Robin Ward
aef954784a
FIX: `nofollow` was being added during post processing when it shouldn't
2016-08-12 15:35:13 -04:00
Régis Hanol
7db2083d45
FIX: 'cancel_scheduled_job' was deleting all jobs in multisite
2016-08-12 13:10:52 +02:00
Sam
7e4503dd99
FEATURE: basic info route for all sites, even ones that require login
...
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam
afaba56de3
FEATURE: missing API endpoint for topic tracking states
2016-08-12 17:10:35 +10:00
Robin Ward
7e165d031b
FIX: Short terms will be searched for if at least one is long enough
2016-08-11 11:53:14 -04:00
Guo Xiang Tan
6075debc90
Add specs to hidding settings when shadowed by a global.
2016-08-11 16:04:45 +08:00
Guo Xiang Tan
11afb20772
SECURITY: Escape HTML in filename.
2016-08-11 11:27:12 +08:00
Guo Xiang Tan
6288d4c995
FIX: Revised post not updated correctly when merging posts.
2016-08-11 09:01:54 +08:00
Robin Ward
fc311dbe3b
FEATURE: An option to search more recent posts for very large sites.
...
On very large forums searching posts can be slow, so this commit
introduces the ability to try and search only the most recent posts
first, and then going for a larger breadth search if there aren't
enough results.
Enable `search_prefer_recent_posts` and you can customize how many
recent posts to filter with `search_recent_posts_size`
2016-08-10 15:43:42 -04:00
Régis Hanol
e55e2aff94
FIX: FirstReplyByEmail badge wasn't granted
...
DEPRECATED: PostProcess badge trigger
2016-08-10 19:24:01 +02:00
Robin Ward
cc366d5a60
FIX: Search in non-english should have a smaller minimum
2016-08-09 15:20:28 -04:00
Robin Ward
28436a604a
FIX: Prevent tricking the search from ignoring minimum lengths
2016-08-09 14:49:46 -04:00
Régis Hanol
282f9948cb
FIX: wasn't able to update category's settings
2016-08-09 20:14:49 +02:00
Sam
5cc8bb535b
SECURITY: do cookie auth rate limiting earlier
2016-08-09 10:02:18 +10:00
Régis Hanol
51322a46b3
FEATURE: retry processing incoming emails on rate limit
2016-08-08 22:28:27 +02:00
Neil Lalonde
17b51bb465
FIX: topics tagged with muted tags should not be included in digest emails
2016-08-08 15:14:25 -04:00
Robin Ward
fb1b119462
Merge pull request #4342 from acshi/embeddedhost-localhost
...
Allow localhost as an embeddable host
2016-08-08 14:31:58 -04:00
Robin Ward
8b252f19d7
Merge pull request #4365 from gdpelican/fix/daily-mlm-notifications
...
Don't halt notification emails for those on daily mailing list mode
2016-08-08 14:30:56 -04:00
Robin Ward
3d62e5dd98
SECURITY: XSS issue on Admin users list
2016-08-05 12:01:16 -04:00
Robin Ward
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
Régis Hanol
d0962d6e5a
FIX: serve category images from the CDN
2016-08-05 13:03:49 +02:00
Robin Ward
e5b529f8e1
FIX: Couldn't move posts with deleted replies
2016-08-04 11:56:01 -04:00
Neil Lalonde
f10c4682cd
FIX: muted tags showing in latest topic list
2016-08-04 11:54:48 -04:00
Neil Lalonde
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
James Kiesel
c2819e99f4
Don't halt notification emails for those on daily mailing list mode
2016-08-03 12:29:38 -04:00
Régis Hanol
b08ab829b8
added 'X-Auto-Response-Suppress' email header (props to elijah)
2016-08-03 11:02:07 +02:00
Robin Ward
f4c8070d09
FIX: Couldn't update category notification level
2016-08-02 11:22:02 -04:00
Guo Xiang Tan
bf683178a8
FIX: Remove tag plugin code from tag hashtag check.
2016-08-02 10:59:12 +08:00
Régis Hanol
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
Régis Hanol
829143bf88
FIX: 'List-Unsubscribe' header wasn't added to emails sent when mailing_list_mode was enabled
2016-08-01 20:19:00 +02:00
Régis Hanol
c591429868
FIX: don't destroy uploads in queued posts and drafts
2016-08-01 18:35:57 +02:00
Sam
9018de39ed
FEATURE: allow shipping bio markdown via SSO
...
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Neil Lalonde
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
Robin Ward
2891f230d1
SECURITY: Make sure uploaded_urls have corresponding upload records
2016-07-28 13:54:17 -04:00
Robin Ward
cf5b756b1a
SECURITY: Cross-Site Scripting in Category and Group Settings
2016-07-28 11:57:59 -04:00
Robin Ward
dc1a830d3d
SECURITY: SQL Injection in Admin List Active Users
2016-07-28 11:42:06 -04:00
Robin Ward
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
Sam
16a383ea1e
SECURITY: limit bad cookie auth attempts
...
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
Sam
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Robin Ward
2a4006fe0c
Add `YandexBot` to our list of crawlers
2016-07-26 13:21:37 -04:00
Sam
b5fbff947b
FIX: don't expire old sessions when logging in
2016-07-26 11:37:41 +10:00
Jeff Atwood
1379bd5053
fix all v=2 spec / test errors for emoji
2016-07-25 15:53:48 -07:00
Sam
12ecf8624a
FIX: tokenize words with dots correctly
...
hello.world is now tokenized as "hello.world" and "world" that way the word
"world" will find the post with "hello.world"
2016-07-25 16:26:33 +10:00
Sam
e01802a13b
FIX: strip quote from search term when searching within topic
2016-07-25 15:06:25 +10:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Acshi Haggenmiller
afa88f68ce
added spec for localhost embeddable host validation
2016-07-22 17:12:57 -04:00
Sam
12dc511fea
PERF: make score calculator cheaper when site has long topics
2016-07-22 09:48:44 +10:00