Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
28,669 Commits 180 Branches 498 Tags 916 MiB
Commit Graph

2496 Commits

Author SHA1 Message Date
David Taylor 9a813210b9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071) 
Do not allow authentication with disabled plugin-supplied auth providers
 2018-07-09 14:25:58 +10:00
Maja Komel 18f5f646b1 FEATURE: allow selecting a tag when moving posts to a new topic (#6072) 2018-07-06 18:21:32 +02:00
Arpit Jalan b9835cc392 FIX: do not use scheduler for uploading csv file for invite 
Since the bulk invite process already happens in a dedicated Sidekiq job
 2018-07-04 13:28:11 +05:30
Sam e72fd7ae4e FIX: move crawler blocking into anon cache 
This refinement of previous fix moves the crawler blocking into
anonymous cache

This ensures we never poison the cache incorrectly when blocking crawlers
 2018-07-04 11:14:43 +10:00
Sam 7f98ed69cd FIX: move crawler blocking to app controller 
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
 2018-07-04 10:30:50 +10:00
Sam 6a54da0902 FIX: raise invalid params for bad callback 
Corrects it so we raise a 400 instead of logged 500 error
 2018-06-29 10:43:33 +10:00
Sam 982df3c17b FIX: return status 400 for invalid member params 
previously error returned was a 500 which is not ideal
and is logged
 2018-06-29 10:15:17 +10:00
Robin Ward fd7bb8e656 FIX: Scope the `cn` to the subfolder 2018-06-28 11:03:36 -04:00
Arpit Jalan 2c971c41f6 FIX: post deletions rate limit per day was not working 2018-06-28 19:21:27 +05:30
Arpit Jalan a6d50d1ff7 FEATURE: new settings to control posts deletions rate limit 2018-06-28 17:03:37 +05:30
Arpit Jalan c352f8eb15 FEATURE: rate limit post deletions to 50 per day 2018-06-28 16:38:58 +05:30
Maja Komel ec3e6a81a4 FEATURE: Second factor backup 2018-06-28 10:12:32 +02:00
Arpit Jalan 6bcdc3ba4b FEATURE: allow author to delete posts irrespective of post_edit_time_limit 2018-06-26 21:43:06 +05:30
Arpit Jalan 7efdccdbc5 FIX: allow staff to remove tags from queued topics 2018-06-26 17:08:40 +05:30
Joffrey JAFFEUX 95d99de7b4
FIX: hides durability section in dashboard if backups are disabled 2018-06-20 22:26:37 +02:00
Guo Xiang Tan 0365806b93 FIX: Properly display error when post action fails to create. 2018-06-20 21:20:23 +08:00
Sam 5f64fd0a21 DEV: remove exec_sql and replace with mini_sql 
Introduce new patterns for direct sql that are safe and fast.

MiniSql is not prone to memory bloat that can happen with direct PG usage.
It also has an extremely fast materializer and very a convenient API

- DB.exec(sql, *params) => runs sql returns row count
- DB.query(sql, *params) => runs sql returns usable objects (not a hash)
- DB.query_hash(sql, *params) => runs sql returns an array of hashes
- DB.query_single(sql, *params) => runs sql and returns a flat one dimensional array
- DB.build(sql) => returns a sql builder

See more at: https://github.com/discourse/mini_sql
 2018-06-19 16:13:36 +10:00
Joffrey JAFFEUX f2dbe66367
FEATURE: adds a /admin/reports route to list all reports 2018-06-18 12:31:56 +02:00
Rafael dos Santos Silva 51cb38783e FIX: start_url was wrong in non-subfolder 2018-06-15 14:29:33 -03:00
Rafael dos Santos Silva 8fc08aad09 FEATURE: Update the webmanifest 
- Remove share target because the spec is changing
- Allow any orientation again because natural is too restrictive
- Use correct file and mime types for the manifest
 2018-06-14 00:13:28 -03:00
Sam Saffron 030e322a39 FEATURE: block top level /my/ routes 2018-06-12 19:47:45 +10:00
Jeff Wong 44ee26721a FIX: add check for missing assets file in development 2018-06-11 11:18:34 -07:00
Arpit Jalan f9ab3848ed FEATURE: support disabling emails for non-staff users 2018-06-07 18:31:08 +05:30
Guo Xiang Tan ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Sam 89ad2b5900 DEV: Rails 5.2 upgrade and global gem upgrade 
This updates tests to use latest rails 5 practice
and updates ALL dependencies that could be updated

Performance testing shows that performance has not regressed
if anything it is marginally faster now.
 2018-06-07 14:21:33 +10:00
Vinoth Kannan d8e641cd98 FIX: avatar_url includes upload_path twice when local storage used 2018-06-06 18:27:30 +05:30
Guo Xiang Tan a83ab01264 REFACTOR: Remove extra param for group mentionable and messableable route. 2018-06-06 09:42:09 +08:00
Arpit Jalan f8d82f135f FIX: do not verify group visibility when checking for mentionable/messageable 2018-06-05 16:59:21 +05:30
Guo Xiang Tan 95f9b72351 FIX: Update activation email route was returning a generic json error. 2018-05-31 14:19:43 +08:00
Guo Xiang Tan 21e9315416 FIX: Use user account email instead of auth email when totp is enabled. 
https://meta.discourse.org/t/github-2fa-flow-broken/88674
 2018-05-30 12:15:12 +08:00
Guo Xiang Tan a081771950
Merge pull request #5872 from OsamaSayegh/users-controller-specs-to-request 
REFACTOR: users contollers specs => request specs
 2018-05-28 13:32:37 +08:00
OsamaSayegh 449399bef3 return 403 forbidden when local logins disabled 2018-05-26 05:18:19 +03:00
Régis Hanol 5b2e7c8d10 fix the build 2018-05-26 03:11:10 +02:00
Robin Ward 4195c7c9ea FEATURE: Ability to clear a user's penalty history 
You can do this manually if you want to allow them to reach TL3 without
their penalty history counting against them.
 2018-05-25 12:54:22 -04:00
Guo Xiang Tan 569f63b8a2
Merge pull request #5825 from featheredtoast/extend-service-worker-cache 
FIX: update cache times for service workers
 2018-05-25 09:28:17 +08:00
Sam 53b97b28f0 FIX: in rare conditions post timing would miss the user 2018-05-24 15:38:33 +10:00
Neil Lalonde 3db1032bfd FIX: not found page shouldn't include the Google search form for sites with login_required enabled 2018-05-23 16:59:02 -04:00
Blake Erickson 3edca8b104 Return a 403 instead of 200 when trying to delete a user with posts 
See [this commit][1] for more info

[1]: bd352a17bf
 2018-05-22 17:02:02 -06:00
Sam 3e06def856 FIX: If we have no logo defined use sketch in manifest 2018-05-22 12:10:59 +10:00
Sam 788ca1f112 FIX: stop adding email to unsubscribe url 
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis

Also move controller to request specs
 2018-05-22 09:07:03 +10:00
Guo Xiang Tan 467d91347a Missing specs for `Group`, `Tag`, `Category` and `Flag` web hooks. 2018-05-21 17:29:58 +08:00
Arpit Jalan 9f422c93f6 FIX: restrict updates on `confirm_old_email` email templates 2018-05-19 12:19:59 +05:30
Arpit Jalan 003b7f06ad FIX: rescue specific error 2018-05-18 09:52:16 +05:30
Jeff Wong 04c7dbafa3 FIX: manifest.json better detection at mime type. Find size if uploaded 2018-05-17 14:45:24 -07:00
Jeff Wong 41ffafb65e FIX: best effort at returning correct mime types in manifest.json 2018-05-17 12:14:39 -07:00
Régis Hanol 53f8f6095d FEATURE: staff action logs when creating/updating/deleting badges 2018-05-17 18:09:27 +02:00
Arpit Jalan 9532d9a555 FIX: handle invalid tags 2018-05-17 19:33:12 +05:30
Régis Hanol 131b7f5da5 make 🤖 rubocop happy 2018-05-16 16:35:04 +02:00
Joe Buhlig 3cd4c82c49 Allow parameters for group and username filters on directory (#5815) 2018-05-16 16:20:17 +02:00
Régis Hanol 5e97a9bfb7 FIX: tags in a 'visible by everyone but usable only by staff' group weren't visible by everyone 2018-05-16 09:48:19 +02:00