Commit Graph

4613 Commits

Author SHA1 Message Date
Gerhard Schlager 2a22b90538 SECURITY: email domain whitelist could be bypassed 2018-01-17 21:45:32 +01:00
Robin Ward 34ed6088b9 FEATURE: New modal to show flags received for a user 2018-01-17 15:08:08 -05:00
Rafael dos Santos Silva 70c5f6ae17
Merge pull request #5489 from discourse/fix-shared-s3-cdn
FIX: Allow shared CDN for s3 and assets
2018-01-17 16:32:11 -02:00
Arpit Jalan e04fb9a877 fix the build 2018-01-17 12:57:33 +05:30
Arpit Jalan 79eb9d7086 FEATURE: show header search results on search log term details page 2018-01-17 12:47:16 +05:30
Sam b7023da894 PERF: reduce queries required for post timings
- also freezes a bunch of strings
- bypass active record for an exists query
2018-01-17 15:50:41 +11:00
Arpit Jalan 1208254961 FIX: validate presence of 'top menu' setting 2018-01-17 01:43:53 +05:30
Neil Lalonde f274a5234f FIX: topic and category exporters were only exporting users who created the first post 2018-01-16 12:51:53 -05:00
Sam d7657d8e47 correct specs, ensure crawler layout only applies to html 2018-01-16 16:28:11 +11:00
Sam 7b562d2f46 FEATURE: much improved and simplified crawler detection
- phase one does it match 'trident|webkit|gecko|chrome|safari|msie|opera'
    yes- well it is possibly a browser

- phase two does it match 'rss|bot|spider|crawler|facebook|archive|wayback|ping|monitor'
    probably a crawler then

Based off: https://gist.github.com/SamSaffron/6cfad7ea3e6df321ffb7a84f93720a53
2018-01-16 15:41:45 +11:00
Neil Lalonde ce79ec0127 FIX: subfolder: top referred topics report was missing subfolder in links 2018-01-15 17:28:35 -05:00
Arpit Jalan 785d063a6b
Merge pull request #5496 from techAPJ/admin-graphs
FIX: graphs should go to zero for missing dates
2018-01-15 11:10:29 +05:30
Arpit Jalan b7ba490df7 FIX: graphs should go to zero for missing dates 2018-01-15 10:16:34 +05:30
Sam 906f189914 have to clear debounce cache for tests 2018-01-15 15:29:54 +11:00
Sam d9788a5fb3 missed a spec 2018-01-15 14:51:04 +11:00
Sam bf68d394f4 PERF: handle debounce in redis cause SQL can be slow 2018-01-15 14:48:28 +11:00
Neil Lalonde ad58a1743b rename topic_list.tags to topic_list.top_tags 2018-01-12 16:35:27 -05:00
Neil Lalonde 6d68275ef9 don't show tag groups if they're restricted to categories you can't access 2018-01-12 14:25:42 -05:00
Sam 215c0d5569 FEATURE: allow system api to target users via external id or user id
usage ?api_key=XYZ&api_user_external_id=ABC
usage ?api_key=XYZ&api_user_id=123
2018-01-12 17:40:18 +11:00
Vinoth Kannan 988b13ac77 FIX: GitHub auth always asking to verify email for new users (#5487) 2018-01-12 15:17:29 +11:00
Sam 49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Rafael dos Santos Silva b9a343afe7 FIX: Allow shared CDN for s3 and assets 2018-01-12 01:08:15 -02:00
Vinoth Kannan b96ae14261 FEATURE: Display force_https warning in admin problems dashboard 2018-01-11 12:16:10 +05:30
Gerhard Schlager 9f7ae908d8 Add specs to check email domain whitelist/blacklist for To and Cc 2018-01-10 16:57:26 +01:00
Neil Lalonde 8f21c96ea5 FIX: don't downcase watched words on input since it can break the watched_words_regular_expressions setting 2018-01-09 16:51:59 -05:00
Arpit Jalan 672888f526 FIX: handle invalid password reset token 2018-01-09 23:48:17 +05:30
Jan Suchal bc56d86a63 Support ruby 2.5.0 2018-01-09 16:03:17 +01:00
Arpit Jalan 6c1ebbb95c add test case for csv BOM handling 2018-01-09 15:49:41 +05:30
Guo Xiang Tan e90187cbf7
Merge pull request #5469 from tgxworld/add_guard_to_prevent_primary_email_from_being_reassigned
FIX: Add guard to prevent a primary `UserEmail` from being reassigned.
2018-01-09 13:35:08 +08:00
Sam 8ff5f5f2ef FIX: cache admin locale file for 24 hours 2018-01-09 10:23:49 +11:00
Sam cecd7d0d07 FEATURE: global rate limiter can bypass local IPs 2018-01-08 08:39:17 +11:00
Vinoth Kannan e5affdf230 FIX: URI must be ascii only for URI.parse command 2018-01-07 02:31:35 +05:30
Joffrey JAFFEUX 642645ba9a
FIX: broken select badge as user title (#5474)
* FIX: broken select badge as user title

* selected id wasn’t pass to underlying component
* <none> was rendered as an html tag <none></none>
* overriding a badge name wouldn’t work as it was using badge.name and not badge.display_name
* adds a spec to ensure this behavior is correct
2018-01-05 16:58:15 +01:00
Gerhard Schlager f086d28b30 FIX: Do not validate messages sent to mailing list mirror 2018-01-05 11:21:53 +01:00
Gerhard Schlager e0d73a957d FEATURE: Allow posting via email to read-only mailing list mirror category 2018-01-05 11:21:53 +01:00
Gerhard Schlager d7cd7e4dc7 FIX: Never mark emails sent to mailing list mirror as auto-generated 2018-01-05 11:21:53 +01:00
Arpit Jalan 9030d3ef63 FIX: do not create duplicate topics
https://meta.discourse.org/t/duplicate-http-https-topics-are-randomly-created/77190
2018-01-04 23:53:52 +05:30
Guo Xiang Tan 8a3bbcb19a FIX: Add guard to prevent a primary `UserEmail` from being reassigned. 2018-01-04 19:40:50 +08:00
Gerhard Schlager ceb7590bcb FIX: bounced email can contain multiple status codes 2018-01-03 17:59:20 +01:00
Guo Xiang Tan 9644569a28 FIX: Wildcard webhooks could send duplicated events. 2018-01-03 17:00:44 +08:00
Guo Xiang Tan 647cf7545d Fix randomly failing spec. 2018-01-03 14:42:16 +08:00
Gerhard Schlager 38269c416d FIX: return regular notification level for categories when not set by user 2017-12-30 20:36:58 +01:00
Guo Xiang Tan 805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
Sam a9e2fc59c4 FIX: [constructor] bbcode would cause markdown crash 2017-12-27 16:11:30 +11:00
Arpit Jalan ef4c6c67ba fix the build 2017-12-23 14:42:40 +05:30
Arpit Jalan 0514ac4ee2 FIX: verify presence of 'sso url' before enabling 'enable sso' 2017-12-23 13:30:49 +05:30
Régis Hanol d6b22e6cc1 FIX: whitelist oneboxed iframes 2017-12-23 01:56:33 +01:00
Robin Ward 69a90f31fb FEATURE: Allow Forums to disable the Backups feature 2017-12-21 15:22:04 -05:00
Gerhard Schlager 7b58afe677 FIX: ProcessPost job failed for posts that have no user 2017-12-21 14:45:59 +01:00
Guo Xiang Tan 4b51871f6a Treat non-ascii URLs in `UrlValidator`. 2017-12-21 14:22:55 +08:00