Commit Graph

3095 Commits

Author SHA1 Message Date
b8340c6c8e Merge pull request from GHSA-hv9p-jfm4-gpr9
* SECURITY: Add confirmation screen when logging in via email link

* SECURITY: Add confirmation screen when logging in via user-api OTP

* FIX: Correct translation key in session controller specs

* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
863d8014d0 FIX: respond with 400 error on invalid redirect param 2019-06-17 16:44:30 +05:30
704c579550 FIX: do not allow unbound membership lookups
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
36e53db300 Fix the build. 2019-06-12 16:44:17 +05:30
7b66f8fb46 DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
e2636f0ec7 FIX: handle array in redirect param 2019-06-11 17:49:09 +05:30
a046f6ced5 FEATURE: Trigger Discourse events from authenticators. (#7724) 2019-06-11 11:28:42 +10:00
bae7b75e23 FIX: Updating a user profile as admin shouldn't change the user's locale 2019-06-07 17:53:46 +02:00
cbd4d06da0 PERF: only check for totp record on current user at when needed
Previously the check was done a bit too early causing one extra query
per page unconditionally for logged on users
2019-06-07 16:25:04 +10:00
f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677)
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
2019-06-06 13:27:24 +10:00
e0c821ebb0 FEATURE: Make staff action logs page support infinite loading 2019-06-06 13:02:53 +10:00
b510006ca8 FEATURE: show tags in crawler view of tags page for static site
Previously tags page would have an empty page in crawler view
2019-06-06 12:55:37 +10:00
c3a38d2304 DEV: Make groups/new extensible by plugins (#7642)
* Expose a new plugin outlet. Pass group model to the group-member-dropdown so it can be accessed by plugins

* Added controller tests for group custom fields. update custom fields when updating a group
2019-06-06 12:05:33 +10:00
d902c4eb9f FEATURE: Can sort reviewable queue
Choices are Priority / Created At (and desc versions.)
2019-06-05 13:21:05 -04:00
ce79a71c5d typo s/faivcon/favicon (#7697) 2019-06-05 09:46:07 +02:00
b9df7a2257 FIX: if favicon is missing due to bad url we would return a 500 on favicons
This ensures that the error logging does not corrupt the cache
2019-06-05 16:43:40 +10:00
e7fe7010b8 FIX: use hijack for processing bulk invites (#7679)
FIX: do not store bulk invite CSV file on server
2019-06-04 20:19:46 +05:30
33bc8c276d FIX: default top timeframe was overriding best_periods_for 2019-06-04 10:57:50 +02:00
d7ff640778 fix the build 2019-06-03 20:42:46 +02:00
42809f4d69 FIX: use crawler layout when saving url in Wayback Machine (#7667) 2019-06-03 12:13:32 +10:00
e302c0af8b DEV: by default disable anon impersonation in dev environments
The impersonate any user by anonymous feature in dev should require a
deliberate opt-in. This way developers are better aware of the security
implications of this development only feature.
2019-06-03 10:02:27 +10:00
2e0a40007b FIX: Category topics should not be deletable via review queue 2019-05-30 16:43:23 -04:00
e7ee556e87 Support multi-group user search 2019-05-30 08:45:20 +08:00
a3938f98f8 Revert changes to FileStore::S3Store#path_for in f0620e7118a76a1faea0ca15ac554818f8bb1bcf.
There are some places in the code base that assumes the method should
return nil.
2019-05-29 18:39:07 +08:00
f0620e7118 FEATURE: Support [description|attachment](upload://<short-sha>) in MD take 2.
Previous attempt was missing `post_uploads` records.
2019-05-29 09:26:32 +08:00
7c9fb95c15 Temporarily revert "FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603)"
This reverts commit b1d3c678ca39cf7f09ac3eb257c7153d4863a2a9.

We need to make sure post_upload records are correctly stored.
2019-05-28 16:37:01 -04:00
b1d3c678ca FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603) 2019-05-28 11:18:21 -04:00
07b80d491b FIX: Refresh automatic groups after inviting moderators. 2019-05-28 17:19:34 +08:00
7429700389 FIX: ensure we can download maxmind without redis or db config
This also corrects FileHelper.download so it supports "follow_redirect"
correctly (it used to always follow 1 redirect) and adds a `validate_url`
param that will bypass all uri validation if set to false (default is true)
2019-05-28 10:28:57 +10:00
d26c4509ea FIX: Adding a user to a group twice under concurrency
This prevents an error from being raised / logged.
2019-05-27 15:42:40 -04:00
dfcc2e7ad8 Revert "FEATURE: Send notification when member was accepted to group. (#7503)"
This reverts commit 42c82d544ecfe138da5b0b5a336be2109179cf26.
2019-05-27 15:19:59 -04:00
d95a68b837 FEATURE: When suspending a user, allow the Delete + Replies action
Previously you could only delete the post
2019-05-27 12:27:16 -04:00
42c82d544e FEATURE: Send notification when member was accepted to group. (#7503) 2019-05-27 17:28:41 +03:00
f4a471f0eb FIX: Correctly cache hash of extra translations 2019-05-24 11:38:26 +02:00
c1e9a70d59 FIX: Fallback locale was not available for extra translations
Translations from fallback locales were not sent to the client
for admin_js and wizard_js.
2019-05-24 11:38:26 +02:00
e74cd54fc6 REFACTOR: Replace score bonuses with low/med/high priorities
We removed score from the UX so it makes more sense to have sites set
priorities instead of score bonuses.
2019-05-23 11:54:45 -04:00
b788948985 FEATURE: English locale with international date formats
Makes en_US the new default locale
2019-05-20 13:47:20 +02:00
148bfc9be5 DEV: Simplify client and server side code to support removing tags.
Follow up to 834c86678fc9b0900d8ce83365068c41bc34f63f.
2019-05-17 16:39:20 +08:00
834c86678f FIX: Missing post revision when editing the first post. 2019-05-17 12:54:27 +08:00
e2444e0d31 DEV: Fix another frozen string error. 2019-05-17 10:07:37 +08:00
227bedebf7 DEV: Fix modifying a frozen string. 2019-05-16 11:30:31 +08:00
1299c94a52 FIX: Make serverside and clientside omniauth origin redirects consistent
Previously external domains were allowed in the client-side redirects, but not the server-side redirects. Now the behavior is to only allow local origins.
2019-05-15 12:40:51 +01:00
42b10a646d FIX: return 404 only if upload url also not internal. 2019-05-15 02:06:54 +05:30
607c671003 Fix string literal when switching theme in dev env 2019-05-13 10:25:51 -04:00
64c117519e Fix modifying frozen strings errors take 3. 2019-05-13 16:45:23 +08:00
74989783da Fix modifying frozen strings error in OneboxController. 2019-05-13 16:25:52 +08:00
81c329fbb8 FIX: Customizing missing pluralized translations didn't work 2019-05-13 09:36:05 +02:00
8165ceb320 Make rubocop happy. 2019-05-13 09:55:44 +08:00
30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
b380ed5282 FEATURE: Claim Reviewables by Topic
This is a feature that used to be present in discourse-assign but is
much easier to implement in core. It also allows a topic to be assigned
without it claiming for review and vice versa and allows it to work with
category group reviewers.
2019-05-09 13:40:36 -04:00