Commit Graph

4106 Commits

Author SHA1 Message Date
Régis Hanol 2d22173b81 Merge pull request #4846 from cfstras/transfer-encoding-8bit
Fix reply-by-mail for 8-bit transfer encodings
2017-05-01 15:27:50 +02:00
Sam Saffron dafc4ec906 qunit runner in autospec has been a mess, opening moves to get it working 2017-04-30 19:45:29 -04:00
Claus Strasburger e9bb9a167b Fix reply-by-mail for 8-bit transfer encodings
The mail class seems to handle mails sent with Content-Transfer-Encoding: 8bit
somewhat weirdly: It decodes them (to utf-8), changes the raw source to base64,
and does not modify the Content-Type:charset= header.

This leads to Discourse trying the message encoding (in my example ISO-8859-1)
first, and if that does not contain any unparseable characters, it uses that.
Sadly, in ISO-8859-1, every byte sequence is valid.

Fix this by always trying to decode as UTF-8 first. The probability of someone
using another encoding that cleanly (but wrongly) decodes as UTF-8 should be
fairly low.
2017-04-30 23:30:40 +02:00
Vinoth Kannan 1241660c2c FIX: 'read' filter in top menu showing new topics 2017-04-29 14:37:45 +05:30
Régis Hanol aba76bace6 add support to keep img tags when converting to html 2017-04-28 22:14:46 +02:00
Régis Hanol 51ee49aad2 FIX: properly support HTML document when converting to markdown 2017-04-28 22:02:20 +02:00
Robin Ward f05f1a24d3 Change Anniversary badge to be multiple grant, once per year 2017-04-28 14:22:54 -04:00
Neil Lalonde a501f9d4e5 Version bump to v1.8.0.beta11 2017-04-27 14:05:58 -04:00
Régis Hanol 0ec15af970 restore the 'incoming_email_prefer_html' site setting 2017-04-27 14:31:11 +02:00
Guo Xiang Tan 7873a2efb7 Merge pull request #4843 from tgxworld/disable_post_min_length_for_pm
FEATURE: Disable minimum post length check when in PM with non human …
2017-04-27 16:35:19 +08:00
Guo Xiang Tan 59b906ab0d FEATURE: Disable minimum post length check when in PM with non human users.
https://meta.discourse.org/t/discourse-narrative-bot-beta-feedback/58621/65?u=tgxworld
2017-04-27 16:00:22 +08:00
Guo Xiang Tan 84490c4558 Allow a sidekiq queue to be configured to only run on a certain hostname. 2017-04-27 15:32:16 +08:00
Robin Ward bf9c4a7828 FEATURE: secure_email site setting to prevent data going out in email 2017-04-26 13:05:56 -04:00
Régis Hanol b76674f640 FEATURE: convert incoming emails in HTML to markdown
- remove incoming_email_prefer_html site setting
- remove HtmlCleaner class
2017-04-26 16:49:06 +02:00
Guo Xiang Tan c3b5bca0e8 Log error for all exceptions in scheduler stats. 2017-04-26 09:33:05 +08:00
Guo Xiang Tan 1f6418f907 Track error message in `SchedulerStats`. 2017-04-26 01:34:25 +08:00
Sam Saffron f04fbf911a FEATURE: in vim dev you can focus on spec line in autospec
instructions in bin/notify_file_change
2017-04-25 09:13:29 -07:00
Guo Xiang Tan 85ba14fedd Fix `Fixnum` is deprecated in Ruby 2.4. 2017-04-25 15:19:12 +08:00
Guo Xiang Tan aef89c4850 REFACTOR: Load `Post` records in batches when destroying stubs. 2017-04-25 10:19:21 +08:00
Régis Hanol e5c29a1dde eradicate debugging 'puts' 💥 2017-04-24 23:08:15 +02:00
Régis Hanol 7c739f0f45 rake tasks to ensure consistency after bulk import 2017-04-24 23:00:54 +02:00
Régis Hanol 0f2e6042f2 PERF: don't load User object in memory when we only need to know if it exists 2017-04-24 23:00:36 +02:00
Régis Hanol d5630d6160 HtmlToMarkdown library
Small library to transform HTML to Discourse-flavored markdown (mostly used for imports)
2017-04-24 22:01:41 +02:00
Guo Xiang Tan 423f2ab228 FIX: Processing incoming email should be done in a background job. 2017-04-24 13:57:28 +08:00
Arpit Jalan dad2024094 FIX: do not impose default min/max validation on hidden site setting 2017-04-22 12:08:39 +05:30
Guo Xiang Tan 5fab2042f5 Revert "Add rake task to gather `GC.stat` for Sidekiq."
This reverts commit 15e2f55655.
2017-04-22 08:23:24 +08:00
Sam b74c61777a waiting on the wrong array 2017-04-21 17:29:38 -04:00
Sam b077335a30 make stat socket much more robust 2017-04-21 17:12:29 -04:00
Sam e189ec2def correct it so stats socket times out after 10 seconds 2017-04-21 16:54:18 -04:00
Sam 0b3aec9c94 FEATURE: set UNICORN_STATS_SOCKET_DIR for status socket
eg:

sam@ubuntu stats_sockets % socat - UNIX-CONNECT:9622.sock
gc_stat
{"count":46,"heap_allocated_pages":2459,"heap_sorted_length":2460,"heap_allocatable_pages":0,"heap_available_slots":1002267,"heap_live_slots":647293,"heap_free_slots":354974,"heap_final_slots":0,"heap_marked_slots":503494,"heap_swept_slots":498773,"heap_eden_pages":2459,"heap_tomb_pages":0,"total_allocated_pages":2459,"total_freed_pages":0,"total_allocated_objects":4337014,"total_freed_objects":3689721,"malloc_increase_bytes":6448248,"malloc_increase_bytes_limit":29188387,"minor_gc_count":36,"major_gc_count":10,"remembered_wb_unprotected_objects":19958,"remembered_wb_unprotected_objects_limit":39842,"old_objects":462019,"old_objects_limit":895782,"oldmalloc_increase_bytes":6448696,"oldmalloc_increase_bytes_limit":19350882}
2017-04-21 11:37:03 -04:00
Arpit Jalan b0151ab66a Merge pull request #4826 from techAPJ/site-setting-max-value
FIX: all basic integer settings should have min & max value validation
2017-04-21 20:21:10 +05:30
Arpit Jalan 1f5089e474 FIX: handle invite error in wizard 2017-04-21 20:07:04 +05:30
Sam 52306c393a FEATURE: basic implementation of stats socket 2017-04-21 10:24:43 -04:00
Guo Xiang Tan 15e2f55655 Add rake task to gather `GC.stat` for Sidekiq. 2017-04-21 17:32:06 +08:00
cpradio 20c2c66dd4 FEATURE: Add normal as a preference for topic subscription state when replying to a topic 2017-04-20 22:33:10 -04:00
Arpit Jalan 9eff4f0807 FIX: all basic integer settings should have max value validation 2017-04-21 07:09:41 +05:30
Arpit Jalan 5d9d2cf287 FIX: do not explicitly show email of flagger / flagged user 2017-04-20 22:09:30 +05:30
Sam e119c6e01e FIX: embedded comments not working when theme is missing 2017-04-20 10:31:33 -04:00
Guo Xiang Tan 0f2e2ea175 Update moment locales as well. 2017-04-20 12:24:20 +08:00
Sam 7eabb90b71 FEATURE: added error messages for bad theme CSS / JS 2017-04-19 16:46:46 -04:00
Guo Xiang Tan 8052218f61 Upgrade momentjs. 2017-04-19 22:04:35 +08:00
Robin Ward 564eb8c20f Allow plugins to add vendored files for the text pipeline 2017-04-18 17:59:05 -04:00
Sam 2bc3aa7ed4 remove no digest refs
the digestless special dev behavior is no longer needed
2017-04-18 17:05:33 -04:00
Sam 0a67d859d5 correct watcher so it handles color scheme changes correctly 2017-04-18 16:48:15 -04:00
Robin Ward d82d11a96b FIX: ctx parameter is optional 2017-04-18 13:06:11 -04:00
Robin Ward 8b8ee2ad61 Pass a context in when using a HTML builder 2017-04-18 12:35:35 -04:00
Robin Ward 1363988cd7 Support for an HTML builder that can create dynamic HTML 2017-04-17 17:32:55 -04:00
Sam 5dd752877e FEATURE: try adding some preload hints for chrome 2017-04-17 11:52:43 -04:00
Sam 6e5296a510 FEATURE: upgrade sprockets to latest stable
This unlocks Rails upgrades, so we can now upgrade to latest Rails
2017-04-17 10:12:05 -04:00
Guo Xiang Tan 04016f0dec Support Ruby 2.4. 2017-04-15 12:29:00 +08:00
David Taylor 96f2335c09 FIX: Corrects typo to avoid error 500 on theme change 2017-04-15 01:21:53 +01:00
Sam 4ed4d77fd3 correct the monkey patch 2017-04-14 15:06:52 -04:00
Sam def7348777 FIX: display custom sections with default theme
also cleans up mechanism for previewing themes, cleans up naming,
gets rid of old janky "preview_style", secures local theme key
2017-04-14 13:35:12 -04:00
Sam 8370b4b1b7 FIX: don't precompile if we have no themes table 2017-04-14 10:33:35 -04:00
Sam 4161a7abec FIX: allow CSS precompilation to access newly manifested assets 2017-04-14 10:30:19 -04:00
Sam 2d636406dc FIX: in some case bundle exec fails from spawn
there is some bundler magic in here, prefer bin stubs anyway
cause they are a bit faster
2017-04-13 17:24:58 -04:00
Sam 22214f5e5c Upgrade the Listen gem 2017-04-13 10:39:36 -04:00
Sam a018eed611 expand tmp for osx 2017-04-12 14:47:37 -04:00
Sam db9a44d4b5 we need theme vars when building theme css 2017-04-12 13:37:27 -04:00
Sam bbecc65737 force recompilation of css assets 2017-04-12 12:46:03 -04:00
Sam 8cd9afcfad move CSS precompilation to last step 2017-04-12 12:30:24 -04:00
Sam a3e8c3cd7b FEATURE: Native theme support
This feature introduces the concept of themes. Themes are an evolution
of site customizations.

Themes introduce two very big conceptual changes:

- A theme may include other "child themes", children can include grand
children and so on.

- A theme may specify a color scheme

The change does away with the idea of "enabled" color schemes.

It also adds a bunch of big niceties like

- You can source a theme from a git repo

- History for themes is much improved

- You can only have a single enabled theme. Themes can be selected by
    users, if you opt for it.

On a technical level this change comes with a whole bunch of goodies

- All CSS is now compiled using a custom pipeline that uses libsass
    see /lib/stylesheet

- There is a single pipeline for css compilation (in the past we used
    one for customizations and another one for the rest of the app

- The stylesheet pipeline is now divorced of sprockets, there is no
   reliance on sprockets for CSS bundling

- CSS is generated with source maps everywhere (including themes) this
    makes debugging much easier

- Our "live reloader" is smarter and avoid a flash of unstyled content
   we run a file watcher in "puma" in dev so you no longer need to run
   rake autospec to watch for CSS changes
2017-04-12 10:53:49 -04:00
Guo Xiang Tan 3861bd2793 FIX: Quotes should be ignored when parsing for onebox source. 2017-04-11 15:22:21 +08:00
Guo Xiang Tan 0a4c30bce3 FIX: Handle cases where `alt` and `title` tag is blank when parsing excerpt. 2017-04-11 14:18:27 +08:00
Régis Hanol 2be14a604c FIX: censored_pattern with group capturing wasn't working 2017-04-10 23:38:48 +02:00
Neil Lalonde 8ce14479b6 Version bump to v1.8.0.beta10 2017-04-10 14:31:27 -04:00
Guo Xiang Tan e49f3a408e FEATURE: Add option for `ExcerptParser` to keep onebox source. 2017-04-10 16:11:58 +08:00
Régis Hanol 93556bb950 Merge pull request #4793 from rcgordon/smtp-fast-rejection
Added an API to ask if an incoming email should be dropped at the SMTP level.
2017-04-07 09:59:52 +02:00
Guo Xiang Tan f534f041a0 FIX: Ensure directory exists. 2017-04-07 15:50:17 +08:00
Ryan C. Gordon a51c191a66 Make Email::Receiver.check_address() into a class method. 2017-04-05 23:10:36 -04:00
Robin Ward 17f2974d0a SECURITY: Confirm new administrator accounts via email 2017-04-04 15:59:01 -04:00
Guo Xiang Tan e4d7e4fbe3 Improve error messages. 2017-04-04 17:19:14 +08:00
Guo Xiang Tan 34b7bee568 FEATURE: Allow admin to auto reopen at topic.
* This commit also introduces a `TopicStatusUpdate`
  model to support other forms of deferred topic
  status update in the future.
2017-03-31 11:14:18 +08:00
Robin Ward 14410b71fb Convert server side paths to use `/u/` 2017-03-30 10:23:24 -04:00
Yana Agun Siswanto cd2d2f16e5 Allow to order search results by the topic creation date
based on: https://meta.discourse.org/t/allow-to-order-search-results-by-the-topic-creation-date/38544
2017-03-30 01:18:38 +07:00
Arpit Jalan bb0fa5abbc FIX: suggested username should not be more than setting max_username_length 2017-03-29 18:19:28 +05:30
Neil Lalonde 2e57464819 Version bump to v1.8.0.beta9 2017-03-28 11:34:01 -04:00
Arpit Jalan 8bf12502bd Merge pull request #4780 from techAPJ/send-statistics
FEATURE: Send anonymized usage statistics to Discourse if "Discourse Hub" can't reach the site
2017-03-28 10:02:05 +05:30
Arpit Jalan f3cd5f61c5 FEATURE: Send anonymized usage statistics to Discourse if Discourse Hub can't reach the site 2017-03-28 09:07:23 +05:30
Régis Hanol 85bf18ad0e tiny refactor 2017-03-27 16:21:38 +02:00
Guo Xiang Tan fc3c34b78f Allow Brotli compression to be disabled when precompiling. 2017-03-27 11:55:43 +08:00
Arpit Jalan 3449339fea FIX: admin locales were not getting converted to message format 2017-03-25 01:12:23 +05:30
Guo Xiang Tan a4deb0e47d Fix typo. 2017-03-24 20:59:34 +08:00
Régis Hanol 747f4812e4 fix custom emoji support when using subfolder 2017-03-24 02:09:39 +01:00
Régis Hanol 9f65658c5c register_emoji should work with subfolder installs 2017-03-24 01:08:12 +01:00
Arpit Jalan 9f930125f5 FIX: replace site_name in email subject with site title 2017-03-22 23:38:46 +05:30
Arpit Jalan 786fd6bbd2 Merge pull request #4774 from techAPJ/email-prefix
FIX: use email prefix only in subject
2017-03-22 14:18:50 +05:30
Matt Palmer da7a44064b Fix purge_tombstone for the brave new world of secure command execution 2017-03-22 10:27:07 +11:00
Arpit Jalan 1853a4852c FIX: use email prefix only in subject 2017-03-21 20:29:57 +05:30
Sam c106ca6778 FEATURE: fallback asset path for multi host setups 2017-03-20 15:59:17 -04:00
Sam bc96f0fe78 rescue failure to backup assets 2017-03-20 13:43:59 -04:00
Sam e14a63cc88 FEATURE: add support for backup asset path post precompile 2017-03-20 13:05:39 -04:00
Neil Lalonde 482578ba26 Version bump to v1.8.0.beta8 2017-03-20 12:05:03 -04:00
Arpit Jalan 521c88fe58 FIX: enqueue activation email for invited user that has password set 2017-03-20 17:13:21 +05:30
Guo Xiang Tan a1d04a7a9a Fix rspec tests. 2017-03-20 12:35:08 +08:00
Guo Xiang Tan 11dbadb96f Fix tests. 2017-03-20 11:19:20 +08:00
David Taylor 89d41ecb39 Add support for oneboxing twitter videos 2017-03-17 20:49:29 +00:00
David Taylor ea45cc1293 Request full tweets, since twitter has increased the allowed length 2017-03-17 20:36:53 +00:00
Guo Xiang Tan e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Guo Xiang Tan b49bf889f6 SECURITY: Disallow symlinks when restoring uploads. 2017-03-17 14:27:01 +08:00
Guo Xiang Tan 1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Sam 82ca0e368e FEATURE: stop escaping special chars in title prettify
This feature is confusting and just leads to inconsistency
2017-03-13 10:02:20 -04:00
Sam 6ebddc42d1 FIX: include children categories when searching a category 2017-03-10 15:58:47 -05:00
Sam 16593ae8bf FEATURE: log reason staff auto blocks a user 2017-03-10 15:45:48 -05:00
Sam 20ed11f9a5 We must GC here otherwise we risk not freeing our v8 contexts 2017-03-10 11:36:10 -05:00
Sam b68d08404d shell to node to avoid high memory usage 2017-03-09 17:05:55 -05:00
Sam ab3faeb0f9 PERF: user mini racer to uglify assets 2017-03-09 16:44:50 -05:00
Guo Xiang Tan 9cc79363e0 Merge pull request #4744 from tgxworld/feature_seen_unseen_search
FEATURE: Search can be scoped to posts that the current user has seen…
2017-03-09 07:11:19 +08:00
Régis Hanol 00380d84c5 UX: display text & html parts alongside raw email in incoming email modal 2017-03-08 23:15:42 +01:00
Neil Lalonde a97fe5da13 Version bump to v1.8.0.beta7 2017-03-08 12:22:23 -05:00
Guo Xiang Tan c623951306 FEATURE: Search can be scoped to posts that the current user has seen/unseen.
https://meta.discourse.org/t/advanced-search-posts-that-i-have-seen/57966
2017-03-09 01:01:33 +08:00
Arpit Jalan cafe3dafcb UX: show expand button on internal topic onebox 2017-03-08 21:02:38 +05:30
Sam 9e9b497d20 Merge pull request #4742 from davidtaylorhq/patch-1
FIX: latest-version tag is shown by git-describe
2017-03-08 08:51:50 -05:00
Guo Xiang Tan 10ec554d97 Ensure we escape variables passed into our SQL query. 2017-03-08 20:37:59 +08:00
David Taylor 6fd34cede6 FIX: latest-version tag is shown by git-describe
Adds the -match "v[0-9]*" parameter to git describe, this means that only version tags will be used.
2017-03-08 11:05:11 +00:00
Régis Hanol ee9d621d9c FIX: surround the FROM alias with " in order to support the @ character 2017-03-07 23:37:21 +01:00
Sam 8d80a5d97e add some explicit scoping to help avoid erratic failure in test 2017-03-07 16:00:51 -05:00
Sam 99f4d5082b FIX: Improve token rotation and increase logging
- avoid access denied on bad cookie, instead just nuke it
- avoid marking a token unseen for first minute post rotation
- log path in user auth token logs
2017-03-07 13:27:43 -05:00
Robin Ward dad57fa033 FIX: More errors with non-ascii URLs 2017-03-07 11:21:41 -05:00
Guo Xiang Tan 5d9daa299a Only run plugin tests if plugins are loaded. 2017-03-07 16:36:49 +08:00
Guo Xiang Tan a28704bcee FIX: Can't recover a post when its user has been deleted.
https://meta.discourse.org/t/moving-posts-to-new-topic/58436
2017-03-06 14:29:06 +08:00
Sam c99f4260c0 Merge pull request #4729 from tgxworld/dont_mark_user_as_valid
FIX: Don't mark user as `active` if verified email is different.
2017-03-03 15:57:30 -05:00
Guo Xiang Tan bcf634ca85 Merge pull request #4728 from nbianca/username-regex
Add support for username regex.
2017-03-03 22:59:23 +08:00
Sam abc4dff0fe FEATURE: add bumped_before query param for topic list 2017-03-02 15:11:50 -05:00
Sam 4dac4c69a6 FEATURE: add `before` topic list filter 2017-03-02 14:54:33 -05:00
Sam 872d9eae45 FEATURE: add :all filter for messages 2017-03-02 14:54:33 -05:00
Bianca Nenciu 30909ec54e Add support for username regex. 2017-03-02 13:53:45 +02:00
Guo Xiang Tan fc0f363973 Run plugin specs as well. 2017-03-02 17:28:35 +08:00
Guo Xiang Tan 3d347fb9c4 FIX: Don't mark user as `active` if verified email is different. 2017-03-02 14:24:30 +08:00
Blake Erickson 80858bae2c FEATURE: further restrict downloading of backups
- send email to logged in admin when they press the "download" button
- show pop-up that email was sent
- create email template
- require a valid token to download backup
2017-03-01 08:28:34 -07:00
Robin Ward d27575176a Enforce a minimum amount of posters in a topic for `get_a_room` 2017-02-28 16:47:16 -05:00
Sam 122fb8025d FIX: last seen date erroneously updated when browser in background
In some cases user may be "last seen" even though browser tab is in
the background or computer is locked
2017-02-28 12:35:10 -05:00
Neil Lalonde 352f98d084 use named param in tag_topic_by_names 2017-02-28 12:08:06 -05:00
Neil Lalonde 292dd8623c Merge pull request #4622 from dmacjam/master
FEATURE: Append tags bulk action for topics
2017-02-28 11:36:58 -05:00
Sam 49a0f16ce4 Merge pull request #4723 from mcwumbly/fix-import-scripts
FIX: Import scripts were failing to load onebox sanitize config
2017-02-27 16:18:29 -05:00
Sam 1e980ad4e6 Merge pull request #4721 from oblakeerickson/sort_admin_users_api
FEATURE: Add order logic to admin users controller
2017-02-27 16:13:42 -05:00
Neil Lalonde e634b37f9a FIX: from field of emails should be including email_site_title or site title settings 2017-02-27 14:23:07 -05:00
Blake Erickson 0e6cb752da Clean up valid order names
Add a sortable mappings list to match other endpoints and so that you
don't have to use database column names.

Example: 'created' => 'created_at'

Also cleaned up some of the logic since a lot of it got moved into the
SORTABLE_MAPPING hash.
2017-02-25 11:51:40 -07:00
David McClure b188c30925 FIX: Import scripts were failing to load onebox sanitize config 2017-02-25 09:27:42 -08:00
Blake Erickson e9d5c3265c Change param asc to ascending
For consistency, change param asc to ascending:

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649/17?u=oblakeerickson
2017-02-25 09:13:31 -07:00
Blake Erickson 0a41da6bad FEATURE: Add order logic to admin users controller
Added order and direction parameters for sorting admin user pages. This
commit only includes backend api changes.

https://meta.discourse.org/t/make-admin-users-list-sortable-suggestion/47649

Now you can pass in `order` and `asc` parameters to the
`/admin/users/list/<query>.json` endpoint.

Example:

`/admin/users/list/active.json?&order=post_count` which defaults to desc

and

`/admin/users/list/active.json?order=post_count&asc=true`
2017-02-24 17:11:17 -07:00
Régis Hanol ecdae9f863 FIX: i18n integrity specs
FIX: check all .yml files in the project for integrity
FIX: ensure localized yamls are compatible with english
2017-02-24 11:35:33 +01:00
Régis Hanol a2c04be718 FIX: eradicate I18n fallback issues 💣
FIX: client's translation overrides were not working when the current locale was missing a key
FIX: ExtraLocalesController.show was not properly handling multiple translations
FIX: JsLocaleHelper#output_locale was not properly handling multiple translations

FIX: ExtraLocalesController.show's spec which was randomly failing
FIX: JsLocaleHelper#output_locale was muting cached translations hashes

REFACTOR: move 'enableVerboseLocalization' to the 'localization' initializer
REFACTOR: remove unused I18n.js methods (getFallbacks, localize, parseDate, toTime, strftime, toCurrency, toPercentage)
REFACTOR: remove all I18n.pluralizationRules and instead use MessageFormat's pluralization rules

TEST: add tests for localization initializer
TEST: add tests for I18n.js
2017-02-24 11:31:21 +01:00
Rimian Perkins db9840b672 fix malformed qunit url
this removes the space between the query string and the URL

```
$MODULE='Acceptance: Search' rake qunit:test\[20000\]
....
Running: {"module":"Acceptance: Search"}
... http://localhost:60099/qunit?module=Acceptance%3A%20Search 20000
```

The timeout value seems to work fine.
2017-02-24 10:19:34 +11:00
Rafael dos Santos Silva f68540b022 Increase QUnit timeouts to allow on slower envs 2017-02-23 19:21:06 -03:00
Sam ea1007e954 FEATURE: add support for same site cookies
Defaults to Lax, can be disabled or set to Strict.

Strict will only work if you require login and use SSO. Otherwise when clicking on links to your site you will appear logged out till you refresh the page.
2017-02-23 12:01:28 -05:00
Sam ad435da377 fix typo 2017-02-23 10:58:53 -05:00
Sam Saffron b7d2edc7dc FIX: allow some auth token misses prior to clearing cookie
It appears that in some cases ios queues up requests up front
and "releases" them when tab gets focus, this allows for a certain
number of cookie misses for this case. Otherwise you get logged off.
2017-02-22 12:37:11 -05:00
Arpit Jalan 213a496203 FIX: show all staff events related to the target user 2017-02-22 13:31:40 +05:30
Arpit Jalan b32f33b3f0 FIX: allow staff members to send PMs when enable_private_messages is disabled 2017-02-22 11:32:09 +05:30
Arpit Jalan 046cbad10b FEATURE: add a button on admin user page that links to action log 2017-02-21 21:38:37 +05:30
Neil Lalonde 476ae57af3 FEATURE: primary group class on avatars in topic list 2017-02-20 15:55:10 -05:00
Jakub Macina 4a2f13348a ADD: Append tags bulk action for topics 2017-02-20 18:14:32 +01:00
Régis Hanol 3ce3abef8f FIX: add Content-Disposition and Content-Type headers when downloading attachments 2017-02-20 15:59:01 +01:00
Guo Xiang Tan 9baf89a901 Remove database vacuum task from Discourse. 2017-02-20 09:02:38 +08:00
Robin Ward cfc0cc936f FIX: Get a room wasn't enforcing sequential properly 2017-02-19 16:00:28 -05:00
Sam 1935f624b8 FEATURE: reset active record cache in sidekiq if needed
This can happen in multisite environments after restores
2017-02-17 12:09:53 -05:00
Sam 7a85469c4c SECURITY: inactive/suspended accounts should be banned from api
Also fixes edge cases around users presenting multiple credentials
2017-02-17 11:03:09 -05:00
Sam Saffron 040e10a627 reduce duplication 2017-02-15 17:27:10 -05:00
Sam 74d4209d24 FEATURE: allow plugins to register custom topic list filters 2017-02-15 15:25:43 -05:00
Neil Lalonde c085e8f85f Version bump to v1.8.0.beta6 2017-02-14 17:40:44 -05:00
Rafael dos Santos Silva 6a271a7695 Increase Qunit tests timeout on Docker tests 2017-02-14 16:09:14 -02:00
Sam dacfdd4dc8 use chars as opposed to split 2017-02-14 09:40:15 -05:00
Sam 8feb94e13f FIX: password validator was being too strict 2017-02-14 09:18:04 -05:00
Régis Hanol d88562e72b Revert "use RFC-complient signature separator dash-dash-space" 2017-02-14 14:58:08 +01:00
Neil Lalonde 53d8d126a4 Version bump to v1.8.0.beta5 2017-02-13 16:46:08 -05:00
Sam 0ab96a7691 FEATURE: add hidden setting for verbose auth token logging
This is only needed to debug auth token issues, will result in lots
of logging
2017-02-13 14:01:09 -05:00
Neil Lalonde 94e1105af7 fix unique char counting in password validator 2017-02-10 10:38:17 -05:00
Robert Riemann bcd4513963 use RFC-complient signature separator dash-dash-space
currently, Discourse uses '---' in its notifications to
separate the signature with unsubscribe links etc. from
the body of the message.

The RFC standard defines '-- '.
https://www.ietf.org/rfc/rfc3676.txt (4.3)

The problem has been discussed in:

https://meta.discourse.org/t/previous-replies-separator-is-not-rfc-compliant/39410

And an incomplete fix has been added a year ago:
86819f08c3

The separator is important, because some mail clients strip off the
signature automatically in replies if the signature is recognised as such.
2017-02-10 11:46:02 +01:00
Neil Lalonde 1bcb835446 FEATURE: passwords must have a minimum number of unique characters, configurable with a new setting 2017-02-09 15:00:22 -05:00
Régis Hanol 91d09ebc08 post ids are always an integer 2017-02-08 23:46:11 +01:00
Régis Hanol e9e88a010f FIX: find replied-to post even when incoming email doesn't have a reply key 2017-02-08 21:38:52 +01:00
Robin Ward 5a4c393231 UX: Include the username and link of the user for get_a_room 2017-02-08 15:27:07 -05:00
Neil Lalonde 5a8bbe663a FEATURE: include most popular tag in page title for webcrawlers of tagged uncategorized topics 2017-02-07 16:55:42 -05:00
Sam Saffron df8f365d99 FEATURE: improve search so it searches sub categories by default
If you want an exact category match use `category:=howto` or `#=howto"
2017-02-07 15:53:37 -05:00
Régis Hanol 02bb7beaaf FIX: don't put attachments on the CDN when 'prevent anons from downloading files' is enabled 2017-02-07 18:06:44 +01:00
Sam f34907b523 Merge pull request #4681 from vietqhoang/feature/add-user-title-to-sso-payload
FEATURE: Add user title to SSO payload
2017-02-07 10:25:32 -05:00
Sam ff49f72ad9 FEATURE: per client user tokens
Revamped system for managing authentication tokens.

- Every user has 1 token per client (web browser)
- Tokens are rotated every 10 minutes

New system migrates the old tokens to "legacy" tokens,
so users still remain logged on.

Also introduces weekly job to expire old auth tokens.
2017-02-07 09:22:16 -05:00
Régis Hanol ba115480ba FIX: wasn't extracting links to quoted posts 2017-02-06 14:45:04 +01:00
Régis Hanol ceee2a509a remove warning of previously defined constant when running the specs 2017-02-05 19:07:18 +01:00
Robin Ward f1e7bca3c9 FEATURE: Warn a user when they're replying to the same user too much 2017-02-03 17:00:54 -05:00
Arpit Jalan dc2171960b FIX: allow existing users to be invited to topic/message when must_approve_users is enabled 2017-02-03 13:01:23 +05:30
Régis Hanol 82555ca761 FIX: mail threading wasn't working properly in Mac Mail 2017-02-01 23:02:41 +01:00
Sam f932cb51f3 FIX: stop stripping local onebox links from tracker
When a onebox was made to a local topic it was not tracked using link
tracker
2017-02-01 14:21:01 -05:00
Régis Hanol c725225f69 FIX: log message when revoking email with too many bounces 2017-02-01 16:53:24 +01:00
Viet Hoang 40164ccd4a Add user title to SSO payload 2017-01-31 16:42:27 -08:00
Rimian Perkins 25516874b5 FIX: Escape regexp chars in `SiteSetting.censored_words`. 2017-01-31 10:14:51 +08:00
Régis Hanol 8fc7420f83 FIX: prevent huge custom emojis in emails 2017-01-30 18:06:48 +01:00
Arpit Jalan 19f7beaa2c FIX: topic links were getting dropped when post is rebaked 2017-01-30 14:55:53 +05:30
Leo McArdle c76f6856ea FEATURE: reply as new message to the same recipients 2017-01-27 12:24:31 +08:00
Neil Lalonde 0a1d05c3b2 Version bump to v1.8.0.beta4 2017-01-26 17:38:06 -05:00
Neil Lalonde 8923e407fe Version bump to v1.8.0.beta3 2017-01-26 13:34:01 -05:00
Arpit Jalan 061c3dd6c1 typo 2017-01-25 22:46:05 +05:30
Arpit Jalan 89d7ddd803 FEATURE: new rake task to delete a word/string from all the posts 2017-01-25 22:33:39 +05:30
Arpit Jalan bc4f443fde typo 2017-01-25 21:23:25 +05:30
Guo Xiang Tan ba21ef34e5 Fix broken emojis. 2017-01-24 16:17:30 +08:00
Arpit Jalan 80e573e794 FIX: support removing all occurences of a word/string 2017-01-24 12:52:38 +05:30
Arpit Jalan e27ca3019b FEATURE: posts:remap task now supports removing all occurences of a word 2017-01-24 12:00:57 +05:30
Guo Xiang Tan eafd0a7497 Bye bye bygbug. 2017-01-24 14:07:55 +08:00
Guo Xiang Tan ce07da1d8b UX: Only display the words that fails censored words validations. 2017-01-24 13:11:05 +08:00
Robin Ward 9c9e0f5eca FIX: Move the middleware 2017-01-18 18:22:03 -05:00
Robin Ward fffa285dbf Insert middleware in production mode if enabled 2017-01-18 18:05:56 -05:00
Neil Lalonde 61d4c1203e FEATURE: group avatar flair shows on topic participants list, and participant avatars can have custom styles 2017-01-18 11:38:00 -05:00
Arpit Jalan 01c8974c36 typo 2017-01-18 20:10:49 +05:30
Guo Xiang Tan e3b6f9b8ae FIX: Do not update user stats like counts for private messages. 2017-01-16 11:07:53 +08:00
Robin Ward adb73180f7 FEATURE: Let plugins register themes easily 2017-01-13 11:50:52 -05:00
Robin Ward d49473757e Version bump to v1.8.0.beta2 2017-01-13 11:39:52 -05:00
Matt Palmer 04ae3539d0 FEATURE: Better error message when incoming e-mail is missing a Date: header 2017-01-13 11:05:00 +11:00
Régis Hanol 499a83270a FIX: don't onebox to IP addresses 2017-01-12 22:35:33 +01:00
Régis Hanol dfb633fde3 remove 'already initialized constant' warning 2017-01-11 11:03:36 +01:00
Guo Xiang Tan cdd550e947 Use a different Redis key when PG failover sets site to readonly mode. 2017-01-11 16:38:49 +08:00
Neil Lalonde 42c39ab38e Don't display email addresses in staff action logs for revoked email 2017-01-10 17:51:22 -05:00
Neil Lalonde e84fcc7d74 Staff action logs explain when system is deleting a post because author marked it to be deleted 2017-01-10 17:25:36 -05:00
Robin Ward b60bc47a4c Plugins can register providers for global settings 2017-01-09 17:18:58 -05:00
Régis Hanol 185dcb2ca1 handle emails with localized headers 😠 2017-01-09 22:59:30 +01:00
Robin Ward 3b74c0e3b8 FIX: Don't allow formatting in titles when quoting other topics 2017-01-09 14:53:04 -05:00
Robin Ward c2a85440b6 Merge pull request #4640 from krainboltgreene/patch-1
Allow for a custom hub server
2017-01-09 10:40:11 -05:00
Guo Xiang Tan 429b02a5d5 oops fix specs. 2017-01-09 17:08:24 +08:00
Guo Xiang Tan 3d21ccd4a5 FIX: Add validation to disallow censored words in topic title. 2017-01-09 16:55:41 +08:00
Kurtis Rainbolt-Greene 393f49f224 Allow for a custom hub server 2017-01-06 14:54:38 -08:00
Neil Lalonde e0bbe331df Version bump to v1.8.0.beta1 2017-01-06 16:10:39 -05:00
Régis Hanol 98c62bccb5 FIX: mark forwarded email as read by the forwarder
FIX: 'Re:' prefix is mostly used for replies and not forwarded emails
2017-01-06 15:33:55 +01:00
Guo Xiang Tan 1cb09aec49 FIX: Suppress error when acccess is invalid. 2017-01-06 13:18:04 +08:00
Guo Xiang Tan d10fe51b72 Fix broken specs since all urls will be oneboxed. 2017-01-06 10:05:51 +08:00
Guo Xiang Tan a89f60b85b Merge pull request #4631 from tgxworld/prevent_users_from_changing_permissions_of_non_real_users
FIX: Do not allow admins to meddle with admin and moderation access o…
2017-01-04 09:10:27 +08:00
Robin Ward cf7774bdd9 FEATURE: Block muted users from sending you PMs 2017-01-03 14:51:53 -05:00
Jeff Atwood 15a0f3cb14 add vertical align to email blockquote avatar img 2017-01-02 13:49:00 -08:00
Arpit Jalan 495a511862 simplify quote markup in emails 2017-01-02 21:37:01 +05:30
Neil Lalonde 477b237e45 FIX: use 'other' instead of 'many' for Ukrainian pluralization until translations are fixed 2016-12-30 11:49:25 -05:00
Guo Xiang Tan f1beef43a8 Merge pull request #4618 from tgxworld/fix_invalid_emails
FIX: Don't allow invalid email to be saved.
2016-12-30 07:11:48 +08:00
Guo Xiang Tan c7b151683d FIX: Do not allow admins to meddle with admin and moderation access of non real users. 2016-12-29 11:11:33 +08:00
Neil Lalonde dd4937a493 Version bump to v1.7.0.beta11 2016-12-28 18:14:06 -05:00
Sam d28d8a1f85 FIX: order by op_likes leads to broken browsing 2016-12-27 19:08:54 +11:00
Sam 2f6a4cc6de remove UserActionObserver, replace with after_save and service
interestingly there was some left over dead code from when stars
existed in the topic_users table
2016-12-22 16:46:53 +11:00
Sam 0a78ae739d Remove SearchObserver, aim is to remove all observers
rails-observers gem is mostly unmaintained and is a pain to carry forward
new implementation contains significantly less magic as a bonus
2016-12-22 13:13:14 +11:00
Guo Xiang Tan 13c6191e89 FIX: Don't allow invalid email to be saved. 2016-12-21 17:47:11 +08:00
Guo Xiang Tan 5d7f3223f0 SECURITY: Users can only bookmark posts which they can see. 2016-12-21 12:01:26 +08:00
Neil Lalonde c75bebdea2 FIX: uncategorized setting to control whether topic featured links are allowed 2016-12-20 15:55:30 -05:00
Régis Hanol b12b2b1911 change onebox preview key for me consistency 2016-12-20 11:18:47 +01:00
Sam ea9f7a41af remove gctools (no longer used) add gctracer for debugging 2016-12-20 15:07:30 +11:00
Régis Hanol 52cd9972bb FIX: prevent DDoS with lots of _oneboxable_ links
FIX: ensure the onebox route is only allowed to logged in users
FIX: only allow 1 outgoing onebox preview per user
FIX: client should only do 1 preview at a time
2016-12-20 00:31:10 +01:00
Sam 2b808ad9da Merge pull request #4609 from joebuhlig/category-topics-wiki
FEATURE: Category setting to make all topics wikis
2016-12-20 09:15:51 +11:00
Neil Lalonde a65281d5ea FIX: better support for featured link topics in summary emails 2016-12-19 17:05:49 -05:00
Neil Lalonde 3256620d5d FIX: some blank topics and posts in summary email because they're images 2016-12-19 16:21:31 -05:00
Neil Lalonde 923cf73c6e Topic Featured Links: move data from custom fields to topics and categories tables. Invert behaviour of topic_featured_link_allowed checkbox. Fix a bug with invalid topic records due to changing that category checkbox. 2016-12-19 14:54:07 -05:00
Robin Ward e03d5e2140 Reapply Ember 2.10 for good this time!
This reverts commit ddd299f4aa.
2016-12-19 11:19:10 -05:00
Joe Buhlig 87251fded7 FEATURE: Category setting to make all topics wikis
FEATURE: Category setting to make all topics wikis
2016-12-19 06:42:18 -06:00
Régis Hanol c7289f423f fix letter_avatar spec 2016-12-19 10:00:28 +01:00
Sam e0ff57ca75 SECURITY: prevent reuse of password reset 2016-12-19 18:00:22 +11:00
Robin Ward ddd299f4aa Revert "Revert "Revert Ember 2.10+ for a short while""
This reverts commit 76bbc481cb.
2016-12-16 10:29:30 -05:00
Robin Ward 76bbc481cb Revert "Revert Ember 2.10+ for a short while"
This reverts commit 21682fd60b.
2016-12-16 09:52:29 -05:00
Sam 6ff309aa80 SECURITY: don't grant same privileges to user_api and api access
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Régis Hanol 197517d55e FIX: locally uploaded audio & video files should onebox even when the extension is uppercase 2016-12-15 23:21:44 +01:00
Robin Ward 21682fd60b Revert Ember 2.10+ for a short while 2016-12-15 16:43:38 -05:00
Neil Lalonde f01f95d62d FEATURE: new settings to customize some colors in emails 2016-12-15 14:43:53 -05:00
Neil Lalonde e6361d1228 Version bump to v1.7.0.beta10 2016-12-14 14:57:51 -05:00
Guo Xiang Tan c80466a801 Merge pull request #4589 from tgxworld/rescue_error
FIX: Don't raise error when admin access is invalid.
2016-12-14 17:43:44 +08:00
Guo Xiang Tan 9a800107cb FIX: Associate category logo and background to uploads record. 2016-12-12 17:37:28 +08:00
Guo Xiang Tan 05f55dbc10 FEATURE: Group logs. 2016-12-12 17:29:54 +08:00
Neil Lalonde 17bc42fe85 FIX: box style category badges in emails, and shrink text and some spacing in summary email 2016-12-09 16:59:54 -05:00
Neil Lalonde fb2633366a FIX: featured link topics shouldn't require the same min post length 2016-12-09 15:46:26 -05:00
Neil Lalonde a4c4f13901 Remove the topic_featured_link_onebox setting. We will always try to onebox a link and add it to the body if topic_featured_link_enabled is enabled. 2016-12-09 13:28:12 -05:00
Sam 846597f563 FIX: staff tags are stripped by non-staff 2016-12-09 17:24:26 +11:00
Sam 02b21a26dd Merge pull request #4585 from ibnesayeed/urdu-support
Add initial Urdu support with RTL direction
2016-12-09 13:01:25 +11:00
Neil Lalonde ee54e37a1f Version bump to v1.7.0.beta9 2016-12-07 17:50:43 -05:00
Régis Hanol f4688f74db FIX: emoticons stop summary from being updated 2016-12-07 23:05:14 +01:00
Sawood Alam 3f765e0227
Added Urdu locale file for moment.js 2016-12-06 13:55:38 -05:00
Erick Guan 52763f5115
FEATURE: Allow posting a link with topics 2016-12-05 17:20:54 +01:00
Régis Hanol 951ef0d949 UX: fix onebox styling in emails 2016-12-05 12:00:04 +01:00
Guo Xiang Tan 4b75ad5110 FIX: Don't raise error when admin access is invalid. 2016-12-05 17:36:45 +08:00
Guo Xiang Tan 22059d4df9 Add Rake task to clean up unused multisite Redis keys. 2016-12-05 11:46:34 +08:00
Guo Xiang Tan ce36f54dcd Add rake task to clean up orphane Redis keys when a multisite has been removed. 2016-12-05 11:39:08 +08:00
Sam 39a524aac8 FEATURE: brotli cdn bypass for assets
Allow CDNS that strip out brotli encoding to use brotli regardless
2016-12-05 13:57:09 +11:00
Sam 33d0a23d84 Merge branch 'fix_whisper' 2016-12-05 10:01:03 +11:00
Guo Xiang Tan 3971f96aa6 Merge pull request #4536 from fantasticfears/webhooks-edit
FIX: missing post and topic edited webhooks
2016-12-02 10:16:19 +01:00
Sam 9b885c039a Merge branch 'master' into fix_whisper 2016-12-02 17:44:05 +11:00
Sam c04d4171ff FIX: whisper no longer experimental
- Regular users are not notified of whispers
- Regular users no longer have "stuck" topics in unread
- Additional tracking for staff highest post number
- Remove a bunch of unused columns in topics table
2016-12-02 17:03:31 +11:00
Régis Hanol eb453d0f82 the note in a FWed email should be a whisper only in PM and when the author is member of the group 2016-12-01 18:43:56 +01:00
Régis Hanol 62763f025c FIX: wasn't able to parse FROM email in the embedded email 2016-12-01 18:34:47 +01:00
Erick Guan 8c8549b27b
FIX: missing post and topic edited webhooks 2016-11-30 20:49:45 +01:00
Neil Lalonde 4f8c6b2d83 FIX: error reporting from SystemMessage.create 2016-11-30 13:16:30 -05:00
Guo Xiang Tan 1e7de826dc FIX: Remove unused code. 2016-11-30 16:39:38 +08:00
Guo Xiang Tan f794c25f60 FIX: Ensure a Thread is always running. 2016-11-30 16:38:21 +08:00
Guo Xiang Tan b8441fba27 Merge pull request #4546 from tgxworld/fix_postgresql_failover
Fix postgresql failover
2016-11-30 09:36:52 +01:00
Guo Xiang Tan 5200446eb7 Increase Qunit tests timeout on Travis. 2016-11-30 16:35:44 +08:00
Sam 0631a84ca0 Merge pull request #4576 from cpradio/min-posts-search
FEATURE: Add min_post_count search filter
2016-11-29 10:19:33 +11:00
Neil Lalonde 1b393a4013 Version bump to v1.7.0.beta8 2016-11-28 16:07:08 -05:00
cpradio 66ca6d622e FEATURE: Add min_post_count search filter 2016-11-28 11:43:12 -05:00
Régis Hanol a03287f2ee FIX: 'In-Reply-To' header should default to topic_message_id 2016-11-28 14:18:02 +01:00
Arpit Jalan 988aca6d92 FIX: bump opengraph user avatar image to 200px 2016-11-26 23:00:18 +05:30
Régis Hanol 74b6fe8739 FIX: respect RFCs when setting 'In-Reply-To' and 'References' email headers 2016-11-25 23:25:39 +01:00
Sam bc6ee85850 FIX: stop caching locale cause it bleeds in multisite 2016-11-25 11:35:29 +11:00
Neil Lalonde 36a80871a3 FIX: category_importer was importing public categories so that no one had permission to them, not even staff 2016-11-24 17:12:30 -05:00
Guo Xiang Tan dd4cab3be2 FIX: Set master to true before forcing slave connections to reconnect. 2016-11-23 14:04:43 +08:00
Guo Xiang Tan 02025207d5 FIX: Make sure Redis fallback don't fall into a permanent readonly state. 2016-11-23 11:31:20 +08:00
Guo Xiang Tan 3909f342f6 FEATURE: Allow options to be set when adding model callbacks. 2016-11-21 10:20:31 +08:00
Arpit Jalan 2d0c99636a do not add rel noreferrer 2016-11-20 18:19:14 +05:30
Arpit Jalan 7cb76f7333 FIX: add rel noopener and noreferrer in addition to nofollow 2016-11-20 17:07:27 +05:30
Régis Hanol a0f1090d79 FIX: custom emojis leaking over multisites 2016-11-17 19:35:39 +01:00
Régis Hanol 2125a630d9 FIX: encoding issues with forwarded emails 2016-11-17 12:44:39 +01:00