fc36f095a7
FIX: ensure proper header transfer (except for cache control)
...
allows discourse special headers to be visible on hijacked reqs
2018-01-21 14:26:42 +11:00
12872d03be
PERF: run post timings in background
...
This means that if a very large amount of registered users hit
a single topic we will handle it gracefully, even if db gets slow.
2018-01-19 08:27:29 +11:00
2a22b90538
SECURITY: email domain whitelist could be bypassed
2018-01-17 21:45:32 +01:00
34ed6088b9
FEATURE: New modal to show flags received for a user
2018-01-17 15:08:08 -05:00
e04fb9a877
fix the build
2018-01-17 12:57:33 +05:30
79eb9d7086
FEATURE: show header search results on search log term details page
2018-01-17 12:47:16 +05:30
1208254961
FIX: validate presence of 'top menu' setting
2018-01-17 01:43:53 +05:30
d7657d8e47
correct specs, ensure crawler layout only applies to html
2018-01-16 16:28:11 +11:00
7b562d2f46
FEATURE: much improved and simplified crawler detection
...
- phase one does it match 'trident|webkit|gecko|chrome|safari|msie|opera'
yes- well it is possibly a browser
- phase two does it match 'rss|bot|spider|crawler|facebook|archive|wayback|ping|monitor'
probably a crawler then
Based off: https://gist.github.com/SamSaffron/6cfad7ea3e6df321ffb7a84f93720a53
2018-01-16 15:41:45 +11:00
215c0d5569
FEATURE: allow system api to target users via external id or user id
...
usage ?api_key=XYZ&api_user_external_id=ABC
usage ?api_key=XYZ&api_user_id=123
2018-01-12 17:40:18 +11:00
988b13ac77
FIX: GitHub auth always asking to verify email for new users ( #5487 )
2018-01-12 15:17:29 +11:00
9f7ae908d8
Add specs to check email domain whitelist/blacklist for To and Cc
2018-01-10 16:57:26 +01:00
cecd7d0d07
FEATURE: global rate limiter can bypass local IPs
2018-01-08 08:39:17 +11:00
f086d28b30
FIX: Do not validate messages sent to mailing list mirror
2018-01-05 11:21:53 +01:00
e0d73a957d
FEATURE: Allow posting via email to read-only mailing list mirror category
2018-01-05 11:21:53 +01:00
d7cd7e4dc7
FIX: Never mark emails sent to mailing list mirror as auto-generated
2018-01-05 11:21:53 +01:00
ceb7590bcb
FIX: bounced email can contain multiple status codes
2018-01-03 17:59:20 +01:00
805d1c25d3
Merge pull request #5451 from tgxworld/treat_non_ascii_urls_as_valid
...
Treat non-ascii URLs in `UrlValidator`.
2017-12-27 14:14:20 +08:00
a9e2fc59c4
FIX: [constructor] bbcode would cause markdown crash
2017-12-27 16:11:30 +11:00
ef4c6c67ba
fix the build
2017-12-23 14:42:40 +05:30
0514ac4ee2
FIX: verify presence of 'sso url' before enabling 'enable sso'
2017-12-23 13:30:49 +05:30
d6b22e6cc1
FIX: whitelist oneboxed iframes
2017-12-23 01:56:33 +01:00
4b51871f6a
Treat non-ascii URLs in UrlValidator.
2017-12-21 14:22:55 +08:00
6ecf37c482
Improve URL validation to check for a valid host.
...
Parsing a URL with `URI` is not sufficient as the following cases
are considered valid:
URI.parse("http://https://google.com ")
=> #<URI::HTTP http://https//google.com >
2017-12-21 13:50:15 +08:00
21e1b05c7e
FIX: Don't disable details when below truncate limit
2017-12-20 15:45:00 -05:00
a0aca83c12
FIX: Broken spec
2017-12-19 17:55:41 -05:00
b3fda0ea86
FIX: details tags broke excerpts
2017-12-19 17:28:55 -05:00
57a1190b07
FIX: correct issue with search omitting words with multiple dots
...
Previously we used to break up words with dots incorrectly leading to
missing search terms
2017-12-19 16:04:24 +11:00
81b3a4a3da
improve spec
2017-12-15 11:42:51 +11:00
f2565f6c7e
SECURITY: Any group can be invited into a PM.
2017-12-14 14:57:48 +08:00
67aecff59c
FEATURE: store twitter supplied email for auditing
2017-12-14 15:54:32 +11:00
e30851e45a
Move escape_uri method to a more suitable place
2017-12-12 20:17:46 +01:00
6ade508f39
FIX: Prevent 'rack.input' missing error.
2017-12-12 16:40:35 +08:00
ff6dda85b7
FIX: replace curly quotes to regular quotes in search terms
2017-12-12 11:17:28 +05:30
4986ebcf24
FEATURE: optional default off global per ip rate limiter
2017-12-11 17:52:57 +11:00
68d3c2c74f
FEATURE: add global rate limiter for admin api 60 per minute
...
Also move configuration of admin and user api rate limiting into global
settings. This is not intended to be configurable per site
2017-12-11 11:07:22 +11:00
90a55d6f7c
FIX: handle CORS in hijacked requests
2017-12-07 10:31:04 +11:00
16738cfb1b
FEATURE: convert plain text emails to markdown
2017-12-06 01:47:51 +01:00
5f318a5241
FEATURE: Replace SimpleRSS with Ruby RSS module ( #5311 )
...
* SPEC: PollFeedJob parsing atom feed
* add FeedItemAccessor
It is to provide a consistent interface to access a feed item's tag
content.
* add FeedElementInstaller
to install non-standard and non-namespaced feed elements
* FEATURE: replace SimpleRSS with Ruby RSS module
* get FinalDestination and download with Excon
* support namespaced element with FeedElementInstaller
2017-12-06 10:45:09 +11:00
995bf3c84e
correct spec on Ruby 2.3
2017-12-05 07:04:41 +11:00
5a9622163d
FIX: regression around rate limiter
2017-12-04 21:44:16 +11:00
dd70ef3abf
Revert "Revert "PERF: improve speed of rate limiter""
...
This reverts commit 2373d85239b7c19a04aab74155360d7dd572a1eb.
2017-12-04 21:23:11 +11:00
2373d85239
Revert "PERF: improve speed of rate limiter"
...
This reverts commit a9bcdd7f279827e86ec474bcf4c9ed96bc1c0060.
2017-12-04 21:19:28 +11:00
d041377ccf
correct test that does not work with discobot
2017-12-04 18:20:05 +11:00
a9bcdd7f27
PERF: improve speed of rate limiter
...
Also
- adds a global rate limiter option
- cleans up usage in tests
- fixes freeze_time so it handles clock_gettime
2017-12-04 18:17:30 +11:00
b18cc81609
Make rubocop happy.
2017-12-04 10:55:31 +08:00
22140efa70
Tests are still leaking connection after skipping.
...
* Could be in the setup.
2017-12-04 10:46:30 +08:00
4c8402c50f
Skip test that is leaking connections.
2017-12-04 09:26:51 +08:00
7f2eeaf767
FIX: Password required flag should be cleared whenever clearing the raw password ( #5384 )
2017-12-01 15:19:24 +11:00
b1375ef44e
Ensure that we disconnect connection in test.
2017-11-29 20:57:13 +08:00
