Commit Graph

38448 Commits

Author SHA1 Message Date
Martin Brennan e0713455ca
PERF: Load topic bookmarks for the user in user_post_bookmarks (#10197)
Instead of loading all of the user bookmarks using all the post IDs in a topic, load all the bookmarks for a user using the topic ID. This eliminates a costly WHERE ID IN query.
2020-07-09 15:46:52 +10:00
Guo Xiang Tan d5c56a846a
DEV: Only failover the entire cluster when the default db goes down. 2020-07-09 11:49:03 +08:00
Martin Brennan 31e31ef449
SECURITY: Add content-disposition: attachment for SVG uploads
* strip out the href and xlink:href attributes from use element that
  are _not_ anchors in svgs which can be used for XSS
* adding the content-disposition: attachment ensures that
  uploaded SVGs cannot be opened and executed using the XSS exploit.
  svgs embedded using an img tag do not suffer from the same exploit
2020-07-09 13:31:48 +10:00
Guo Xiang Tan fd38c2fac3
FIX: Force ActiveRecord reading role if Redis is down take 2.
follow-up f03c7a1ba1
2020-07-09 11:14:19 +08:00
Guo Xiang Tan f03c7a1ba1
FIX: Force ActiveRecord reading role if Redis is down. 2020-07-09 11:13:02 +08:00
Guo Xiang Tan cbe1dd8ec7
Revert "FIX: Delete related search data when record has been deleted."
This reverts commit ecc799ab56.

This commit does not fix anything because we've always been deleting
records in `Searchable`.
2020-07-09 10:08:35 +08:00
Jordan Vidrine 9eedc83e00
UI: Markdown Code Wrapping (#10195) 2020-07-08 20:50:42 -04:00
Blake Erickson abb01148fa DEV: Rubocop fixes
Follow up to: 3314654ab3
2020-07-08 18:27:19 -06:00
Blake Erickson 3314654ab3 DEV: Add API Doc specs for topic endpoints
Added some more specs that will be used to auto generate the api docs.
2020-07-08 18:08:14 -06:00
romanrizzi 720a7f88e2 Revert "Add License"
This reverts commit ba1c4b3ee9.
2020-07-08 15:11:04 -03:00
Roman Rizzi ba1c4b3ee9
Add License 2020-07-08 15:09:42 -03:00
Penar Musaraj bd511c004c
UX: Fix missing icon when merging selected posts 2020-07-08 13:57:05 -04:00
Penar Musaraj 67582e7d27
FIX: Do not send system emails to suspended users (#10192) 2020-07-08 13:30:32 -04:00
Mark VanLandingham 90512d723c
UX: Use group-chooser in invite modal (#10186) 2020-07-08 12:02:26 -05:00
Robin Ward f3ff9d5625 FIX: `getURL` deprecation 2020-07-08 11:40:53 -04:00
Arpit Jalan 78beb4368a FIX: 'resend all invite' button was not working as expected 2020-07-08 15:52:44 +05:30
marielaSAG e45307a105
DEV: Added before-create-topic-button plugin-outlet (#10109) 2020-07-08 18:21:30 +10:00
Mark VanLandingham a9292086f4
DEV: Add classes to quick-access-profile items (#10185) 2020-07-08 17:30:12 +10:00
Martin Brennan 6be7a66ba7
FIX: Cap bookmark name at 100 chars and truncate existing names (#10189)
We have a couple of examples of enormous amounts of text being entered in the name column of bookmarks. This is not desirable...it is just meant to be a short note / reminder of why you bookmarked this.

This PR caps the column at 100 characters and truncates existing names in the database to 100 characters.
2020-07-08 17:19:01 +10:00
Sam Saffron bac25e6dd7
DEV: upgrade rack to version 2.2.3
This is very minor, see: https://github.com/advisories/GHSA-j6w9-fv6q-3q52

An attacker can elevate own cookie usage to bypass server cookie restrictions

Technically this is a security commit, but the surface area is extremely
low, we do not expect any real world impact.
2020-07-08 16:42:31 +10:00
Sam Saffron 8af5194e39
DEV: upgrade rails to version 6.0.3.2
This includes a fix for CVE-2020-8185 we are not vulnerable as we do not use
the impacted middleware. However it still makes sense to stay upgraded, other
small fixes exist in this release.
2020-07-08 16:34:29 +10:00
Bianca Nenciu bd842cd2b0
FEATURE: Parse images in email signatures (#10137)
* FEATURE: Parse images in email signatures

* DEV: Fix tests

* Code review
2020-07-08 15:50:30 +10:00
Martin Brennan 07ad243603
FIX: Stop updating bookmarked column from TopicUser.update_post_action_cache (#10188)
* This is causing issues where sometimes bookmarked is out of sync with what is in the Bookmark table. The BookmarkManager handles updating this column now.
* Add migration to fix bookmarked column that is incorrectly marked false when a Bookmark record exists.
2020-07-08 15:27:42 +10:00
Guo Xiang Tan 2e1eafae06
FIX: Incorrect search blurb when advanced search filters are used. 2020-07-08 11:59:49 +08:00
dependabot-preview[bot] 26dc981285 Build(deps): Bump rubocop from 0.86.0 to 0.87.1
Bumps [rubocop](https://github.com/rubocop-hq/rubocop) from 0.86.0 to 0.87.1.
- [Release notes](https://github.com/rubocop-hq/rubocop/releases)
- [Changelog](https://github.com/rubocop-hq/rubocop/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rubocop-hq/rubocop/compare/v0.86.0...v0.87.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:38 +08:00
dependabot-preview[bot] b973ffe8e0 Build(deps): Bump onebox from 1.9.29 to 1.9.30
Bumps [onebox](https://github.com/discourse/onebox) from 1.9.29 to 1.9.30.
- [Release notes](https://github.com/discourse/onebox/releases)
- [Changelog](https://github.com/discourse/onebox/blob/master/CHANGELOG.md)
- [Commits](https://github.com/discourse/onebox/compare/v1.9.29...v1.9.30)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-07-08 08:54:20 +08:00
Kane York c86b1ee9d1
FIX: Disable security keys at same time as TOTP 2FA (#10144)
Previously, the "Remove 2FA" button could result in an error. This syncs button visibility with behavior.

* FIX: Only offer disabling 2FA to admins
2020-07-07 12:19:30 -07:00
Mark VanLandingham 81fe8a50d4
DEV: Plugin API function to add items to quick access profile (#10182) 2020-07-07 13:53:40 -05:00
Kris d09a953f53 UX: Fix layout for long bookmark notes 2020-07-07 13:42:51 -04:00
Kris 66257ca8b6 FEATURE: Add "smallest" option to user text size preferences 2020-07-07 13:08:19 -04:00
Régis Hanol 44aaf4415d DEV: ensure discobot has a user_option & user_profile
When doing a migration, there might be some cases where the discobot user
doesn't have a user_option / user_profile record(s).

This ensures we always create one during the seed phase.
2020-07-07 18:24:31 +02:00
Mark VanLandingham d2e320d4f7
FIX: Bookmarks shortcut goes to new bookmarks with reminders (#10181) 2020-07-07 11:12:41 -05:00
Bianca Nenciu 4a90464619
FIX: Do not highlight large code blocks (#10125) 2020-07-07 18:51:19 +03:00
Bianca Nenciu 6705c45156
FEATURE: Add reply_as_new_group_message composer action (#10168) 2020-07-07 18:30:48 +03:00
Gerhard Schlager ab4c0a4970 FEATURE: Create SQL-only backup if there are no uploads
It doesn't make sense to compress the database dump twice if the backup doesn't contain any uploaded files.
2020-07-07 16:23:47 +02:00
Bianca Nenciu 10e2578751
FIX: Set default value for poll result field (#10178) 2020-07-07 17:23:21 +03:00
Dan Ungureanu 57d46694c5
DEV: Fix flaky test 2020-07-07 17:10:24 +03:00
Dan Ungureanu 333d4f9a98
FIX: Redirect user to the URL with the correct category slug (#10167)
This commit implements a category redirect similar to the one for topic
URLs with wrong slug.
2020-07-07 15:25:36 +03:00
jjaffeux f92116d695 Revert "DEV: flexify post actions (#9926)"
This reverts commit 6ef0e98f4e.
2020-07-07 12:42:49 +02:00
Joffrey JAFFEUX 56475f57c5
UX: simplifies editing email templates by always having a default (#10179) 2020-07-07 11:44:13 +02:00
Joffrey JAFFEUX 9b7000dbf1
FIX: ensures category order keeps consistent (#10165)
Before this change:
- first full page load would get category defaults defined un cateory settings
- a navigation to a topic and then back to categories list would reset defaut to the ones defined in discovery/topics
2020-07-07 09:56:38 +02:00
Guo Xiang Tan 0c742dd022
DEV: Simple formatting fix. 2020-07-07 15:46:14 +08:00
Vinoth Kannan f3f30edf3f SPEC: use post number to create canoncial path in mega topics.
6d17765924
2020-07-07 12:20:31 +05:30
Krzysztof Kotlarek 72861f4e1c
FIX: add table CSS rules to normalize (#10176)
* FIX: add table CSS rules to normalize

In the new version of normalize - 8.0.1 `  `table` and `td` CSS rules are missing
https://github.com/necolas/normalize.css/blob/master/normalize.css

They existed in version `3.0.1` https://github.com/necolas/normalize.css/blob/3.0.1/normalize.css#L417

Also, extracted custom rules to new file
2020-07-07 16:47:03 +10:00
Martin Brennan 280cd99c62
DEV: Add extra appEvents to composer workflow
* add composer:saved, composer:created-post, and composer:edited-post
  appEvents inside the composer controller, to make it easier to detect
  these events in plugins
2020-07-07 14:13:45 +10:00
Sam Saffron 9075d5a9f5
Revert "FIX: Set default value for poll result field (#10044)"
This reverts commit 40de535224.

Sadly this appears to break the JS test suite
2020-07-07 10:24:37 +10:00
Dan Ungureanu 556f7dc9c0
FIX: Fix race condition when resolving tag and category hashtags (#10153)
* FIX: Fix race condition when resolving tag and category hashtags

If the category hashtags were resolved first and then tag hashtags, then
the tags would overwrite the categories. Similarly, if the category
hashtags were resolved last it would overwrite even hashtags which ended
with '::tag'.

* DEV: Add test

* DEV: Fix test
2020-07-07 10:20:51 +10:00
Bianca Nenciu b9e3db6387
UX: Add link to user email preferences in admin view (#10169) 2020-07-07 10:20:14 +10:00
Dan Ungureanu e08b860e88
FIX: Improve category hashtag lookup (#10133)
* FIX: Improve category hashtag lookup

This commit improves support for sub-sub-categories and does not include
the ID of the category in the slug, which fixes the composer preview.

* FIX: Sub-sub-categories can be mentioned using only two levels

* FIX: Remove support for three-level hashtags

* DEV: Simplify code
2020-07-07 10:19:01 +10:00
Joffrey JAFFEUX 6ef0e98f4e
DEV: flexify post actions (#9926)
* DEV: flexify post actions

* more tweaks
2020-07-07 10:18:01 +10:00