Commit graph

3207 commits

Author SHA1 Message Date
Guo Xiang Tan
512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Sam
33578a2c17 FIX: always import avatars during SSO if they are missing 2016-09-16 09:45:00 +10:00
Arpit Jalan
e46204d195 FIX: allow long words if they contain periods 2016-09-13 09:15:05 +05:30
Robin Ward
2c9a47dda5 FIX: Validate the raw content of posts before enqueuing them 2016-09-12 12:26:49 -04:00
Neil Lalonde
06eb256d0a FIX: blocking users should never hide all posts if they are trust level 1 or higher 2016-09-12 11:58:10 -04:00
Sam
2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Robin Ward
e78b7a243e FIX: Don't enqueue posts if the user can't create them (ex: closed) 2016-09-09 12:15:56 -04:00
Robin Ward
9609a47016 Ability to skip email validation via a plugin 2016-09-07 14:05:46 -04:00
Guo Xiang Tan
35bc0c943f More randomly failing specs fixes. 2016-09-05 19:33:03 +08:00
Erick Guan
9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Guo Xiang Tan
1f70fc9e11 Make sure we reset global in specs. 2016-09-05 18:18:14 +08:00
Guo Xiang Tan
31d900f7e7 Fix build. 2016-09-05 17:03:41 +08:00
Guo Xiang Tan
aa1f306894 Properly clean up plugin event in specs.. 2016-09-05 16:10:03 +08:00
Guo Xiang Tan
aabb7a8592 FIX: DiscourseEvent should not be triggered from within the controller. 2016-09-05 15:58:04 +08:00
Guo Xiang Tan
ec90655c41 FIX: Clean up specs properly. 2016-09-05 15:48:59 +08:00
Guo Xiang Tan
aa9decf6fd Remove DiscourseEvent.clear. 2016-09-05 15:17:49 +08:00
Sam
e0a2346b92 no more protocol-less CDN urls 2016-09-05 16:05:48 +10:00
Sam
59640bae3b FIX: absolute URL for CDN should always be rooted with a protocol 2016-09-05 15:57:46 +10:00
Guo Xiang Tan
e4b75f604c FIX: Make clean up upload script a safer task to run. 2016-09-05 10:06:02 +08:00
Sam
340874d345 FIX: post notifications in JSON so we properly support arrays and so on 2016-09-04 15:51:16 +10:00
Sam
1d281e02c7 id is optional if already specified in header 2016-09-02 17:08:46 +10:00
Sam
be0fd5b4cc FEATURE: allow user api key revocation for read only keys 2016-09-02 17:04:00 +10:00
Sam
0a39ba43ed FIX: always respect avatar_force_update 2016-09-02 12:04:22 +10:00
Sam
211c374df6 Merge pull request #4213 from fantasticfears/sso
FIX: Importing user avatar when new user login by SSO
2016-09-01 18:05:18 -07:00
Guo Xiang Tan
90a0327fd2 FIX: Check against reserved usernames should be case insensitive. 2016-08-31 21:53:41 +08:00
Robin Ward
7da44e3bf0 FEATURE: Support author meta tags for embedding 2016-08-30 12:01:04 -04:00
Erick Guan
0217973374
FIX: Importing user avatar when new user login by SSO 2016-08-29 20:47:19 +08:00
Neil Lalonde
2251104e32 FEATURE: avatar flair can be font awesome icons 2016-08-26 17:15:37 -04:00
Robin Ward
20241a01e9 FIX: Run the regular expression against query parameters 2016-08-26 12:47:47 -04:00
Sam
ca79c4b276 stop eating up push_urls 2016-08-26 13:23:06 +10:00
Sam
fcdf13f52d add some more testing 2016-08-26 13:18:20 +10:00
Sam
a37db9448f correctly return access rights in auth redirect 2016-08-26 13:12:38 +10:00
Sam
4fe52c8cbe FEATURE: backend support for pushing notifications to clients 2016-08-26 12:47:10 +10:00
Guo Xiang Tan
2f39293867 FIX: User enabled readonly mode was not working. 2016-08-25 23:31:59 +08:00
Neil Lalonde
7a81669c18 SECURITY: don't allow re-using the current password during password reset 2016-08-24 12:27:21 -04:00
Régis Hanol
038eb6f645 FIX: translations with a symbol as key should also be overridable 2016-08-24 11:53:03 +02:00
Robin Ward
c3a3aff120 FEATURE: Support for a whitelist for embeddable host paths 2016-08-23 14:56:12 -04:00
Robin Ward
1468616465 FIX: Support links with google analytics tracking and hashes 2016-08-23 12:13:31 -04:00
Guo Xiang Tan
17f0727b04 FIX: Don't track user profile view when viewed by system user. 2016-08-23 16:25:31 +08:00
Robin Ward
884bdf7240 FEATURE: Ability to scrub titles when importing embeddable content 2016-08-22 12:43:02 -04:00
Arpit Jalan
4a2f0e772c add specs for post ownership change without revision 2016-08-20 01:27:48 +05:30
Robin Ward
4061725a95 FIX: Don't ever grant badges when they're disabled 2016-08-19 15:16:37 -04:00
Guo Xiang Tan
3141c179f7 REFACTOR: Get bucket name from S3Helper. 2016-08-19 14:08:37 +08:00
Régis Hanol
eb953c0904 FIX: /categories page on mobile 2016-08-19 01:47:00 +02:00
Neil Lalonde
7195a103ab FEATURE: digests choose topics you're watching or tracking first 2016-08-18 17:16:52 -04:00
Guo Xiang Tan
9a6f54de6c Allow other directories to be specified when accessing fixtures. 2016-08-18 16:34:43 +08:00
Sam
3ea68f8f6c tweak headers so they can be consumed 2016-08-18 14:38:33 +10:00
Régis Hanol
45b1f9c0d3 fix smoke test 2016-08-17 23:59:18 +02:00
Régis Hanol
6d1d7b7c8f UX: new /categories layout 2016-08-17 23:23:16 +02:00
Neil Lalonde
d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00