Commit Graph

5859 Commits

Author SHA1 Message Date
Bianca Nenciu 2070edf889 FIX: Clarify User.group_locked_trust_level.
* Rename User.group_locked_trust_level to User.group_granted_trust_level.

* Remove the column from users table.
2018-11-07 10:27:44 +08:00
Guo Xiang Tan bdb8e9efdb DEV: Remove mocks from specs. 2018-11-07 09:55:58 +08:00
Sam 06b9d8223a FIX: search within topic not working correctly in CJK
We were splitting the term prior to search causing everything to miss
2018-11-07 09:41:55 +11:00
Jeff Atwood afbdf9c2d2
Merge pull request #6558 from pmusaraj/disallow-flagging-deleted-post
FIX: disable flagging hidden posts
2018-11-05 11:05:32 -08:00
Penar Musaraj 7b3432f711 Enforce disabling flagging hidden posts server-side 2018-11-05 10:00:59 -05:00
Joffrey JAFFEUX 78954672f9 FIX: uses hex to compare images
It prevents some terminals from crashing in case of errors and dumping the whole file content into the terminal.
2018-11-05 09:47:15 -05:00
Maja Komel 1ac3e5473a FIX: don't strip eml attachments from received emails 2018-11-05 09:35:22 +01:00
Sam d84256a876 FEATURE: add Noindex to robots.txt for disallowed routes
This strips pages out of indexes that should not exist see:

https://meta.discourse.org/t/pages-listed-in-the-robots-txt-are-crawled-and-indexed-by-google/100309/11?u=sam
2018-11-02 16:39:47 +11:00
Kyle Zhao f9b36820ef
FIX: only extract script tags with certain types (#6553)
`script` tags with custom types (e.g. `text/template`) are not executed
by the browser, and should not be extracted into an external theme
JavaScript
2018-11-01 16:01:46 -04:00
Robin Ward ec91450aae FEATURE: Track how many user flags are agreed/disagreed/ignored
Display the percentage when reviewing flags.
2018-11-01 09:59:50 -04:00
Sam ceafcbc898 FEATURE: show added date when looking at group members 2018-11-01 15:33:28 +11:00
Sam aa044623bd FIX: do not create superflous sessions when logged on
In some SSO implementations we may want to issue SSO pipelines for
already logged on users

In these cases do not re-log-in a user if they are clearly logged on
2018-11-01 12:54:01 +11:00
Bianca Nenciu fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
Sam 23423ba112 correct spec and error reporting
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson 589e3fcaa0 FIX: return 400 for missing required params (#6546)
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Bianca Nenciu e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Sam 9933059426 FEATURE: push related PMs to take first 3 slots
Previously the related PMs were last meaning you would have to work through
all unread to see them.

Also amends it so it either asks for related by group OR user not both.
2018-10-29 10:47:59 +11:00
Rafael dos Santos Silva 2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Joffrey JAFFEUX b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
Penar Musaraj ed9c21e42c FEATURE: hide muted categories from /categories list (#6531) 2018-10-26 11:34:39 +11:00
Régis Hanol d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Régis Hanol 306d77b54f FIX: don't use srcset on cropped thumbnails 2018-10-25 16:08:10 +02:00
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
David Taylor 56e0f47bcd FIX: Do not update `last_seen` for API access
This regressed in 2dc3a50. I have now added tests for the behavior.
2018-10-25 13:38:57 +01:00
Bianca Nenciu effbef7d0b UX: Use user locale for locations. (#6527)
* UX: Use user locale for locations.

* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX 8e274f7296 UX: bumps the user-api-key version to 3 (#6526)
* UX: bumps the user-api-key version to 3

* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu 6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Régis Hanol addf6f6d17 FIX: support comma in 'sso_provider_secrets' site setting 2018-10-24 21:23:18 +02:00
Sam e955a7b49d Revert "Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)""
This reverts commit 322b27b6dc.

Oops rushed on the revert here... should be good
2018-10-24 15:14:01 +11:00
Sam 322b27b6dc Revert "FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523)"
This reverts commit 63356d883e.

This caused an outage, got to revert
2018-10-24 15:03:58 +11:00
Kyle Zhao 63356d883e FIX: GlobalPath#upload_cdn_path when S3 bucket has a folder (#6523) 2018-10-24 14:34:10 +11:00
Sam 5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Daniel Hollas cee51672c9 FIX: Strip accents from search query
4481836 introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well

TODO in search with diacritics:
 - Still need to fix excerpts on search page
 - need to support accent stripping in in_topic search
 - need to make sure that in:title works correctly
 - need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
Sam b74dd7d379 FIX: stop logging every 404 error when searching for gravatars 2018-10-23 11:43:14 +11:00
Sam adab7a3a48 improve test, also ensure no zero size is generated 2018-10-23 08:50:07 +11:00
Sam bea8d337b2 DEV: ensure resizing test does not raise bad error
Current resizing test was showing binary diff in terminal and failing
in latest image magick 7, this fixes both issues
2018-10-23 08:45:06 +11:00
Kyle Zhao e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Régis Hanol 3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
Bianca Nenciu 99b43f281b FIX: Fix browser detection for Microsoft Edge. (#6516)
cool!
2018-10-22 23:15:41 +11:00
David Taylor 3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
Arpit Jalan ce0a51665e FIX: count emoji shortcuts in topic title
https://meta.discourse.org/t/max-emojis-in-title-set-to-0-conflicting-with-emoji-shortcuts/98368/3?u=techapj
2018-10-22 13:44:05 +05:30
Kyle Zhao dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
Kyle Zhao fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
David Taylor 7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512)
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Guo Xiang Tan 65faff5832 DEV: Improve specs to provide a better error message. 2018-10-19 14:31:17 +08:00
Sam 9bfc939692 cleanup so gravatar download failures are consistent
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Blake Erickson f1ba981ae9 Improve add user to group spec for uppercase usernames
Oops forgot to check for this. See previous commit for more details.
2018-10-18 13:32:36 -06:00
Blake Erickson 93485facaf FIX: lowercase username for add/rem group members
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Régis Hanol 3973823a33 FIX: always update 'last_gravatar_download_attempt' when updating gravatar 2018-10-18 11:02:54 +02:00
Guo Xiang Tan bbf542da01 DEV: Prefer `<<~` over `<<`. 2018-10-18 14:17:30 +08:00
Kyle Zhao 0f1afad6da FIX: extracted theme JavaScripts for multisite (#6502)
* FIX: extracted theme javascripts for multisite

* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Bianca Nenciu f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
David Taylor 501ac4dfa6 DEV: Cleanup properly after user_serializer test 2018-10-17 10:54:22 +01:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Arpit Jalan 42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Sam 19d7543004 FIX: clear color scheme cache when clearing theme cache 2018-10-16 12:00:46 +11:00
Penar Musaraj b06dccac49 FIX: force enable a user's email_private_messages option when user replies via email (#6478)
* Enable user email PM when posting to group or replying to topic via email

* remove extra line

* Add test and fix snake_case

* Only reenable email_private_messages for PM replies
2018-10-16 10:51:57 +11:00
Davide Porrovecchio 005e1f5373 Add Cache-Control header to CORS (#6490) 2018-10-16 10:46:55 +11:00
Sam fc94732f88 avoid looking up badge multiple times in spec 2018-10-16 10:42:16 +11:00
Bianca Nenciu c68a456baa FIX: Do not award badges for links in restricted categories. (#6492) 2018-10-16 10:38:59 +11:00
Neil Lalonde 0724948878 fix failing spec when HUB_BASE_URL is present 2018-10-15 15:06:02 -04:00
Neil Lalonde d166c38ab7 REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
Kyle Zhao 99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
David Taylor 7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Guo Xiang Tan 8fa59f0548 FIX: Can't clean a tag if the given string is frozen. 2018-10-15 14:48:45 +08:00
Maja Komel 27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao 6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00
Guo Xiang Tan aa60936115 DEV: Add order to avoid randomly failing test. 2018-10-15 11:42:45 +08:00
Guo Xiang Tan 5ae4cbcf88 DEV: Clear `ColorScheme.hex_cache` to avoid leaking state. 2018-10-15 11:16:26 +08:00
Guo Xiang Tan 2ce684b134 DEV: Clear `hex_cache` after each test. 2018-10-15 10:24:46 +08:00
Guo Xiang Tan 84d4c81a26 FEATURE: Support backup uploads/downloads directly to/from S3.
This reverts commit 3c59106bac.
2018-10-15 09:43:31 +08:00
Sam 057087e0e8 FEATURE: log long running jobs in the defer queue
If a job in the defer queue takes longer than 90 seconds log an error
2018-10-12 17:03:47 +11:00
Sam a1c912b630 Return 400 instead of 404 for bad token 2018-10-12 10:51:41 +11:00
Bianca Nenciu 048cdfbcfa FIX: Do not allow revoking the token of current session. (#6472)
* FIX: Do not allow revoking the token of current session.

* DEV: Add getter of current auth_token from Guardian.
2018-10-12 10:40:48 +11:00
Blake Erickson 13b3cead06 FEATURE: Allow bulk removing users from a group
This change maintains backwards compatibility to allow you to remove a
single user from a group but allows you to specify a comma separated list
of users for bulk removal from a group.

Also it extracts out common functionality for fetching users from params
used in bulk adding users so it can also be used for removing users.
2018-10-11 15:30:54 -06:00
Neil Lalonde 12f132736b FIX: error looking at users in admin when tl3_promotion_min_duration is set to a very high value 2018-10-11 15:11:48 -04:00
Gerhard Schlager 7a41a783a4 FIX: Don't reply to Unsubscribe email sent to mailing list mirror 2018-10-11 16:09:22 +02:00
Vinoth Kannan 6a444eee56
Merge pull request #6476 from vinothkannans/tl4-flag
FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user
2018-10-11 17:13:26 +05:30
Vinoth Kannan 227a49bb32 FEATURE: automatically hide non-TL4 posts when flagged by a TL4 user 2018-10-11 17:11:46 +05:30
Guo Xiang Tan 3c59106bac Revert "FEATURE: Support backup uploads/downloads directly to/from S3."
This reverts commit c29a4dddc1.

We're doing a beta bump soon so un-revert this after that is done.
2018-10-11 11:08:23 +08:00
Gerhard Schlager c29a4dddc1 FEATURE: Support backup uploads/downloads directly to/from S3. 2018-10-11 10:38:43 +08:00
Guo Xiang Tan 5039a6c3f1 FIX: Strip null bytes in mail subjects. 2018-10-11 09:46:32 +08:00
Vinoth Kannan 59be289084 FIX: Do not add lightbox to onebox images (#6479) 2018-10-11 08:57:21 +11:00
Robin Ward a566ed42ae FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
Bianca Nenciu 4e0533a20b FIX: Generate Onebox for posts of type moderator_action. (#6466) 2018-10-10 18:39:03 +08:00
Sam 45f01e637b FIX: when associating Github account disassociate others
There are some cases where an email floats from one GitHub account to another
if this happens just take over the Github mapping record
2018-10-10 15:46:50 +11:00
Guo Xiang Tan f26804394a DEV: Remove the use of stubs on `Rails.logger` in our test suite. 2018-10-10 09:34:50 +08:00
Bianca Nenciu 1d26a473e7 FEATURE: Show "Recently used devices" in user preferences (#6335)
* FEATURE: Added MaxMindDb to resolve IP information.

* FEATURE: Added browser detection based on user agent.

* FEATURE: Added recently used devices in user preferences.

* DEV: Added acceptance test for recently used devices.

* UX: Do not show 'Show more' button if there aren't more tokens.

* DEV: Fix unit tests.

* DEV: Make changes after code review.

* Add more detailed unit tests.

* Improve logging messages.

* Minor coding style fixes.

* DEV: Use DropdownSelectBoxComponent and run Prettier.

* DEV: Fix unit tests.
2018-10-09 22:21:41 +08:00
Bianca Nenciu 1fb1f4c790 FIX: Make error in Discourse Hub more descriptive. (#6438) 2018-10-09 22:05:31 +08:00
David Taylor ac89a728f8 DEV: Remove autospec hacks for social auth providers
This was causing erratic test failures. Autospec continues to work after
removing, so this 5-year-old code is no longer needed.
2018-10-09 12:42:57 +01:00
Erin Kosewic 51aba32651 FEATURE: add branch option to remote theme import
* FEATURE: add branch option to remote theme import

* FIX: Add missing variable in params

* FIX: Add missing param for import_theme method

* SPEC: Add test methods for branch support in git import

* FIX: Add missing space to scss style

* Do not assume default branch as master

* Change branch field placeholder

* FIX: add missing div start tag
2018-10-09 17:01:08 +11:00
Gerhard Schlager 2f90c15d7a Fix random build error 2018-10-09 01:03:05 +02:00
Gerhard Schlager 4881fb028f FIX: allow_uppercase_posts didn't work for topic titles 2018-10-08 23:50:06 +02:00
Joffrey JAFFEUX 22187508e3
FEATURE: adds header text/background color to site (#6462) 2018-10-08 11:52:57 +02:00
Guo Xiang Tan 40fa96777d
FEATURE: Post deployment migrations. (#6406)
This moves us away from the delayed drops pattern which
was problematic on two counts. First, it uses a hardcoded "delay for"
duration which may be too short for certain deployment strategies.
Second, delayed drop doesn't ensure that it only runs after
the latest application code has been deployed. If the migration runs
and the application code fails to deploy, running the migration after
"delay for" has been met will cause the application to blow up.

The new strategy allows post deployment migrations to be skipped if the
env `SKIP_POST_DEPLOYMENT_MIGRATIONS` is provided.

```
SKIP_POST_DEPLOYMENT_MIGRATIONS=1 rake db:migrate
-> deploy app servers
SKIP_POST_DEPLOYMENT_MIGRATIONS=0 rake db:migrate
```

To aid with the generation of a post deployment migration, a generator
has been added. Simply run `rails generate post_migration`.
2018-10-08 15:47:38 +08:00
Arpit Jalan c0bb04d89d FIX: convert tag string to array when filtering topic list by tags 2018-10-08 08:56:25 +05:30
Guo Xiang Tan 1b1ef21481 DEV: Improve `Jobs::CleanUpEmailLogs` specs. 2018-10-08 11:11:20 +08:00
Penar Musaraj 26956bbe1a FIX: Safari issue with some emojis (#6456)
https://meta.discourse.org/t/emojis-selected-on-ios-displaying-additional-rectangles/86132/8
2018-10-08 10:32:25 +08:00
Sam 550e108a8c FEATURE: only export settings that changed via rake task 2018-10-08 11:54:52 +11:00
Vinoth Kannan 4000dddd32
Merge pull request #6458 from vinothkannans/fix-giphy
FIX: Display large/broken image placeholders for image oneboxes
2018-10-07 18:08:54 +05:30
Vinoth Kannan c499872597 FIX: Display large/broken image placeholders for image oneboxes 2018-10-07 17:42:41 +05:30
David Taylor 9bf522f227
FEATURE: Mixed case tagging (#6454)
- By default, behaviour is not changed: tags are made lowercase upon creation and edit.

- If force_lowercase_tags is disabled, then mixed case tags are allowed.

- Tags must remain case-insensitively unique. This is enforced by ActiveRecord and Postgres.

- A migration is added to provide a `UNIQUE` index on `lower(name)`. Migration includes a safety to correct any current tags that do not meet the criteria.

- A `where_name` scope is added to `models/tag.rb`, to allow easy case-insensitive lookups. This is used instead of `Tag.where(name: "blah")`.

- URLs remain lowercase. Mixed case URLs are functional, but have the lowercase equivalent as the canonical.
2018-10-05 10:23:52 +01:00
Vinoth Kannan 8430ea927e FIX: Generate webhook payloads before destroy events (#6325) 2018-10-05 16:53:59 +08:00
Sam 5b630f3188 FIX: stop logging every time invalid params are sent
Previously we were logging warning for invalid encoded params, this can
cause a log flood
2018-10-05 14:33:19 +10:00
Vinoth Kannan 3faa022c6f
Merge pull request #6453 from vinothkannans/sso_provider_redirect
FIX: redirect users to SSO client URL after social login
2018-10-05 00:34:34 +05:30
Vinoth Kannan ca74246651 FIX: redirect users to SSO client URL after social login 2018-10-05 00:01:08 +05:30
David Taylor 5b56a8cd09 DEV: Merge multiple discourse_tagging_spec files 2018-10-04 15:44:29 +01:00
Maja Komel 361ad7ed2b FEATURE: add indication if incoming email attachment was rejected and inform sender about it (#6376)
* FEATURE: add indication if incoming email attachment was rejected and inform sender about it

* include errors for rejected attachments in email

* don't send warning email to staged users

* use user object instead of user_id in add_attachments method
2018-10-04 22:08:28 +08:00
Paul Trippett b8a1196b6b Add missing fields to Upload Fabricator (#6448) 2018-10-04 22:00:07 +08:00
Guo Xiang Tan d43ed4afa2 Remove unused variable. 2018-10-04 13:21:37 +08:00
Lucas Nicodemus 1907338834 FIX: No longer educate users who are editing
A user editing a post will no longer get composer messages that are
meant for new users posting replies and threads. These messages don't
make sense in an edit context at all -- they're usually discussing
making salient replies or topics, or adding avatars. They make even less
sense when a user is an admin attempting to change the default topics
for the first time.

Since these messages actually do make sense for a user when they have a
low post count, though, they're still going to occur. They just occur
when a user is creating new content (and thus, more likely to read the
notice), not during edits.

This is in response to this issue:
https://meta.discourse.org/t/education-message-for-editing-wiki-topic/66682
2018-10-04 13:20:13 +08:00
Vinoth Kannan a651d39b8a
FIX: Display errors in single theme pages (#6449)
Currently the errors are not well handled. So it breaks the whole UI of admin themes list page.
2018-10-04 02:33:06 +05:30
Sam ad0e768742 FEATURE: add support for responsive images in posts
When creating lightboxes we will attempt to create 1.5x and 2x thumbnails
for retina screens, this can be controlled with a new hidden site setting
called responsice_post_image_sizes, if you wish to create 3x images run

SiteSetting.responsive_post_image_sizes = "1|1.5|2|3"


The default should be good for most of the setups as it balances filesize
with quality. 3x thumbs can get big.
2018-10-03 13:44:53 +10:00
Neil Lalonde dc1e7bb645 UX: when admin is deleted, make it clear in staff action logs when records belong to a deleted user and show their username in the details 2018-10-02 13:46:54 -04:00
Penar Musaraj 34516c72bd
FIX: Recover public actions (likes) when recovering a post (#6412) 2018-10-02 11:25:08 -04:00
Joffrey JAFFEUX a515ba8612 FIX: corrects typo and adds a spec for likes report (#6439)
* FIX: corrects typo and adds a spec for likes report

* save!
2018-10-02 02:27:43 -07:00
Bianca Nenciu e0d7cdac12 UX: Improve error messages for minimum and maximum username lengths. 2018-10-02 13:10:20 +08:00
Penar Musaraj da9eee5262 FIX: Force enable user PM emails option when user posts to a group by email. 2018-10-02 12:38:10 +08:00
Gerhard Schlager e2770bc1c4 FIX: async reload of locales could result in missing translations 2018-10-01 17:14:36 +02:00
Guo Xiang Tan cfa7173da3 FIX: Onceoff job to fix missing user profile backgrounds. 2018-10-01 16:26:40 +08:00
Guo Xiang Tan de85bb0a39 FIX: Don't update user_profile URLs unless upload is persisted. 2018-10-01 14:21:39 +08:00
Guo Xiang Tan e262a08350 Add `UploadRecovery#recover_user_profile_backgrounds`. 2018-10-01 10:51:54 +08:00
Robin Ward 02da022c70
PERF: Quit out of the email job quickly if disabled (#6423)
This prevents sidekiq from doing a bunch of queries when email is
disabled.

Critical emails are a special case and will be sent.
2018-10-01 01:15:45 +08:00
Kyle Zhao 819f090d6a move large blobs out of `<head>` (#6428)
it unnecessarily bloats the section and increases the payload
dramatically for open graph tags.
2018-09-28 17:28:33 +08:00
Penar Musaraj 70d74f8fc1 FIX: advanced search ordering broken when using tags 2018-09-28 17:27:08 +08:00
Bianca Nenciu 5407036ef9 DEV: Run prettier. (#6420) 2018-09-21 11:02:23 +00:00
Kyle Zhao e402394375 FEATURE: auto grant an available title when removing old title
* FEATURE: auto grant an available title when removing old title
2018-09-21 12:06:08 +10:00
Kyle Zhao 4bb980b9f7
FEATURE: do not allow moderators to export user list (#6418) 2018-09-21 09:07:13 +08:00
Guo Xiang Tan 1a64b3a487 FIX: Don't try to recover an invalid sha1. 2018-09-20 14:21:57 +08:00
Sam df45e82377 SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
Guo Xiang Tan 195bd02fce FIX: Avoid race condition when enqueuing job. 2018-09-20 11:24:01 +08:00
Jeff Wong d5442fbf08 FIX: do not send tl1 welcome message when a user has the basic user badge 2018-09-19 12:53:36 -07:00
Guo Xiang Tan 767f27929d Rename `Jobs::RecoverPostUploads` to rerun the job take 2. 2018-09-19 22:40:32 +08:00
Guo Xiang Tan d403883d16 DEV: Improve specs for 293cf600f0. 2018-09-19 16:03:52 +08:00
Sam 5302709343 FIX: in redis readonly raise an exception from DistributedMutex
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller

When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb

In redis readonly no thumbnails will be generated
2018-09-19 15:50:58 +10:00
Guo Xiang Tan bc7f58191e FIX: `UploadRecovery` should look at links too. 2018-09-19 11:52:57 +08:00
Guo Xiang Tan 4a92c5b2d6 `UploadRecovery` should recover attachments too. 2018-09-19 10:44:36 +08:00
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Arpit Jalan fadcd36f92 FIX: do not treat ignore_redirects domains as blacklisted
This fix prevents domains present in `ignore_redirects` to be treated as
blacklisted domains and makes sure that onboxing happens for those domains.
Issue reported here: https://meta.discourse.org/t/steam-store-oneboxing-no-longer-works/97266
2018-09-18 10:38:02 +05:30
Guo Xiang Tan ce6a0a5e9e FIX: Moving upload to tombstone should update modification time.
A upload created a long time ago will be nuked from the tombstone
immediately if it gets deleted.
2018-09-18 10:48:29 +08:00
Guo Xiang Tan f2fbf1fdb0 DEV: Basic specs for `TagGroupsController`. 2018-09-18 08:22:03 +08:00
Sam 7d6b348d0b SECURITY: correct XSS on long topic titles 2018-09-18 08:54:44 +10:00
Régis Hanol 4481836de2 FEATURE: new 'search_ignore_accents' site setting 2018-09-17 10:42:30 +02:00
Kyle Zhao 7a0232249a
extract inline JS that's used to store preloaded data (#6370) 2018-09-17 16:31:46 +08:00
Kyle Zhao 7b19ed06c1 reworked specs of existing group behavior 2018-09-17 17:46:43 +10:00
Kyle Zhao 6659417807 FEATURE: match user title when primary group changes
When primary group changes and the user's title is the previous primary
group's title, change the title to the new primary group's title
2018-09-17 15:08:39 +10:00
Sam 33541c4096 FEATURE: unconditionally omit no-follow for staff
Previously TL2 and below staff would have links
no-followed which was never intended
2018-09-17 12:02:20 +10:00
Sam 37c5280f73 correct spec 2018-09-17 11:37:01 +10:00