800c57c6ab
SECURITY: force IM decoder based on file extension - part 2
2018-07-25 23:08:02 +02:00
4bf3bf6786
SECURITY: force IM decoder based on file extension
2018-07-25 22:00:04 +02:00
0d0d78841b
FIX: Remove `plugin.enabled?` checks at initialization time ( #6166 )
...
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
- An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
- In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.
Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.
I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
- `post_custom_fields_whitelist`
- `whitelist_staff_user_custom_field`
- `add_permitted_post_create_param`
2018-07-25 16:44:09 +01:00
796639a797
FIX: makes disk_space computation more resilient ( #6172 )
2018-07-25 11:04:01 -04:00
fa399ce1c5
FEATURE: Add revoke and reconnect functionality for google logins
2018-07-25 16:03:14 +01:00
578c8e861b
FIX: refreshes disk_space on backup create/destroy ( #6169 )
2018-07-25 08:26:30 -04:00
776fd0de66
FIX: Filter open-id logins by identifier
2018-07-25 11:47:09 +01:00
84d14fd8a0
FIX: Don't rely on setting data type read from database
2018-07-25 11:40:59 +02:00
417bcf7d2e
add checks for staff and system user before sending flags_agreed_and_post_deleted message
2018-07-24 19:25:11 -04:00
fe39cdc90a
FEATURE: when a post is deleted because a moderator agreed with flags, send a message to the post author
2018-07-24 17:17:56 -04:00
7058205f70
FIX: Broken specs
2018-07-24 12:00:34 -04:00
236243f38a
SECURITY: Consider `0.0.0.0` a private IP
2018-07-24 11:16:27 -04:00
7a3c541077
UX: Preview multiple color schemes in wizard ( #6151 )
...
It was a dropdown to provide choices of color schemes,
and only one scheme could be shown.
With this commit, multiple color scheme previews can be displayed on
one page at the same time, making admins choose color schemes more
easily.
Theme preview windows are shrinked.
Imported default color schemes.
Co-Authored-By: Misaka 0x4e21 <misaka4e21@gmail.com>
2018-07-24 09:00:20 -04:00
fa19d3a53c
Merge pull request #6108 from discourse/transaction-sidekiq-fix
...
Fix notifications for topics moved between categories
2018-07-24 17:44:03 +08:00
20a21b1240
Move into MiniSQLMultisiteConnection, and add test for rollback
2018-07-24 09:41:55 +01:00
fad9c2b971
PERF: Move `EmailLog#reply_key` into new `post_reply_keys` table.
2018-07-24 13:51:53 +08:00
ae8b0a517f
PERF: Split skipped email logs into a seperate table.
2018-07-24 13:14:37 +08:00
e42038eae2
Rake task called method with wrong arguments
2018-07-24 00:10:09 +02:00
eda1462b3b
FEATURE: List, revoke and reconnect associated accounts. Phase 1 ( #6099 )
...
Listing connections is supported for all built-in auth providers. Revoke and reconnect is currently only implemented for Facebook.
2018-07-23 16:51:57 +01:00
b165cfdfbe
FIX: Raise a better error in `SiteSettings::TypeSupervisor`.
2018-07-19 16:41:00 +08:00
14a0879658
FIX: allow Twitter videos to go fullscreen
2018-07-19 10:22:36 +05:30
2dc3a50dac
FIX: Do not update `last seen` time for suspended users
2018-07-18 16:04:57 +01:00
6d6e026e3c
FEATURE: selectable avatars
2018-07-18 12:57:43 +02:00
379384ae1e
FIX: never block /srv/status which is used for health checks
...
This route is also very cheap so blocking it is not required
It is still rate limited and so on elsewhere
2018-07-18 12:37:01 +10:00
3874d40910
Prepare to drop `EmailLog#topic_id`.
2018-07-18 10:22:24 +08:00
1d74ccaaf8
Add compatibility for ImageMagick7.
2018-07-17 15:50:58 +08:00
a7ec949e02
make RuboCop happy
2018-07-17 13:15:44 +05:30
7c7509e1bd
FEATURE: update TwitterApi for prettifying like/retweet count
2018-07-17 12:59:40 +05:30
7b3ef4d13f
FIX: use email color settings consistently in notification emails
2018-07-16 12:30:42 -04:00
a6c589d882
FEATURE: Add custom S3 Endpoint and DigitalOcean Spaces/Minio support for Backups ( #6045 )
...
- Add custom S3 Endpoints and DigitalOcean Spaces support
- Add Minio support using 'force_path_style' option and fix uploads to custom endpoint
2018-07-16 14:44:55 +10:00
0ed2834c2d
FEATURE: Add users:disable_2factor rake task
...
https://meta.discourse.org/t/admin-locked-out-of-2fa/92156/2?u=pfaffman
2018-07-16 09:56:55 +08:00
b1082924b9
FIX: do not validate topic deletions
2018-07-13 22:53:36 +05:30
711371e8c8
FIX: Select+below will ask server for post ids on megatopics.
2018-07-13 15:10:39 +08:00
c722b07057
FIX: `/t/:topic_id/last` route did not return any posts.
2018-07-13 14:26:10 +08:00
2901691e87
FEATURE: per-category approval settings ( #5778 )
...
- disallow moving topics to a category that requires topic approval
2018-07-13 12:51:08 +10:00
81f9500f5c
FIX: Change megatopic threshold to 10,000 posts
2018-07-12 22:00:53 +01:00
258e9e35ca
PERF: Make mega topics work without a stream.
...
There are tradeoffs that we took here. For the complete
story see
https://meta.discourse.org/t/performance-improvements-on-long-topics/30187/27?u=tgxworld .
2018-07-12 12:46:12 +08:00
decf1f27cf
FEATURE: Groundwork for user-selectable theme components
...
* Phase 0 for user-selectable theme components
- Drops `key` column from the `themes` table
- Drops `theme_key` column from the `user_options` table
- Adds `theme_ids` (array of ints default []) column to the `user_options` table and migrates data from `theme_key` to the new column.
- Removes the `default_theme_key` site setting and adds `default_theme_id` instead.
- Replaces `theme_key` cookie with a new one called `theme_ids`
- no longer need Theme.settings_for_client
2018-07-12 14:18:21 +10:00
536cef86f4
PERF: do not carry post ids in memory when rebaking all posts
2018-07-11 14:34:33 +05:30
0942e2c795
allow adding tags as a custom subject format for emails ( #5846 )
...
allow adding tags as a custom subject format for emails
2018-07-11 12:24:07 +10:00
f69b7deb80
FIX: wizard emoji images on subfolder installs
2018-07-10 11:02:22 -04:00
b4e1388f9b
PERF: Drop support for gaps in mega topics.
...
Based on our current implementation, there isn't a
practical way to determine the gaps of large topics
cheaply. We tried to load the gaps in chunks but felt
that the code becomes too complicated. Note that
megatopics are quite rare in the wild.
2018-07-10 16:27:02 +08:00
21f333654c
REFACTOR: Reduce dependency on the post stream in `TopicView`.
...
This will allow us to drop the post stream from the payload for
mega-topics. On smaller topics, the extra query is fast because
of an existing index.
2018-07-10 15:53:00 +08:00
4163f9e61e
DEV: Better clean up for PostgreSQL failover test.
2018-07-10 09:53:25 +08:00
96aca6d7e6
Remove legacy vote post action code. ( #6009 )
2018-07-09 16:54:18 +08:00
72a3457379
Bump `discourse_image_optim` which uses a global timeout.
...
Our previous solution has the timeout set at the worker level
which means the total timeout would be X timeout secs * N number of
workers.
2018-07-09 10:30:18 +08:00
dba22bbde2
rollback changes
...
This reverts:
* 1baba84c438e "fix s3 subfolders harder"
* ea5e57938edf "fix test for absolute_base_url change"
2018-07-06 17:16:40 -05:00
52e9f49ec1
fix s3 subfolders harder
...
specifically, include the folder in absolute_base_url
2018-07-06 16:28:40 -05:00
59a2767de8
Ensure that we restore the site setting in posts:rebake rake task.
2018-07-06 16:22:54 +08:00
eabc8f7fbd
Merge pull request #6023 from misaka4e21/only-staff-can-create-tag
...
FEATURE: Support disabling tag creation for non-staff users.
2018-07-05 11:12:44 -04:00
92000bc8a0
FEATURE: add a rake task to recalculate user stats post_count and topic_count
2018-07-05 10:38:46 -04:00
28dd7fb562
FEATURE: Create hidden posts for received spam emails ( #6010 )
...
* Add possibility to add hidden posts with PostCreator
* FEATURE: Create hidden posts for received spam emails
Spamchecker usually have 3 results: HAM, SPAM and PROBABLY_SPAM
SPAM gets usually directly rejected and needs no further handling.
HAM is good message and usually gets passed unmodified.
PROBABLY_SPAM gets an additional header to allow further processing.
This change addes processing capabilities for such headers and marks
new posts created as hidden when received via email.
2018-07-05 11:07:46 +02:00
7b26f5086b
PERF: we have no use for topic percent rank
...
Prepare to remove this column
2018-07-05 15:10:19 +10:00
272646c1df
FIX: only show the sequential replies warning for regular posts
2018-07-04 22:51:19 +02:00
8a53941fe0
FIX: less aggressive gmail eliding
2018-07-04 20:04:46 +02:00
448e2fe1a2
FIX: properly delete files in the download cache
2018-07-04 18:18:39 +02:00
f134701c7b
FIX: user topic and post counts can become negative when staff deletes posts in personal messages
2018-07-04 09:31:16 -04:00
7590128d38
fix typo
2018-07-04 12:01:15 +05:30
0af159546a
FIX: `BackupRestore::Backuper#remove_tar_leftovers` not cleaning up files.
...
Wildcard is sanitized when passed to `system()`.
2018-07-04 13:58:39 +08:00
e72fd7ae4e
FIX: move crawler blocking into anon cache
...
This refinement of previous fix moves the crawler blocking into
anonymous cache
This ensures we never poison the cache incorrectly when blocking crawlers
2018-07-04 11:14:43 +10:00
7f98ed69cd
FIX: move crawler blocking to app controller
...
We need access to site settings in multisite, we do not have access
yet if we attempt to get them in request tracker middleware
2018-07-04 10:30:50 +10:00
d1b21aa73b
add timings to asset precompile
2018-07-04 09:42:38 +10:00
b6e9c734f2
replace error with message
...
So Discourse continues to work on Ruby trunk
2018-07-04 09:42:38 +10:00
e8a6323bea
remove crawler blocking until multisite support
2018-07-03 17:54:45 -04:00
b71cf6d422
FEATURE: Add search not operator for tags.
2018-07-03 15:57:34 +08:00
212f518cd1
Add invite tokens to official plugins list
2018-06-30 17:24:45 -04:00
252e5574cc
FIX: Prevent ambigous column errors when joining `TopicView` queries.
2018-06-29 10:33:08 +08:00
db14e10943
SECURITY: category badges should HTML escape names
2018-06-28 18:15:07 +10:00
ec3e6a81a4
FEATURE: Second factor backup
2018-06-28 10:12:32 +02:00
23acddc9fa
Add descriptions for rake tasks
2018-06-27 20:24:46 +02:00
eb427f7cf4
PERF: Update `TopicView#participant_count` to use `Topic#posts_count`.
...
Use the counter cache instead of hitting the DB and plucking
every single id.
2018-06-27 17:18:47 +08:00
cfa7898c2d
Rename `TopicView#last_read_post_id` to `TopicView#filtered_post_id`.
2018-06-27 12:33:57 +08:00
cb69888758
PERF: Don't pluck all the columns just to retrieve a single value.
2018-06-27 11:41:35 +08:00
47cb46671a
FEATURE: Support disabling tag creation for non-staff users.
2018-06-27 07:15:02 +08:00
6bcdc3ba4b
FEATURE: allow author to delete posts irrespective of post_edit_time_limit
2018-06-26 21:43:06 +05:30
49ffc1eb61
Revert "PERF: Send down gaps as the relevant posts load instead of front loading."
...
This reverts commit 4c3352528e
2018-06-26 12:54:14 +08:00
4c3352528e
PERF: Send down gaps as the relevant posts load instead of front loading.
2018-06-26 12:49:06 +08:00
0b6a2e9d1f
Remove force summary mode for megatopics for now.
...
The logic is too hairy and we can't reliably determine
when to force summary mode. Work is underway to improve
perf for megatopics so this will not be required
eventually.
2018-06-26 12:49:06 +08:00
5100a62fc0
FIX: Megatopics forced into summary mode when loading posts.
2018-06-25 22:11:56 +08:00
4644d777bd
FEATURE: add website field to SSO
2018-06-25 16:09:39 +10:00
41f76a74f8
FEATURE: send message when a user reaches tl1
2018-06-22 13:20:00 -07:00
6901e0e043
FIX: Rails.logger isn't always available when loading plugin locales
2018-06-22 10:20:20 -04:00
50f14c6e61
Prefer `update!` -> `update!`.
2018-06-22 15:13:04 +08:00
f69356e628
FIX: Users can't "show all posts" in forced summary topics.
2018-06-22 11:32:45 +08:00
544254f7a8
Version bump to v2.1.0.beta2
2018-06-21 10:41:52 -04:00
97d8cd820e
No need to expire readonly mode key immediately.
2018-06-21 17:52:42 +08:00
9a7a079f4d
Force summary mode when user enters at the top of megalodoon topics.
2018-06-21 15:18:52 +08:00
f7d22bad90
FEATURE: Forced summary mode for megalodon topics.
...
This is mainly done for performance reasons and megalodon
topics are usually a byproduct of imports where site setting
limits are not respected.
2018-06-21 14:00:20 +08:00
5cef4e281b
PERF: Memoize `TopicView#gaps` results.
2018-06-21 12:37:24 +08:00
2d59d06916
PERF: mega_topics get no post counts per user
2018-06-21 11:09:45 +10:00
f66efc601d
FIX: cubot android devices were detected as crawlers
2018-06-21 10:56:46 +10:00
2f7960bd2a
DEV: updates prettier and displays linters/prettifiers version in CI
2018-06-20 18:34:49 +02:00
8126b603e4
fix prettier
2018-06-20 18:26:43 +02:00
c5c1b45d19
higher loglevel for prettier
2018-06-20 16:51:48 +02:00
0365806b93
FIX: Properly display error when post action fails to create.
2018-06-20 21:20:23 +08:00
ff5fc3cb08
Use a fixed limit for mega topic posts count.
2018-06-20 16:58:52 +08:00
9c925a66ff
PERF: Don't display days ago on timeline for megatopics.
...
Analysis using `pg_stat_statements` showed this query
to be eating up a significant portion of CPU.
2018-06-20 16:25:54 +08:00
cbdab71179
PERF: stop counting participants on very large topics
...
This query gets very expensive and can be bypassed on large topics
2018-06-20 18:11:39 +10:00
2f0e73f2d6
DEV: fast pluck to use type_map in mini_sql
2018-06-20 17:53:49 +10:00
44091f20c6
DEV: allow for method deprecation using Discourse.deprecate
...
New method deprecator will ensure one log message an hour happens
for all deprecated method calls per call site
Also removes unused monkey patches to ActiveRecord::Base
2018-06-20 17:53:49 +10:00
Régis Hanol
David Taylor
Joffrey JAFFEUX
Gerhard Schlager
Neil Lalonde
Robin Ward
Guo Xiang Tan
Guo Xiang Tan
Arpit Jalan
Sam
Rishabh
Jay Pfaffman
Kyle Zhao
OsamaSayegh
Maja Komel
Andrew Schleifer
Patrick Gansterer
Kasia Bułat
Joshua Rosenfeld
misaka4e21
David Lee
Jeff Wong