Commit Graph

1723 Commits

Author SHA1 Message Date
Sam c12a131fb4 SECURITY: sanitizer allowing invalid attributes 2014-07-17 16:11:09 +10:00
Neil Lalonde 4c867c5796 FIX: don't send repeated notifications that there are pending users who need to be approved to moderators who haven't read the previous notification 2014-07-16 17:53:51 -04:00
Robin Ward fb8dda7f42 FIX: We should use `category_id` instead of `category_name` to perform
operations, now that the subcategory names are not unique.
2014-07-16 15:40:35 -04:00
Régis Hanol 7dcf2a2c4f FEATURE: show the user's flagged/deleted posts 2014-07-16 21:04:55 +02:00
Neil Lalonde 939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde 01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Robin Ward f2dd35ab08 Improve the unsubscribe to digest experience. Give a link in case it
fails, provide a different message if you are logged in as a different
user, increase expiry to 2 months from 1 week.
2014-07-15 17:20:59 -04:00
Robin Ward c6df00a5cc FIX: You shouldn't be able to add a parent to `Uncategorized` 2014-07-15 15:19:39 -04:00
Robin Ward 6d7531f690 Merge pull request #2542 from techAPJ/patch-1
FEATURE: topic support in disposable invites
2014-07-15 15:15:19 -04:00
Robin Ward 4f416bf6ce Check honeypot/challenge value on activation too 2014-07-15 14:07:35 -04:00
Arpit Jalan 8862a881f8 FEATURE: topic support in disposable invites 2014-07-15 23:11:06 +05:30
Sam 2d0def9940 FIX: First Quote badge bust
Feature: track quoted posts
2014-07-15 17:47:24 +10:00
Robin Ward dd6fd7fa39 FIX: Don't put iframes in emails where they are sanitized out. Replace
them with links.
2014-07-14 16:41:37 -04:00
Neil Lalonde 766196af87 FEATURE: add site setting allow_new_registrations which can be used to block all new account registrations 2014-07-14 15:42:22 -04:00
Neil Lalonde 42dcb77d93 FEATURE: add site setting leader_links_no_follow to control whether users with trust level 3 or higher have nofollow on their links 2014-07-14 13:34:29 -04:00
Robin Ward cce7cf8c85 FEATURE: Require Javascript to activate an account via email link 2014-07-14 12:26:10 -04:00
Robin Ward c12780eb2b Merge pull request #2538 from techAPJ/patch-1
FEATURE: disposable invite tokens
2014-07-14 12:13:44 -04:00
Arpit Jalan 575b5e3d13 FEATURE: disposable invite tokens 2014-07-14 21:30:46 +05:30
Régis Hanol b5c57fa947 FIX: don't mess with fixtures when running the specs 2014-07-14 17:34:23 +02:00
Sam 88469721b9 FEATURE: Allow admins to disable specific badges 2014-07-14 17:40:36 +10:00
Jeff Atwood 49dbded250 remove title_sanitize setting 2014-07-14 00:18:02 -07:00
Sam 6618358586 FIX: dupe protection is API only now
make optional later on (was introduced for wordpress plugin)
2014-07-14 15:59:58 +10:00
Régis Hanol edba5c631f FEATURE: reject accounts created with an email address similar to a known spammer email 2014-07-12 01:59:43 +02:00
Régis Hanol b526cdc55c Revert "FEATURE: reject accounts created with an email address similar to a known spammer email"
This reverts commit 39be48a441.

Conflicts:
	spec/models/screened_email_spec.rb
2014-07-12 01:01:37 +02:00
riking 783454ebe1 Fix /p/post/user route not saving referrals
Make user id optional for /p/id/uid
Add /posts/id/raw route for debugging failed post processing
2014-07-11 14:44:07 -07:00
riking 4750f4b5b8 Expect the right error in reciever_spec
Makes the tests less likely to silently break
2014-07-11 12:26:52 -07:00
Régis Hanol 46218c7a3a BUGFIX: multiple sub/sup 2014-07-11 15:27:42 +02:00
Régis Hanol 39be48a441 FEATURE: reject accounts created with an email address similar to a known spammer email 2014-07-11 15:09:46 +02:00
Sam 167a2a68e6 To be fixed properly tomorrow. 2014-07-11 14:17:43 +10:00
Sam 89fc989adb FEATURE: First Quote badge 2014-07-11 14:17:43 +10:00
Neil Lalonde e565ae2528 FEATURE: /guidelines route will always show our FAQ, ignoring the faq_url site setting 2014-07-10 12:58:41 -04:00
Arpit Jalan 2f6c984c8c Improve invite email copy 2014-07-10 10:57:40 +05:30
Arpit Jalan 8395da5bd0 FIX: include topic title and domain name in topic invite mail 2014-07-10 10:05:28 +05:30
Sam d54c28adc1 FIX: better whitelisting 2014-07-10 09:59:54 +10:00
Sam 9828a268b9 Fix: whitelist regex for bbcode too wide 2014-07-10 09:17:04 +10:00
Régis Hanol a52c80e2a8 FEATURE: automatic image orientation fix 2014-07-09 23:59:57 +02:00
Arpit Jalan 223bbc3da3 FEATURE: include topic context in topic invite 2014-07-09 21:23:20 +05:30
Sam 8fcc019ff8 FIX: only allow badge title selection if it exists 2014-07-09 15:31:49 +10:00
Sam e32e96dabb FEATURE: new badges
- Pay it forward renamed to first like
- First flag
- First share
2014-07-09 12:17:39 +10:00
Neil Lalonde df8b25d2f5 FEATURE: don't demote trust level 3 users who were promoted less than SiteSetting.leader_promotion_min_duration days ago 2014-07-08 17:39:49 -04:00
Sam 81682b74b7 Feature: Paying it forward badge 2014-07-08 14:26:53 +10:00
Régis Hanol 59b5ba7c0f BUGFIX: IP lookup wasn't working when using HTTPS
REFACTOR: the ip locator into a ip-lookup component
2014-07-07 22:18:18 +02:00
Sam 0f25bbeaf7 FEATURE: Editor badge 2014-07-07 17:55:40 +10:00
Sam ee3f7362e6 Merge pull request #2501 from techAPJ/bulk-invite-5
FEATURE: redeem Invite when user sign up
2014-07-07 15:14:35 +10:00
Sam 4a25c86d61 FIX: correct duplicate granting 2014-07-05 18:32:06 +10:00
Sam 7909ca2a17 fix spec 2014-07-05 09:13:53 +10:00
Sam cf60bed719 FIX: username search logic was stemming and not ordering right 2014-07-05 09:11:41 +10:00
Arpit Jalan caf8dbe92f Add tests for redeem invite feature 2014-07-05 02:23:11 +05:30
Arpit Jalan 48f86181bf REFACTOR: move all conditions to guardian 2014-07-04 23:04:19 +05:30
Robin Ward fc1ce96dbb FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Sam 9a9ad9bda8 FEATURE: Badge progress
- Refactor model so it stores backfill query
- Implement autobiographer
- Remove sample badge
- Correct featured badges to only include a badge once
2014-07-03 17:29:44 +10:00
Sam 700b3c010f FIX: tests to pass with badges enabled 2014-07-02 13:11:24 +10:00
Sam 5a0aed2bfa FIX: regression, forgot password broken
also... mocks were invented by the devil
2014-07-02 13:06:55 +10:00
Sam 60d93a62f6 FIX: tighten up email token durations 2014-07-02 09:08:25 +10:00
Neil Lalonde 292e9bb611 TL3: Add requirements for min all-time topics viewed, and min all-time posts read 2014-07-01 13:34:57 -04:00
Robin Ward d9e583af1a FEATURE: Add new site setting to restrict how many times you can click on an
invite to "passthrough" as logged in, with a default of 0 hours. Also changes
default invite expiry from 7 days to 1.
2014-07-01 12:52:52 -04:00
Sam bc44bfcdf2 Work in progress backfill for like badges 2014-07-01 22:01:15 +10:00
Sam 6099802d24 Revert "TEST: break build to ensure docker process does not update to this file"
This reverts commit 9e75b930e4.
2014-07-01 15:27:48 +10:00
Sam 9e75b930e4 TEST: break build to ensure docker process does not update to this file 2014-07-01 11:58:49 +10:00
Sam 20074a3140 Merge pull request #2486 from riking/no_group_messages
Change pop3 auth errors from admin message to dashboard notice
2014-07-01 10:02:19 +10:00
riking 07cedb7946 Fix specs, handle_exception calls 2014-06-30 15:16:16 -07:00
Robin Ward 9c48f8f154 FIX: Don't surround `<aside>` with `<p>` as that is malformed HTML. 2014-06-30 18:11:22 -04:00
Robin Ward 0f52f26587 TWEAK: Don't show subcategory topic definitions when viewing a category list. 2014-06-30 15:22:40 -04:00
Robin Ward 952426d358 FEATURE: Uploaded images to categories are shown when browsing 2014-06-30 14:14:00 -04:00
Robin Ward e22688a204 FEATURE: Can upload images to categories 2014-06-30 14:14:00 -04:00
Robin Ward 9000c358d1 REFACTOR: Use common path for RESTful `DELETE` action from upload image
component
2014-06-30 14:13:59 -04:00
Robin Ward 4088fba4f2 REFACTOR: Convert profile background uploader to be an ember component 2014-06-30 14:13:59 -04:00
Sam e2e36a6df3 FIX: bold and italic handling improved 2014-06-30 17:01:46 +10:00
Neil Lalonde 807bfbd9bb FEATURE: Trust level 3 promotion and demotion. Job is disabled for now. 2014-06-27 18:42:03 -04:00
Robin Ward 386a45aab7 Merge pull request #2479 from vikhyat/badge-system
Badge system updates
2014-06-27 15:09:04 -04:00
riking da9048f3ea Fix email code & tests 2014-06-27 12:04:31 -07:00
Vikhyat Korrapati 23983efeea Don't grant multiple_grant badges multiple times for the same post. 2014-06-28 00:32:09 +05:30
Robin Ward 6907739a0b Merge pull request #2474 from techAPJ/add-topic-id-to-bulk-invite
FEATURE: Add topic invitation support to Bulk Invite
2014-06-26 13:30:30 -04:00
Régis Hanol ee1d78c73e BUGFIX: edit history on wiki posts should be visible 2014-06-26 19:19:35 +02:00
Andrew Bezzub 386d1e231a move profile_background from User to UserProfile 2014-06-26 12:30:07 -04:00
Arpit Jalan 52f9984804 FEATURE: Add topic invitation support to Bulk Invite 2014-06-26 20:46:53 +05:30
Sam 24ddb6cfad FIX: Bold, italic should not expect a space boundary 2014-06-26 17:45:51 +10:00
Sam b8357aa90a BUGFIX: newline after bold was not producting a BR 2014-06-26 15:28:08 +10:00
Sam dd8a06187a FIX: Invalid URLs cause post not to save 2014-06-26 11:38:23 +10:00
Sam 6527862195 Remove fragile spec 2014-06-26 10:21:19 +10:00
Sam 6559de0085 Chinese search tests 2014-06-26 09:58:49 +10:00
Sam 67804cb56b Merge pull request #2465 from riking/email_rejections
Give specific message for each kind of email rejection
2014-06-26 09:55:24 +10:00
Arpit Jalan b227f736f1 Refactor code and update specs 2014-06-26 01:34:26 +05:30
Arpit Jalan c2055732c7 FEATURE: Add groups support to Bulk Invite 2014-06-26 00:15:26 +05:30
Sam c87ed6b02a Correct broken specs 2014-06-25 10:55:50 +10:00
Neil Lalonde 8e382fa5ea FIX: flag as notify_moderators pm's used 'Regular' notification level for members of the moderators group, which isn't valid for pm's 2014-06-24 12:31:46 -04:00
Sam 3c84876660 BUGFIX: Chinese search was broken
BUGFIX: User locale was used index data
BUGFIX: missing Norwegian fulltext config
FEATURE: store the text used to index stuff in fulltext (for diagnostics / in page search)
FEATURE: re-index posts when locale changes (in bg job)
FEATURE: allow reindexing by trucating post_search_data

Note: I removed japanese specific config cause it requires custom pg config,
  happy to add it once our base docker config ships with it
2014-06-24 17:11:13 +10:00
riking 7ab5d3c018 Fix specs 2014-06-23 18:12:20 -07:00
Robin Ward 8a4e96645c FEATURE: Can click to expand hidden posts to see the good stuff! 2014-06-20 17:07:12 -04:00
Robin Ward a2fec165d5 Disable editing of hidden posts within a timeframe from when the post
was initially hidden.
2014-06-20 15:38:03 -04:00
Robin Ward 3811efa5e2 Record when a post was hidden 2014-06-20 15:03:23 -04:00
Sam 7a2d64b27f Merge pull request #2422 from peternlewis/honor_email_always_even_if_read
Honor email_always even if notification has been read
2014-06-20 16:14:37 +10:00
Sam af86014fd0 BUGFIX: bypass fulltext for search in topic 2014-06-20 15:48:34 +10:00
Vikhyat Korrapati 3ba65af19e Add like-based system badges. 2014-06-19 17:10:43 +05:30
Vikhyat Korrapati 41ecba1b77 Mark badge notification as read when the notification is clicked. 2014-06-19 16:56:19 +05:30
Vikhyat Korrapati 67a2b2598d Cosmetic changes. 2014-06-19 16:56:18 +05:30
Robin Ward 60cb5ea6a9 FIX: If a user is deleted, don't break embedded comments for admins. 2014-06-18 17:39:36 -04:00
Neil Lalonde 4f523ae1b9 Don't allow invites if local logins are disabled, since it provides a way to bypass external auth 2014-06-18 16:46:20 -04:00
Neil Lalonde ad2bd11d6e Add a way to get user based on sso external id 2014-06-18 14:40:25 -04:00
Régis Hanol 00117c18c3 FEATURE: dismissable banner topic 2014-06-18 20:05:19 +02:00
Régis Hanol 30611c343c ensures only one banner topic at all time 2014-06-18 20:05:18 +02:00
Régis Hanol 5238a95efb add make/remove banner topic actions 2014-06-18 20:05:18 +02:00
Neil Lalonde 3eb65885d1 Add validation of string site settings with regex, and min and max lengths 2014-06-18 11:15:40 -04:00
Sam dc0266cc22 FEATURE: correct muted category implementation
- Don't change tracking state on muted categories
- Exclude muted sub categories from parent
2014-06-18 11:23:31 +10:00
Sam 9007d96466 Merge pull request #2425 from vikhyat/read-notifications-silently
Allow reading notifications without marking them as read
2014-06-18 08:09:07 +10:00
Vikhyat Korrapati 9b89b1466f Allow reading notifications without marking them as read. 2014-06-17 23:34:04 +05:30
Sam a50a01811a BUGFIX: broken specs 2014-06-17 18:14:07 +10:00
Sam a288ff331d BUGFIX/FEATURE: call out context for search. 2014-06-17 17:53:45 +10:00
Sam 983a22004a FEATURE: register_custom_field_type, support bool and integer 2014-06-17 12:42:12 +10:00
Sam 56dcd00570 BUGFIX: trust_level_0 group not including trust_level_1
BUGFIX: manual trust level change not adding user to groups
BUGFIX: system not in correct trust level groups
2014-06-17 10:52:02 +10:00
Sam 73a4309723 Merge pull request #2444 from riking/my-fix
Allow all /my URLs
2014-06-17 09:32:03 +10:00
Neil Lalonde 2cd55b1fa2 FIX: topics in private sub-categories were visible to everyone on the categories page 2014-06-16 15:12:14 -04:00
Robin Ward 88b5e78424 Merge branch 'add_custom_embed_by_username' of github.com:justinleveck/discourse into justinleveck-add_custom_embed_by_username
Conflicts:
	config/site_settings.yml
2014-06-16 10:52:15 -04:00
Arpit Jalan 5ea1b0742f Fix typo in XSS test 2014-06-16 08:40:19 +05:30
Sam Saffron 944cda1f73 BUGFIX: do not strip spaces from raw_hash of posts 2014-06-16 12:14:06 +10:00
Sam Saffron fbbe9f7a19 collapse tests to improve perf of suite 2014-06-16 12:13:28 +10:00
Sam Saffron d65efe7304 SECURITY: fix XSS 2014-06-16 10:24:54 +10:00
riking 6e698315d6 Allow all /my URLs
Previously, URLs like /my/activity/posts were denied. This change allows those URLs.
2014-06-14 10:58:20 -07:00
Jeff Atwood a1482f24d9 remove borked test 2014-06-13 17:03:45 -07:00
Jeff Atwood 679b3fab79 correct broken test, List-ID is correct
see http://www.ietf.org/rfc/rfc2919.txt
2014-06-13 16:45:34 -07:00
Jeff Atwood beaa145572 some email notification header fixes 2014-06-13 15:42:20 -07:00
Robin Ward c690fa0d19 FIX: Replace protocol relative URLs in emails 2014-06-13 17:11:04 -04:00
Andrew Bezzub 9ffd173873 move bio to UserProfile from User 2014-06-13 14:55:32 -04:00
Neil Lalonde ba65aa3f6c Add a way to validate min and max value of an integer site setting 2014-06-12 18:04:37 -04:00
Sam 76166567fb Use the cheap Defer queue as opposed to sidekiq for view tracking. 2014-06-12 11:29:29 +10:00
Neil Lalonde 9611a1ac47 Validate username site settings 2014-06-11 16:20:57 -04:00
Régis Hanol ce732d2252 FEATURE: new "disable_edit_notifications" site setting
Should be used whenever you activate the "download_remote_images_to_local" site setting to prevent users from receiving a lot of edit notifications from the system user.
2014-06-11 17:14:00 +02:00
Sam 03087679f0 FEATURE: Support custom preferences for users, injected by plugins 2014-06-11 15:50:37 +10:00
Sam d13d4fc158 correct state leak 2014-06-11 12:00:02 +10:00
Sam 62abb873df FEATURE: support serializing user custom fields by plugins 2014-06-11 11:57:22 +10:00
Régis Hanol 0781531e3c Merge pull request #2415 from techAPJ/bulk-invite-users-5
FEATURE: Bulk Invite
2014-06-10 19:11:11 +02:00
Sam a044e3de58 Remove min_posts_for_search_in_topic
no longer needed, we always search in topic
2014-06-10 15:07:38 +10:00
Peter N Lewis 8b32fb5b6d Corrected typo, corrected accidental tab, removed unnecessary database rollback
Corrected it "do send" to it "does send"
Removed unnecessary user.update_column (rollback happens automatically)
Replaced Tab with spaces.
2014-06-10 11:36:20 +08:00
Neil Lalonde c61462662b Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 16:59:20 -04:00
Justin Leveck a78df3d57d Add custom embed_by_username feature
Feature to allow each imported post to be created using a different discourse
username. A possible use case of this is a multi-author blog where discourse
is being used to track comments. This feature allows authors to receive
updates when someone leaves a comment on one of their articles because each of
the imported posts can be created using the discourse username of the author.
2014-06-09 12:35:38 -07:00
Neil Lalonde faed17aa18 Moderators should always be able to create topics too 2014-06-09 15:28:03 -04:00
Neil Lalonde f97d434174 Fix the spec for enum site settings 2014-06-09 15:28:03 -04:00
Robin Ward c176dc07c1 Merge pull request #2421 from peternlewis/reply_to_name
Use an appropriate name in the Reply-To header
2014-06-09 11:04:53 -04:00
Neil Lalonde 4d50d0d109 FIX: admins should be able to create topics, even if min_trust_to_create_topic is higher than their trust level 2014-06-09 11:03:21 -04:00
Peter N Lewis 87e254cc3a Added test to ensure email is sent to users with email_always set even if the notification has been read 2014-06-09 19:09:36 +08:00
Peter N Lewis 93f5f98b58 Corrected and added appropriate specs to confirm correct behaviour.
Tests ensure that the site name is used for public replies and the username is used for private replies.
2014-06-09 18:26:19 +08:00
Arpit Jalan 727184641e FEATURE: Bulk Invite 2014-06-09 01:43:39 +05:30
Andrew Bezzub 0a42901c40 do not use try in UserSerializer for fields coming from UserProfile 2014-06-07 13:30:35 -07:00
Andrew Bezzub 7db31adf35 move website from User to UserProfile 2014-06-06 21:54:32 -07:00
Sam Saffron 05ca1e6e46 Added code block normalization routing for import 2014-06-06 10:34:21 +10:00
Régis Hanol 0df666277d BUGFIXES: properly deal with bookmarks and deleted posts
BUGFIX: removing a bookmark from the activity feed was busted for deleted posts
BUGFIX: delete associated user actions when deleting a post
2014-06-04 17:41:11 +02:00
Sam e307bad89a One less TODO makes me on little bit more happy 2014-06-04 14:10:54 +10:00
Sam c6c412fd45 BUGFIX: no reading credit for posts you create 2014-06-04 14:10:54 +10:00
Neil Lalonde 3e16ac62c3 Add register_color_scheme for plugins 2014-06-03 12:37:29 -04:00
Sam 3405253405 FEATURE: rush posting read times for newly read posts
FEATURE: "read" indicator on posts
CHANGE: anon is now assumed to have read everything
2014-06-03 11:48:52 +10:00