572842721d
FIX: Better page titles for SEO
2014-10-30 14:26:56 -04:00
316f1bea04
SECURITY: Don't allow redirects with periods in case you don't control
...
other tlds on the same domain.
2014-10-30 11:31:44 -04:00
50f7fbc361
Apply comment from @sam to consolidate logic
2014-10-30 10:19:49 -04:00
59cc2476a1
Merge pull request #2933 from techAPJ/patch-1
...
trivial update to allow api endpoint for sync_sso
2014-10-30 21:39:54 +11:00
fb750af659
trivial update to allow api endpoint for sync_sso
2014-10-30 15:30:44 +05:30
6e053942a4
FIX: moderators should be able to search users by email
2014-10-29 22:08:41 +01:00
865194f409
FIX: cannot show email for pending/inactive users
2014-10-29 01:07:27 +01:00
7d6d8bd0a3
FEATURE: admin end point to sync sso /admin/users/sync_sso
...
Must be admin to invoke (api is fine too), uses same sso payload nonce is ignored
2014-10-28 11:25:21 +11:00
e7f251c105
LOTS of changes to properly handle post/topic revisions
...
FIX: history revision can now properly be hidden
FIX: PostRevision serializer is now entirely dynamic to properly handle
hidden revisions
FIX: default history modal to "side by side" view on mobile
FIX: properly hiden which revision has been hidden
UX: inline category/user/wiki/post_type changes with the revision
details
FEATURE: new '/posts/:post_id/revisions/latest' endpoint to retrieve
latest revision
UX: do not show the hide/show revision button on mobile (no room for
them)
UX: remove CSS transitions on the buttons in the history modal
FIX: PostRevisor now handles all the changes that might create new
revisions
FIX: PostRevision.ensure_consistency! was wrong due to off by 1
mistake...
refactored topic's callbacks for better readability
extracted 'PostRevisionGuardian'
2014-10-27 22:06:43 +01:00
1cc37e32b9
FEATURE: add max_reply_history to limit number of replies
...
that can be expanded, when clicking "in-reply-to"
2014-10-27 09:44:42 +11:00
c6e54741bb
Apply comments from eviltrout, using this.get('category.id'), and use snake case for category_id
2014-10-24 17:01:28 -04:00
439f393d89
Show dismiss posts/topics buttons on category filtered lists
2014-10-23 17:41:39 -04:00
de415b804c
FIX: add 'Content-Length' header for avatars
2014-10-22 15:39:51 +02:00
832655df14
attempt to get content length through
2014-10-21 16:17:13 +11:00
4e7057efb1
Clean up content type and add Expires header when serving CDN assets
2014-10-21 15:59:34 +11:00
71f211f0b3
FEATURE: Allow users to select a badge with an image to appear on their
...
user card
2014-10-20 16:35:38 -04:00
1cf4a0d604
Rename "User Expansion" to the much clearer "User Card"
2014-10-20 12:11:59 -04:00
10094a0bcd
FIX: resolve flags as good when deleting a spam user
2014-10-20 16:59:06 +02:00
8efee0d03d
don't use Markdown
2014-10-18 17:17:38 +11:00
92b615b503
reorganize site settings a bit
2014-10-19 23:14:50 -07:00
742c5e29c9
FEATURE: advanced search help
2014-10-18 14:27:33 +11:00
c59e56ec63
Merge pull request #2882 from techAPJ/patch-1
...
FEATURE: show raw email for replies/topics created via email
2014-10-18 21:16:17 +02:00
72873b8368
further optimize raw email feature
2014-10-18 00:50:02 +05:30
0cbdf6f5bb
FIX: Many bugs with admin badges interface
...
* Editing a badge's title would show it as changed in the side even if
you didn't hit save
* Clicking a badge would not scroll to the top
* If there was an error saving a badge there was a missing i18n key
* URLs were using queryParams instead of paths
* User `label` tags for checkboxes for larger click targets
* Saved! text would persist when viewing another badge
* After creating a new badge it would show nothing
* Validation errors were not being properly released to the client
* Query errors were surrounded by an extra array
2014-10-17 16:14:49 -04:00
f3a67a48a3
Merge pull request #2874 from cpradio/clear-notifications
...
FEATURE: Mark All as Read button for Notifications page
2014-10-16 15:57:19 -04:00
4d465362b5
FEATURE: Allow a user to upload an image for their expansion background.
2014-10-16 15:05:36 -04:00
d2ac5a9ac6
Rename `/category/xyz` paths to `/c/xyz` -- @SamSaffron did most of the
...
work even though I'm merging the patch!
2014-10-16 12:15:31 -04:00
8f390c979b
FEATURE: Mark All as Read button for Notifications page
...
Added a Mark All as Read button to the top/bottom of the notifications user page
https://meta.discourse.org/t/possibility-to-selectively-or-completely-mark-notifications-as-read/20227
Remove notifications property (no longer used)
2014-10-13 06:31:27 -04:00
2322586131
FIX: Saving a field as not required was actually making it required
...
until you edited it.
2014-10-14 17:21:34 -04:00
19d5362c6b
FEATURE: ability to hide or show specific post revisions
2014-10-14 07:19:45 -07:00
5504622c1b
rename export/import in favor of backup/restore for better consistency
2014-10-10 20:04:07 +02:00
5754e8dd0f
FEATURE: auto-close topics based on last post
2014-10-10 18:21:44 +02:00
7e8c4b63f4
FIX: only show agreed abd deferred flags on user's profile
2014-10-09 16:10:16 +02:00
f9a8f6d6ce
FEATURE: Support for a `required` setting on user fields.
2014-10-08 15:10:19 -04:00
1f26a79899
FIX: Category latest pages were not preloading properly, causing weird
...
refreshes when clicking the home logo.
2014-10-08 12:45:18 -04:00
0e7be81e60
FIX: badge granted titles were not being revoked when badge was revoked
2014-10-08 10:26:18 +11:00
2fbfc9dffa
FIX: Editing a topic's title should be rate limited too.
2014-10-07 16:46:01 -04:00
1252e7324f
Added easy impersonate route while in development mode
2014-10-07 12:25:50 -04:00
c46b9c0ac3
FIX: allow admins to search users by email
2014-10-07 12:05:38 +02:00
78fd99fc40
Feature: resend invites
2014-10-07 01:43:17 +05:30
90771937f0
FIX: broken external auth
2014-10-03 16:15:00 -04:00
ebf46450bc
Refactor omniauth_callbacks_controller for extensibility
2014-10-03 11:02:04 -04:00
381814fd5d
Adds support for a description to user fields.
2014-10-02 15:56:52 -04:00
29bb9eaa89
Merge pull request #2835 from techAPJ/patch-2
...
add user email on account created page
2014-10-02 17:29:26 +10:00
41af2d79b5
add user email on account created page
2014-10-02 12:43:44 +05:30
98b6b9821a
FEATURE: log topic/post deletions from staff members
2014-10-01 17:40:13 +02:00
be93f224a6
Revert "add user email on account created page"
...
This reverts commit 164fc1108a
2014-10-01 10:30:26 -04:00
164fc1108a
add user email on account created page
2014-10-01 13:53:50 +05:30
8b5a1cd20f
Migrate `tosAccepted` to new user fields
2014-09-30 10:45:18 -04:00
edb34c178a
FEATURE: Show user fields when the user is signing up
2014-09-30 10:45:18 -04:00
0fc6c751cb
FEATURE: implement lock/unlock trust level mechanics
2014-09-30 13:16:34 +10:00
bff95a6a97
Rename 'leader' -> 'tl3'
2014-09-30 13:16:34 +10:00
c8111ada6e
FEATURE: Allow admins to lock users from TL3 promotion/demotion
...
Also, update the display logic for the leader promotion screen to
account for the demotion grace period.
2014-09-30 13:15:13 +10:00
7e309a21cf
FEATURE: hide emails behind a button for staff members
2014-09-29 22:31:05 +02:00
652cc3efba
FEATURE: new rake task to clean up uploads & thumbnails
2014-09-29 18:31:53 +02:00
0fc0533134
FEATURE: Admin interface for adding custom fields for users
2014-09-25 16:17:51 -04:00
a901d682fe
raise not found if user is not found
2014-09-25 17:45:45 +10:00
8f8ea735ee
FIX: allow retry activation of account by username or password
2014-09-25 17:42:48 +10:00
e14e8f64bc
FIX: don't stop youtube when liking a post
...
Also fixes post action create/destroy api not to include post raw.
2014-09-25 12:02:41 +10:00
d53e01619f
SECURITY: rate limit user/password login
2014-09-25 10:06:44 +10:00
bfdbb70b3b
FIX: automatic backup uploads to S3 when using a region
2014-09-24 22:52:09 +02:00
bc53d48bd7
Renaming site contents to site text
2014-09-24 16:08:14 -04:00
d073b908a9
Merge pull request #2818 from techAPJ/patch-4
...
Trigger browser password manager after signing up
2014-09-23 15:43:31 -04:00
b3838c2c1c
Trigger browser password manager after sigining up
2014-09-24 01:04:36 +05:30
58eabb03e5
FEATURE: api support for arbitrary unlinked assets
...
admins can set retain periods for assets
2014-09-23 16:50:17 +10:00
9428ad779f
FIX: send content length with backups
2014-09-23 09:25:53 +10:00
7a4082cbad
FIX: allow API to create users when invite_only is true
2014-09-23 09:06:19 +10:00
0b13f6572f
FEATURE: staff option to unhide a post
2014-09-22 18:55:13 +02:00
f625500792
lower band check as well
2014-09-22 17:11:04 +10:00
8c74255cbb
FIX: 404 if we try to navigate to a non-existant page
2014-09-22 17:08:11 +10:00
c4e285f3ec
SECURITY: rate limit change email requests
2014-09-18 10:48:56 -04:00
c16b8364ab
FIX: Support ember app routing to topics with only slugs
2014-09-17 11:18:59 -04:00
2c6d03f87f
SECURITY: Limit passwords to 200 characters
...
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
eb512f07a7
FIX: Spec failures for feeds related to enabling categories as default
...
page for anons when latest is deleted.
2014-09-11 15:30:41 -04:00
e56fcf0c43
FEATURE: add 'rebake post' in post wrench menu
2014-09-11 16:04:40 +02:00
0f585bcdbe
FIX: PM should never be allowed to have a category
...
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
45e8337a29
FEATURE: renames forgot_password_verbose, forgot_password_strict
2014-09-11 15:53:29 +10:00
61bcde6284
FEATURE: inform users if forgot password works or not
...
FIX: flash dialog in forgot password often had wrong color
(this can be disabled by setting forgot_password_verbose to false)
2014-09-11 12:04:44 +10:00
b62699707d
FIX: Unknown /posts/id.json should 404
2014-09-10 18:10:27 -07:00
18f8038015
FEATURE: add new 'convert to staff message' in post wrench menu
2014-09-10 23:08:33 +02:00
d15b609e0a
FIX: support Permalink urls with query string
2014-09-10 13:58:52 -04:00
69bc552054
FEATURE: Actually show more notifications
...
The "Show more notifications..." link in the notifications dropdown now
links to /my/notifications, which is a historical view of all
notifications you have recieved.
Notification history is loaded in blocks of 60 at a time.
Admins can see others' notification history. (This was requested for
'debugging purposes', though that's what impersonation is for, IMO.)
2014-09-09 16:29:08 -07:00
79030c874e
FIX: allow staff members to restore withdrawn posts that are flagged
2014-09-09 20:26:40 +02:00
eb34ecfc0c
FEATURE: new 'prevent anons from download files' site setting
2014-09-09 18:41:13 +02:00
56eda5abf9
FIX: Don't allow profile bios longer than 3k chars
2014-09-08 15:23:21 -04:00
334e21a03a
Revert "Revert "FEATURE: Can create warnings for users via PM""
...
This reverts commit 1c7559380c
2014-09-08 11:11:56 -04:00
1c7559380c
Revert "FEATURE: Can create warnings for users via PM"
...
This reverts commit b0bfc1f93f
2014-09-08 10:38:59 -04:00
b0bfc1f93f
FEATURE: Can create warnings for users via PM
2014-09-08 10:27:06 -04:00
a597f1fa30
FEATURE: hide google search on 404 page for private instance
2014-09-06 15:26:46 +05:30
ca5f361d0a
FEATURE: restrict admin access based on IP address
2014-09-05 12:06:01 -04:00
59d04c0695
Internal renaming of elder,leader,regular,basic to numbers
...
Changed internals so trust levels are referred to with
TrustLevel[1], TrustLevel[2] etc.
This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
1e281a909e
FIX: Prevent duplicate flags after undoing on the server side too.
2014-09-03 14:43:07 -04:00
c6aab831ed
Merge pull request #2741 from riking/badges_create_checks
...
FIX: Apply contract checks when first creating a badge
2014-09-03 22:19:09 +10:00
4f09d552ed
FEATURE: increase search expansion to 50 results
...
refactor search code to deal with proper objects
use proper serializers, test the controllers
2014-09-03 12:13:25 +10:00
3cf493eb4f
FIX: Apply contract checks when first creating a badge
2014-09-02 19:09:51 -07:00
b04a52676e
FIX: Don't show wrong flag choices after undo
2014-09-02 17:37:54 -04:00
abd84cd2a1
FIX: Redirect to Top was showing "latest" content because it was in the
...
preload store.
2014-09-02 12:29:22 -04:00
1833b43ae2
FEATURE: Badge query validation, preview results, and EXPLAIN
...
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.
Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.
On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).
The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.
The Badge.save() method is amended to propogate errors.
Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.
Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.
An uninitialized variable path is removed in the backfill() method.
TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
9062719480
Merge pull request #2720 from techAPJ/patch-3
...
FIX: do not redirect topic for JSON request
2014-08-29 13:59:45 -04:00
926e45d030
SECURITY: User action route was returning too much data
2014-08-29 13:46:50 -04:00
Robin Ward
cpradio
Sam
Arpit Jalan
Régis Hanol
Jeff Atwood
David McClure
Neil Lalonde
riking