73a45048a0
FIX: Upload#short_url generates incorrect URL when extension is nil.
2019-06-19 09:10:50 +08:00
e8b9f38374
FIX: Don't allow users to edit topic information when the OP is locked
...
see:
https://meta.discourse.org/t/user-able-to-edit-title-of-locked-post/104826
2019-06-18 14:22:38 -04:00
893b50031d
replace subfolder on cdn url conversion between general cdn and s3 ( #7764 )
...
When both a cdn URL and an s3 cdn URL defined, subfolder paths were leaking
through to the s3 cdn URL. If we are replacing the cdn url with the s3_cdn url,
we also need to make sure that the subpath is removed as well, as it appears in
the original cdn url.
The test should give a fairly good gist of the situations - in subfolder
situations where s3_cdn and a cdn is defined:
`asset_path` returns the asset with a subfolder, in the form `{cdn_url}/{subfolder}/{asset_path}`
Currently this is being replaced to `{s3_cdn_url}/{subfolder}/{asset_path}`
I am proposing we change this to: `{s3_cdn_url}/{asset_path}` as it seems like
for s3_cdn urls we should not be carrying around app subfolder pathing anywhere
we are looking up s3 paths.
2019-06-17 11:51:17 -07:00
e6e47f2fb2
SECURITY: Add confirmation screen when logging in via user-api OTP
2019-06-17 16:18:44 +01:00
52387be4a4
SECURITY: Add confirmation screen when logging in via email link
2019-06-17 16:18:37 +01:00
5f6f707080
Revert "Merge pull request from GHSA-hv9p-jfm4-gpr9"
...
This reverts commit b8340c6c8e50a71ff1bca9654b9126ca5a84ce9a.
2019-06-17 16:17:10 +01:00
b8340c6c8e
Merge pull request from GHSA-hv9p-jfm4-gpr9
...
* SECURITY: Add confirmation screen when logging in via email link
* SECURITY: Add confirmation screen when logging in via user-api OTP
* FIX: Correct translation key in session controller specs
* FIX: Use .email-login class for page
2019-06-17 15:59:41 +01:00
863d8014d0
FIX: respond with 400 error on invalid redirect param
2019-06-17 16:44:30 +05:30
704c579550
FIX: do not allow unbound membership lookups
...
Previously we would allow looking up membership limits in an unbound way
via the API, this introduces an upper limit of 1000 per page.
2019-06-17 15:32:06 +10:00
fe4f0a4369
FIX: staged users should not be included in TL groups
...
staged users should not be included in any automatic groups cause for all
purposes they do not exist.
2019-06-17 15:10:47 +10:00
5d16d10a9e
DEV: Fix edge case for InlineUploads.
2019-06-14 13:48:03 +08:00
befb074c98
DEV: InlineUploads should process CDN upload URLs as well.
2019-06-14 13:14:37 +08:00
41abebcbce
DEV: Support both http and https for InlineUploads.
2019-06-14 12:48:31 +08:00
c9db897777
FIX: Remove onebox src from Jobs::PullHotlinkedImages.
...
The test that was added is incorrect because the post was not cooked.
2019-06-14 09:21:25 +08:00
35d6fff69e
PERF: use url instead of file key in temporary inventory table.
2019-06-13 22:03:58 +05:30
7a0d031bc4
FIX: InlineUploads matching on external bbcode img url.
2019-06-13 13:47:36 +08:00
782e583844
FIX: Edge cases with markdown references for InlineUploads.
2019-06-13 12:08:01 +08:00
93c552afda
FIX: InlineUploads does not correct urls with uppercase extension.
2019-06-13 11:19:33 +08:00
b4686934dd
DEV: add spec for removed group bio
2019-06-12 18:03:29 +02:00
7b66f8fb46
DEV: optimize bulk invite process
2019-06-12 16:33:19 +05:30
641521896c
FIX: Cover more edge cases in InlineUploads.
2019-06-12 17:06:58 +08:00
739696fdf0
DEV: improve spec to specify all code block formats
...
Previously we only covered a few, this covers a few more formats.
2019-06-12 18:34:30 +10:00
89c4332ac1
DEV: correct spec making bad assumptions
...
bio_cooked is not meant to be touched directly, on save we "cook" the raw
bio.
2019-06-12 16:31:50 +10:00
73bf880f74
FIX: Correct more edge cases with InlineUploads.
2019-06-12 10:44:25 +08:00
ff48fbdfda
FIX: InlineUploads raises an error when img tag is invalid.
2019-06-12 10:31:00 +08:00
934adb14d2
FIX: On tag change notify only users watching the tag. ( #7707 )
2019-06-11 18:06:54 +03:00
1881e895dc
SPEC: correctly skips invalid upload urls
...
788f995f30d09d6d99de6f213120ee7957248dd5
2019-06-11 20:15:40 +05:30
788f995f30
FIX: skip external urls which has upload url in query string.
...
Add spec tests for post.each_upload_url method. e8fafbc123170dd1f7d2a8adea4e7810585d3e76
2019-06-11 19:55:02 +05:30
e2636f0ec7
FIX: handle array in redirect param
2019-06-11 17:49:09 +05:30
40e67971f9
DEV: Add spec for Email::Sender for upload links in plain text emails.
2019-06-11 16:02:24 +08:00
fb0a655e8a
FEATURE: Update pull hotlinked images to use Upload#short_url.
2019-06-11 15:17:29 +08:00
42ab016856
FIX: Use markdown for images and attachments in Email::Receiver.
2019-06-11 14:49:46 +08:00
9d0fba64c0
FIX: Use attachment format in user export system post take 2.
2019-06-11 12:15:11 +08:00
06d974d55c
FEATURE: Add base62 sha1 to cooked data attribute
...
* FEATURE: Add base62 sha1 to data attribute in `Post#cooked`.
* FIX: Use `Upload#short_url` when quoting an image.
2019-06-11 11:15:45 +10:00
7b17eb06da
FEATURE: ban any SSO attempts with invalid external id
...
We now treat any external_id of blank string (" " or " " or "", etc) or a
invalid word (none, nil, blank, null) - case insensitive - as invalid.
In this case the client will see "please contact admin" the logs will explain
the reason clearly.
2019-06-11 10:04:26 +10:00
ef37af5ab0
FIX: Broken spec
2019-06-10 11:50:48 -04:00
8c4e16eafd
FIX: In reply to would sometimes have a broken link
2019-06-10 11:33:10 -04:00
799bd62803
DEV: Improve PrettyText spec to test for markdown image title attr.
2019-06-10 11:00:23 +08:00
45aebd00a5
SPEC: improve the spec using stubbed S3 client.
...
4d1204b5e8f934e2cb333d0be15b555c2a457a89
2019-06-08 18:10:35 +05:30
19edc4abb8
FIX: English locale must not fall back to any other locale
2019-06-07 21:53:01 +02:00
a08b2589d4
FIX: removing hidden tag bumps topic when all tags are removed
...
JS sends empty string to remove all tags.
2019-06-07 14:25:46 -04:00
bae7b75e23
FIX: Updating a user profile as admin shouldn't change the user's locale
2019-06-07 17:53:46 +02:00
e3a9a2d2dd
FIX: Avoid infinite loop if disk space is low
...
We now continue to enqueue the pull_hotlinked_images job for optimized images, even if disk space is low
2019-06-07 14:24:22 +01:00
65b0cafc03
FIX: Always schedule pull_hotlinked_images in cooked_post_processor
...
The job is now used to pull optimized images, and images from other sites on the same CDN. This needs to run even if download_remote_images is false
2019-06-07 13:08:23 +01:00
54afa314fb
FIX: Do not download emojis in pull_hotlinked_images
2019-06-07 13:00:52 +01:00
f88dced0b7
PERF: optimize lookup of reviewable info in post stream
...
This previously was a hot path in topic view. Avoids an expensive active
record operation and instead perform SQL directly which is far more
targeted and efficient
2019-06-07 18:12:30 +10:00
8bd815dab2
FIX: Permit new tags when allow_global_tags true. ( #7722 )
2019-06-07 15:45:16 +10:00
ff3a1eae3a
FIX: ensure consistency should handle cases where a topic trashed
...
Followup to c05b6170
2019-06-07 14:57:56 +10:00
ee142c2173
DEV: More improvements to InlineUploads.
...
* Convert inline links to short path
```
<link> <link>
<link>
```
to
```
<short_path> <short_path>
<short_path>
```
2019-06-07 11:49:30 +08:00
c05b617067
FIX: ensure_consistency was able to create corrupt category topics
...
- Correct create_category_definition to skip validations and use a
transaction, no longer able to create corrupt topics
- ensure_consistency now clears topic_id if pointing at deleted or missing
topic_id
- Stop creating category definition topics for uncategorized
2019-06-07 11:20:13 +10:00
