Commit Graph

17977 Commits

Author SHA1 Message Date
Bianca Nenciu fa0e421af3 FIX: Do not leak information about post revisions. (#6536) 2018-10-31 14:47:00 +00:00
David Taylor ff6676094f FIX: Correct bookmark button class 2018-10-31 11:22:24 +00:00
Régis Hanol 0bf52d422c FEATURE: new 'simultaneous_uploads' site setting 2018-10-31 10:58:09 +01:00
Kris f97cf10676 Removing edit button from mobile category list 2018-10-30 22:57:06 -04:00
Sam 23423ba112 correct spec and error reporting
previous commit misused warn_exception which caused a spec to fail
2018-10-31 13:38:05 +11:00
Blake Erickson 589e3fcaa0 FIX: return 400 for missing required params (#6546)
If a required param is missing return a 400 and show a message
displaying which param was missing. Added this to the application
controller so that we don't have to add this logic to every controller
action.
2018-10-31 13:02:48 +11:00
Sam 32b1f34910 PERF: avoid DNS lookups when getting IP info
Also cleans up interface in DiscourseIpInfo
grew cache to 2000 entries
2018-10-31 12:38:57 +11:00
Bianca Nenciu e0ccd36dbe FEATURE: Suspicious logins report. (#6544) 2018-10-30 22:51:58 +00:00
Bianca Nenciu e1e392f15b DEV: Use DiscourseIpInfo for all IP queries. (#6482)
* DEV: Use DiscourseIpInfo for all IP queries.

* UX: Use latitude and longitude for more precision.
2018-10-30 22:08:57 +00:00
Bianca Nenciu 4b7ab97a01 FIX: Add 'log in via link' to email templates. (#6545) 2018-10-30 19:15:05 +00:00
Joffrey JAFFEUX 11ee07093c FEATURE: revamps search-menu layout (#6543) 2018-10-30 10:44:49 -04:00
Gerhard Schlager 733b8af47b FIX: Uploads didn't work for subfolder anymore 2018-10-30 12:53:57 +01:00
Gerhard Schlager 5b14f713a0 Use class instead of inline style 2018-10-30 11:25:51 +01:00
Joffrey JAFFEUX af465effef
FIX: prevents y-axis labels to show useless/wrong values 2018-10-30 09:58:03 +01:00
Vinoth Kannan 92bf3c667e FIX: Flash authentication data not rendered in latest iOS safari browser 2018-10-30 04:00:36 +05:30
Sam f8305f53c7 FEATURE: special offline support restricted to Android only
The special offline page with fetch interception in service worker
is only strongly required on Android ad a pre-req for PWAs

This is now strongly restricted only to Android while iOS PWA support
gets better

Long term if we build offline support we can unlock it more globally
2018-10-29 16:29:19 +11:00
Jeff Atwood 760e09907b add a tad more width for user pref forms 2018-10-27 20:20:01 -07:00
Jeff Atwood 817cf8b229 remove extraneous two factor auth info popup 2018-10-27 14:10:26 -07:00
Jeff Atwood 58b53f7841 update copy for "was this you?" login dialog 2018-10-27 13:57:30 -07:00
David Taylor 375bba3c31 FIX: Add `String.includes` polyfill for IE11 2018-10-26 23:10:03 +01:00
Kris cd9a41be55 IE11 fix for create account modal alignment 2018-10-26 17:04:28 -04:00
Kris 0bf413be3e IE11 fix for category dropdown search icon position 2018-10-26 13:28:05 -04:00
Kris 1f88f69a7f IE11 Fix for tracking dropdown 2018-10-26 12:55:26 -04:00
Rafael dos Santos Silva 84f858fc23 FIX: Remove orientation from the webmanifest
We don't really care about orientation, so let the user OS handle it.
2018-10-26 13:48:14 -03:00
Rafael dos Santos Silva 2450f178ca FEATURE: Allow admins to control PWA display mode per user agent 2018-10-26 13:47:22 -03:00
Kris fb15e04e48 Fixing broken badge grant layout 2018-10-26 11:06:31 -04:00
Kris 7c2618e914
Adding classes to login for external auth and user fields (#6535) 2018-10-26 10:33:06 -04:00
Joffrey JAFFEUX b2585524a9
FEATURE: adds a most disagreed flaggers report 2018-10-26 15:59:04 +02:00
David Taylor e955a1f24b DEV: Skip ESLint on polyfill 2018-10-26 13:54:03 +01:00
David Taylor af84949f25 FIX: Add polyfill so that `Array.includes` works in IE11 2018-10-26 13:45:29 +01:00
Joffrey JAFFEUX 398f98c568
FIX: ensures reports links are correct on subfolder installs 2018-10-26 12:32:02 +02:00
Penar Musaraj 3c92202654 Set individual future-date-input components as clearable, fixes admin Safari bug (#6522) 2018-10-26 11:34:55 +11:00
Penar Musaraj ed9c21e42c FEATURE: hide muted categories from /categories list (#6531) 2018-10-26 11:34:39 +11:00
Régis Hanol d17c8df926 Only check for suspicious login for staff members 2018-10-26 00:29:28 +02:00
Kyle Zhao a6eca28ec6
CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js

* print topic inline js

* drop JS for preventing double submission

this is the default behavior with Rails' UJS `disable_with` helper

* omniauth complete redirect JS

* account activate inline js
2018-10-25 09:52:01 -04:00
Bianca Nenciu effbef7d0b UX: Use user locale for locations. (#6527)
* UX: Use user locale for locations.

* DEV: Added MaxMindDB test data and fixed test.
2018-10-25 10:54:01 +00:00
Joffrey JAFFEUX 8e274f7296 UX: bumps the user-api-key version to 3 (#6526)
* UX: bumps the user-api-key version to 3

* fix spec
2018-10-25 09:46:34 +00:00
Bianca Nenciu 2a77550f8c FIX: Do not track right clicks. (#6530) 2018-10-25 09:46:04 +00:00
Bianca Nenciu 6a3767cde7 FEATURE: Warn users via email about suspicious logins. (#6520)
* FEATURE: Warn users via email about suspicious logins.

* DEV: Move suspicious login check to a job.
2018-10-25 09:45:31 +00:00
Sam Saffron abaa3f0650 FEATURE: add server:before-head-close-crawler outlet for plugins
This outlet allows plugins to inject html prior to closing head tag
2018-10-25 16:31:05 +11:00
Kris 1d7720ef99 UX: Adding Google-compliant logo 2018-10-24 22:11:19 -04:00
Jeff Atwood c62a8ee335 switch topic jump glyphs to better signify move to top/bottom 2018-10-24 18:41:41 -07:00
Jeff Wong 0ead513fb0 PERF: remove total unread notifications from message bus (#6529) 2018-10-25 12:14:34 +11:00
Kris 36e2f863ee UX: Increase size of topic title tap target on mobile 2018-10-24 20:43:38 -04:00
Kris c219a5fb1e
Add btn-default class to all default buttons (#6521) 2018-10-24 16:09:36 -04:00
Kris 0140844eb0 Remove whitespace in template so we can use :empty psuedo 2018-10-24 16:00:22 -04:00
Matthew Campbell 05438d99a8 FIX: Ensure the like button always has a title, for accessibility (#6525)
The like button previously didn't have a title for anonymous users,
because the `canToggleLike` flag wasn't set, but the `liked` flag wasn't
set either. This made the button inaccessible to blind users.
2018-10-24 13:58:42 +00:00
Sam 5fd94d3211 PERF: limit unread count to 99 in blue circle
This revises: e605542c4e

Previous commit was faulty
2018-10-24 12:10:27 +11:00
Sam e605542c4e PERF: limit unread count to 99 in the blue circle
This safeguard is in place to avoid very expensive queries on the server
side
2018-10-24 11:53:28 +11:00
Kris 0b4edfc7d6 UX: improve spacing on composer controls 2018-10-23 16:37:36 -04:00
Kris a82dfbd2dc Mobile timeline fix 2018-10-23 07:59:00 -04:00
Kris 541b6a8446 UX: Allow vertical timeline to fit on narrower screens 2018-10-22 22:16:59 -04:00
Sam de6b585368 minor, bypass gravatar update if user does not match
this protects against a race condition that can happen when a user record
is destroyed reasonably quickly
2018-10-23 12:20:41 +11:00
Daniel Hollas cee51672c9 FIX: Strip accents from search query
4481836 introduced accent stipping in search_indexer,
but we need to strip it from the query itself as well

TODO in search with diacritics:
 - Still need to fix excerpts on search page
 - need to support accent stripping in in_topic search
 - need to make sure that in:title works correctly
 - need to fix "word boldening" in titles
2018-10-23 12:10:33 +11:00
Joffrey JAFFEUX 7d2e582b28 FIX: validates import theme form (#6513) 2018-10-23 12:09:06 +11:00
Sam b74dd7d379 FIX: stop logging every 404 error when searching for gravatars 2018-10-23 11:43:14 +11:00
Kyle Zhao 2cc195f3d9 prettier linting fix 2018-10-22 14:18:26 -04:00
Bianca Nenciu 37fa7775f1 FIX: Fix order of recently connected devices. (#6517) 2018-10-22 17:30:23 +00:00
Kyle Zhao e9a971a2b6
FEATURE: [Experimental] Content Security Policy (#6514)
do not register new MIME type, parse raw body instead
2018-10-22 13:22:23 -04:00
Jeff Wong ec2613699f Change box category view to use flexbox 2018-10-22 10:15:31 -07:00
Régis Hanol b9261588f9 make the code prettier 2018-10-22 19:07:41 +02:00
Régis Hanol 3e232412e3 UX: show error when hitting the rate limit on password reset 2018-10-22 19:00:30 +02:00
David Taylor 3377f26eba FIX: Clean tag before searching for matches 2018-10-22 11:09:06 +01:00
David Taylor 37b7afa522 FIX: Sanitize tags before creation 2018-10-22 10:53:42 +01:00
Kyle Zhao dca830cb73 Revert "FEATURE: [Experimental] Content Security Policy (#6504)"
This reverts commit fb8231077a.
2018-10-19 11:53:29 -04:00
Kris b35c8fb336 Add offset to topic footer admin menu, to avoid header overlap 2018-10-19 11:30:11 -04:00
David Taylor 0dd717e641 Revert "FIX: Sanitize tags before creation"
This reverts commit 18ae8de9e5.
2018-10-19 15:49:05 +01:00
David Taylor 18ae8de9e5 FIX: Sanitize tags before creation 2018-10-19 15:43:31 +01:00
Kyle Zhao fb8231077a
FEATURE: [Experimental] Content Security Policy (#6504) 2018-10-19 10:39:22 -04:00
Bianca Nenciu b69652278f FEATURE: Add Wiki Editor badge. (#6511) 2018-10-19 15:30:27 +02:00
David Taylor 7166d7de9a
FIX: Prevent duplicate tags in tag-choosers (#6512)
* FIX: Prevent duplicate tags in tag-choosers

This reverts 5685b45, which fixes the duplicate tags problem.
The fix introduced by 5685b45 is re-implemented on the server.
2018-10-19 13:44:43 +01:00
Joffrey JAFFEUX 5f86564da1
FEATURE: adds latest to user-api-key session scope 2018-10-19 09:54:06 +02:00
Sam 9bfc939692 cleanup so gravatar download failures are consistent
previously we would ignore socket error, but this would mean that
there could be conditions where we would keep trying to download
gravatars forever (in an hourly job)
2018-10-19 12:51:55 +11:00
Angus McLeod 85ef8e5a9f auto is not a valid value for min/max height (#6509) 2018-10-18 21:33:45 -04:00
Bianca Nenciu 22ada32d4d FIX: Strip @ when searching for users and groups. (#6506) 2018-10-19 11:56:10 +11:00
Robin Ward f0af61da41
FIX: User `AvatarLookup` for looking up avatar details (#6508)
This allows plugins with their own avatar logic to work in the user
summary sections.
2018-10-18 15:49:34 -04:00
Blake Erickson 93485facaf FIX: lowercase username for add/rem group members
This fix searches for users based on the downcased username so that if
you pass in usernames to add/remove from a group and you don't have the
casing just right it will still find the correct users.

I updated the tests to add a username that has a mix of upper and
lowercase letters to verify this functionality.
2018-10-18 13:17:24 -06:00
Régis Hanol 3973823a33 FIX: always update 'last_gravatar_download_attempt' when updating gravatar 2018-10-18 11:02:54 +02:00
Kyle Zhao 0f1afad6da FIX: extracted theme JavaScripts for multisite (#6502)
* FIX: extracted theme javascripts for multisite

* onceoff to rebake all theme fields
2018-10-18 17:05:34 +11:00
Guo Xiang Tan 22408f93c9 FIX: Wrap custom fields database statements in a transaction.
Kind of strange that we don't do it because a database statement
may fail and leave us in a weird state.
2018-10-18 12:23:04 +08:00
Guo Xiang Tan 44eba0bb60 FIX: Don't rescue `PG::UniqueViolation` within a transaction.
Also acquire a transaction per link instead of failing when
any of the links can't be processed.

This prevents ActiveRecord from rolling back the transaction
and the next SQL statement sent to PG will fail. This is
however hard to test as it only happens when there are
two competing process trying to process this method at the
same time.
2018-10-18 10:54:30 +08:00
Guto Foletto 0abc932056 add styles so permalinks admin could fit mobile screen (#6496) 2018-10-17 17:37:14 +02:00
Bianca Nenciu f60b10d090 UX: Warn users if the post that's currently edited has changed. (#6498) 2018-10-17 15:35:32 +02:00
David Taylor 065bf0762c FEATURE: New plugin outlets for user card customization 2018-10-17 14:15:48 +01:00
David Taylor c6f364224e
FEATURE: Allow plugins to whitelist user custom fields for public display (#6499)
This works exactly the same as `whitelist_staff_user_custom_fields`, but is not limited to staff
2018-10-17 10:33:27 +01:00
Arpit Jalan 42c405a820 FIX: use topic summary for meta description if topic excerpt is blank 2018-10-17 14:13:30 +05:30
Joe 1b5ba899a1
UX: header items wrap on small screens for anon 2018-10-17 14:19:20 +08:00
Joe 5815a33a9a
FIX: closing an empty fullscreen composer with toggler prevents scrolling 2018-10-17 13:52:47 +08:00
Kris b23ebf10c2 Minor post alignment fixes 2018-10-16 12:39:55 -04:00
Vinoth Kannan e3c6dd26c4 FIX: Do not set null value to remove cookie 2018-10-16 06:48:54 +05:30
Sam 19d7543004 FIX: clear color scheme cache when clearing theme cache 2018-10-16 12:00:46 +11:00
Vinoth Kannan 08c404e138 FIX: Do not set null value to remove cookie 2018-10-16 06:12:32 +05:30
Sam 8d06731484 FIX: reduce amount of work onceoff does
In the past onceoff was forcing inline download of gravatars,
this can be so expensive that it will never finish

This fix ensures it only marks avatars stale which will be picked
up by regular schedules
2018-10-16 10:29:16 +11:00
Kyle Zhao 99d1ded3b3
rename route `/javascripts` to `/theme-javascripts` (#6495) 2018-10-15 11:32:52 -04:00
Maja Komel c104256991 FIX: SSO provider secrets - check wildcard domains last, toggle secrets visibility 2018-10-15 16:18:29 +02:00
Joffrey JAFFEUX f6eff38c0e
FEATURE: adds list#(unread|new) to user api key routes (#6494) 2018-10-15 15:48:35 +02:00
David Taylor 7ac08f936e
FEATURE: Upload tags from CSV (#6484) 2018-10-15 09:12:54 +01:00
Sam 4c8fe13500 FIX: remove code that restricted "header" theme field from admin
There was some old code that restricted a percentage of a themes code from
admin, only when admin was refreshed, this leads to lots of confusion

Conditional is now removed
2018-10-15 17:29:10 +11:00
Maja Komel 27e732a58d FEATURE: allow multiple secrets for Discourse SSO provider
This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site.

This allows for better auditing of the SSO provider feature
2018-10-15 16:03:53 +11:00
Kyle Zhao 6acdea37c4 DEV: extract inline js when baking theme fields (#6447)
* extract inline js when baking theme fields
* destroy javascript cache when destroying theme fields

This work is needed to support CSP work
2018-10-15 15:55:23 +11:00