f625500792
lower band check as well
2014-09-22 17:11:04 +10:00
8c74255cbb
FIX: 404 if we try to navigate to a non-existant page
2014-09-22 17:08:11 +10:00
c4e285f3ec
SECURITY: rate limit change email requests
2014-09-18 10:48:56 -04:00
c16b8364ab
FIX: Support ember app routing to topics with only slugs
2014-09-17 11:18:59 -04:00
2c6d03f87f
SECURITY: Limit passwords to 200 characters
...
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
eb512f07a7
FIX: Spec failures for feeds related to enabling categories as default
...
page for anons when latest is deleted.
2014-09-11 15:30:41 -04:00
e56fcf0c43
FEATURE: add 'rebake post' in post wrench menu
2014-09-11 16:04:40 +02:00
0f585bcdbe
FIX: PM should never be allowed to have a category
...
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
45e8337a29
FEATURE: renames forgot_password_verbose, forgot_password_strict
2014-09-11 15:53:29 +10:00
61bcde6284
FEATURE: inform users if forgot password works or not
...
FIX: flash dialog in forgot password often had wrong color
(this can be disabled by setting forgot_password_verbose to false)
2014-09-11 12:04:44 +10:00
b62699707d
FIX: Unknown /posts/id.json should 404
2014-09-10 18:10:27 -07:00
18f8038015
FEATURE: add new 'convert to staff message' in post wrench menu
2014-09-10 23:08:33 +02:00
d15b609e0a
FIX: support Permalink urls with query string
2014-09-10 13:58:52 -04:00
69bc552054
FEATURE: Actually show more notifications
...
The "Show more notifications..." link in the notifications dropdown now
links to /my/notifications, which is a historical view of all
notifications you have recieved.
Notification history is loaded in blocks of 60 at a time.
Admins can see others' notification history. (This was requested for
'debugging purposes', though that's what impersonation is for, IMO.)
2014-09-09 16:29:08 -07:00
79030c874e
FIX: allow staff members to restore withdrawn posts that are flagged
2014-09-09 20:26:40 +02:00
eb34ecfc0c
FEATURE: new 'prevent anons from download files' site setting
2014-09-09 18:41:13 +02:00
56eda5abf9
FIX: Don't allow profile bios longer than 3k chars
2014-09-08 15:23:21 -04:00
334e21a03a
Revert "Revert "FEATURE: Can create warnings for users via PM""
...
This reverts commit 1c7559380c
2014-09-08 11:11:56 -04:00
1c7559380c
Revert "FEATURE: Can create warnings for users via PM"
...
This reverts commit b0bfc1f93f
2014-09-08 10:38:59 -04:00
b0bfc1f93f
FEATURE: Can create warnings for users via PM
2014-09-08 10:27:06 -04:00
a597f1fa30
FEATURE: hide google search on 404 page for private instance
2014-09-06 15:26:46 +05:30
ca5f361d0a
FEATURE: restrict admin access based on IP address
2014-09-05 12:06:01 -04:00
59d04c0695
Internal renaming of elder,leader,regular,basic to numbers
...
Changed internals so trust levels are referred to with
TrustLevel[1], TrustLevel[2] etc.
This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
1e281a909e
FIX: Prevent duplicate flags after undoing on the server side too.
2014-09-03 14:43:07 -04:00
c6aab831ed
Merge pull request #2741 from riking/badges_create_checks
...
FIX: Apply contract checks when first creating a badge
2014-09-03 22:19:09 +10:00
4f09d552ed
FEATURE: increase search expansion to 50 results
...
refactor search code to deal with proper objects
use proper serializers, test the controllers
2014-09-03 12:13:25 +10:00
3cf493eb4f
FIX: Apply contract checks when first creating a badge
2014-09-02 19:09:51 -07:00
b04a52676e
FIX: Don't show wrong flag choices after undo
2014-09-02 17:37:54 -04:00
abd84cd2a1
FIX: Redirect to Top was showing "latest" content because it was in the
...
preload store.
2014-09-02 12:29:22 -04:00
1833b43ae2
FEATURE: Badge query validation, preview results, and EXPLAIN
...
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.
Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.
On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).
The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.
The Badge.save() method is amended to propogate errors.
Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.
Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.
An uninitialized variable path is removed in the backfill() method.
TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
9062719480
Merge pull request #2720 from techAPJ/patch-3
...
FIX: do not redirect topic for JSON request
2014-08-29 13:59:45 -04:00
926e45d030
SECURITY: User action route was returning too much data
2014-08-29 13:46:50 -04:00
84d0b599a4
FIX: do not redirect topic for JSON request
2014-08-29 23:09:02 +05:30
85c6eb9b08
SECURITY: Only redirect to our host by path on the login action
2014-08-28 17:45:13 -04:00
14890a6002
FEATURE: add a way to map arbitrary urls to a topic, post, or category. Useful for sites that have migrated to Discourse and want to redirect from their old site to Discourse with 301 redirects.
2014-08-28 15:58:24 -04:00
8a6c4234fc
FIX: Re-enable searching for topic by id when using the split topic
...
interface.
2014-08-28 15:42:29 -04:00
69cb5bc425
FIX: Centralize Top rendering, remove old code paths. Fix some bugs.
2014-08-28 14:34:31 -04:00
c9262a8390
FIX: Resend activation email was busted
2014-08-28 12:07:13 -04:00
a1244043d3
FIX: when search finds a deep link in a topic it takes you to it
2014-08-28 17:16:39 +10:00
f10d6ed88a
FIX: RSS feeds should use `created_at` not `bumped_at`
2014-08-27 12:42:54 -04:00
c820c65172
Merge pull request #2692 from riking/sorted_badges
...
Sort the badges on the user profile page
2014-08-25 15:56:27 -04:00
99c11e2184
Sort the badges on the user profile page
...
Also clean up UserBadgesController so it isn't doing two things in one
method
2014-08-25 12:40:51 -07:00
ed125975a1
SECURITY: Prefix session key and validate token format.
2014-08-25 15:31:49 -04:00
bcbe36a834
Merge pull request #2675 from amalagaura/patch-1
...
Fix min_trust_level for wordpress
2014-08-22 10:25:39 +10:00
c1aa2458f8
UX: Add drop down for top lists, big refactor of repeated code.
2014-08-21 16:08:47 -04:00
8a20d05ba5
FEATURE: backup without uploads
2014-08-20 18:53:58 +02:00
43b5292303
Fix min_trust_level for wordpress
...
min_trust_level in the wordpress method was being set to 1 always, the order of the ternary operator was reversed.
2014-08-19 20:15:24 -04:00
f2b0228164
FIX: unhide post when a moderator undos the flag on which s/he took action
2014-08-19 16:14:17 +02:00
5b3a758ba9
FIX: redirect old avatars to proper user_avatar route
2014-08-18 17:45:07 +02:00
8737ffb272
Merge pull request #2658 from akshaymohite/optimization-fixes
...
Not initializing variable for looping if unused in loop
2014-08-18 14:42:52 +10:00
Sam
Neil Lalonde
Robin Ward
riking
Régis Hanol
Arpit Jalan
Ankur Sethi