b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
...
* SECURITY: Add confirmation screen when logging in via email link
* SECURITY: Add confirmation screen when logging in via user-api OTP
* FIX: Correct translation key in session controller specs
* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
863d8014d0
FIX: respond with 400 error on invalid redirect param
2019-06-17 16:44:30 +05:30
704c579550
FIX: do not allow unbound membership lookups
...
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
36e53db300
Fix the build.
2019-06-12 16:44:17 +05:30
7b66f8fb46
DEV: optimize bulk invite process
2019-06-12 16:33:19 +05:30
e2636f0ec7
FIX: handle array in redirect param
2019-06-11 17:49:09 +05:30
a046f6ced5
FEATURE: Trigger Discourse events from authenticators. ( #7724 )
2019-06-11 11:28:42 +10:00
bae7b75e23
FIX: Updating a user profile as admin shouldn't change the user's locale
2019-06-07 17:53:46 +02:00
cbd4d06da0
PERF: only check for totp record on current user at when needed
...
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
2019-06-07 16:25:04 +10:00
f00275ded3
FEATURE: Support private attachments when using S3 storage ( #7677 )
...
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
e0c821ebb0
FEATURE: Make staff action logs page support infinite loading
2019-06-06 13:02:53 +10:00
b510006ca8
FEATURE: show tags in crawler view of tags page for static site
...
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
c3a38d2304
DEV: Make groups/new extensible by plugins ( #7642 )
...
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins
* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
d902c4eb9f
FEATURE: Can sort reviewable queue
...
Choices are Priority / Created At (and desc versions.)
2019-06-05 13:21:05 -04:00
ce79a71c5d
typo s/faivcon/favicon ( #7697 )
2019-06-05 09:46:07 +02:00
b9df7a2257
FIX: if favicon is missing due to bad url we would return a 500 on favicons
...
This ensures that the error logging does not corrupt the cache
2019-06-05 16:43:40 +10:00
e7fe7010b8
FIX: use hijack for processing bulk invites ( #7679 )
...
FIX: do not store bulk invite CSV file on server
2019-06-04 20:19:46 +05:30
33bc8c276d
FIX: default top timeframe was overriding best_periods_for
2019-06-04 10:57:50 +02:00
d7ff640778
fix the build
2019-06-03 20:42:46 +02:00
42809f4d69
FIX: use crawler layout when saving url in Wayback Machine ( #7667 )
2019-06-03 12:13:32 +10:00
e302c0af8b
DEV: by default disable anon impersonation in dev environments
...
The impersonate any user by anonymous feature in dev should require a
deliberate opt-in. This way developers are better aware of the security
implications of this development only feature.
2019-06-03 10:02:27 +10:00
2e0a40007b
FIX: Category topics should not be deletable via review queue
2019-05-30 16:43:23 -04:00
e7ee556e87
Support multi-group user search
2019-05-30 08:45:20 +08:00
a3938f98f8
Revert changes to FileStore::S3Store#path_for
in f0620e7118a76a1faea0ca15ac554818f8bb1bcf.
...
There are some places in the code base that assumes the method should
return nil.
2019-05-29 18:39:07 +08:00
f0620e7118
FEATURE: Support [description|attachment](upload://<short-sha>)
in MD take 2.
...
Previous attempt was missing `post_uploads` records.
2019-05-29 09:26:32 +08:00
7c9fb95c15
Temporarily revert "FEATURE: Support [description|attachment](upload://<short-sha>)
in MD. ( #7603 )"
...
This reverts commit b1d3c678ca39cf7f09ac3eb257c7153d4863a2a9.
We need to make sure post_upload records are correctly stored.
2019-05-28 16:37:01 -04:00
b1d3c678ca
FEATURE: Support [description|attachment](upload://<short-sha>)
in MD. ( #7603 )
2019-05-28 11:18:21 -04:00
07b80d491b
FIX: Refresh automatic groups after inviting moderators.
2019-05-28 17:19:34 +08:00
7429700389
FIX: ensure we can download maxmind without redis or db config
...
This also corrects FileHelper.download so it supports "follow_redirect"
correctly (it used to always follow 1 redirect) and adds a `validate_url`
param that will bypass all uri validation if set to false (default is true)
2019-05-28 10:28:57 +10:00
d26c4509ea
FIX: Adding a user to a group twice under concurrency
...
This prevents an error from being raised / logged.
2019-05-27 15:42:40 -04:00
dfcc2e7ad8
Revert "FEATURE: Send notification when member was accepted to group. ( #7503 )"
...
This reverts commit 42c82d544ecfe138da5b0b5a336be2109179cf26.
2019-05-27 15:19:59 -04:00
d95a68b837
FEATURE: When suspending a user, allow the Delete + Replies action
...
Previously you could only delete the post
2019-05-27 12:27:16 -04:00
42c82d544e
FEATURE: Send notification when member was accepted to group. ( #7503 )
2019-05-27 17:28:41 +03:00
f4a471f0eb
FIX: Correctly cache hash of extra translations
2019-05-24 11:38:26 +02:00
c1e9a70d59
FIX: Fallback locale was not available for extra translations
...
Translations from fallback locales were not sent to the client
for admin_js and wizard_js.
2019-05-24 11:38:26 +02:00
e74cd54fc6
REFACTOR: Replace score bonuses with low/med/high priorities
...
We removed score from the UX so it makes more sense to have sites set
priorities instead of score bonuses.
2019-05-23 11:54:45 -04:00
b788948985
FEATURE: English locale with international date formats
...
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
148bfc9be5
DEV: Simplify client and server side code to support removing tags.
...
Follow up to 834c86678fc9b0900d8ce83365068c41bc34f63f.
2019-05-17 16:39:20 +08:00
834c86678f
FIX: Missing post revision when editing the first post.
2019-05-17 12:54:27 +08:00
e2444e0d31
DEV: Fix another frozen string error.
2019-05-17 10:07:37 +08:00
227bedebf7
DEV: Fix modifying a frozen string.
2019-05-16 11:30:31 +08:00
1299c94a52
FIX: Make serverside and clientside omniauth origin redirects consistent
...
Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 12:40:51 +01:00
42b10a646d
FIX: return 404 only if upload url also not internal.
2019-05-15 02:06:54 +05:30
607c671003
Fix string literal when switching theme in dev env
2019-05-13 10:25:51 -04:00
64c117519e
Fix modifying frozen strings errors take 3.
2019-05-13 16:45:23 +08:00
74989783da
Fix modifying frozen strings error in OneboxController
.
2019-05-13 16:25:52 +08:00
81c329fbb8
FIX: Customizing missing pluralized translations didn't work
2019-05-13 09:36:05 +02:00
8165ceb320
Make rubocop happy.
2019-05-13 09:55:44 +08:00
30990006a9
DEV: enable frozen string literal on all files
...
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
b380ed5282
FEATURE: Claim Reviewables by Topic
...
This is a feature that used to be present in discourse-assign but is
much easier to implement in core. It also allows a topic to be assigned
without it claiming for review and vice versa and allows it to work with
category group reviewers.
2019-05-09 13:40:36 -04:00