Commit Graph

52649 Commits

Author SHA1 Message Date
Daniel Waterworth 4494d62531
SECURITY: Run custom field validations with save_custom_fields 2024-01-08 08:02:16 -07:00
Joffrey JAFFEUX fd4ff92892
SECURITY: ensures mentioned_users is limited
Prior to this fix the number of users rendered by mentioned_users could equal the number of members in a channel which would be slow but could in more extreme case crash the page and/or server.
2024-01-08 08:02:13 -07:00
Jarek Radosz fe10a3feab
DEV: Use html-rewriter-wasm/lol_html instead of JSDOM (#25144)
Parsing html, modifying it, and then serializing had some negative side-effects (namely, it was losing html entity escaping in some cases)

Drops jsdom dependency
2024-01-08 12:51:23 +01:00
Alan Guo Xiang Tan d9affeca0a
Revert "Build(deps): Bump regexp_parser from 2.8.3 to 2.9.0 (#25149)" (#25158)
This reverts commit 50be3b887d.

2.9.0 seems to have been yanked because bundler is complaining that it
can't find it.
2024-01-08 09:32:20 +08:00
Alan Guo Xiang Tan 3e03d19c90
DEV: Update bundler (#25125)
Why this change?

We have been using an older version of bundler that was released on 9
May 2023.
2024-01-08 09:26:37 +08:00
Martin Brennan 51016e56dd
FEATURE: Add copy quote button to post selection menu (#25139)
Merges the design experiment at
https://meta.discourse.org/t/post-quote-copy-to-clipboard-button-feedback/285376
into core.

This adds a new button by default to the menu that pops up when text is
selected in a post.

The normal Quote button that is shown when selecting text within a post
will open the composer with the quote markdown prefilled.

This new "Copy Quote" button copies the quote markdown directly to the
user’s clipboard. This is useful for when you want to copy the quote
elsewhere – to another topic or a chat message for instance – without
having to manually copy from the opened composer, which then has to be
dismissed afterwards. An example of quote markdown:

```
[quote="someuser, post:7, topic:285376"]
In this moment, I am euphoric.
[/quote]
```
2024-01-08 10:38:14 +10:00
dependabot[bot] a720bdc72b
Build(deps-dev): Bump jsdom from 23.0.1 to 23.2.0 in /app/assets/javascripts (#25156)
* Build(deps-dev): Bump jsdom in /app/assets/javascripts

Bumps [jsdom](https://github.com/jsdom/jsdom) from 23.0.1 to 23.2.0.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](https://github.com/jsdom/jsdom/compare/23.0.1...23.2.0)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-01-08 08:13:13 +08:00
dependabot[bot] 0d1b6512c7
Build(deps): Bump net-smtp from 0.4.0 to 0.4.0.1 (#25147)
Bumps [net-smtp](https://github.com/ruby/net-smtp) from 0.4.0 to 0.4.0.1.
- [Release notes](https://github.com/ruby/net-smtp/releases)
- [Changelog](https://github.com/ruby/net-smtp/blob/master/NEWS.md)
- [Commits](https://github.com/ruby/net-smtp/compare/v0.4.0...v0.4.0.1)

---
updated-dependencies:
- dependency-name: net-smtp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 08:12:53 +08:00
dependabot[bot] 50be3b887d
Build(deps): Bump regexp_parser from 2.8.3 to 2.9.0 (#25149)
Bumps [regexp_parser](https://github.com/ammar/regexp_parser) from 2.8.3 to 2.9.0.
- [Changelog](https://github.com/ammar/regexp_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ammar/regexp_parser/compare/v2.8.3...v2.9.0)

---
updated-dependencies:
- dependency-name: regexp_parser
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 08:12:19 +08:00
dependabot[bot] 5f158cd187
Build(deps-dev): Bump bullet from 7.1.4 to 7.1.5 (#25151)
Bumps [bullet](https://github.com/flyerhzm/bullet) from 7.1.4 to 7.1.5.
- [Changelog](https://github.com/flyerhzm/bullet/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flyerhzm/bullet/compare/7.1.4...7.1.5)

---
updated-dependencies:
- dependency-name: bullet
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 08:11:40 +08:00
dependabot[bot] 0291fec77e
Build(deps-dev): Bump rubocop-rspec from 2.26.0 to 2.26.1 (#25152)
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.26.0 to 2.26.1.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.26.0...v2.26.1)

---
updated-dependencies:
- dependency-name: rubocop-rspec
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 08:11:30 +08:00
dependabot[bot] f69bb26a31
Build(deps): Bump net-imap from 0.4.9 to 0.4.9.1 (#25153)
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.4.9 to 0.4.9.1.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.4.9...v0.4.9.1)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 08:11:19 +08:00
dependabot[bot] 847adfce1f
Build(deps): Bump net-http from 0.4.0 to 0.4.1 (#25155)
Bumps [net-http](https://github.com/ruby/net-http) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/ruby/net-http/releases)
- [Commits](https://github.com/ruby/net-http/compare/v0.4.0...v0.4.1)

---
updated-dependencies:
- dependency-name: net-http
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 08:11:08 +08:00
dependabot[bot] 7cdd5250c2
Build(deps-dev): Bump @floating-ui/dom from 1.5.3 to 1.5.4 in /app/assets/javascripts (#25157)
* Build(deps-dev): Bump @floating-ui/dom in /app/assets/javascripts

Bumps [@floating-ui/dom](https://github.com/floating-ui/floating-ui/tree/HEAD/packages/dom) from 1.5.3 to 1.5.4.
- [Release notes](https://github.com/floating-ui/floating-ui/releases)
- [Changelog](https://github.com/floating-ui/floating-ui/blob/master/packages/dom/CHANGELOG.md)
- [Commits](https://github.com/floating-ui/floating-ui/commits/@floating-ui/dom@1.5.4/packages/dom)

---
updated-dependencies:
- dependency-name: "@floating-ui/dom"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-01-08 08:10:49 +08:00
dependabot[bot] c902ea0f47
Build(deps-dev): Bump ruby-prof from 1.6.3 to 1.7.0 (#25154)
Bumps [ruby-prof](https://github.com/ruby-prof/ruby-prof) from 1.6.3 to 1.7.0.
- [Changelog](https://github.com/ruby-prof/ruby-prof/blob/master/CHANGES)
- [Commits](https://github.com/ruby-prof/ruby-prof/commits)

---
updated-dependencies:
- dependency-name: ruby-prof
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-08 08:10:31 +08:00
Martin Brennan 628873de24
FIX: Sort plugins by their setting category name (#25128)
Some plugins have names (e.g. discourse-x-yz) that
are totally different from what they are actually called,
and that causes issues when showing them in a sorted way
in the admin plugin list.

Now, we should use the setting category name from client.en.yml
if it exists, otherwise fall back to the name, for sorting.
This is what we do on the client to determine what text to
show for the plugin name as well.
2024-01-08 09:57:25 +10:00
Kris 0472d3e122
UX: add missing button class to bulk-select (#24758) 2024-01-05 17:27:59 -05:00
Kris ec0e802d34
DEV: less generic SVG ids to avoid clash (#25003) 2024-01-05 17:08:31 -05:00
Bianca Nenciu 62e570afe2
FIX: Ensure that categories array is not undefined (#25141)
With lazy_load_categories enabled, the categories array can be undefined
because it is not loaded yet (it is populated on demand).
2024-01-05 20:45:21 +02:00
Rafael dos Santos Silva 0fe11ef337
FIX: Stop optimizing WEBPs into JPGs (#25140)
This rarely results in better compression, and there are many uses of animated WEBPs too
2024-01-05 12:18:48 -03:00
Rafael dos Santos Silva 13735f35fb
FEATURE: Cache embed contents in the database (#25133)
* FEATURE: Cache embed contents in the database

This will be useful for features that rely on the semantic content of topics, like the many AI features



Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>
2024-01-05 10:09:31 -03:00
Ted Johansson ac4d90b3a6
Revert "DEV: Skip MinioRunner until min.io renews their cert (#25137)" (#25138)
This reverts commit 2594f7a5a3.
2024-01-05 14:08:27 +08:00
Ted Johansson a5f0935307
DEV: Convert min_trust_level_to_create_tag to groups (#24899)
We're changing the implementation of trust levels to use groups. Part of this is to have site settings that reference trust levels use groups instead. It converts the min_trust_level_to_create_tag  site setting to create_tag_allowed_groups.

This PR maintains backwards compatibility until we can update plugins and themes using this.
2024-01-05 10:19:43 +08:00
Ted Johansson 2594f7a5a3
DEV: Skip MinioRunner until min.io renews their cert (#25137)
The min.io domain cert has expired, causing our MinioRunner gem to fail. Skip until domain can be connected via SSL again.
2024-01-05 10:00:08 +08:00
Krzysztof Kotlarek 0bb86129a5
FEATURE: used, unused, enabled, disabled component filter (#25136)
In this PR we introduced the enabled/disabled components filter.

https://github.com/discourse/discourse/pull/25105

However, components are slightly more complicated and can be used/unused/enabled/disabled.
2024-01-05 12:15:16 +11:00
dependabot[bot] 5aa010708c
Build(deps-dev): Bump rubocop-rspec from 2.25.0 to 2.26.0 (#25135)
Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 2.25.0 to 2.26.0.
- [Release notes](https://github.com/rubocop/rubocop-rspec/releases)
- [Changelog](https://github.com/rubocop/rubocop-rspec/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-rspec/compare/v2.25.0...v2.26.0)

---
updated-dependencies:
- dependency-name: rubocop-rspec
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-04 22:37:05 +01:00
dependabot[bot] 3eff4e7544
Build(deps-dev): Bump rubocop-factory_bot from 2.24.0 to 2.25.0 (#25134)
Bumps [rubocop-factory_bot](https://github.com/rubocop/rubocop-factory_bot) from 2.24.0 to 2.25.0.
- [Release notes](https://github.com/rubocop/rubocop-factory_bot/releases)
- [Changelog](https://github.com/rubocop/rubocop-factory_bot/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-factory_bot/compare/v2.24.0...v2.25.0)

---
updated-dependencies:
- dependency-name: rubocop-factory_bot
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-04 22:17:49 +01:00
Kris e0a7d8f332
DEV: pass renderTimeline to topic-navigation outlet (#25132) 2024-01-04 14:47:05 -05:00
Andrei Prigorshnev 93ca13e534
DEV: Add new chat metrics (#23872)
This adds the following chat metrics:

- _chat_open_channels_with_threads_enabled_ — a count of open channels 
where threading is enabled.
- _chat_channel_messages_ — a count of messages sent in a chat channel 
(i.e. not a personal chat / direct message), within a thread or outside of a thread.
- _chat_threaded_messages_ — a count of messages sent within a thread 
in a chat channel (i.e. not a personal chat / direct messages).
- _chat_direct_messages_ — a count of messages sent in a personal chat / direct messages.

The metrics added using the plugin API introduced in 098ab29d, 
and extended in d91456fd.

Note that these stats won't be exposed at the `about.json` 
and the `site/statistics.json` routes.
2024-01-04 16:10:03 +04:00
Jarek Radosz b43bba7dd7
UX: Improve border-radius stuff in chat-message actions (#25129) 2024-01-04 12:33:07 +01:00
Krzysztof Kotlarek 7b81c39a8b
FIX: customise themes/components CSS (#25127)
Previous PR removed overflow-y CSS parameter which was required: https://github.com/discourse/discourse/pull/25105/files#diff-eae50f20f62ec6d720f9a100ccdef41622588c724bc68f6027ae13e2661bd3c4L249

Overflow is conflicting with select-kit so both search and filter were moved out of `themes-list-container`
2024-01-04 16:00:25 +11:00
Krzysztof Kotlarek be841e666e
FEATURE: filter themes and components (#25105)
Allow filtering themes or components to find Active/Enabled Inactive/Disabled or Updates Available in the admin panel.
2024-01-04 14:29:08 +11:00
Alan Guo Xiang Tan e9f016726a
DEV: Minor formatting fix when reporting server exceptions (#25126)
What we have now:

```
~~~~~~~ SERVER EXCEPTIONS ~~~~~~~Error encountered while proccessing /tag/tag24/l/latest  ArgumentError: wrong number of arguments (given 1, expected 0)    /__w/discourse/discourse/lib/site_setting_extension.rb:521:in `block in setup_methods'
```

What we actually want:

```
~~~~~~~ SERVER EXCEPTIONS ~~~~~~~
Error encountered while proccessing /tag/tag24/l/latest  ArgumentError: wrong number of arguments (given 1, expected 0)    /__w/discourse/discourse/lib/site_setting_extension.rb:521:in `block in setup_methods'
```
2024-01-04 08:29:45 +08:00
Kris d3dddc6e1b
DEV: add `btn-default` class to review action buttons (#25095) 2024-01-04 07:05:07 +08:00
dependabot[bot] 2ebfadd973
Build(deps-dev): Bump rubocop-capybara from 2.19.0 to 2.20.0 (#25124)
Bumps [rubocop-capybara](https://github.com/rubocop/rubocop-capybara) from 2.19.0 to 2.20.0.
- [Release notes](https://github.com/rubocop/rubocop-capybara/releases)
- [Changelog](https://github.com/rubocop/rubocop-capybara/blob/main/CHANGELOG.md)
- [Commits](https://github.com/rubocop/rubocop-capybara/compare/v2.19.0...v2.20.0)

---
updated-dependencies:
- dependency-name: rubocop-capybara
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 22:54:01 +01:00
dependabot[bot] 4767eeda68
Build(deps): Bump sass-embedded from 1.69.6 to 1.69.7 (#25123)
Bumps [sass-embedded](https://github.com/sass-contrib/sass-embedded-host-ruby) from 1.69.6 to 1.69.7.
- [Commits](https://github.com/sass-contrib/sass-embedded-host-ruby/compare/v1.69.6...v1.69.7)

---
updated-dependencies:
- dependency-name: sass-embedded
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 22:46:58 +01:00
dependabot[bot] ae0ecbe9cb
Build(deps): Bump puma from 6.4.0 to 6.4.1 (#25120)
Bumps [puma](https://github.com/puma/puma) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/puma/puma/releases)
- [Changelog](https://github.com/puma/puma/blob/master/History.md)
- [Commits](https://github.com/puma/puma/compare/v6.4.0...v6.4.1)

---
updated-dependencies:
- dependency-name: puma
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 22:46:46 +01:00
dependabot[bot] d5c2321f8e
Build(deps-dev): Bump sass from 1.69.6 to 1.69.7 in /app/assets/javascripts (#25118)
* Build(deps-dev): Bump sass in /app/assets/javascripts

Bumps [sass](https://github.com/sass/dart-sass) from 1.69.6 to 1.69.7.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.69.6...1.69.7)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update lockfiles for ember version flag

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: discoursebuild <build@discourse.org>
2024-01-03 22:45:51 +01:00
dependabot[bot] e0f9f62e4c
Build(deps): Bump excon from 0.108.0 to 0.109.0 (#25121)
Bumps [excon](https://github.com/excon/excon) from 0.108.0 to 0.109.0.
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.108.0...v0.109.0)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 22:44:53 +01:00
dependabot[bot] b397dca417
Build(deps-dev): Bump shoulda-matchers from `2a2b062` to `d611911` (#25122)
Bumps [shoulda-matchers](https://github.com/thoughtbot/shoulda-matchers) from `2a2b062` to `d611911`.
- [Release notes](https://github.com/thoughtbot/shoulda-matchers/releases)
- [Commits](2a2b06276f...d611911f01)

---
updated-dependencies:
- dependency-name: shoulda-matchers
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-03 22:44:31 +01:00
Isaac Janzen c689eeef31
FIX: `move-topics` topic search losing focus (#25116)
- [Meta Report](https://meta.discourse.org/t/moving-posts-the-input-focus-shifts-when-searching-for-a-topic-to-move-a-post-to-as-typing/284924/1)

### Correct Focus kept during Search
https://github.com/discourse/discourse/assets/50783505/ae9b4480-208e-470a-98c4-5ba10a053eb7

### Search Log after search
<img width="430" alt="Screenshot 2024-01-03 at 11 08 08 AM" src="https://github.com/discourse/discourse/assets/50783505/155f413a-adc1-4e59-a74b-dcef7af01990">
2024-01-03 14:21:43 -07:00
Rafael dos Santos Silva 46777b379e
Revert "DEV: Remove precompiled protobuf requirement for Ruby 3.3 compatibility (#25115)" (#25117)
This reverts commit 0546b4622a.

We need to wait for the next release of the gem to fix compilation issues
2024-01-03 16:07:14 -03:00
Isaac Janzen 1f94da349b
DEV: Make the Glimmer Search Menu the new default (#25092)
- Convert group based `experimental_search_menu_groups_enabled` site setting to be a _hidden_ boolean `experimental_search_menu` setting.
- Make default `true`
- Remove widget search menu tests

Discourse Encrypt Test Failure Fix - https://github.com/discourse/discourse-encrypt/pull/301
2024-01-03 09:07:27 -07:00
Jan Cernik 117611ea82
FIX: 500 error when reviewable has a missing message (#25113) 2024-01-03 11:49:54 -03:00
Rafael dos Santos Silva 0546b4622a
DEV: Remove precompiled protobuf requirement for Ruby 3.3 compatibility (#25115) 2024-01-03 11:48:41 -03:00
David Taylor 0cf4870cfb
DEV: Upgrade from Ember 5.4 to 5.5 (#25114)
This change only applies when EMBER_VERSION=5. Discourse's default is still Ember 3.28
2024-01-03 14:42:42 +00:00
Arpit Jalan 4bf60b3e5b
FEATURE: include username link in the microdata schema (#25112) 2024-01-03 20:11:41 +05:30
Godfrey Chan 9ac3961f23
DEV: patch @ember/test-helpers (#24896)
Mainly we are after https://github.com/emberjs/ember-test-helpers/pull/1445
so the Ember 5 test suite doesn't fail on canary, but also took
some code from https://github.com/emberjs/ember-test-helpers/pull/1378
as needed to make the code make sense.
2024-01-03 14:29:07 +00:00
Jordan Vidrine 8dad9788a3
FIX: Drop down fix (#25093) 2024-01-03 08:02:32 -06:00
David Taylor 07caa5bc03
FEATURE: Show warning banner for critical JS deprecations to admins (#25091)
Ported from d95706b25a

This is enabled by default, but can be disabled via the `warn_critical_js_deprecations` hidden site setting.

The `warn_critical_js_deprecations_message` site setting can be used by hosting providers to add a sentence to the warning message (e.g. a date when they will be deploying the Ember 5 upgrade).
2024-01-03 11:41:09 +00:00