Commit Graph

45185 Commits

Author SHA1 Message Date
Bianca Nenciu 8695449cfc
FIX: Validate permalink_normalizations setting (#16604)
When an admin enters a badly formed regular expression in the
permalink_normalizations site setting, a RegexpError exception is
generated everytime a URL is normalized (see Permalink.normalize_url).

The new validator validates every regular expression present in the
setting value (delimited by '|').
2022-05-04 14:33:06 +03:00
David Taylor 485fc4636a
FEATURE: Add fallback to suggested value when auth_overrides_username (#16612)
If the identity provider does not provide a precise username value, then we should use our UserNameSuggester to generate one and use it for the override. This makes the override consistent with initial account creation.
2022-05-04 11:22:09 +01:00
dependabot[bot] a35837dc0b
Build(deps): Bump oauth from 0.5.9 to 0.5.10 (#16628)
Bumps [oauth](https://github.com/oauth-xx/oauth-ruby) from 0.5.9 to 0.5.10.
- [Release notes](https://github.com/oauth-xx/oauth-ruby/releases)
- [Changelog](https://github.com/oauth-xx/oauth-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oauth-xx/oauth-ruby/compare/v0.5.9...v0.5.10)

---
updated-dependencies:
- dependency-name: oauth
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-04 12:06:40 +02:00
Jarek Radosz 68ccaa3acb
DEV: Fix typos and outdated comments (#16614) 2022-05-04 14:12:18 +08:00
Jarek Radosz 73940fa968
DEV: Use cloneJSON instead of spread operator (#16615)
Spread does shallow clone, so changes in these tests leak.
2022-05-04 14:11:45 +08:00
Jarek Radosz 79c854d9be
DEV: Remove RTLit gem (#16620)
Its only use was removed 7 years ago in #3377.
2022-05-04 14:11:12 +08:00
David Taylor b01b1570ab
FIX: Handle enum types during database restore (#16624)
c1db9687 introduced an postgres enum type. Our database restore logic did not handle custom types correctly, and would therefore raise a 'type already exists' error when restoring any backup.

This commit adds restore handling for enums, mirroring the similar logic for tables and views.
2022-05-04 08:40:34 +10:00
Joffrey JAFFEUX ad293e510d
FIX: destroys instance when hiding date popover (#16623)
This fix attempts to fix an issue where the preview was not updated after changing timezone. Changing time would work as it would recreate the date DOM element and as a result, reset the popper.
2022-05-03 23:47:25 +02:00
Jarek Radosz bc0eca1976
DEV: Update puppeteer, fix deprecations, lint (#16616)
1. Updates puppeteer to x
2. Fixes deprecations:
    ```
    waitFor is deprecated and will be removed in a future release. See https://github.com/puppeteer/puppeteer/issues/6214 for details and how to migrate your code.
    ```
3. Lints/prettyfies the smoke_test.js file
2022-05-03 20:58:58 +02:00
David Taylor 1c9d8b4999
FIX: Handle invalid JSON from downloaded_images custom fields (#16613)
custom_field data on some sites has duplicate values for a given url key in the JSON value. This is invalid, so we should drop the extra data.
2022-05-03 18:51:25 +01:00
Penar Musaraj 175e6e6061
DEV: Add Ember CLI workspace license checks (#16603)
Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2022-05-03 13:06:19 -04:00
David Taylor bebb4fd111
FIX: Handle duplicates in hotlinked_media migration (#16611)
In the old custom_field-based system, it was possible for a url to be both 'downloaded' and 'broken'. The new table enforces uniqueness, so we need to drop invalid data.
2022-05-03 17:17:27 +01:00
Isaac Janzen 96e7c85177
FIX: updated filtered replies when replies exist (#16610) 2022-05-03 11:16:20 -05:00
dependabot[bot] f219ea562f
Build(deps): Bump oauth from 0.5.8 to 0.5.9 (#16607)
Bumps [oauth](https://github.com/oauth-xx/oauth-ruby) from 0.5.8 to 0.5.9.
- [Release notes](https://github.com/oauth-xx/oauth-ruby/releases)
- [Changelog](https://github.com/oauth-xx/oauth-ruby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/oauth-xx/oauth-ruby/commits)

---
updated-dependencies:
- dependency-name: oauth
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-03 17:33:34 +02:00
Jarek Radosz d58a1e180d
DEV: Update ember-try to 2.0.0 (#16606) 2022-05-03 11:04:16 -04:00
David Taylor 19d2d55011
FIX: Ensure post_hotlinked_media index does not exceed size limit (#16609)
On some installations, this would fail with 'index row size exceeds btree version 4 maximum'. This commit replaces the (post_id, url)` index with a `(post_id, md5(url))` index, which is much more space efficient.
2022-05-03 15:47:58 +01:00
Discourse Translator Bot 51e29d3ca8
Update translations (#16608) 2022-05-03 15:30:59 +02:00
David Taylor c1db968740
DEV: Move hotlinked image information into a dedicated table (#16585)
This will make future changes to the 'pull hotlinked images' system easier. This commit should not introduce any functional change.

For now, the old post_custom_field data is kept in the database. This will be dropped in a future commit.
2022-05-03 13:53:32 +01:00
Jarek Radosz d8ce4228da
DEV: Lock logster to 2.11.0 (#16605)
2.11.1+ is not compatible with DiscourseRedis implementation. This fixes error reporting.
2022-05-03 13:41:09 +02:00
Sam 616de83232
FIX: avoid concurrent usage of AR models (#16596)
Flagged by the truffle team at: https://meta.discourse.org/t/thread-unsafe-current-user-usage-in-auth-defaultcurrentuserprovider/225671

This usage of AR is unsafe currently, as AR models are not safe for concurrent usage

Introduces a new query potentially every minute which should be acceptable.
2022-05-03 08:50:56 +10:00
Penar Musaraj 02fafc9476
DEV: Clear local stylesheet caches when working on WCAG color schemes (#16600)
This isn't a complete fix, it doesn't enable live reloading of color
definition stylesheets. But at least now when working on WCAG overrides
the developer won't need to restart the server to see changes.
2022-05-03 08:49:47 +10:00
Penar Musaraj 4e65e02da6
UX: Fix hover state for flat buttons in WCAG schemes (#16601) 2022-05-03 08:48:58 +10:00
Kris a627506d37
UX: Add a brief accessibility summary to the README (#16602) 2022-05-03 08:48:37 +10:00
Jarek Radosz 8cb33cee48
DEV: Fix typo in customize-robots-txt (#16599) 2022-05-02 22:54:05 +02:00
Joffrey JAFFEUX f86b53778d
FIX: closes popover when downloading calendar (#16598) 2022-05-02 20:35:15 +02:00
Angus McLeod 9fc3d46003
Update wordpress scopes and add ``session/scopes`` endpoint (#15366)
* Update wordpress scopes && add ``session/scopes`` endpointt

* Fix failing spec

* Add users#show scope to discourse_connect

* Update app/controllers/session_controller.rb

Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>

Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>
2022-05-02 12:15:32 -03:00
Joffrey JAFFEUX fad94160c7
FIX: uses tippy for popover (#15409)
Note this commit also introduce a new {{d-popover}} component, example usage:

```hbs
{{#d-popover |state|}}
  {{d-button label="foo.things" class="d-popover-trigger"}}

  <div class="d-popover-content">
    Some content
  <div>
{{/d-popover}}
```
2022-05-02 17:10:26 +02:00
Shaun 4885a2535a
UX: Display user.username on user cards (#16539)
If you happen to mention someone with the wrong capitalization for that
person's username (e.g. `@sAm`), that incorrect capitalization would get
displayed on their user card.

This update will fix that by displaying the `user.username` value, which
will have the correct capitalization.

I also added some tests that will ensure `username` and `name` are
displayed on the user card in the correct order based on the
`prioritize_username_in_ux` setting.

This issue was reported here:
https://meta.discourse.org/t/capitalization-does-not-match-when-you-open-user-cards-using-mentions/217166
2022-05-02 09:28:50 -04:00
Andrei Prigorshnev 187922d51c
FEATURE: introduce a sitewide setting for disabling suggesting weekends in time pickers (#16563) 2022-05-02 15:40:23 +04:00
Jarek Radosz 5bc80cde77
DEV: Allow Codespaces host when in Codespaces (#16595) 2022-04-30 00:12:31 +02:00
Penar Musaraj c76f684320
UX: Reset `mark` element highlight for WCAG schemes (#16593) 2022-04-29 14:22:26 -04:00
Leonardo Mosquera 3e5faffb0d
DEV: mbox importer improvements (#16557)
* FIX: support specifying parent_category_id in mbox import metadata
* FIX: elide tabs from topic titles
* FIX: optionally fix Mailman from: addresses
* DEV: optionally elide anything up to the last = in email addresses
* Fix Mailmain broken from: detection
2022-04-29 13:24:29 -03:00
David Taylor 0f772bdf5b
FEATURE: Optionally skip using full_name when suggesting usernames (#16592)
This commit introduces a new site setting: `use_name_for_username_suggestions` (default true)

Admins can disable it if they want to stop using Name values when generating usernames for users. This can be useful if you want to keep real names private-by-default or, when used in conjunction with the `use_email_for_username_and_name_suggestions` setting, you would prefer to use email-based username suggestions.
2022-04-29 14:00:13 +01:00
Andrew Schleifer 14f61c5784 DOC: tighten directory permissions in cloud installation
The files in the containers directory may include secrets -- such as
credentials for sending email. Previously, those could be world-
readable depending on umask.
2022-04-29 14:15:15 +08:00
dependabot[bot] bb019aab5d
Build(deps): Bump loofah from 2.16.0 to 2.17.0 (#16589)
Bumps [loofah](https://github.com/flavorjones/loofah) from 2.16.0 to 2.17.0.
- [Release notes](https://github.com/flavorjones/loofah/releases)
- [Changelog](https://github.com/flavorjones/loofah/blob/main/CHANGELOG.md)
- [Commits](https://github.com/flavorjones/loofah/compare/v2.16.0...v2.17.0)

---
updated-dependencies:
- dependency-name: loofah
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-29 00:41:10 +02:00
jbrw cfb6360bdf
UX: Add time_shortcut.now translation (#16588)
When using `future-date-input` with the option of `includeNow=true` we need to have a translation for `time_shortcut.now`.
2022-04-28 16:48:26 -04:00
Penar Musaraj b266a36967
FEATURE: Add `group_messages:` keyword to advanced search (#16584) 2022-04-28 10:47:40 -04:00
Jarek Radosz de19003bad
DEV: Minor workflow updates (#16583) 2022-04-28 15:51:48 +02:00
Andrei Prigorshnev badde13894
UX: improve the list of options on the slow mode modal (#16561) 2022-04-28 17:05:32 +04:00
Vinoth Kannan 1928bb6ac6
FIX: show group in filter only if user can see the members list. (#16580) 2022-04-28 18:27:47 +05:30
Jarek Radosz 9203a421ba
DEV: Remove deprecated Codespace setting (#16582)
And add `search.followSymlinks` so that js/adminjs results aren't duplicated by default (+ fix formatting)
2022-04-28 14:47:11 +02:00
Jarek Radosz bcb22821fb
DEV: Add support for GH Codespaces to ember proxy (#16581) 2022-04-28 14:46:59 +02:00
dependabot[bot] 3c2e94ca59
Build(deps): Bump net-protocol from 0.1.2 to 0.1.3 (#16579)
Bumps [net-protocol](https://github.com/ruby/net-protocol) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/ruby/net-protocol/releases)
- [Commits](https://github.com/ruby/net-protocol/compare/v0.1.2...v0.1.3)

---
updated-dependencies:
- dependency-name: net-protocol
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-28 13:38:12 +02:00
dependabot[bot] 1ecb099bb2
Build(deps): Bump logster from 2.11.1 to 2.11.2 (#16577)
Bumps [logster](https://github.com/discourse/logster) from 2.11.1 to 2.11.2.
- [Release notes](https://github.com/discourse/logster/releases)
- [Changelog](https://github.com/discourse/logster/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.11.1...v2.11.2)

---
updated-dependencies:
- dependency-name: logster
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-28 11:51:13 +02:00
Loïc Guitaut 008b700a3f DEV: Upgrade to Rails 7
This patch upgrades Rails to version 7.0.2.4.
2022-04-28 11:51:03 +02:00
Alan Guo Xiang Tan 532f9cdb1a
DEV: Partially revert 98c49acad5 (#16578)
Use of glimmer component breaks site not on Ember CLI.
2022-04-28 16:01:58 +08:00
David Taylor 0f7b198ca0
FIX: Ensure values are escaped in select-kit dropdowns (#16576)
The values in Discourse dropdown menus only come from admin-defined strings, not unsanitised end-user input, so this lack of escaping was not exploitable.
2022-04-28 08:52:29 +01:00
dependabot[bot] 8ada093218
Build(deps): Bump logster from 2.11.0 to 2.11.1 (#16550)
Bumps [logster](https://github.com/discourse/logster) from 2.11.0 to 2.11.1.
- [Release notes](https://github.com/discourse/logster/releases)
- [Changelog](https://github.com/discourse/logster/blob/main/CHANGELOG.md)
- [Commits](https://github.com/discourse/logster/compare/v2.11.0...v2.11.1)

---
updated-dependencies:
- dependency-name: logster
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-28 15:49:29 +08:00
Alan Guo Xiang Tan 98c49acad5
DEV: Setup experimental sidebar skeleton (#16575)
* hidden siteSetting to enable experimental sidebar
* user preference to enable experimental sidebar
* `experimental_sidebar_enabled` attribute for current user
* Empty glimmer component for Sidebar
2022-04-28 15:27:06 +08:00
dependabot[bot] 9f9131efbe
Build(deps): Bump excon from 0.92.2 to 0.92.3 (#16573)
Bumps [excon](https://github.com/excon/excon) from 0.92.2 to 0.92.3.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.92.2...v0.92.3)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-27 17:36:30 +02:00