Commit graph

804 commits

Author SHA1 Message Date
Guo Xiang Tan
512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Robin Ward
2c9a47dda5 FIX: Validate the raw content of posts before enqueuing them 2016-09-12 12:26:49 -04:00
Sam
2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Robin Ward
e78b7a243e FIX: Don't enqueue posts if the user can't create them (ex: closed) 2016-09-09 12:15:56 -04:00
Sam
1d281e02c7 id is optional if already specified in header 2016-09-02 17:08:46 +10:00
Sam
be0fd5b4cc FEATURE: allow user api key revocation for read only keys 2016-09-02 17:04:00 +10:00
Erick Guan
0217973374
FIX: Importing user avatar when new user login by SSO 2016-08-29 20:47:19 +08:00
Neil Lalonde
2251104e32 FEATURE: avatar flair can be font awesome icons 2016-08-26 17:15:37 -04:00
Sam
ca79c4b276 stop eating up push_urls 2016-08-26 13:23:06 +10:00
Sam
fcdf13f52d add some more testing 2016-08-26 13:18:20 +10:00
Sam
a37db9448f correctly return access rights in auth redirect 2016-08-26 13:12:38 +10:00
Neil Lalonde
d079f69b7b FEATURE: add flair to avatars using new settings in the groups admin UI 2016-08-17 15:13:15 -04:00
Sam
a25a8115e8 FEATURE: support HEAD request to /user-api-key/new
This allows us to cleanly sniff to find if it exists
2016-08-17 09:58:19 +10:00
Sam
416e7e0d1e FEATURE: basic UI to view user api keys 2016-08-16 17:06:52 +10:00
Neil Lalonde
3b792054f2 Merge pull request #4387 from gdpelican/feature/tags-intersection
FEATURE: Tags intersection page
2016-08-15 16:24:29 -04:00
James Kiesel
037e9bb7b8 Support any number of tag intersections 2016-08-15 15:30:17 -04:00
Sam
fc095acaaa Feature: User API key support (server side implementation)
- Supports throttled read and write
- No support for push yet, but data is captured about intent
2016-08-15 17:59:36 +10:00
James Kiesel
7e73b933c7 First pass 2016-08-12 15:28:46 -04:00
Sam
7e4503dd99 FEATURE: basic info route for all sites, even ones that require login
This information is public in meta tags already on home page, providing a
route allows consumers to check it way more cheaply
2016-08-12 17:10:35 +10:00
Sam
afaba56de3 FEATURE: missing API endpoint for topic tracking states 2016-08-12 17:10:35 +10:00
Robin Ward
429f27ec96 SECURITY: Avoid mass assignment on user create 2016-08-05 11:57:13 -04:00
Neil Lalonde
5f67cd7b45 FIX: tag input detects when a tag is not allowed and won't offer to create it anyway 2016-08-03 13:18:56 -04:00
Régis Hanol
681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Neil Lalonde
82e170d6a6 FIX: 404 when filtering by category, no sub-category, and a tag 2016-07-28 16:19:03 -04:00
Robin Ward
2f8ab8cd30 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 11:38:12 -04:00
Sam
c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4 SECURITY: limit route access when using external avatars 2016-07-28 09:00:43 +10:00
Arpit Jalan
c626558d36 UX: group pages should not show Messages tab to unauthorised users (#4318) 2016-07-09 00:50:04 +05:30
Robin Ward
1eb64151f6 User interface for watching first post 2016-07-07 11:21:50 -04:00
Robin Ward
ccf9b70671 When restoring a backup, disable emails.
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Sam
8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00
Sam
dd1a184955 Correct mailing list mode unsubscribe 2016-06-17 11:57:23 +10:00
Sam
852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Régis Hanol
49f8a2baa7 FEATURE: support for mandrill webhooks 2016-06-13 12:32:14 +02:00
Sam
3015030fe2 FIX: unlisted topics do not get "slug auto correct" logic 2016-06-10 10:53:26 +10:00
Régis Hanol
214e25f1b5 use proper 'Message-Id' field 2016-06-09 00:33:13 +02:00
Régis Hanol
3e3538d603 loosen security a bit on mailgun's webhook 2016-06-08 22:38:38 +02:00
Robin Ward
431179dd25 FEATURE: Prompt users when they are entering duplicate links 2016-06-07 14:47:22 -04:00
Robin Ward
6aaa484baa REFACTOR: Move composer messages to store 2016-06-07 14:47:22 -04:00
Jeff Atwood
cc66bff730 we forgot to update the mailgun tests 2016-06-06 16:55:24 -07:00
Régis Hanol
fe595f1653 FEATURE: mailjet webhook 2016-06-06 19:47:45 +02:00
Régis Hanol
9704603fab FEATURE: sendgrid webhooks 2016-06-01 21:48:06 +02:00
Régis Hanol
116efffdaa FEATURE: webhooks support for mailgun 2016-05-30 17:11:17 +02:00
Guo Xiang Tan
cb5be1fe8f
Upgrade rspec to 3.4.0. 2016-05-30 11:38:38 +08:00
Arpit Jalan
f387dfe226 FIX: mixed case group mentions were not getting highligted in composer 2016-05-22 18:32:49 +05:30
Robin Ward
49a6d0b789
FIX: Don't bother with negative offsets 2016-05-09 16:33:55 -04:00
Arpit Jalan
82daf93eb3 Merge pull request #4206 from techAPJ/convert-topic
FEATURE: move a topic from PM to regular topic or vice versa
2016-05-04 01:33:15 +05:30
Robin Ward
b061ba5c52
FIX: Broken spec. Stupid mocking. 2016-05-03 15:30:48 -04:00
Arpit Jalan
acfb540952 FEATURE: move a topic from PM to regular topic or vice versa 2016-05-02 21:34:05 +05:30
Arpit Jalan
74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00