cecd7d0d07
FEATURE: global rate limiter can bypass local IPs
2018-01-08 08:39:17 +11:00
f086d28b30
FIX: Do not validate messages sent to mailing list mirror
2018-01-05 11:21:53 +01:00
e0d73a957d
FEATURE: Allow posting via email to read-only mailing list mirror category
2018-01-05 11:21:53 +01:00
d7cd7e4dc7
FIX: Never mark emails sent to mailing list mirror as auto-generated
2018-01-05 11:21:53 +01:00
ceb7590bcb
FIX: bounced email can contain multiple status codes
2018-01-03 17:59:20 +01:00
805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
...
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
a9e2fc59c4
FIX: [constructor] bbcode would cause markdown crash
2017-12-27 16:11:30 +11:00
ef4c6c67ba
fix the build
2017-12-23 14:42:40 +05:30
0514ac4ee2
FIX: verify presence of 'sso url' before enabling 'enable sso'
2017-12-23 13:30:49 +05:30
d6b22e6cc1
FIX: whitelist oneboxed iframes
2017-12-23 01:56:33 +01:00
4b51871f6a
Treat non-ascii URLs in `UrlValidator`.
2017-12-21 14:22:55 +08:00
6ecf37c482
Improve URL validation to check for a valid host.
...
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:
URI.parse("http://https://google.com ")
=> #<URI::HTTP http://https//google.com >
2017-12-21 13:50:15 +08:00
21e1b05c7e
FIX: Don't disable details when below truncate limit
2017-12-20 15:45:00 -05:00
a0aca83c12
FIX: Broken spec
2017-12-19 17:55:41 -05:00
b3fda0ea86
FIX: details tags broke excerpts
2017-12-19 17:28:55 -05:00
57a1190b07
FIX: correct issue with search omitting words with multiple dots
...
Previously we used to break up words with dots incorrectly leading to
missing search terms
2017-12-19 16:04:24 +11:00
81b3a4a3da
improve spec
2017-12-15 11:42:51 +11:00
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
67aecff59c
FEATURE: store twitter supplied email for auditing
2017-12-14 15:54:32 +11:00
e30851e45a
Move escape_uri method to a more suitable place
2017-12-12 20:17:46 +01:00
6ade508f39
FIX: Prevent 'rack.input' missing error.
2017-12-12 16:40:35 +08:00
ff6dda85b7
FIX: replace curly quotes to regular quotes in search terms
2017-12-12 11:17:28 +05:30
4986ebcf24
FEATURE: optional default off global per ip rate limiter
2017-12-11 17:52:57 +11:00
68d3c2c74f
FEATURE: add global rate limiter for admin api 60 per minute
...
Also move configuration of admin and user api rate limiting into global
settings. This is not intended to be configurable per site
2017-12-11 11:07:22 +11:00
90a55d6f7c
FIX: handle CORS in hijacked requests
2017-12-07 10:31:04 +11:00
16738cfb1b
FEATURE: convert plain text emails to markdown
2017-12-06 01:47:51 +01:00
5f318a5241
FEATURE: Replace SimpleRSS with Ruby RSS module ( #5311 )
...
* SPEC: PollFeedJob parsing atom feed
* add FeedItemAccessor
It is to provide a consistent interface to access a feed item's tag
content.
* add FeedElementInstaller
to install non-standard and non-namespaced feed elements
* FEATURE: replace SimpleRSS with Ruby RSS module
* get FinalDestination and download with Excon
* support namespaced element with FeedElementInstaller
2017-12-06 10:45:09 +11:00
995bf3c84e
correct spec on Ruby 2.3
2017-12-05 07:04:41 +11:00
5a9622163d
FIX: regression around rate limiter
2017-12-04 21:44:16 +11:00
dd70ef3abf
Revert "Revert "PERF: improve speed of rate limiter""
...
This reverts commit 2373d85239
2017-12-04 21:23:11 +11:00
2373d85239
Revert "PERF: improve speed of rate limiter"
...
This reverts commit a9bcdd7f27
2017-12-04 21:19:28 +11:00
d041377ccf
correct test that does not work with discobot
2017-12-04 18:20:05 +11:00
a9bcdd7f27
PERF: improve speed of rate limiter
...
Also
- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime
2017-12-04 18:17:30 +11:00
b18cc81609
Make rubocop happy.
2017-12-04 10:55:31 +08:00
22140efa70
Tests are still leaking connection after skipping.
...
* Could be in the setup.
2017-12-04 10:46:30 +08:00
4c8402c50f
Skip test that is leaking connections.
2017-12-04 09:26:51 +08:00
7f2eeaf767
FIX: Password required flag should be cleared whenever clearing the raw password ( #5384 )
2017-12-01 15:19:24 +11:00
b1375ef44e
Ensure that we disconnect connection in test.
2017-11-29 20:57:13 +08:00
44ee388070
FEATURE: omit images from og and twitter description tags
2017-11-28 21:34:02 +01:00
b094894c94
Feature: Add service worker registration method to plugin API
2017-11-28 14:01:41 +08:00
df84e1c358
Correctly track hijacked requests
2017-11-28 16:47:20 +11:00
0caa335ef0
FIX: Handle more cases where HTTP status is not correct
...
HTTP status was not correct with send_file which uses streaming
2017-11-28 11:00:13 +11:00
ca7af7b88f
FIX: displaying wrong avatar and letter avatar
...
correct regression where params and env is reused in production
2017-11-28 09:28:40 +11:00
608207b2e5
FEATURE: avatar proxy happens in background
...
This ensures that even if it is slow to download avatars site will
continue to work
Also simplifies hijack pattern
2017-11-27 17:43:24 +11:00
2e04ef97d9
Fix the build.
2017-11-27 10:53:05 +08:00
a7030e80bf
Skip randomly failing test.
2017-11-27 10:51:18 +08:00
71942e4f62
Merge pull request #5352 from tgxworld/method_for_replica_postgres_connection
...
Expose `replica_postgresql_connection` to `ActiveRecord::Base`.
2017-11-27 08:38:10 +08:00
e0e99d4bbd
PERF: hijack onebox requests so they do not use up a unicorn worker
2017-11-24 15:31:40 +11:00
a509f466a0
Expose `replica_postgresql_connection` to `ActiveRecord::Base`.
2017-11-24 09:35:45 +08:00
613f4d737a
FIX: updating topic stats failed silently for invalid topics
2017-11-23 18:47:45 +01:00
Sam
Gerhard Schlager
Guo Xiang Tan
Arpit Jalan
Régis Hanol
Guo Xiang Tan
Robin Ward
Kyle Zhao
Vinoth Kannan
Jeff Wong