Bianca Nenciu
fa0e421af3
FIX: Do not leak information about post revisions. ( #6536 )
2018-10-31 14:47:00 +00:00
David Taylor
ff6676094f
FIX: Correct bookmark button class
2018-10-31 11:22:24 +00:00
Régis Hanol
0bf52d422c
FEATURE: new 'simultaneous_uploads' site setting
2018-10-31 10:58:09 +01:00
Kris
f97cf10676
Removing edit button from mobile category list
2018-10-30 22:57:06 -04:00
Sam
23423ba112
correct spec and error reporting
...
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson
589e3fcaa0
FIX: return 400 for missing required params ( #6546 )
...
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Sam
32b1f34910
PERF: avoid DNS lookups when getting IP info
...
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
Bianca Nenciu
e0ccd36dbe
FEATURE: Suspicious logins report. ( #6544 )
2018-10-30 22:51:58 +00:00
Bianca Nenciu
e1e392f15b
DEV: Use DiscourseIpInfo for all IP queries. ( #6482 )
...
* DEV: Use DiscourseIpInfo for all IP queries.
* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu
4b7ab97a01
FIX: Add 'log in via link' to email templates. ( #6545 )
2018-10-30 19:15:05 +00:00
Joffrey JAFFEUX
11ee07093c
FEATURE: revamps search-menu layout ( #6543 )
2018-10-30 10:44:49 -04:00
Gerhard Schlager
733b8af47b
FIX: Uploads didn't work for subfolder anymore
2018-10-30 12:53:57 +01:00
Gerhard Schlager
5b14f713a0
Use class instead of inline style
2018-10-30 11:25:51 +01:00
Joffrey JAFFEUX
af465effef
FIX: prevents y-axis labels to show useless/wrong values
2018-10-30 09:58:03 +01:00
Vinoth Kannan
92bf3c667e
FIX: Flash authentication data not rendered in latest iOS safari browser
2018-10-30 04:00:36 +05:30
Sam
f8305f53c7
FEATURE: special offline support restricted to Android only
...
The special offline page with fetch interception in service worker
is only strongly required on Android ad a pre-req for PWAs
This is now strongly restricted only to Android while iOS PWA support
gets better
Long term if we build offline support we can unlock it more globally
2018-10-29 16:29:19 +11:00
Jeff Atwood
760e09907b
add a tad more width for user pref forms
2018-10-27 20:20:01 -07:00
Jeff Atwood
817cf8b229
remove extraneous two factor auth info popup
2018-10-27 14:10:26 -07:00
Jeff Atwood
58b53f7841
update copy for "was this you?" login dialog
2018-10-27 13:57:30 -07:00
David Taylor
375bba3c31
FIX: Add `String.includes` polyfill for IE11
2018-10-26 23:10:03 +01:00
Kris
cd9a41be55
IE11 fix for create account modal alignment
2018-10-26 17:04:28 -04:00
Kris
0bf413be3e
IE11 fix for category dropdown search icon position
2018-10-26 13:28:05 -04:00
Kris
1f88f69a7f
IE11 Fix for tracking dropdown
2018-10-26 12:55:26 -04:00
Rafael dos Santos Silva
84f858fc23
FIX: Remove orientation from the webmanifest
...
We don't really care about orientation, so let the user OS handle it.
2018-10-26 13:48:14 -03:00
Rafael dos Santos Silva
2450f178ca
FEATURE: Allow admins to control PWA display mode per user agent
2018-10-26 13:47:22 -03:00
Kris
fb15e04e48
Fixing broken badge grant layout
2018-10-26 11:06:31 -04:00
Kris
7c2618e914
Adding classes to login for external auth and user fields ( #6535 )
2018-10-26 10:33:06 -04:00
Joffrey JAFFEUX
b2585524a9
FEATURE: adds a most disagreed flaggers report
2018-10-26 15:59:04 +02:00
David Taylor
e955a1f24b
DEV: Skip ESLint on polyfill
2018-10-26 13:54:03 +01:00
David Taylor
af84949f25
FIX: Add polyfill so that `Array.includes` works in IE11
2018-10-26 13:45:29 +01:00
Joffrey JAFFEUX
398f98c568
FIX: ensures reports links are correct on subfolder installs
2018-10-26 12:32:02 +02:00
Penar Musaraj
3c92202654
Set individual future-date-input components as clearable, fixes admin Safari bug ( #6522 )
2018-10-26 11:34:55 +11:00
Penar Musaraj
ed9c21e42c
FEATURE: hide muted categories from /categories list ( #6531 )
2018-10-26 11:34:39 +11:00
Régis Hanol
d17c8df926
Only check for suspicious login for staff members
2018-10-26 00:29:28 +02:00
Kyle Zhao
a6eca28ec6
CSP - extract all other inline JavaScripts ( #6528 )
...
* wizard page inline js
* print topic inline js
* drop JS for preventing double submission
this is the default behavior with Rails' UJS `disable_with` helper
* omniauth complete redirect JS
* account activate inline js
2018-10-25 09:52:01 -04:00
Bianca Nenciu
effbef7d0b
UX: Use user locale for locations. ( #6527 )
...
* UX: Use user locale for locations.
* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX
8e274f7296
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu
2a77550f8c
FIX: Do not track right clicks. ( #6530 )
2018-10-25 09:46:04 +00:00
Bianca Nenciu
6a3767cde7
FEATURE: Warn users via email about suspicious logins. ( #6520 )
...
* FEATURE: Warn users via email about suspicious logins.
* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Sam Saffron
abaa3f0650
FEATURE: add server:before-head-close-crawler outlet for plugins
...
This outlet allows plugins to inject html prior to closing head tag
2018-10-25 16:31:05 +11:00
Kris
1d7720ef99
UX: Adding Google-compliant logo
2018-10-24 22:11:19 -04:00
Jeff Atwood
c62a8ee335
switch topic jump glyphs to better signify move to top/bottom
2018-10-24 18:41:41 -07:00
Jeff Wong
0ead513fb0
PERF: remove total unread notifications from message bus ( #6529 )
2018-10-25 12:14:34 +11:00
Kris
36e2f863ee
UX: Increase size of topic title tap target on mobile
2018-10-24 20:43:38 -04:00
Kris
c219a5fb1e
Add btn-default class to all default buttons ( #6521 )
2018-10-24 16:09:36 -04:00
Kris
0140844eb0
Remove whitespace in template so we can use :empty psuedo
2018-10-24 16:00:22 -04:00
Matthew Campbell
05438d99a8
FIX: Ensure the like button always has a title, for accessibility ( #6525 )
...
The like button previously didn't have a title for anonymous users,
because the `canToggleLike` flag wasn't set, but the `liked` flag wasn't
set either. This made the button inaccessible to blind users.
2018-10-24 13:58:42 +00:00
Sam
5fd94d3211
PERF: limit unread count to 99 in blue circle
...
This revises: e605542c4e
Previous commit was faulty
2018-10-24 12:10:27 +11:00
Sam
e605542c4e
PERF: limit unread count to 99 in the blue circle
...
This safeguard is in place to avoid very expensive queries on the server
side
2018-10-24 11:53:28 +11:00
Kris
0b4edfc7d6
UX: improve spacing on composer controls
2018-10-23 16:37:36 -04:00
Kris
a82dfbd2dc
Mobile timeline fix
2018-10-23 07:59:00 -04:00
Kris
541b6a8446
UX: Allow vertical timeline to fit on narrower screens
2018-10-22 22:16:59 -04:00
Sam
de6b585368
minor, bypass gravatar update if user does not match
...
this protects against a race condition that can happen when a user record
is destroyed reasonably quickly
2018-10-23 12:20:41 +11:00
Daniel Hollas
cee51672c9
FIX: Strip accents from search query
...
4481836
introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well
TODO in search with diacritics:
- Still need to fix excerpts on search page
- need to support accent stripping in in_topic search
- need to make sure that in:title works correctly
- need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
Joffrey JAFFEUX
7d2e582b28
FIX: validates import theme form ( #6513 )
2018-10-23 12:09:06 +11:00
Sam
b74dd7d379
FIX: stop logging every 404 error when searching for gravatars
2018-10-23 11:43:14 +11:00
Kyle Zhao
2cc195f3d9
prettier linting fix
2018-10-22 14:18:26 -04:00
Bianca Nenciu
37fa7775f1
FIX: Fix order of recently connected devices. ( #6517 )
2018-10-22 17:30:23 +00:00
Kyle Zhao
e9a971a2b6
FEATURE: [Experimental] Content Security Policy ( #6514 )
...
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Jeff Wong
ec2613699f
Change box category view to use flexbox
2018-10-22 10:15:31 -07:00
Régis Hanol
b9261588f9
make the code prettier
2018-10-22 19:07:41 +02:00
Régis Hanol
3e232412e3
UX: show error when hitting the rate limit on password reset
2018-10-22 19:00:30 +02:00
David Taylor
3377f26eba
FIX: Clean tag before searching for matches
2018-10-22 11:09:06 +01:00
David Taylor
37b7afa522
FIX: Sanitize tags before creation
2018-10-22 10:53:42 +01:00
Kyle Zhao
dca830cb73
Revert "FEATURE: [Experimental] Content Security Policy ( #6504 )"
...
This reverts commit fb8231077a
.
2018-10-19 11:53:29 -04:00
Kris
b35c8fb336
Add offset to topic footer admin menu, to avoid header overlap
2018-10-19 11:30:11 -04:00
David Taylor
0dd717e641
Revert "FIX: Sanitize tags before creation"
...
This reverts commit 18ae8de9e5
.
2018-10-19 15:49:05 +01:00
David Taylor
18ae8de9e5
FIX: Sanitize tags before creation
2018-10-19 15:43:31 +01:00
Kyle Zhao
fb8231077a
FEATURE: [Experimental] Content Security Policy ( #6504 )
2018-10-19 10:39:22 -04:00
Bianca Nenciu
b69652278f
FEATURE: Add Wiki Editor badge. ( #6511 )
2018-10-19 15:30:27 +02:00
David Taylor
7166d7de9a
FIX: Prevent duplicate tags in tag-choosers ( #6512 )
...
* FIX: Prevent duplicate tags in tag-choosers
This reverts 5685b45
, which fixes the duplicate tags problem.
The fix introduced by 5685b45
is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Joffrey JAFFEUX
5f86564da1
FEATURE: adds latest to user-api-key session scope
2018-10-19 09:54:06 +02:00
Sam
9bfc939692
cleanup so gravatar download failures are consistent
...
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Angus McLeod
85ef8e5a9f
auto is not a valid value for min/max height ( #6509 )
2018-10-18 21:33:45 -04:00
Bianca Nenciu
22ada32d4d
FIX: Strip @ when searching for users and groups. ( #6506 )
2018-10-19 11:56:10 +11:00
Robin Ward
f0af61da41
FIX: User `AvatarLookup` for looking up avatar details ( #6508 )
...
This allows plugins with their own avatar logic to work in the user
summary sections.
2018-10-18 15:49:34 -04:00
Blake Erickson
93485facaf
FIX: lowercase username for add/rem group members
...
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.
I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Régis Hanol
3973823a33
FIX: always update 'last_gravatar_download_attempt' when updating gravatar
2018-10-18 11:02:54 +02:00
Kyle Zhao
0f1afad6da
FIX: extracted theme JavaScripts for multisite ( #6502 )
...
* FIX: extracted theme javascripts for multisite
* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Guo Xiang Tan
22408f93c9
FIX: Wrap custom fields database statements in a transaction.
...
Kind of strange that we don't do it because a database statement
may fail and leave us in a weird state.
2018-10-18 12:23:04 +08:00
Guo Xiang Tan
44eba0bb60
FIX: Don't rescue `PG::UniqueViolation` within a transaction.
...
Also acquire a transaction per link instead of failing when
any of the links can't be processed.
This prevents ActiveRecord from rolling back the transaction
and the next SQL statement sent to PG will fail. This is
however hard to test as it only happens when there are
two competing process trying to process this method at the
same time.
2018-10-18 10:54:30 +08:00
Guto Foletto
0abc932056
add styles so permalinks admin could fit mobile screen ( #6496 )
2018-10-17 17:37:14 +02:00
Bianca Nenciu
f60b10d090
UX: Warn users if the post that's currently edited has changed. ( #6498 )
2018-10-17 15:35:32 +02:00
David Taylor
065bf0762c
FEATURE: New plugin outlets for user card customization
2018-10-17 14:15:48 +01:00
David Taylor
c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display ( #6499 )
...
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Arpit Jalan
42c405a820
FIX: use topic summary for meta description if topic excerpt is blank
2018-10-17 14:13:30 +05:30
Joe
1b5ba899a1
UX: header items wrap on small screens for anon
2018-10-17 14:19:20 +08:00
Joe
5815a33a9a
FIX: closing an empty fullscreen composer with toggler prevents scrolling
2018-10-17 13:52:47 +08:00
Kris
b23ebf10c2
Minor post alignment fixes
2018-10-16 12:39:55 -04:00
Vinoth Kannan
e3c6dd26c4
FIX: Do not set null value to remove cookie
2018-10-16 06:48:54 +05:30
Sam
19d7543004
FIX: clear color scheme cache when clearing theme cache
2018-10-16 12:00:46 +11:00
Vinoth Kannan
08c404e138
FIX: Do not set null value to remove cookie
2018-10-16 06:12:32 +05:30
Sam
8d06731484
FIX: reduce amount of work onceoff does
...
In the past onceoff was forcing inline download of gravatars,
this can be so expensive that it will never finish
This fix ensures it only marks avatars stale which will be picked
up by regular schedules
2018-10-16 10:29:16 +11:00
Kyle Zhao
99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` ( #6495 )
2018-10-15 11:32:52 -04:00
Maja Komel
c104256991
FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility
2018-10-15 16:18:29 +02:00
Joffrey JAFFEUX
f6eff38c0e
FEATURE: adds list#(unread|new) to user api key routes ( #6494 )
2018-10-15 15:48:35 +02:00
David Taylor
7ac08f936e
FEATURE: Upload tags from CSV ( #6484 )
2018-10-15 09:12:54 +01:00
Sam
4c8fe13500
FIX: remove code that restricted "header" theme field from admin
...
There was some old code that restricted a percentage of a themes code from
admin, only when admin was refreshed, this leads to lots of confusion
Conditional is now removed
2018-10-15 17:29:10 +11:00
Maja Komel
27e732a58d
FEATURE: allow multiple secrets for Discourse SSO provider
...
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.
This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao
6acdea37c4
DEV: extract inline js when baking theme fields ( #6447 )
...
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields
This work is needed to support CSP work
2018-10-15 15:55:23 +11:00