Commit graph

1527 commits

Author SHA1 Message Date
riking
2c6d03f87f SECURITY: Limit passwords to 200 characters
Prevents layer 8 attack.
2014-09-12 12:07:11 -04:00
Sam
6d5e6b3e33 FIX: max 1 day of view time per topic
we were overflowing ints in some conditions and flooding error logs
2014-09-12 16:59:43 +10:00
Sam
0f585bcdbe FIX: PM should never be allowed to have a category
FIX: TL3 should not be allowed to muck with PM titles
2014-09-11 17:39:34 +10:00
Sam
42104685f7 FIX: badge flood 2014-09-11 13:34:19 +10:00
Sam
43e132d5a6 FEATURE: sharing badges (nice share, good share, great share)
FIX: bad translation
2014-09-11 13:10:37 +10:00
Sam
7f3797b635 FEATURE: Nice Topic, Good Topic and Great Topic badges
Note we will revoke all old badges post badges that went to post #1
and instead get topic badges
2014-09-11 12:36:37 +10:00
Régis Hanol
18f8038015 FEATURE: add new 'convert to staff message' in post wrench menu 2014-09-10 23:08:33 +02:00
Régis Hanol
8f45091ba5 FIX: don't try to feature a topic more than once per category 2014-09-10 16:18:28 +02:00
Sam
ca2100d012 PERF: work around LIMIT breaking query plan
(CTE is a optimisation boundary, so limit no longer has any effect on plan)
2014-09-10 22:19:49 +10:00
Sam
91dcc56fb3 Revert "PERF: avoid OR in complex query"
This reverts commit a8dc6daa38.
2014-09-10 17:10:57 +10:00
Sam
a8dc6daa38 PERF: avoid OR in complex query
10x perf improvement on front page for sitepoint
2014-09-10 16:33:39 +10:00
Régis Hanol
598a3f3e10 FIX: 'disable_edit_notifications' will only disable revisions made by the system user 2014-09-09 18:56:04 +02:00
Régis Hanol
7f498a8795 FIX: N+1 query on /categories page 2014-09-09 15:32:58 +02:00
Robin Ward
56eda5abf9 FIX: Don't allow profile bios longer than 3k chars 2014-09-08 15:23:21 -04:00
Robin Ward
4f6b9815ae FEATURE: List moderator warnings on admin dashboard 2014-09-08 13:25:02 -04:00
Robin Ward
334e21a03a Revert "Revert "FEATURE: Can create warnings for users via PM""
This reverts commit 1c7559380c.
2014-09-08 11:11:56 -04:00
Robin Ward
1c7559380c Revert "FEATURE: Can create warnings for users via PM"
This reverts commit b0bfc1f93f.
2014-09-08 10:38:59 -04:00
Robin Ward
b0bfc1f93f FEATURE: Can create warnings for users via PM 2014-09-08 10:27:06 -04:00
Gerhard Schlager
970aafecb4 FIX: Some default group names could not be translated 2014-09-07 14:48:03 +02:00
Neil Lalonde
ca5f361d0a FEATURE: restrict admin access based on IP address 2014-09-05 12:06:01 -04:00
Sam
59d04c0695 Internal renaming of elder,leader,regular,basic to numbers
Changed internals so trust levels are referred to with

TrustLevel[1], TrustLevel[2] etc.

This gives us much better flexibility naming trust levels, these names
are meant to be controlled by various communities.
2014-09-05 15:20:52 +10:00
Jeff Atwood
fcca64c0cf rename site settings for trust levels as numbers 2014-09-04 13:16:51 -07:00
riking
54484ca18a "FIX": Add error reporting to NotifyMailingListSubscribers
Also skip unactivated users, which may actually fix this
2014-09-03 14:53:05 -07:00
Robin Ward
b04a52676e FIX: Don't show wrong flag choices after undo 2014-09-02 17:37:54 -04:00
Sam
22fbae8556 Merge pull request #2674 from akshaymohite/optimization-fixes
renamed unused variables properly
2014-09-02 08:22:43 +10:00
Sam
e0c8abc911 Merge pull request #2717 from riking/badge-solid
Admin badge interface improvements
2014-09-02 08:21:06 +10:00
riking
808460a28f Fix magic numbers, extra param references 2014-08-31 19:36:31 -07:00
Kamil Bielawski
bf679f1626 FIX: destroy CategoryGroup when Category or Group is destroyed 2014-08-31 22:10:38 +02:00
riking
1833b43ae2 FEATURE: Badge query validation, preview results, and EXPLAIN
Upon saving a badge or requesting a badge result preview,
BadgeGranter.contract_checks! will examine the provided badge SQL for
some contractual obligations - namely, the returned columns and use of
trigger parameters.

Saving the badge is wrapped in a transaction to make this easier, by
raising ActiveRecord::Rollback on a detected violation.

On the client, a modal view is added for the badge query sample run
results, named admin-badge-preview.
The preview action is moved up to the route.
The save action, on failure, triggers a 'saveError' action (also in the
route).

The preview action gains a new parameter, 'explain', which will give the
output of an EXPLAIN query for the badge sql, which can be used by forum
admins to estimate the cost of their badge queries.
The preview link is replaced by two links, one which omits (false) and
includes (true) the EXPLAIN query.

The Badge.save() method is amended to propogate errors.

Badge::Trigger gets some utility methods for use in the
BadgeGranter.contract_checks! method.

Additionally, extra checks outside of BadgeGranter.contract_checks! are
added in the preview() method, to cover cases of null granted_at
columns.

An uninitialized variable path is removed in the backfill() method.

TODO - it would be nice to be able to get the actual names of all
columns the provided query returns, so we could give more errors
2014-08-31 11:25:44 -07:00
Neil Lalonde
ec42b61a4d FIX: suspended users cannot be trust level 3 2014-08-29 12:33:34 -04:00
riking
3396e6fea3 Centralize MessageBus post updates
After this change, only two files directly publish to MessageBus with a
topic interpolated in the channel: Post and TopicUser.
2014-08-28 20:40:36 -07:00
Sam
8ab9c57ca5 Merge pull request #2707 from eyalev/rtl-email
Enable RTL direction in emails.
2014-08-29 09:54:57 +10:00
Sam
5b696ca25a Merge pull request #2708 from Wilhansen/sso_override_avatar
Fix SSO avatar downloading issues.
2014-08-29 09:53:48 +10:00
Neil Lalonde
14890a6002 FEATURE: add a way to map arbitrary urls to a topic, post, or category. Useful for sites that have migrated to Discourse and want to redirect from their old site to Discourse with 301 redirects. 2014-08-28 15:58:24 -04:00
Robin Ward
69cb5bc425 FIX: Centralize Top rendering, remove old code paths. Fix some bugs. 2014-08-28 14:34:31 -04:00
Robin Ward
0ae3c327de Add a message to the staff logs indicating why a user was purged 2014-08-27 16:05:07 -04:00
Neil Lalonde
99d26cef1a FIX: uncategorized counts were always 0. topics_year, topics_month, topics_week, topics_day 2014-08-27 15:58:32 -04:00
Wilhansen Li
bba3f7c0ac Fix SSO avatar downloading issues.
* Follow redirects when downloading SSO avatars.
* Add proper image ext. to downloaded SSO avatars.
2014-08-27 21:35:54 +08:00
Eyal Levin
e0c2f3df3a Enable RTL direction in emails. 2014-08-27 14:38:03 +03:00
Sam
87d2be3ecf FIX: ensure triggered badges are never triggered if filter is missing 2014-08-27 18:02:13 +10:00
Sam
898d86fd9b correct annotations 2014-08-27 15:30:17 +10:00
Sam
414c6d191f FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 15:19:25 +10:00
Sam
1ccfb4fa20 FIX: crashing job 2014-08-26 16:22:13 +10:00
Robin Ward
ed125975a1 SECURITY: Prefix session key and validate token format. 2014-08-25 15:31:49 -04:00
Neil Lalonde
bbb358b356 Add likes given and likes received requirement for being TL3. Configure with site settings leader_requires_likes_given and leader_requires_likes_received. 2014-08-22 17:33:39 -04:00
Neil Lalonde
00c28f2391 Show total likes given. Put likes given/received and flags given/received together. 2014-08-22 15:23:19 -04:00
Neil Lalonde
dafc63e3a0 Show how many likes users received in the last 100 days on their admin profile page 2014-08-22 14:37:07 -04:00
Neil Lalonde
5454c1ed24 Updated model anotations 2014-08-22 13:01:44 -04:00
Sam
c865bf0d71 Merge pull request #2670 from Wilhansen/sso_override_avatar
Implement SSO overriding avatars.
2014-08-22 10:22:06 +10:00
Robin Ward
506dca6d4e FIX: Moving posts was not updating reply_count and
`reply_to_post_number` so reply linkage was broken.
2014-08-20 14:15:23 -04:00