Commit graph

826 commits

Author SHA1 Message Date
Neil Lalonde
50ac4c6336 FIX: cleanup aliases in email From and Reply-to fields to prevent Bad sender address syntax errors 2014-08-08 13:35:47 -04:00
Sam
49f738fe27 FEATURE: allow users to dismiss unread posts 2014-08-08 16:29:51 +10:00
Régis Hanol
7c65adfd6f FEATURE: raise an exception when the email is missing in the OpenId callback 2014-08-07 19:28:50 +02:00
Régis Hanol
3ae1ebdfc3 FIX: use PostDestroyer when deleting/recovering a topic 2014-08-07 19:12:35 +02:00
Sam
e145e34ebe fix specs 2014-08-05 13:40:44 +10:00
Régis Hanol
2e134742d4 FIX: only show 'defer flags' when there are active flags on the post 2014-08-04 17:29:01 +02:00
Neil Lalonde
443caaa8f7 FIX: don't let admins skip post validations, unless it's faq, tos, or privacy 2014-08-01 14:53:35 -04:00
Sam
dcc9923e4b FIX: failed messages posted via email silently ignored
also... test suite over mocking
2014-07-31 18:46:02 +10:00
Sam
138d013e56 FIX: Suspended users should not be allowed to post 2014-07-31 13:15:16 +10:00
Sam
84836944e8 FIX: crash on invalid uri component 2014-07-30 17:09:55 +10:00
Sam
e7e70d14da Merge pull request #2591 from BenLubar/benlubar-edit-history-public
add profile option for edit history visibility
2014-07-30 14:09:10 +10:00
Neil Lalonde
fc22127726 FIX: only admin can edit faq, tos, and privacy policy 2014-07-29 10:40:09 -04:00
Sam
aa7ed0b2ba FIX: remove broken find topic id feature 2014-07-29 16:36:52 +10:00
Ben Lubar
93ea940a4d add spec for public edit history 2014-07-29 01:00:39 -05:00
Neil Lalonde
e1be478ef4 FIX: admins bypass some post validations. This allows them to edit legal docs even if those docs are longer than max post length, for example. 2014-07-28 16:40:14 -04:00
Régis Hanol
bddffa7f9a FEATURE: flag dispositions normalization
All flags should end up in one of the three dispositions
  - Agree
  - Disagree
  - Defer

In the administration area, the *active* flags section displays 4 buttons
  - Agree (hide post + send PM)
  - Disagree
  - Defer
  - Delete

Clicking "Delete" will open a modal that offer to
  - Delete Post & Defer Flags
  - Delete Post & Agree with Flags
  - Delete Spammer (if available)

When the flag has a list associated, the list will now display 1
response and 1 reply and a "show more..." link if there are more in the
conversation. Replying to the conversation will NOT give a disposition.
Moderators must click the buttons that does that.

If someone clicks one buttons, this will add a default moderator message
from that moderator saying what happened.

The *old* flags section now displays the proper dispositions and is
super duper fast (no more N+9999 queries).

FIX: the old list includes deleted topics
FIX: the lists now properly display the topic states (deleted, closed,
archived, hidden, PM)
FIX: flagging a topic that you've already flagged the first post
2014-07-28 19:28:07 +02:00
Robin Ward
b2f2e7b1d2 REFACTOR: Move Markdown tests to Javascript land 2014-07-25 16:08:00 -04:00
Neil Lalonde
5a33e6f00c Move FAQ, Terms of Service, and Privacy Policy into topics in the Staff category. First post of those topics will be rendered on their respective pages. Site settings and content are not used for these documents anymore. Translations of the default text is moved into the standard YML files. 2014-07-25 14:41:20 -04:00
Sam
6e9f5f5584 SECURITY: fix XSS in excerpt parser 2014-07-25 12:16:00 +10:00
Arpit Jalan
3b2a5f6894 FIX: filter whitelist domain name 2014-07-24 22:02:10 +05:30
Scott Walkinshaw
7e2aa5acfb Move discourse_plugin to lib 2014-07-23 00:03:48 -04:00
Neil Lalonde
b3c149de22 FIX: use email_site_title for emails like reset password and account activation too 2014-07-22 15:52:20 -04:00
Neil Lalonde
6c2e7294dc FIX: system_message_spec was failing because max_post_length was exceeded 2014-07-22 10:28:10 -04:00
Sam
1359a02128 Merge pull request #2532 from riking/sidekiq
Pass more context from Sidekiq jobs to Logster
2014-07-18 10:24:51 +10:00
riking
d90404e830 Change 'code' to 'message' 2014-07-17 15:19:58 -07:00
riking
12cb682548 Start passing more context to Discourse.handle_exception 2014-07-17 14:11:56 -07:00
Robin Ward
3265360ff7 Merge pull request #2546 from riking/hide_deleted
Hide deleted posts by default for staff
2014-07-17 13:40:58 -04:00
riking
19b757b058 FEATURE: Hide deleted posts by default for staff 2014-07-17 10:40:15 -07:00
riking
1682f5d584 Fix message, and add test, for EmailUnparseableError 2014-07-17 10:25:53 -07:00
riking
17db265b41 Remove use of email_in_address and email_in_category 2014-07-17 10:25:13 -07:00
Sam
de7e6a9545 Feature: allow mods to cut pinned topic excerpts 2014-07-17 21:32:37 +10:00
Sam
c12a131fb4 SECURITY: sanitizer allowing invalid attributes 2014-07-17 16:11:09 +10:00
Robin Ward
fb8dda7f42 FIX: We should use category_id instead of category_name to perform
operations, now that the subcategory names are not unique.
2014-07-16 15:40:35 -04:00
Neil Lalonde
939e8505a9 Remove hub username integration 2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7 Emails are case insensitive 2014-07-16 10:22:01 -04:00
Robin Ward
dd6fd7fa39 FIX: Don't put iframes in emails where they are sanitized out. Replace
them with links.
2014-07-14 16:41:37 -04:00
Régis Hanol
b5c57fa947 FIX: don't mess with fixtures when running the specs 2014-07-14 17:34:23 +02:00
Sam
6618358586 FIX: dupe protection is API only now
make optional later on (was introduced for wordpress plugin)
2014-07-14 15:59:58 +10:00
riking
4750f4b5b8 Expect the right error in reciever_spec
Makes the tests less likely to silently break
2014-07-11 12:26:52 -07:00
Sam
89fc989adb FEATURE: First Quote badge 2014-07-11 14:17:43 +10:00
Sam
d54c28adc1 FIX: better whitelisting 2014-07-10 09:59:54 +10:00
Sam
9828a268b9 Fix: whitelist regex for bbcode too wide 2014-07-10 09:17:04 +10:00
Régis Hanol
a52c80e2a8 FEATURE: automatic image orientation fix 2014-07-09 23:59:57 +02:00
Neil Lalonde
df8b25d2f5 FEATURE: don't demote trust level 3 users who were promoted less than SiteSetting.leader_promotion_min_duration days ago 2014-07-08 17:39:49 -04:00
Arpit Jalan
48f86181bf REFACTOR: move all conditions to guardian 2014-07-04 23:04:19 +05:30
Robin Ward
fc1ce96dbb FIX: Change the approach to sanitization. Includes a more detailed API
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Robin Ward
9c48f8f154 FIX: Don't surround <aside> with <p> as that is malformed HTML. 2014-06-30 18:11:22 -04:00
Robin Ward
0f52f26587 TWEAK: Don't show subcategory topic definitions when viewing a category list. 2014-06-30 15:22:40 -04:00
Sam
e2e36a6df3 FIX: bold and italic handling improved 2014-06-30 17:01:46 +10:00
Neil Lalonde
807bfbd9bb FEATURE: Trust level 3 promotion and demotion. Job is disabled for now. 2014-06-27 18:42:03 -04:00
Sam
24ddb6cfad FIX: Bold, italic should not expect a space boundary 2014-06-26 17:45:51 +10:00
Sam
b8357aa90a BUGFIX: newline after bold was not producting a BR 2014-06-26 15:28:08 +10:00
Sam
6559de0085 Chinese search tests 2014-06-26 09:58:49 +10:00
Sam
c87ed6b02a Correct broken specs 2014-06-25 10:55:50 +10:00
Robin Ward
a2fec165d5 Disable editing of hidden posts within a timeframe from when the post
was initially hidden.
2014-06-20 15:38:03 -04:00
Sam
af86014fd0 BUGFIX: bypass fulltext for search in topic 2014-06-20 15:48:34 +10:00
Neil Lalonde
4f523ae1b9 Don't allow invites if local logins are disabled, since it provides a way to bypass external auth 2014-06-18 16:46:20 -04:00
Neil Lalonde
3eb65885d1 Add validation of string site settings with regex, and min and max lengths 2014-06-18 11:15:40 -04:00
Sam
a288ff331d BUGFIX/FEATURE: call out context for search. 2014-06-17 17:53:45 +10:00
Sam
983a22004a FEATURE: register_custom_field_type, support bool and integer 2014-06-17 12:42:12 +10:00
Sam
56dcd00570 BUGFIX: trust_level_0 group not including trust_level_1
BUGFIX: manual trust level change not adding user to groups
BUGFIX: system not in correct trust level groups
2014-06-17 10:52:02 +10:00
Neil Lalonde
2cd55b1fa2 FIX: topics in private sub-categories were visible to everyone on the categories page 2014-06-16 15:12:14 -04:00
Robin Ward
88b5e78424 Merge branch 'add_custom_embed_by_username' of github.com:justinleveck/discourse into justinleveck-add_custom_embed_by_username
Conflicts:
	config/site_settings.yml
2014-06-16 10:52:15 -04:00
Arpit Jalan
5ea1b0742f Fix typo in XSS test 2014-06-16 08:40:19 +05:30
Sam Saffron
fbbe9f7a19 collapse tests to improve perf of suite 2014-06-16 12:13:28 +10:00
Sam Saffron
d65efe7304 SECURITY: fix XSS 2014-06-16 10:24:54 +10:00
Jeff Atwood
a1482f24d9 remove borked test 2014-06-13 17:03:45 -07:00
Jeff Atwood
679b3fab79 correct broken test, List-ID is correct
see http://www.ietf.org/rfc/rfc2919.txt
2014-06-13 16:45:34 -07:00
Jeff Atwood
beaa145572 some email notification header fixes 2014-06-13 15:42:20 -07:00
Robin Ward
c690fa0d19 FIX: Replace protocol relative URLs in emails 2014-06-13 17:11:04 -04:00
Neil Lalonde
ba65aa3f6c Add a way to validate min and max value of an integer site setting 2014-06-12 18:04:37 -04:00
Neil Lalonde
9611a1ac47 Validate username site settings 2014-06-11 16:20:57 -04:00
Sam
d13d4fc158 correct state leak 2014-06-11 12:00:02 +10:00
Sam
62abb873df FEATURE: support serializing user custom fields by plugins 2014-06-11 11:57:22 +10:00
Sam
a044e3de58 Remove min_posts_for_search_in_topic
no longer needed, we always search in topic
2014-06-10 15:07:38 +10:00
Neil Lalonde
c61462662b Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 16:59:20 -04:00
Justin Leveck
a78df3d57d Add custom embed_by_username feature
Feature to allow each imported post to be created using a different discourse
username. A possible use case of this is a multi-author blog where discourse
is being used to track comments. This feature allows authors to receive
updates when someone leaves a comment on one of their articles because each of
the imported posts can be created using the discourse username of the author.
2014-06-09 12:35:38 -07:00
Neil Lalonde
faed17aa18 Moderators should always be able to create topics too 2014-06-09 15:28:03 -04:00
Neil Lalonde
f97d434174 Fix the spec for enum site settings 2014-06-09 15:28:03 -04:00
Robin Ward
c176dc07c1 Merge pull request #2421 from peternlewis/reply_to_name
Use an appropriate name in the Reply-To header
2014-06-09 11:04:53 -04:00
Neil Lalonde
4d50d0d109 FIX: admins should be able to create topics, even if min_trust_to_create_topic is higher than their trust level 2014-06-09 11:03:21 -04:00
Peter N Lewis
93f5f98b58 Corrected and added appropriate specs to confirm correct behaviour.
Tests ensure that the site name is used for public replies and the username is used for private replies.
2014-06-09 18:26:19 +08:00
Sam Saffron
05ca1e6e46 Added code block normalization routing for import 2014-06-06 10:34:21 +10:00
Régis Hanol
0df666277d BUGFIXES: properly deal with bookmarks and deleted posts
BUGFIX: removing a bookmark from the activity feed was busted for deleted posts
BUGFIX: delete associated user actions when deleting a post
2014-06-04 17:41:11 +02:00
Sam
c6c412fd45 BUGFIX: no reading credit for posts you create 2014-06-04 14:10:54 +10:00
Neil Lalonde
3e16ac62c3 Add register_color_scheme for plugins 2014-06-03 12:37:29 -04:00
Sam
3405253405 FEATURE: rush posting read times for newly read posts
FEATURE: "read" indicator on posts
CHANGE: anon is now assumed to have read everything
2014-06-03 11:48:52 +10:00
Sam
2ad756464e SECURITY: TopicView not correctly restricting to topic 2014-05-29 21:56:26 +10:00
Sam
0bc3525b10 BUGFIX: more robust onebox implementation 2014-05-28 17:15:10 +10:00
Sam Saffron
330ea82ce4 FIX broken spec 2014-05-27 13:52:39 +10:00
Sam
033cbc61bf BUGFIX: broken spec 2014-05-27 10:08:03 +10:00
Sam
504cfcff96 Fix specs for avatars
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam
6c1c8be794 Work in progress, keeping avatars locally
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)

user can then pick which they want.
2014-05-27 10:08:03 +10:00
Sam
cf254000cf Revert "Revert "BUGFIX: improve error messages for invalid API keys""
This reverts commit e9afe28586.
2014-05-23 08:43:19 +10:00
Neil Lalonde
e9afe28586 Revert "BUGFIX: improve error messages for invalid API keys" 2014-05-22 14:55:36 -04:00
Sam
eeef775f21 BUGFIX: improve error messages for invalid API keys
BUGFIX: don't track last seen for message bus
2014-05-22 09:01:29 +10:00
Neil Lalonde
742841ddce Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites. 2014-05-21 18:35:10 -04:00
Robin Ward
64355c989e FIX: Don't extract links from empty quotes 2014-05-20 17:20:52 -04:00
Neil Lalonde
27cbc06563 Add fixed_category_positions site setting to handle whether categories are ordered by specified positions or by activity. 2014-05-16 11:33:52 -04:00
Robin Ward
3211c60bbe FEATURE: A new site setting public_user_custom_fields which allows you
to whitelist custom fields that will be exposed to the Ember client
application.
2014-05-14 14:39:01 -04:00
Neil Lalonde
c4d3aa3d47 Theming: a UI to choose some base colors that are applied to all the site css. CSS compiled outside of asset pipeline. 2014-05-14 10:18:12 -04:00
Wojciech Zawistowski
960d64930c Wiki Post 2014-05-13 08:53:11 -04:00
Neil Lalonde
e68e97d986 FIX: moderators can't see private topics that they aren't invited to see. 2014-05-12 15:26:46 -04:00
Sam
a2e2d0e886 Merge pull request #2316 from mutiny/refactor-where-first
Refactor `where(...).first` to `find_by(...)`
2014-05-08 09:10:45 +10:00
Neil Lalonde
f44bd4ec28 Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't. 2014-05-06 15:01:27 -04:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde
014bfc0512 Use 10k most common passwords instead of 5k 2014-05-02 12:01:21 -04:00
Sam
f6c22cc299 Merge pull request #2297 from ligthyear/custom-fields
Custom fields for Topic, Category, Post and Group
2014-04-30 13:15:50 +10:00
Robin Ward
cd6ab981f3 FIX: preferences URL changed 2014-04-29 21:18:23 -04:00
Benjamin Kampmann
f757706861 Ensure Reload reloads custom_fields, too 2014-04-29 19:34:56 +02:00
Benjamin Kampmann
230453b411 use more explicit naming to prevent name clashes. fixes build. 2014-04-29 19:26:43 +02:00
Benjamin Kampmann
0cf07d41ae Move Concern from lib into app/models. refs #2279 2014-04-29 19:26:43 +02:00
Benjamin Kampmann
1e70c3cbbd Add Support for Arrays to CustomFields 2014-04-29 19:26:42 +02:00
Benjamin Kampmann
48f016c7f5 fix double save missing error by using copy not actual reference 2014-04-29 19:26:42 +02:00
Benjamin Kampmann
e6e03a1a96 move custom fields into its own concern 2014-04-29 19:26:42 +02:00
Sam
35952055e2 BUGFIX: web crawlers messing with anon caching 2014-04-29 10:48:09 +10:00
Neil Lalonde
495f78f574 oops, fix broken current_user_spec 2014-04-28 14:01:22 -04:00
Neil Lalonde
9fba385172 FIX: don't onebox hidden posts 2014-04-28 11:03:19 -04:00
Sam
e88e43bfb6 Merge pull request #2279 from fantasticfears/concern
move concerns to the model/concerns
2014-04-28 09:48:33 +10:00
Neil Lalonde
47d000edcc Merge pull request #2292 from ligthyear/sass-variables
Improved Plugins SCSS management
2014-04-25 15:29:50 -04:00
Neil Lalonde
7993c27ce5 Also allow system_user to send pm's even if enable_private_messages is disabled 2014-04-25 14:52:57 -04:00
Benjamin Kampmann
64918c35f5 Improved Plugins SCSS management
- Moves the import of plugins for both mobile and desktop from common after discourse loading, allowing plugins to overwrite
 - Make desktop-option behave like the mobile-option: SCSS/CSS marked with that option will only be loaded for desktop from now on and ignored in mobile
 - Add variables-keyword, allowing plugins to ship and overwrite variables before they get imported by discourse (great for theming)
2014-04-25 18:25:45 +02:00
Neil Lalonde
ee8bbadfe8 Allow contact user to send private messages even if enable_private_messages is false 2014-04-23 17:00:22 -04:00
Robin Ward
84da39f5dc FIX: Admins should always be able to see groups so they can edit them. 2014-04-23 15:15:46 -04:00
Régis Hanol
b61abe3107 FEATURE: warn the admin whenever we disable the download_remote_images_to_local site setting 2014-04-23 12:43:10 +02:00
Robin Ward
af877781b7 Allow admins to choose if groups are visible or not. 2014-04-22 16:43:46 -04:00
Erick Guan
6d45f71254 move concerns to the model/concerns 2014-04-19 12:00:40 +08:00
Régis Hanol
b2cb4b27a1 Merge pull request #2273 from paully21/development-branch
Add blurb of post to search results via API
2014-04-17 21:06:03 +02:00
Robin Ward
87682f7539 FIX: Don't include image meta data when embedded in an email 2014-04-17 12:32:51 -04:00
Robin Ward
b3ed8b6a32 Use query params for sortable table headings 2014-04-17 10:52:57 -04:00
paully21
84d100be85 Add blurb of post to search results via API 2014-04-17 07:58:51 -05:00
Régis Hanol
542d54e6bf BUGFIX: uploads to S3 2014-04-15 13:04:14 +02:00
Régis Hanol
2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Sam
63f4a0e050 Tighten API, add spec for recovery, keep mutex semantics 2014-04-14 10:51:46 +10:00
Vikhyat Korrapati
56ee1ac569 Extract scheduler cross-process locking into DistributedMutex. 2014-04-13 00:05:46 +05:30
Sam
de9aa49b52 BUGFIX: default should register CSS for both mobile and desktop
If you want desktop only use :desktop option
2014-04-10 16:30:22 +10:00
Sam
b9d4edd91a FEATURE: display unpinned state, allow unpinning by clicking on pin 2014-04-10 10:59:02 +10:00
Robin Ward
034287033e Add back onebox support for flash video 2014-04-09 13:41:25 -04:00
Régis Hanol
c3a1c867dd REFACTOR: poll mailbox specs 2014-04-09 19:26:19 +02:00
riking
9c4dd1cb35 Change comma-delim site settings to pipe-delim 2014-04-08 14:17:55 -07:00
Benjamin Kampmann
d22df7731d Allow plugins to ship custom styles only for mobile
- adds another :mobile-flag to register_assets
- adds test for plugin registering of assets
- load plugins when on desktop and plugins_mobile when on mobile
2014-04-07 16:33:35 +02:00
Sam
0372b81d11 FEATURE: allow moderators to globally pin topics 2014-04-07 16:38:51 +10:00
Robin Ward
dbab628e16 Support for creating embedded topics via API 2014-04-03 14:42:44 -04:00
Robin Ward
558a06a117 Adds better reusable error message support. Added to fetching remote
posts. /cc @riking
2014-04-02 13:22:10 -04:00
Sam
eff20fdda7 fix bust spec 2014-04-02 16:22:12 +11:00
Sam
a3f270f0e9 BUGFIX: broken spec 2014-04-01 16:08:18 +11:00
Régis Hanol
706fd3c59a Merge pull request #2206 from riking/posted
Fix the 'posted' view so that it actually does something
2014-03-31 23:05:48 +02:00
Sam
8fc2549873 Stop using global vars where not needed
Simplify local process site setting provider
Stop setting up methods over and over
Centralize cache clearing
2014-03-31 12:34:13 +11:00
riking
df5229a399 Add spec for posted list
The test fails on 956b14a and passes on this branch
2014-03-30 14:21:35 -07:00
Régis Hanol
e6989b5313 Merge pull request #2192 from jorgemanrubia/configurable-emails-prefix
Option to change the subject prefix in emails
2014-03-28 15:08:50 +01:00