Commit graph

2723 commits

Author SHA1 Message Date
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Robin Ward
a3d62fdf69 Temporarily roll back ember rc5. We identified some things we need to fix. 2013-06-06 01:25:43 -04:00
Sam
255a614142 keep /srv/status exposed 2013-06-06 14:40:10 +10:00
David Paquet
6243965c64 Change CHEF Omnibus cookbook base_uri attribute because Opscode as migrated their omnibus S3 bucket. 2013-06-05 23:44:25 -03:00
Robin Ward
7b70330e85 FIX: Javascript errors when navigating to some topics 2013-06-05 20:53:48 -04:00
Sam
2ca734c118 Merge pull request #964 from chrishunt/exclusive-club
Add 'invite only' site setting
2013-06-05 16:38:47 -07:00
Robin Ward
6384518599 Allow images in the daily digest for top scoring posts 2013-06-05 18:55:27 -04:00
Neil Lalonde
0dc678c1e7 Version bump to v0.9.2.5 2013-06-05 18:46:11 -04:00
Jeff Atwood
6f57564c54 add edit hint to "no topic definition" 2013-06-05 15:36:26 -07:00
Robin Ward
4d1e8356b8 FIX: Again, try to get a flexible absolute logo_url 2013-06-05 18:23:43 -04:00
Robin Ward
8328aa97fd FIX: HTML email should use image_tag to get the correct path to the image 2013-06-05 18:01:40 -04:00
Robin Ward
0b97ea6345 Better HTML emails, smarter email digests, new email section in admin with digest preview 2013-06-05 17:47:25 -04:00
Neil Lalonde
f030d9b420 Make default_logo_check more smarter 2013-06-05 16:59:19 -04:00
Neil Lalonde
4e8ff74b99 Show dashboard warning when favicon and/or logo urls contain the same filename as the shipped defaults 2013-06-05 16:43:39 -04:00
Neil Lalonde
b55182b983 Use PostDestroyer when deleting all of a user's posts; deleting a post removes its flags and resets its flag counts 2013-06-05 16:05:13 -04:00
Robin Ward
93cdb97b46 OOPS: Left a testing setting of precompile in development on. Turned it back off. 2013-06-05 15:33:50 -04:00
Robin Ward
dfba2b6e0a FIX: Strip links from google indexed bios when the users are new. 2013-06-05 15:28:10 -04:00
Robin Ward
729e4080a6 Merge pull request #958 from ZogStriP/fix-have-onebox-ignore-internal-links
FIX: Have onebox ignore internal links
2013-06-05 12:09:53 -07:00
Robin Ward
eb673c7e5d Merge pull request #963 from chrishunt/chrishunt/refresh-user-list-after-approval
Refresh admin user list after approval
2013-06-05 12:07:49 -07:00
Robin Ward
112d57e899 Merge pull request #960 from iancmyers/strong-parameters
Began implementing strong_parameters
2013-06-05 12:03:17 -07:00
Robin Ward
a3d52a41c6 Merge pull request #962 from sanderdatema/dutch_translation
Updated Dutch translation
2013-06-05 11:58:46 -07:00
Robin Ward
c0d95f5d03 Merge pull request #965 from stephankaag/master
Correct invalid template
2013-06-05 11:58:27 -07:00
Stephan Kaag
469bf044c3 Remove superfluous } 2013-06-05 21:54:07 +03:00
Régis Hanol
01855b70b4 FIX: Have onebox ignore internal links 2013-06-05 20:53:07 +02:00
Chris Hunt
a523fa56ac Don't require authentication for invites 2013-06-05 11:12:37 -07:00
Chris Hunt
acf147ef88 Disable OmniAuth account creation if 'invite only' 2013-06-05 11:11:02 -07:00
Chris Hunt
d432798ff8 Silently fail if user tries to sneak in
When 'invite only' is enabled, there's no way for a user to create an
account unless they try and sneak in by POSTing to /users/. We will
silently fail if this happens.
2013-06-05 11:08:21 -07:00
Chris Hunt
8f14e46964 Hide registration on login modal if 'invite only' 2013-06-05 11:06:54 -07:00
Chris Hunt
24da1ab07e Add 'invite only' site setting 2013-06-05 11:06:05 -07:00
Robin Ward
7d089fdfb5 FIX: Compile templates properly with the latest handlebars 2013-06-05 14:00:02 -04:00
Robin Ward
07cd87f941 FIX: Couldn't navigate to Categories list via link 2013-06-05 12:40:06 -04:00
Robin Ward
a0bd51862e Upgrade Ember to RC5. Disabled a deprecation warning that I believe is in error. 2013-06-05 12:07:18 -04:00
Chris Hunt
f05c30ab8d Refresh admin user list after approval 2013-06-05 08:57:25 -07:00
Jeff Atwood
67ba33dee5 Merge pull request #961 from Supermathie/sysadmin-docs
installdocs: Update with screenshots & more
2013-06-05 08:55:05 -07:00
Neil Lalonde
f0d4a38433 Admin flags UI shows when it's loading and when there are no results 2013-06-05 10:24:50 -04:00
Sander Datema
a9dcbe498d Updated Dutch translation 2013-06-05 14:24:32 +02:00
Ian Christian Myers
41528f5d11 Implemented strong_parameters for Upload/UploadsController.
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
Michael Brown
fa965b5f92 installdocs: Update with screenshots & more
* add screenshots from Ubuntu config process
* add instructions for updating predeployed VMs
* add details on configuring mail server
* don't install test gems into prod
* no need for bundle exec
* small cleanups
2013-06-05 03:33:20 -04:00
Ian Christian Myers
f50b648844 Implemented strong_parameters for PostAction/PostActionsController.
PostActionsController now uses strong_parameters' #require to require certain parameters. ActionController::ParameterMissing is now thrown when a reqired parameter is missing, rather than Discourse::InvalidParameters.
2013-06-05 00:23:51 -07:00
Ian Christian Myers
3b245031a4 Implemented strong_parameters for Invite/InvitesController.
The email parameter is now required using strong parameters and will throw ActionController::ParameterMissing if it is missing. If the email address is incorrect or invalid, Discourse::InvalidParameters will still be thrown.
2013-06-05 00:04:03 -07:00
Ian Christian Myers
130d837952 Implemented strong_parameters for Category/CategoriesController.
Category now requires parameters to be permitted by strong_parameters using #require or #permit for mass-assignment. Missing required parameters now throw a ActionController::ParameterMissing execption instead of the Discourse::InvalidParameters execption.
2013-06-04 23:45:25 -07:00
Sam
870e59883b secure the links on the topic pages, eliminated deleted topics as well. 2013-06-05 16:10:26 +10:00
Sam
913a607528 need to punch through account creation stuff 2013-06-05 14:01:24 +10:00
Sam
2dfba8d6de we need to be able to do username checks for registration to work 2013-06-05 12:50:42 +10:00
Sam
74502172f3 speed up test 2013-06-05 12:48:34 +10:00
Sam
2509d0f4fa Merge pull request #959 from chrishunt/chrishunt/login-required-fixes
'login required' site setting improvements
2013-06-04 19:09:40 -07:00
Sam
93be638d93 message format is awesome, remove 0 unread and 0 new links. 2013-06-05 12:04:54 +10:00
Chris Hunt
3074300f76 Allow customization of 'login required' message 2013-06-04 18:53:36 -07:00
Chris Hunt
3774808a6e Redirect to '/' if OmniAuth login from '/login' 2013-06-04 18:35:20 -07:00
Sam
e52e46a609 fix blank created_at .. date is unbound, we should rename it to unboundDate 2013-06-05 11:32:53 +10:00