Commit Graph

34306 Commits

Author SHA1 Message Date
Joffrey JAFFEUX bf05a8da96
FEATURE: adds countdown attribute to [date] (#8037)
When used, dates will be displayed as a countdown in a human friendly way.
2019-08-24 11:39:20 -05:00
Rafael dos Santos Silva 39c31a3d76
FEATURE: Protect against replay attacks when using TLS 1.3 0-RTT (#8020) 2019-08-23 11:52:47 -03:00
Joffrey JAFFEUX 171618e7d6 FIX: allows mini-tag-chooser to fetch tags in background (#8033)
This is useful when changing the category in the composer for example. When opening mini-tag-chooser after, tags will be correctly updated for the selected category.
2019-08-23 06:45:29 -06:00
Régis Hanol 2ff5592941 FIX: Filter out hidden posts for wordpress 2019-08-23 11:50:03 +02:00
Osama Sayegh 68708db721 DEV: `S3Inventory#unsorted_files` should always return an array (#8034) 2019-08-23 17:59:31 +10:00
Gerhard Schlager 1f118b1309 FEATURE: Allow plugins to manipulate site settings during backup restore 2019-08-22 22:41:26 +02:00
Dan Ungureanu 34a76bf106 FIX: Do not set destination_url cookie after deleting own account. (#8028)
destination_url cookie is used to redirect the user to the a private
page after they have logged in. After deleting own account, a user's
pages would be refreshed which would set the destination_url, cookie
that can cause a redirect to an invalid page after logging in again.

Reproduction steps:

1. User is at `/u/:username/preferences/account` and deletes account by
requesting DELETE `/u/:username.json`.

2. User is being destroyed and a MessageBus message (`file-change`,
`['refresh']`) is published.

3. User receives response to DELETE request, but page may be or not
refreshed. Anyway, since they can no longer see the preferences page,
they are redirected to `/login` and `destination_url` cookie is set,
that will redirect on next login (but to the previous preferences page).
2019-08-22 17:42:45 +02:00
Joffrey JAFFEUX e94f67e2da
prettier (#8031) 2019-08-22 15:27:45 +02:00
Régis Hanol 1e4f0ac216 FIX: infinite loop when mentioning in IE11 2019-08-22 14:47:25 +02:00
Joffrey JAFFEUX 74931eedfd
DEV: prevents deprecation of overriding computed property (#8030)
https://deprecations.emberjs.com/v3.x/#toc_computed-property-override
2019-08-22 12:31:18 +02:00
Joffrey JAFFEUX 78eb05e4ea
DEV: bumping for customHref nav item API (#8029) 2019-08-22 12:25:02 +02:00
Sam Saffron 7fe6d295b8 DEV: correct regression in registry test suite
Previously we started with a non blank registry, new code blanks it out
so we need to check for nils
2019-08-22 16:22:52 +10:00
Arpit Jalan 6b621ceb06 DEV: consistent plugin nomenclature. 2019-08-22 11:08:06 +05:30
Vinoth Kannan 1c79a6cc3a SPEC: fix the discourse_plugin_registry spec.
41f22946c3
2019-08-22 11:02:18 +05:30
Vinoth Kannan 41f22946c3 FIX: properly load desktop and mobile only plugin css assets.
5bd6b70d98
2019-08-22 08:39:10 +05:30
Sam Saffron 741d5bf541 DEV: improvement to stripping quote logic
Followup one afc7830b we needed handling for nested quotes
2019-08-22 12:09:32 +10:00
Sam Saffron afc7830be5 PERF: faster length calculation of composer body
Every time we type a letter the composer issues a reply length check.

This is due to the interconnecting components, the title one depends on the
body which means that this decision making is passed along each time, even
if the title does not need it strictly.

Anyway...

This optimisation has 3 parts:

1. If the composer string is super long (10000 chars) we will bypass, quote
stripping and space squashing.

2. Quote stripping is now done much more efficiently, we strip them all in
one go

3. Space squashing eg: `hello    world` to `hello world` is done in an
efficient loop to avoid needing to generate superflous strings that need
GC
2019-08-22 11:56:38 +10:00
Kris 2d5b928da9 UX: Layout fix for category boxes w/ long subcategory names 2019-08-21 20:03:34 -04:00
Penar Musaraj 14cdb01254 FIX: Allow topic edits when using a hidden tag
Previously, a regular user could not edit the title or category
of a topic if a hidden tag had already been applied.

This also stops hidden tag names from leaking in the error message.
2019-08-21 16:33:01 -04:00
Daniel Waterworth 6924f1ab15 FIX: Race-condition in fallback handlers (#8005)
Calling `verify_master` in multiple threads simultaneously would cause
multiple threads to be spawned.
2019-08-21 15:47:44 +02:00
Gerhard Schlager 00b75b4f4e FIX: Don't try to delete staged, unused admins and mods 2019-08-21 15:29:51 +02:00
Daniel Waterworth d59746cdc1 SECURITY: Don't send CSRF token in query string
The token is already present in the headers thanks to the csrf-token
initializer.
2019-08-21 13:16:38 +01:00
Arpit Jalan 75f37ac16a Rename `lazyYT` plugin directory name to `lazy-yt` 2019-08-21 14:35:14 +05:30
Gerhard Schlager cc7b24b88b FIX: Regularly reset unknown extension of uploads
Discourse will try to detect the extension the next time the upload is needed. Maybe there was just a transient error the last time.
2019-08-21 10:23:20 +02:00
Sam Saffron 719a93c312 FEATURE: treat theme_uploads as settings in JavaScript
This change allows themes and components access to theme assets.

This means that inside theme js you can now get the URL for an asset with:

```
settings.theme_uploads.name
```
2019-08-21 16:51:10 +10:00
Arpit Jalan 038bf02e33 Bump onebox version.
- strip whitespace from Twitter onebox
2019-08-21 10:19:54 +05:30
Jeff Atwood 8c9a3ccb87
Update INSTALL-cloud.md 2019-08-20 16:24:25 -07:00
Rafael dos Santos Silva 72c2818655 FIX: Limit PWA install banner to Android for now 2019-08-20 14:47:17 -03:00
Vinoth Kannan 5bd6b70d98
DEV: debundle plugin css assets and don't load if disabled (#7646) 2019-08-20 22:09:52 +05:30
romanrizzi 36425eb9f0 Revert "FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)"
This reverts commit 5dda5c2f7c.
2019-08-20 13:29:22 -03:00
Roman Rizzi 5dda5c2f7c
FEATURE: Publish read state on group messages. (#7989) [Undo revert] (#8024)
* Reenable: "FEATURE: Publish read state on group messages. (#7989)"

This reverts commit 67f5cc1ce8.

* FIX: Read indicator only appears when the group setting is enabled
2019-08-20 11:57:25 -03:00
romanrizzi 67f5cc1ce8 Revert "FEATURE: Publish read state on group messages. (#7989)"
This reverts commit 1630dae2db.
2019-08-20 10:24:34 -03:00
Roman Rizzi 1630dae2db
FEATURE: Publish read state on group messages. (#7989)
* Enable or disable read state based on group attribute

* When read state needs to be published, the minimum unread count is calculated in the topic query. This way, we can know if someone reads the last post

* The option can be enabled/disabled from the UI

* The read indicator will live-updated using message bus

* Show read indicator on every post

* The read indicator now shows read count and can be expanded to see user avatars

* Read count gets updated everytime someone reads a message

* Simplify topic-list read indicator logic

* Unsubscribe from message bus on willDestroyElement, removed unnecesarry values from post-menu, and added a comment to explain where does minimum_unread_count comes from
2019-08-20 09:46:57 -03:00
Joe 15e70cc4b4
UX: prevents non-lightboxed images in quotes from stretching/squeezing (#8021) 2019-08-20 18:59:02 +08:00
Rishabh f1f1fd4690 DEV: Remove unused "Email Reject No Account" template (#8022) 2019-08-20 12:43:51 +02:00
Régis Hanol 53667a01c2 FIX: ensure extra locales are only available to staff 2019-08-20 12:38:46 +02:00
Régis Hanol d18c9b2d4d FIX: ensure offset is always positive 2019-08-20 12:03:16 +02:00
Régis Hanol 727430aacf SECURITY: bump nokogiri
We're not using the vulnerable method but there's no harm in upgrading.
2019-08-20 10:58:18 +02:00
Sam Saffron 8db38de9d7 SECURITY: add rate limiting to anon JS error reporting
This adds a 1 minute rate limit to all JS error reporting per IP. Previously
we would only use the global rate limit.

This also introduces DISCOURSE_ENABLE_JS_ERROR_REPORTING, if it is set to
false then no JS error reporting will be allowed on the site.
2019-08-20 11:29:11 +10:00
Rafael dos Santos Silva 0a5b332b8c
FEATURE: Incorporate PWA install prompt into Discourse UI (#8013)
* FEATURE: Incorporate PWA install prompt into Discourse UI

This is mainly done so Discourse forums stop nagging people to install
on the very first visits to a website.

We will prevent the native install "mini-info" bar from ever appearing,
capture the event that pops with it, and delay it until the user meets
our criteria, which currently is trust_level 1.

If the event happens and the user meets our criteria we show a Discourse
alert banner proposing the install to the user. Dismissal of the banner
is recorded so the user ins't bothered anymore on the same device.


Co-Authored-By: Gerhard Schlager <mail@gerhard-schlager.at>
Co-Authored-By: Joffrey JAFFEUX <j.jaffeux@gmail.com>
2019-08-19 14:09:21 -03:00
Joffrey JAFFEUX 6f70138f4a
DEV: injects router in customHref/customFilter of addNavigationBarItem (#8018) 2019-08-19 18:33:12 +02:00
Arpit Jalan f27564a0a0 Bump onebox version.
- normalize and decode html entities for image URL
2019-08-19 19:01:23 +05:30
Joffrey JAFFEUX 08e7211d7d
DEV: attempts to fix an heisentest in date-time-input-range (#8017) 2019-08-19 12:39:30 +02:00
Dan Ungureanu 0b1146add4
UX: Hide "Create Tag" option if user cannot create tag. (#7723) 2019-08-19 11:40:56 +03:00
Joffrey JAFFEUX 1a731dcff1
FIX: prevents mobile nav to create an error when unregistering click events (#8016)
This what happening when clickin on "All groups", as it was trying to get element of a destroying component.
2019-08-19 09:33:54 +02:00
Sam Saffron 47638ffea4 Merge branch 'master' of github.com:discourse/discourse 2019-08-19 17:21:17 +10:00
Sam Saffron accbbded15 PERF: avoid N+1 on topic view
Serializer is injecting information into cooked and reaching direct to
custom fields that were not preloaded

This amends it so basic post serializer can use the proper interface

That said we should probably follow this up so we don't reach for this
info on every post.
2019-08-19 17:20:56 +10:00
Arpit Jalan 24f94c40a6 SECURITY: don't reveal category details to users that do not have access 2019-08-19 12:38:28 +05:30
Joffrey JAFFEUX 897cdfb596 FIX: uses simpler pattern for custom href on extra nav items (#8015)
THe main advantage of this solution is that it will be called on each rerendered whereas the other is not once href has been set.

Example API:
```
      api.addNavigationBarItem({
        name: "foo",
        displayName: "Foo",
        customHref: function(category, args) {
          const router = api.container.lookup("service:router");
          const queryParams = { bar: "1" };
          return router.urlFor(router.currentRouteName, category, {
            queryParams
          });
        }
      });
```
2019-08-19 16:27:16 +10:00
Sam Saffron 10b36c6446 FIX: rack-mini-profiler not showing plugin frames
Previously the default stack suppressor in rack-mini-profiler was excluding
the plugin directory.

This made islolating issues more complicated cause you needed to defer to
pp=full-backtrace which is both slow and noisy
2019-08-19 15:47:53 +10:00