device, therefore some options are difficult to click.

To solve this issue, we can display the admin menu on the bottom of the
screen on mobile devices.
2019-12-30 08:15:46 +11:00
Joffrey JAFFEUX 041067cc21
FIX: correctly styles pwa consent banner (#8623) 2019-12-29 19:10:35 +01:00
Joffrey JAFFEUX df465ed0be
FIX: allows global_notice site setting to contain html (#8622) 2019-12-29 18:29:41 +01:00
Joffrey JAFFEUX 2f37f446f8
FIX: correctlt styles notification-consent-banner (#8621)
TODO: this should be moved to new global notice API
2019-12-27 15:27:12 +01:00
Roman Rizzi 16d97573f9
DEV: Improve support for extending flags. (#8619)
- Ensure that the 'notify_moderators' flag is always the last flag when using custom flags.
- Support passign a custom FlagSettings object when replacing flags to reuse existing ones.
2019-12-27 08:41:50 -03:00
Joffrey JAFFEUX c25b8abd70
FEATURE: allows plugins to add a global notice (#8552)
* FEATURE: allows plugins to add a global notice

Usage:

```
api.addGlobalNotice(id, text, options = {});
```

Options can be:

```
dismissable // Will display a button to hide the notice if true
html // will prepend html to the next if present
level // alert level, will usee css class of alert component
persistentDismiss // if true won't show notice again on reload
onDismiss // execute a custom action on dismiss
visibility // defines custom logic for notice visibility
```

Co-authored-by: Robin Ward <robin.ward@gmail.com>
2019-12-27 09:06:36 +01:00
Gerhard Schlager 52a59b5811 FIX: English and US date/time formats 2019-12-24 12:17:25 +01:00
Arpit Jalan 49c124a12e fix the build. 2019-12-24 15:56:44 +05:30
Arpit Jalan 2c0574010a FIX: better error message when forum is in read-only mode 2019-12-24 15:49:27 +05:30
Krzysztof Kotlarek 86fb08d04a
Revert "FIX: update normalize css from 3.0.1 to 8.0.1 (#8591)" (#8618)
This reverts commit 16f01d0ddf.
2019-12-24 10:45:42 +11:00
Krzysztof Kotlarek 16f01d0ddf
FIX: update normalize css from 3.0.1 to 8.0.1 (#8591)
Changelog is available here - https://github.com/necolas/normalize.css/blob/master/CHANGELOG.md

I decided that the easiest way to ensure it works would be checking different browsers. It looked good to me on Chrome, Firefox, Edge and IE 11. In addition, I checked 3 random themes.
2019-12-24 08:39:51 +11:00
Krzysztof Kotlarek 9e4fcb1a0a
FIX: Correct description for out of love badge (#8615)
The bug mentioned here
https://meta.discourse.org/t/badge-not-triggering/135896/8

Basically, descriptions for 3 badges: "Out of Love", "Higher Love" and
"Crazy in Love" are granted based on on "max_likes_per_day" and the
description should reflect that.
2019-12-24 08:30:34 +11:00
Krzysztof Kotlarek ac626a0dc3
FIX: bug when revoking badge as title (#8616)
When user revokes badge as title, UserHistory item is created. However,
that object is not accepting revoke_reson parameter.
2019-12-24 08:03:51 +11:00
Jeff Wong 63323bd7a8
FIX: category routes model params should decode their URL parts (#8612)
* FIX: category routes model params should decode their URL parts

Ember's route star globbing does not uri decode by default. This is
problematic for subcategory globs with encoded URL site settings enabled.

Subcategories with encoded URLs will 404 without this decode.

I found this https://github.com/tildeio/route-recognizer/pull/91
which explicitly explains that globbing does not decode automatically.
2019-12-23 10:24:41 -08:00
Jeff Wong e36efb1edc FIX: ensure that we encode a slug only once if slug generation method is encoded
This was re-encoding the search slug each loop - if the category list was not
the first category in the list, it'd continually search with a re-encoded search
term from the previous iteration. This results in ember 404ing when navigating
to raw encoded category slugs of the form /c/encoded-slug-with-non-ascii
that have no ID attached.
2019-12-22 00:25:12 -08:00
Jeff Wong eca1c643d5 FEATURE: allow TL3 promotions for overturned penalties
Restore tl3 reachability by calculating penalty counts vs unsuspend/unsilence.

Only count unsuspend or unsilences that have been made by a user other than
the Discourse system user.
2019-12-20 15:25:21 -08:00
Kris 00477d8f88 UX: Some category page style adjustments for sub-sub categories 2019-12-20 16:17:34 -05:00
Mark VanLandingham 6ec3d42b16
FEATURE: Allow complex post params from plugin (#8598) 2019-12-20 10:37:12 -06:00
Kris f8633d5c58 FIX: Give expanded CSS/HTML editor >0 height 2019-12-20 10:37:23 -05:00
Penar Musaraj bbe2947742 DEV: Use FA5 name for moved post icon 2019-12-20 09:50:05 -05:00
Krzysztof Kotlarek b47b1d8af8 FIX: label helpers on sign up form are not hidden (#8603)
This commit fe9293b8b5 created a regression.

The problem is that dom changed a little bit.
Before it was
```
<tr class="instructions create-account-email">
  <td></td>
  <div id="account-email-validation" class="tip bad ember-view"></div>
  <td><label>Never shown to the public.</label></td>
</tr>
```

And after we got
```
<tr class="instructions create-account-email">
  <td></td>
  <div id="account-email-validation" class="tip bad ember-view"> </div>
  <td><label>Never shown to the public.</label></td>
</tr>
```
That small space may look like not important change.

However, now helpers are hitting that CSS rule:

```
.login-form {
  .tip {
    &:not(:empty) + td {
      display: none;
    }
}
```

To fix it, we should render template only if there is a reason - like it was before

```
if (reason) {
  buffer.push(iconHTML(this.good ? "check" : "times") + " " + reason);
}
```

* FIX: remove rerenderTriggers
2019-12-20 12:17:51 +01:00
Bianca Nenciu 9fe11d0fc3 Revert "Rename 'target usernames' with 'target recipients' in Composer (#8468)"
This reverts commit ebb288dc2c.
2019-12-20 11:56:20 +02:00
Régis Hanol 7030c93206 Revert "FIX: Show signup input tips and improve spacing"
This reverts commit d449834a28.

The signup input tips were hidden instead.
2019-12-20 09:42:11 +01:00
Bianca Nenciu ebb288dc2c
Rename 'target usernames' with 'target recipients' in Composer (#8468) 2019-12-20 10:28:14 +02:00
Kris d449834a28 FIX: Show signup input tips and improve spacing 2019-12-19 20:37:47 -05:00
David Taylor 7737ecd0fe FIX: Limit requests and include data when reporting deprecated icons
- Only report each icon to the server once, to avoid hitting rate limits
- Correct typo in ajax `data` parameter

Follow-up to db7d00a8dc
2019-12-19 22:11:45 +00:00
Kris 2ad40d5f71 UX: New bell icons for notification/tracking statuses 2019-12-19 14:39:29 -05:00
Hector Bustillos 87c04ebe39 FEATURE: Keyboard shortcut for opening the topic admin menu (#8568)
* Keyboard shortcut for opening the topic admin menu

* Review changes

* Attrubute and target class renaming
2019-12-19 14:18:14 -05:00
Jeff Wong 036a24cf30
FIX: correct user serializer user method for extended serializer (#8590)
A small fix for Basic User Serializers where some downstream serializers do not correctly set user objects. This caused some issues in certain plugins that depend on the user method to return a user.
2019-12-19 09:48:01 -08:00
Dan Ungureanu 069bc70bd4
UX: Improve sub-sub-categories styling in categories list (#8593)
- Using h4 instead of h3 for sub-categories.
- Show category description if it does not have subcategories.
- Implemented equivalent for mobile-view.
- Include description_excerpt in basic serializer. This is needed for
  displaying second-level categories in category list.

Follow-up to 9253cb79e3.
2019-12-19 17:09:45 +02:00
Dan Ungureanu f1c4180ff8
FEATURE: Make 'Reorder Categories' work with nested categories (#8578) 2019-12-19 12:27:01 +02:00
Dan Ungureanu 9253cb79e3
UX: Show grandchildren in categories list (#8592) 2019-12-19 12:26:11 +02:00
Kris 3a8ed4033f UX: Prevent the post admin menu from appearing under the header on OP 2019-12-18 19:57:58 -05:00
Penar Musaraj db7d00a8dc DEV: Log deprecated FA 4.7 icon names in /logs (take 2)
Does not use utilities library, to avoid wizard qunit test failures
2019-12-18 12:52:31 -05:00
Penar Musaraj 274c22e7a2 Revert "DEV: Log deprecated FA 4.7 icon names in /logs"
This reverts commit 2dd9727c11.
2019-12-18 12:44:52 -05:00
Penar Musaraj 2dd9727c11 DEV: Log deprecated FA 4.7 icon names in /logs 2019-12-18 12:22:03 -05:00
David Taylor fab3bbf705 FIX: IE11 compatibility for readonly check
In some situations, the xhr object is undefined in IE11
2019-12-18 16:57:20 +00:00
Kris 37c9579a01 UX: reduce opacity on hidden topic contents, but not the controls 2019-12-18 11:34:33 -05:00
Dan Ungureanu 95390e3333
FIX: Show parent and subcategories for 2nd level categories (#8579)
The maximum level used to be one, which meant that a category could be
either a parent or a child. If it was a parent, the subcategories were
shown; if it was a child then the parent selector was shown.

With multiple levels of nesting, a category can be both a parent and a
child.
2019-12-18 17:44:28 +02:00
Kris 89154308b0 UX: Minor user admin page adjustments, accomodating for long group names 2019-12-18 09:26:03 -05:00
David Taylor 96bfefac5c FIX: Prevent errors in IE11 following AJAX request
In some situations, the xhr object is undefined, so check that it's present before continuing
2019-12-18 13:38:36 +00:00
Krzysztof Kotlarek 1921538faa FIX: show new/unread button when a new topic or post is created (#8576)
There is a problem that if you read all messages, even when a new one
arrives, the button on the top is not showing.

This is because once the button got `hidden` class, a label under is
properly updated, however, the class is not removed.

Therefore, I added computed isHidden function which is recalculated when
`count` change.
2019-12-18 11:22:28 +00:00
Vinoth Kannan 3b7f5db5ba
FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 11:21:57 +05:30
Krzysztof Kotlarek f59647cd55
FIX: move IE specific CSS rules to discourse-internet-explorer plugin (#8567) 2019-12-18 15:25:16 +11:00
Mark VanLandingham e916bd7ea0
FIX: Fix choose-topic component to search by url (#8574) 2019-12-17 13:01:52 -08:00
Mark VanLandingham d37dc14c57
REVERT: Remove feature topic on profile button from topic view (#8573) 2019-12-17 12:41:49 -08:00
Kris 62ebfbbb67 UX: Minor adjustment to give the PM recipient input more flexibility. 2019-12-17 14:56:57 -05:00
Joffrey JAFFEUX 007652ece5
DEV: allows this.get in widgets (#8571) 2019-12-17 18:39:51 +01:00
Blake Erickson 1c7305c0f1 DEV: Remove buffered rendering from topic-status
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.

Previous commit: 006e5904be in this
series.

This commit affects the icons next to the topic title that indicate if
it is closed, unlisted, pinned, etc. It is just a refactor and should
not change any functionality.

Originally I was going to continue to use the existing
topic-status-icons arrayProxy helper but this would require using
observers, so I opted instead to use computed properties and have a bit
larger hbs template.
2019-12-17 10:35:05 -07:00
Kris ff1be40980 UX: Increase combo-box tap area for mobile 2019-12-17 11:43:11 -05:00
Dan Ungureanu d9e7611910
FIX: Avoid String.matchAll for IE11 support 2019-12-17 18:09:29 +02:00
Penar Musaraj ea05a68df7
FIX: Use updated_at date to denote expired invites (#8521) 2019-12-17 10:13:49 -05:00
David Taylor 8106d94c05 SECURITY: Correct permission check when revoking user API keys 2019-12-17 10:56:16 +00:00
Martin Brennan beb91e7eff
FIX: require: false for rotp gem (#8540)
The ROTP gem is only used in a very small amount of places in the app, we don't need to globally require it.

Also set the Addressable gem to not have a specific version range, as it has not been a problem yet.

Some slight refactoring of UserSecondFactor here too to use SecondFactorManager to avoid code repetition
2019-12-17 10:33:51 +10:00
Krzysztof Kotlarek 84ede5867c
FIX: category id in filterCategory (#8555)
Small regression was created here: https://github.com/discourse/discourse/commit/374534f00ee#diff-4af46675500edc092f9224ca5835a7ddR106

After that change `listFilter` is including `categoryId` like `c/cat/subcat/6/l/latest` instead of `c/cat/subcat/l/latest`

Therefore, `trackIncoming` function in topic-tracking-state couldn't properly filter new messages
2019-12-17 08:33:38 +11:00
Penar Musaraj 776840c810 FIX: Ensure currentUser exists before getting ID
Otherwise this would trigger a JS error for anonymous users.
2019-12-16 14:53:43 -05:00
Mark VanLandingham 8c4ffaea1b
FEATURE: Modal for profile featured topic & admin wrench refactor (#8545) 2019-12-16 08:41:34 -08:00
Joffrey JAFFEUX aa73df768a
DEV: improves error message when sso param is not passed (#8549)
SingleSignOnProvider is expecting a sso param later in the chain. If sso param is not found it will cause a 500 with the following exception: `NoMethodError (undefined method `unpack1' for nil:NilClass)` as `set_return_sso_url` is attempting to decode it: https://github.com/discourse/discourse/blob/master/lib/single_sign_on_provider.rb#L19
2019-12-16 12:33:24 +01:00
Martin Brennan b6b05d3b48
Add bookmark-clock icon (#8553)
Adds a custom bookmark-clock icon to discourse-additional.svg for use with the new bookmarks with reminder functionality.

Also add some code to correctly refresh the post-stream icon for bookmark to show the clock after save.
2019-12-16 12:37:34 +10:00
Régis Hanol 5f1e346e16 DEV: lint file 2019-12-13 22:37:19 +01:00
Régis Hanol 1309262569 UX: pluralize "likes/read this"
When expending the number of likes/reads, the text wasn't handling
proper pluralization that might be useful in locales that requires it.
2019-12-13 22:18:28 +01:00
Penar Musaraj 028d21c01e DEV: Update deprecated icon names 2019-12-13 15:23:31 -05:00
Kris 216b59d3a4 UX: Improve alignment of social login/signup buttons in Firefox 2019-12-13 14:24:59 -05:00
Kris b76ae9e0f5 REFACTOR: Convert main button styles into a central mixin 2019-12-13 14:09:48 -05:00
Robin Ward a04a631674 Changed `CONFLICT` to `SQL` for multiline strings
This is more consistent with the rest of our codebase.
2019-12-13 11:51:40 -05:00
Kris 3816107560 UX: Z-index of image lightbox needs to be higher than modal z-index 2019-12-13 09:38:38 -05:00
Krzysztof Kotlarek d8360b4c82 SECURITY: vulnerability in WildcardUrlChecker 2019-12-13 09:29:09 -05:00
Daniel Waterworth 1fb7a6297c DEV: Add unambiguous routes for tags
The trouble with having:

/tags/:tag_id/...

and:

/tags/intersection/*tag_ids

for example, is: what happens if you want a tag called intersection?

Under this new scheme. Routes referring to a single tag are unambiguous
because they are prefixed with:

/tag/:tag_id

Routes referring to the collection of tags still start with:

/tags/

This commit just adds the new routes. It doesn't remove the old ones or
cause the new ones to be used.
2019-12-13 11:24:59 +00:00
Blake Erickson 006e5904be DEV: Remove buffered rendering from navigation-item
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.

Previous commit: ea6326c860 in this
series.

This commit affects the top menu buttons. It is just a refactor and
should not change any functionality.
2019-12-12 15:52:33 -07:00
Roman Rizzi b6a2875749
FIX: Granting staff status should auto-approve users waiting approval (#8533)
* FIX: Granting staff status should auto-approve users waiting approval

* Update app/models/concerns/roleable.rb

Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-12-12 16:26:38 -03:00
Robin Ward 76f676879c FIX: Constraint error when inserting the same topic group twice
If that happens, update the value instead of raising an error.
2019-12-12 13:10:46 -05:00
Penar Musaraj ff163ae980 DEV: Prevent empty admin topic buttons from rendering
When using api.decorateWidget("topic-admin-menu:adminMenuButtons") in plugins, an empty button is added if the helper only returns attributes based on a condition (for example, if the admin action is limited to public topics.) In that case, we need to exclude the button from rendering.
2019-12-12 12:21:30 -05:00
Penar Musaraj f62c9def33 Revert "FIX: prevents focus of input on mobile (#6251)"
This reverts commit bfcf8ed61b.
2019-12-12 11:17:40 -05:00
Blake Erickson ea6326c860 DEV: Remove buffered rendering from topic-post-badges
This is another refactoring in the multi-step process to remove all uses
of our custom Render Buffer.

Previous commit: f5cca4930d in this
series.

This commit affects the display of some of the unread, new, and unseen
badges in topic lists like when then "show subcategory list above topics
in this category" option is checked.
2019-12-12 07:04:25 -07:00
Dan Ungureanu b6589f203b FIX: Cache short upload URL (#8541)
The code for caching was already there, but it was caching invalid data,
which automatically invalidated the cache entry.
2019-12-12 15:03:34 +01:00
David Taylor 4c9ca24ccf
FEATURE: Hash API keys in the database (#8438)
API keys are now only visible when first created. After that, only the first four characters are stored in the database for identification, along with an sha256 hash of the full key. This makes key usage easier to audit, and ensures attackers would not have access to the live site in the event of a database leak.

This makes the merge lower risk, because we have some time to revert if needed. Once the change is confirmed to be working, we will add a second commit to drop the `key` column.
2019-12-12 11:45:00 +00:00
Daniel Waterworth b2ed17cf86 FIX: Disallow c as a tag 2019-12-12 11:26:57 +00:00
Daniel Waterworth 6aff510809 FIX: Disallow none as a category slug 2019-12-12 11:26:21 +00:00
Bianca Nenciu 3ec2081059
UX: Include public groups in mentionable groups set (#8516) 2019-12-12 13:13:40 +02:00
Martin Brennan 9f4c9bafa1
FIX: Hide old bookmark button on post-menu if SiteSetting.enable_bookmarks_with_reminders
Hide old bookmark post-menu item if the site setting for the new bookmark reminders is enabled and change icon for the new bookmark functionality to the same as the old bookmark button
Fix null @topic_view error in post serializer for post_bookmark, as new posts do not have a @topic_view
2019-12-12 16:28:01 +10:00
Martin Brennan edbc356593
FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528)
The following methods have long been deprecated in ruby due to flaws in their implementation per http://blade.nagaokaut.ac.jp/cgi-bin/vframe.rb/ruby/ruby-core/29293?29179-31097:

URI.escape
URI.unescape
URI.encode
URI.unencode
escape/encode are just aliases for one another. This PR uses the Addressable gem to replace these methods with its own encode, unencode, and encode_component methods where appropriate.

I have put all references to Addressable::URI here into the UrlHelper to keep them corralled in one place to make changes to this implementation easier.

Addressable is now also an explicit gem dependency.
2019-12-12 12:49:21 +10:00
David Taylor 1e59371a4f DEV: Remove unused omit_stats variable from user serializer (#8513)
* DEV: Remove unused omit_stats variable from user serializer

This was hard-coded to true in a8b5192efd, and is no longer used anywhere

* Remove attribute declarations
2019-12-12 13:27:23 +11:00
Kris 91a5731e7b UX: Small fixes for iOS signup modal 2019-12-11 15:47:25 -05:00
Kris 9c41b66996 UX: Tag combo box styles should match tags on topics 2019-12-11 14:49:39 -05:00
Régis Hanol 278d70f3eb FIX: Add new content type for theme/component
When uploading a theme/component, depending on the extension of the
file and the OS/Browser being used, the content type might differ.

This adds the "application/x-zip-compressed" content type that is being
sent by most Browsers on latest Windows when uploading a .zip file.
2019-12-11 19:50:23 +01:00
Kris 2f8a25b2d5 UX: Minor style updates for tag info 2019-12-11 13:34:01 -05:00
Dan Ungureanu adfa793731
SECURITY: Ensure only image uploads can be inlined
This prevents malicious files (for example special crafted XMLs) to be
used in XSS attacks.
2019-12-11 17:04:49 +02:00
Joffrey JAFFEUX dc6b02f050
UX: attempts to make charts loading less laggy (#8529) 2019-12-11 15:49:17 +01:00
Robin Ward 4abe4454dd
FEATURE: Create IE Support Plugin (#8520)
This core plugin, which could be split off in the future, allows us to load IE specific code on demand.

Co-authored-by: jjaffeux <j.jaffeux@gmail.com>
2019-12-11 09:07:22 -05:00
Martin Brennan 232eb685af Fix improved bookmark toggling/deleting bug
* i was incorrectly toggling the transformed post property
  instead of the actual property in the emberjs post model
  which broke the bookmark/unbookmark functionality
2019-12-11 15:48:27 +10:00
Martin Brennan 6261339da9
Improving bookmarks part 1 (#8466)
Note: All of this functionality is hidden behind a hidden, default false, site setting called `enable_bookmarks_with_reminders`. Also, any feedback on Ember code would be greatly appreciated!

This is part 1 of the bookmark improvements. The next PR will address the backend logic to send reminder notifications for bookmarked posts to users. This PR adds the following functionality:

* We are adding a new `bookmarks` table and `Bookmark` model to make the bookmarks a first-class citizen and to allow attaching reminders to them.
* Posts now have a new button in their actions menu that has the icon of an actual book
* Clicking the button opens the new bookmark modal.
* Both name and the reminder type are optional.
* If you close the modal without doing anything, the bookmark is saved with no reminder.
* If you click the Cancel button, no bookmark is saved at all.
* All of the reminder type tiles are dynamic and the times they show will be based on your user timezone set in your profile (this should already be set for you).
* If for some reason a user does not have their timezone set they will not be able to set a reminder, but they will still be able to create a bookmark.
* A bookmark can be deleted by clicking on the book icon again which will be red if the post is bookmarked.

This PR does NOT do anything to migrate or change existing bookmarks in the form of `PostActions`, the two features live side-by-side here. Also this does nothing to the topic bookmarking.
2019-12-11 14:04:02 +10:00
Blake Erickson b73a133bb5 FIX: Prevent scientific notation in free space check (#8473)
It's possibly that when trying to upload a backup the free space check
will output scientific notation resulting in an incorrect "There is not
enough space on disk" error.

The free space check uses the Linux `print` command which could return a
number using scientific notation like `1.60459e+10` and when ruby
converts it to an integer it will have the value of `1` instead of
`16045879296`. Which means even though you have 16GB of free space you
could not upload a 1GB backup file.

This commit uses the `printf` command instead which allows you to
specify that you do not want scientific notation.

I'm not sure why this hasn't been an issue before, but I was
experiencing it locally in development.
2019-12-11 12:57:03 +11:00
Sam Saffron 7b0cbfc1f9 DEV: lint file
long story but we are sorting out our new GitHub actions so we missed this
2019-12-11 10:48:58 +11:00
Kyle Zhao 2720531750 FIX: Always add username span in quick access item (#8526)
Generate an empty `<span>` even if there is no username, because the
first `<span>` is styled differently.
2019-12-11 09:44:19 +11:00
Neil Lalonde 81a43f2c1e REFACTOR: use rest serializer for tag-info categories
But the "synonyms" can't use the TagSerializer yet. We still have some
code from the discourse-tagging plugin that uses "text" instead of
"name", "count" instead of "topic_count", etc. We should make the js
consistent with the TagSerializer and then stop using tag_counts_json.
2019-12-10 14:58:11 -05:00
Blake Erickson f921909595 FIX: Reorder categories not working
Ember was throwing this error preventing the reorder categories feature
from working:

```
access theidproperty (of <(unknown):ember1803>). ... the object in question
is a special kind of Ember object (a proxy). Therefore, it is still necessary
to use.get('id')in this case.
```

So I updated it to use the `get` method

https://api.emberjs.com/ember/3.14/functions/@ember%2Fobject/get

Follow up to: 6e5fedb312
2019-12-10 12:36:47 -07:00
Penar Musaraj ba8d8a4f93 FIX: alphabetical tag sorting in mini-tag-chooser 2019-12-10 12:36:49 -05:00
Neil Lalonde 20464116ae FIX: tag input doesn't show all top 5 permitted tags 2019-12-10 10:30:01 -05:00