discourse/lib
Sam Saffron 57a3d4e0d2
FEATURE: whitelist theme repo mode (experimental)
In some restricted setups all JS payloads need tight control.

This setting bans admins from making changes to JS on the site and
requires all themes be whitelisted to be used.

There are edge cases we still need to work through in this mode
hence this is still not supported in production and experimental.

Use an example like this to enable:

`DISCOURSE_WHITELISTED_THEME_REPOS="https://repo.com/repo.git,https://repo.com/repo2.git"`

By default this feature is not enabled and no changes are made.

One exception is that default theme id was missing a security check
this was added for correctness.
2020-06-03 13:19:57 +10:00
..
active_record/connection_adapters FIX: PostgreSQL fallback was broken due to Rails masking exception (#9633) 2020-05-05 10:34:25 +10:00
auth DEV: Prevent 'previous definition' warnings for PARAMETER_API_PATTERNS 2020-05-13 12:54:28 +01:00
autospec DEV: adjust rake autospec to work with renamed es6 files 2020-03-31 14:40:58 +11:00
backup_restore new S3 backup layout (#9830) 2020-05-29 00:28:23 +05:30
common_passwords DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
compression FIX: Decompressing lots of small files triggered error 2020-01-09 15:11:31 +01:00
content_security_policy FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
demon FIX: Reopen sidekiq log files after rotation (#9429) 2020-04-16 12:13:13 +01:00
email FIX: Specific email error for replies to digest emails (#9770) 2020-05-14 09:04:58 -05:00
emoji DEV: supports unicorn emoji 13.0beta (#8402) 2019-11-25 10:23:18 +01:00
file_store DEV: Rubocop fix 2020-06-01 06:07:07 +02:00
freedom_patches FIX: XML files could be detected as SVG files 2020-05-26 18:18:20 +02:00
generators FIX plugin generator: mobile, desktop stylesheets registering (#9039) 2020-02-25 11:43:17 +01:00
guardian DEV: Allow plugins to hide user stats by new guardian method (#9772) 2020-05-14 11:57:35 -05:00
highlight_js DEV: already defined constant 'HIGHLIGHTJS_DIR' 2019-01-21 10:12:23 +01:00
i18n FIX: Using the `default_locale` in locale fallbacks caused problems 2020-05-06 22:59:07 +02:00
import DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
import_export FEATURE: Include category position when exporting categories (#9658) 2020-05-07 12:17:15 +10:00
javascripts REFACTOR: removes unreachable statement (#9680) 2020-05-07 16:37:02 +02:00
middleware REFACTOR: Move the multisite middleware to the front 2020-04-02 16:44:44 +01:00
migration FIX: Allow post migrations using `#change` to carry out unsafe migration 2020-05-15 14:23:27 +08:00
onebox FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
plugin DEV: Add `discourse-staff-alias` to official plugin list. 2020-05-28 16:43:15 +08:00
pretty_text FIX: allows to have custom emoji translation without static file (#9893) 2020-05-27 20:11:52 +02:00
rate_limiter DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
scheduler FEATURE: log long running jobs in the defer queue 2018-10-12 17:03:47 +11:00
search FIX: skip invalid URLs when checking for audio/video in search blurbs 2019-11-06 10:32:15 -05:00
seed_data FIX: Consistently handle category param 2019-05-27 16:39:56 +08:00
sidekiq DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_settings UX: adds support for a color setting type (#9016) 2020-03-09 10:07:03 +01:00
stylesheet FEATURE: Support for publishing topics as pages (#9364) 2020-04-08 12:52:36 -04:00
svg_sprite Remove support for FontAwesome 4.7 icon names (#9871) 2020-05-26 14:53:32 -04:00
tasks FEATURE: whitelist theme repo mode (experimental) 2020-06-03 13:19:57 +10:00
theme_store FIX: don't break the private key when writing it out during theme import 2020-03-10 13:20:11 -04:00
turbo_tests FIX: Migration paths were being forgotten 2019-12-16 14:13:47 -05:00
validators FIX: `EmailValidator` needs to validate format of email. 2020-06-03 10:34:37 +08:00
webauthn SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
wizard FIX: Wizard was creating duplicate Light theme if Light was selected (#9464) 2020-04-20 08:31:43 -05:00
admin_confirmation.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
admin_constraint.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
admin_user_index_query.rb DEV: Standardize table sorting verbiage (#9757) 2020-05-14 20:10:59 -06:00
age_words.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
archetype.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
auth.rb DEV: Drop legacy OpenID 2.0 support (#8894) 2020-02-07 17:32:35 +00:00
avatar_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
backup_restore.rb FIX: Restore failed if schema contained objects not owned by the current DB user 2020-04-01 18:04:43 +02:00
badge_posts_view_manager.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
badge_queries.rb FIX: ensure wiki editor is assigned consistently 2020-03-27 12:41:06 +11:00
base62.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
bookmark_manager.rb FIX: Do not allow null options for bookmark manager 2020-05-08 15:24:59 +00:00
bookmark_query.rb FIX: Bookmark UI tweaks (#9604) 2020-05-01 16:14:20 +10:00
bookmark_reminder_notification_handler.rb FEATURE: Optionally delete bookmark when reminder sent (#9637) 2020-05-07 13:37:39 +10:00
browser_detection.rb FIX: Detect DiscourseHub user agent. 2019-08-09 11:58:15 +03:00
cache.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
canonical_url.rb FEATURE: default canonical URL (#9738) 2020-05-12 09:13:20 +10:00
category_badge.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
comment_migration.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_finder.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
configurable_urls.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
content_buffer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
content_security_policy.rb FIX: Allow CSP to work correctly for non-default hostnames/schemes (#9180) 2020-03-19 19:54:42 +00:00
cooked_post_processor.rb FEATURE: Download remote images even for old posts (#9925) 2020-05-29 17:13:55 +01:00
crawler_detection.rb FIX: Detect Wayback Machine using user agent (#9777) 2020-05-14 21:10:07 +10:00
csrf_token_verifier.rb DEV: Provide method for auth plugins to generate a CSRF token 2019-08-13 01:13:08 +01:00
current_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
custom_renderer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
custom_setting_providers.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
db_helper.rb FEATURE: allows multiple custom emoji groups (#9308) 2020-03-30 20:16:10 +02:00
directory_helper.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse.rb DEV: Actually disconnect from Redis connections after fork. 2020-06-02 11:40:16 +08:00
discourse_cookie_store.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_diff.rb FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
discourse_event.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
discourse_hub.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
discourse_ip_info.rb FIX: MaxMind DB file not downloading correctly 2020-01-05 22:08:13 +11:00
discourse_js_processor.rb Start Discourse in an initializer (#9930) 2020-05-29 14:37:02 -04:00
discourse_logstash_logger.rb FIX: Use 'hostname' when Discourse.os_hostname is not available 2020-02-18 13:37:39 +02:00
discourse_plugin_registry.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
discourse_redis.rb DEV: Add `REDIS_RAILS_FAILOVER` env to test our new redis failover. 2020-06-02 17:24:14 +08:00
discourse_tagging.rb FIX: tag topic counts wrong after adding synonyms 2020-02-14 12:15:29 -05:00
discourse_updates.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
disk_space.rb FIX: correct upload statistics report for external storage 2020-02-20 15:15:53 +11:00
distributed_cache.rb REFACTOR: distributed_cache is moved to the message_bus gem 2018-10-15 15:01:45 -04:00
distributed_memoizer.rb DEV: Replace `Time.new` with `Time.now` (#9142) 2020-03-09 17:37:49 +01:00
distributed_mutex.rb FIX: Off-by-one error setting the distributed mutex key to expire 2020-02-03 14:54:50 +00:00
edit_rate_limiter.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_backup_token.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
email_cook.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_updater.rb FIX: When admin changes staff email still enforce old email confirm (#9007) 2020-02-20 13:42:57 +10:00
encodings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
enum.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
enum_site_setting.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
excerpt_parser.rb FIX: do not raise error if 'class' attribute is not found. 2020-05-01 10:03:40 +05:30
feed_element_installer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
feed_item_accessor.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
file_helper.rb FIX: Consider webp a supported image format for upload (#9015) 2020-02-21 13:08:01 +10:00
filter_best_posts.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
final_destination.rb FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) 2019-12-12 12:49:21 +10:00
flag_query.rb DEV: Remove FlagQuery class and old code (#8064) 2019-09-12 13:21:33 -03:00
flag_settings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
gaps.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
global_path.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
guardian.rb FEATURE: whitelist theme repo mode (experimental) 2020-06-03 13:19:57 +10:00
has_errors.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
hijack.rb Take 2 of 0f5161af19. 2019-04-29 16:41:35 +08:00
homepage_constraint.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
html_prettify.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
html_to_markdown.rb FIX: server-side HtmlToMarkdown improvements (#9586) 2020-04-30 12:21:25 +02:00
image_sizer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
import_export.rb FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
inline_oneboxer.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
introduction_updater.rb FIX: replace default welcome topic post with new value from wizard 2020-04-01 15:42:45 -04:00
ip_addr.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
js_locale_helper.rb PERF: ensure we run full GC on contexts 2020-05-15 14:01:54 +10:00
json_error.rb FIX: Fix build. 2019-05-22 17:39:44 +03:00
letter_avatar.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
markdown_linker.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
mem_info.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
message_bus_diags.rb PERF: avoid shelling to get hostname aggressively 2020-02-18 15:13:19 +11:00
method_profiler.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
mini_sql_multisite_connection.rb DEV: Allow DB.after_commit to be used outside of a transaction 2020-05-04 09:42:41 +01:00
mobile_detection.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
new_post_manager.rb enqueue spam/dmarc failing emails instead of hiding (#8674) 2020-01-21 11:12:00 -05:00
new_post_result.rb Support for custom messages and redirects when creating posts (#8434) 2019-11-29 09:30:54 -05:00
notification_levels.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
oneboxer.rb FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
onpdiff.rb FIX: Show a correct diff when editing consecutive paragraphs (#8177) 2019-10-11 03:50:37 -04:00
pbkdf2.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
permalink_constraint.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
pinned_check.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plain_text_to_markdown.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
plugin_gem.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plugin_initialization_guard.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
post_action_creator.rb FIX: If creating a flag for a watched word, include the reason 2020-06-02 11:49:02 -04:00
post_action_destroyer.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_result.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_creator.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
post_destroyer.rb PERF: Dematerialize topic_reply_count (#9769) 2020-05-14 15:42:00 -07:00
post_jobs_enqueuer.rb FIX: the muted message should be sent after edit (#9593) 2020-05-01 08:33:57 +10:00
post_locker.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_merger.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_revisor.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
pretty_text.rb FIX: allows to have custom emoji translation without static file (#9893) 2020-05-27 20:11:52 +02:00
primary_group_lookup.rb UX: use "icon-picker" & "image-uploader" fields to set group flair. (#9779) 2020-05-25 11:08:47 +05:30
promotion.rb PERF: Dematerialize topic_reply_count (#9769) 2020-05-14 15:42:00 -07:00
quote_comparer.rb FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
rake_helpers.rb Try fix upload_spec flakys and remove logging from tasks/uploads_spec 2020-02-18 15:08:58 +10:00
rate_limiter.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
read_only_header.rb DEV: rename ReadOnly module to ReadOnlyHeader 2019-05-06 16:07:49 +02:00
retrieve_title.rb FEATURE: Nokogumbo (#9577) 2020-05-05 13:46:57 +10:00
route_format.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
rtl.rb Check site default locale if Rtl class is initialized without a user (#8417) 2019-11-26 15:01:37 -05:00
s3_helper.rb new S3 backup layout (#9830) 2020-05-29 00:28:23 +05:30
s3_inventory.rb FIX: Use updated_at in the S3 inventory job (#8823) 2020-01-31 11:02:44 +01:00
score_calculator.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
screening_model.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
search.rb UX: remove `in:unpinned` filter from advanced search page. (#9911) 2020-05-29 00:47:28 +05:30
secure_session.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
single_sign_on.rb FEATURE: support SSO website and location overrides 2020-04-28 16:06:35 +10:00
single_sign_on_provider.rb FIX: Handle missing provider return sso url 2020-05-12 18:16:50 -06:00
site_icon_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
site_setting_extension.rb FEATURE: Filter settings by plugin (#9692) 2020-05-10 14:07:45 +03:00
slug.rb FIX: If a prettified slug is a number, return defaultt (#8554) 2019-12-17 10:34:20 +10:00
socket_server.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
spam_handler.rb DEV: Avoid an additional query in `SpamHandler`. 2020-04-27 13:03:57 +08:00
sql_builder.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
staff_constraint.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
staff_message_format.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
suggested_topics_builder.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
system_message.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
text_cleaner.rb FEATURE: English locale with international date formats 2019-05-20 13:47:20 +02:00
text_sentinel.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_javascript_compiler.rb DEV: Remove `Discourse.RAW_TEMPLATES` (#9630) 2020-05-05 12:15:03 -04:00
theme_modifier_helper.rb DEV: Allow plugins to add theme modifiers via db migrations (#9192) 2020-03-12 16:35:28 +00:00
theme_settings_manager.rb FEATURE: add support for `upload` format in theme settings. 2020-04-15 18:34:02 +05:30
theme_settings_parser.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_parser.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
timeline_lookup.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_creator.rb FIX: sending messages to groups with non-lowercase names 2020-05-27 14:52:08 -06:00
topic_list_responder.rb Revert "FIX: don't compute draft for (ro)bots 🤖 in topics list" 2020-05-15 10:40:35 +08:00
topic_publisher.rb FIX: Use destroy_all instead of delete_all for shared drafts 2020-03-05 11:13:43 -08:00
topic_query.rb FEATURE: exclude muted categories from the "top" topics list. 2020-05-08 00:34:53 +05:30
topic_query_params.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
topic_query_sql.rb DEV: Rails 5.2 upgrade and global gem upgrade 2018-06-07 14:21:33 +10:00
topic_retriever.rb FIX: An `opts` hash was not, in fact, optional :) 2020-04-20 14:17:13 -04:00
topic_subtype.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_upload_security_manager.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
topic_view.rb FEATURE: Decorate topic-level bookmark button with reminder time (#9426) 2020-04-16 09:20:44 +10:00
topics_bulk_action.rb FIX: Unread topics not clearing when whisper is last post (#8271) 2019-11-01 09:19:43 +10:00
trust_level.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
turbo_tests.rb FIX: Made turbo_rspec display errors in shared groups correctly 2019-08-29 12:41:14 +01:00
twitter_api.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
unread.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
upload_creator.rb FIX: use correct command line attribute for `gifsicle` while scale down the gif. 2020-04-10 18:16:47 +05:30
upload_fixer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
upload_markdown.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_recovery.rb FEATURE: allow UploadRecovery to be run on a single post (#8094) 2019-10-02 14:57:36 +10:00
upload_security.rb FIX: Change secure media to encompass attachments as well (#9271) 2020-03-26 07:16:02 +10:00
url_helper.rb Minor change to case-insensitive regex for s3_presigned_url? 2020-02-03 14:22:35 +10:00
user_name_suggester.rb DEV: correct a few Ruby 2.7 deprecations 2019-11-28 13:13:29 +11:00
version.rb Version bump to v2.5.0.beta6 2020-06-01 14:13:48 -04:00
webauthn.rb DEV: stop freezing frozen strings 2020-04-30 16:48:53 +10:00
wizard.rb DEV: Allow plugins to add wizard steps after specific steps (#9315) 2020-04-01 08:36:50 -05:00