33a05b9406
SECURITY: Users can only bookmark posts which they can see.
2016-12-21 12:06:56 +08:00
c10dfe0d1b
SECURITY: prevent reuse of password reset
2016-12-19 18:04:55 +11:00
402f06de27
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:18:32 +11:00
ef440a4381
Escape the hyphen
2016-09-19 08:54:21 +08:00
69691fa7a6
FIX: Backup validation wasn't escaping hyphens
...
Conflicts:
spec/controllers/admin/backups_controller_spec.rb
2016-09-19 08:53:54 +08:00
82fe884a7f
SECURITY: Add filename validation for backup uploads.
2016-09-16 12:50:59 +08:00
429f27ec96
SECURITY: Avoid mass assignment on user create
2016-08-05 11:57:13 -04:00
5f67cd7b45
FIX: tag input detects when a tag is not allowed and won't offer to create it anyway
2016-08-03 13:18:56 -04:00
bf683178a8
FIX: Remove tag plugin code from tag hashtag check.
2016-08-02 10:59:12 +08:00
681f566a66
FIX: staff members should be able to see raw email of deleted posts
2016-08-01 23:55:22 +02:00
1f12e41029
FIX: query for tag with no sub-categories
2016-07-28 16:59:00 -04:00
82e170d6a6
FIX: 404 when filtering by category, no sub-category, and a tag
2016-07-28 16:19:03 -04:00
77847f0d46
FIX: meta description tags for tags
2016-07-28 11:49:23 -04:00
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
36ddb1787e
FEATURE: Add toggle topic visibility button in popup menu.
2016-07-28 16:57:04 +08:00
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
6dac9075dc
new 'convert_pasted_images_quality' site setting
2016-07-27 19:59:44 +02:00
be099bb637
only convert pasted images to HQ jpg when it's at least 5% smaller
2016-07-27 19:55:13 +02:00
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
3c0df3510a
FIX: tags index should show all tags belonging to a category even if they have never been used
2016-07-26 16:04:11 -04:00
749b981759
FEATURE: new 'convert_pasted_images_to_hq_jpg' site setting
2016-07-25 23:01:28 +02:00
ece4fa82c9
FIX: add canonical link to tags topic lists
2016-07-25 16:16:19 -04:00
11b3b5e30a
FIX: when topic list is filtered by tag and category, subsequent page fetches would ignore the category filter
2016-07-25 16:16:18 -04:00
d2e22ab215
extract bounce scores into site settings
2016-07-25 17:27:28 +02:00
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
a74606c87c
PERF: tag groups index query
2016-07-15 17:16:26 -04:00
7b6d946613
FIX: searching received emails for TO was broken
2016-07-13 22:43:25 +02:00
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
c104e4c022
allow avatars up to 1000px
2016-07-05 18:49:33 +02:00
f256e3afb6
Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
...
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
0c6d8e155c
Merge pull request #4300 from NuckChorris/patch-2
...
Log RecordInvalid when verbose_sso_logging enabled
2016-07-01 14:12:06 +10:00
904d9735ab
Refactor desktop notifications to be more modular.
2016-07-01 00:11:32 +08:00
e265b7b090
Log RecordInvalid when verbose_sso_logging enabled
2016-06-29 22:12:25 -07:00
99e88ce39f
FIX: n+1 query when fetching tag groups
2016-06-29 18:41:22 -04:00
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode.
2016-06-29 15:10:01 +08:00
20359788dc
Rename SiteSetting#use_https to force_https.
2016-06-29 15:02:43 +08:00
e221414935
PERF: Remove N+1 queries on user messages page.
2016-06-29 09:30:54 +08:00
1411eedad3
FEATURE: offer to unwatch categories when unwatching category
2016-06-28 18:34:20 +10:00
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
3232ce8265
FIX: better error message when trying to approve post for closed/deleted topic
2016-06-24 15:11:45 +05:30
5bfc9cf69e
Allow API to create staged users
2016-06-23 12:27:05 +02:00
2ecd0da59f
REFACTOR: use same code path for handling emails via API and POP
2016-06-22 15:50:49 +02:00
2d425892c4
FIX: update list of invited users after inviting
2016-06-21 16:01:29 +10:00
7fca6f502f
fix and improve image downsizing algorithm
2016-06-20 12:35:07 +02:00
8866169879
FEATURE: can invite/revoke groups on private messages
2016-06-20 16:29:27 +10:00
