Sam
c12a131fb4
SECURITY: sanitizer allowing invalid attributes
2014-07-17 16:11:09 +10:00
Robin Ward
fb8dda7f42
FIX: We should use category_id
instead of category_name
to perform
...
operations, now that the subcategory names are not unique.
2014-07-16 15:40:35 -04:00
Neil Lalonde
939e8505a9
Remove hub username integration
2014-07-16 12:25:24 -04:00
Neil Lalonde
01a68f8cc7
Emails are case insensitive
2014-07-16 10:22:01 -04:00
Robin Ward
dd6fd7fa39
FIX: Don't put iframes in emails where they are sanitized out. Replace
...
them with links.
2014-07-14 16:41:37 -04:00
Régis Hanol
b5c57fa947
FIX: don't mess with fixtures when running the specs
2014-07-14 17:34:23 +02:00
Sam
6618358586
FIX: dupe protection is API only now
...
make optional later on (was introduced for wordpress plugin)
2014-07-14 15:59:58 +10:00
riking
4750f4b5b8
Expect the right error in reciever_spec
...
Makes the tests less likely to silently break
2014-07-11 12:26:52 -07:00
Sam
89fc989adb
FEATURE: First Quote badge
2014-07-11 14:17:43 +10:00
Sam
d54c28adc1
FIX: better whitelisting
2014-07-10 09:59:54 +10:00
Sam
9828a268b9
Fix: whitelist regex for bbcode too wide
2014-07-10 09:17:04 +10:00
Régis Hanol
a52c80e2a8
FEATURE: automatic image orientation fix
2014-07-09 23:59:57 +02:00
Neil Lalonde
df8b25d2f5
FEATURE: don't demote trust level 3 users who were promoted less than SiteSetting.leader_promotion_min_duration days ago
2014-07-08 17:39:49 -04:00
Arpit Jalan
48f86181bf
REFACTOR: move all conditions to guardian
2014-07-04 23:04:19 +05:30
Robin Ward
fc1ce96dbb
FIX: Change the approach to sanitization. Includes a more detailed API
...
for allowing classes and attributes for only certain tag names.
2014-07-03 16:55:36 -04:00
Robin Ward
9c48f8f154
FIX: Don't surround <aside>
with <p>
as that is malformed HTML.
2014-06-30 18:11:22 -04:00
Robin Ward
0f52f26587
TWEAK: Don't show subcategory topic definitions when viewing a category list.
2014-06-30 15:22:40 -04:00
Sam
e2e36a6df3
FIX: bold and italic handling improved
2014-06-30 17:01:46 +10:00
Neil Lalonde
807bfbd9bb
FEATURE: Trust level 3 promotion and demotion. Job is disabled for now.
2014-06-27 18:42:03 -04:00
Sam
24ddb6cfad
FIX: Bold, italic should not expect a space boundary
2014-06-26 17:45:51 +10:00
Sam
b8357aa90a
BUGFIX: newline after bold was not producting a BR
2014-06-26 15:28:08 +10:00
Sam
6559de0085
Chinese search tests
2014-06-26 09:58:49 +10:00
Sam
c87ed6b02a
Correct broken specs
2014-06-25 10:55:50 +10:00
Robin Ward
a2fec165d5
Disable editing of hidden posts within a timeframe from when the post
...
was initially hidden.
2014-06-20 15:38:03 -04:00
Sam
af86014fd0
BUGFIX: bypass fulltext for search in topic
2014-06-20 15:48:34 +10:00
Neil Lalonde
4f523ae1b9
Don't allow invites if local logins are disabled, since it provides a way to bypass external auth
2014-06-18 16:46:20 -04:00
Neil Lalonde
3eb65885d1
Add validation of string site settings with regex, and min and max lengths
2014-06-18 11:15:40 -04:00
Sam
a288ff331d
BUGFIX/FEATURE: call out context for search.
2014-06-17 17:53:45 +10:00
Sam
983a22004a
FEATURE: register_custom_field_type, support bool and integer
2014-06-17 12:42:12 +10:00
Sam
56dcd00570
BUGFIX: trust_level_0 group not including trust_level_1
...
BUGFIX: manual trust level change not adding user to groups
BUGFIX: system not in correct trust level groups
2014-06-17 10:52:02 +10:00
Neil Lalonde
2cd55b1fa2
FIX: topics in private sub-categories were visible to everyone on the categories page
2014-06-16 15:12:14 -04:00
Robin Ward
88b5e78424
Merge branch 'add_custom_embed_by_username' of github.com:justinleveck/discourse into justinleveck-add_custom_embed_by_username
...
Conflicts:
config/site_settings.yml
2014-06-16 10:52:15 -04:00
Arpit Jalan
5ea1b0742f
Fix typo in XSS test
2014-06-16 08:40:19 +05:30
Sam Saffron
fbbe9f7a19
collapse tests to improve perf of suite
2014-06-16 12:13:28 +10:00
Sam Saffron
d65efe7304
SECURITY: fix XSS
2014-06-16 10:24:54 +10:00
Jeff Atwood
a1482f24d9
remove borked test
2014-06-13 17:03:45 -07:00
Jeff Atwood
679b3fab79
correct broken test, List-ID is correct
...
see http://www.ietf.org/rfc/rfc2919.txt
2014-06-13 16:45:34 -07:00
Jeff Atwood
beaa145572
some email notification header fixes
2014-06-13 15:42:20 -07:00
Robin Ward
c690fa0d19
FIX: Replace protocol relative URLs in emails
2014-06-13 17:11:04 -04:00
Neil Lalonde
ba65aa3f6c
Add a way to validate min and max value of an integer site setting
2014-06-12 18:04:37 -04:00
Neil Lalonde
9611a1ac47
Validate username site settings
2014-06-11 16:20:57 -04:00
Sam
d13d4fc158
correct state leak
2014-06-11 12:00:02 +10:00
Sam
62abb873df
FEATURE: support serializing user custom fields by plugins
2014-06-11 11:57:22 +10:00
Sam
a044e3de58
Remove min_posts_for_search_in_topic
...
no longer needed, we always search in topic
2014-06-10 15:07:38 +10:00
Neil Lalonde
c61462662b
Add ability to run validation on site settings. notification_email and other email address settings are now validated.
2014-06-09 16:59:20 -04:00
Justin Leveck
a78df3d57d
Add custom embed_by_username feature
...
Feature to allow each imported post to be created using a different discourse
username. A possible use case of this is a multi-author blog where discourse
is being used to track comments. This feature allows authors to receive
updates when someone leaves a comment on one of their articles because each of
the imported posts can be created using the discourse username of the author.
2014-06-09 12:35:38 -07:00
Neil Lalonde
faed17aa18
Moderators should always be able to create topics too
2014-06-09 15:28:03 -04:00
Neil Lalonde
f97d434174
Fix the spec for enum site settings
2014-06-09 15:28:03 -04:00
Robin Ward
c176dc07c1
Merge pull request #2421 from peternlewis/reply_to_name
...
Use an appropriate name in the Reply-To header
2014-06-09 11:04:53 -04:00
Neil Lalonde
4d50d0d109
FIX: admins should be able to create topics, even if min_trust_to_create_topic is higher than their trust level
2014-06-09 11:03:21 -04:00
Peter N Lewis
93f5f98b58
Corrected and added appropriate specs to confirm correct behaviour.
...
Tests ensure that the site name is used for public replies and the username is used for private replies.
2014-06-09 18:26:19 +08:00
Sam Saffron
05ca1e6e46
Added code block normalization routing for import
2014-06-06 10:34:21 +10:00
Régis Hanol
0df666277d
BUGFIXES: properly deal with bookmarks and deleted posts
...
BUGFIX: removing a bookmark from the activity feed was busted for deleted posts
BUGFIX: delete associated user actions when deleting a post
2014-06-04 17:41:11 +02:00
Sam
c6c412fd45
BUGFIX: no reading credit for posts you create
2014-06-04 14:10:54 +10:00
Neil Lalonde
3e16ac62c3
Add register_color_scheme for plugins
2014-06-03 12:37:29 -04:00
Sam
3405253405
FEATURE: rush posting read times for newly read posts
...
FEATURE: "read" indicator on posts
CHANGE: anon is now assumed to have read everything
2014-06-03 11:48:52 +10:00
Sam
2ad756464e
SECURITY: TopicView not correctly restricting to topic
2014-05-29 21:56:26 +10:00
Sam
0bc3525b10
BUGFIX: more robust onebox implementation
2014-05-28 17:15:10 +10:00
Sam Saffron
330ea82ce4
FIX broken spec
2014-05-27 13:52:39 +10:00
Sam
033cbc61bf
BUGFIX: broken spec
2014-05-27 10:08:03 +10:00
Sam
504cfcff96
Fix specs for avatars
...
Implement avatar picker
Correct avatar related jobs
2014-05-27 10:08:03 +10:00
Sam
6c1c8be794
Work in progress, keeping avatars locally
...
This introduces a new model to store the avatars and 3 uploads per user (gravatar, system and custom)
user can then pick which they want.
2014-05-27 10:08:03 +10:00
Sam
cf254000cf
Revert "Revert "BUGFIX: improve error messages for invalid API keys""
...
This reverts commit e9afe28586
.
2014-05-23 08:43:19 +10:00
Neil Lalonde
e9afe28586
Revert "BUGFIX: improve error messages for invalid API keys"
2014-05-22 14:55:36 -04:00
Sam
eeef775f21
BUGFIX: improve error messages for invalid API keys
...
BUGFIX: don't track last seen for message bus
2014-05-22 09:01:29 +10:00
Neil Lalonde
742841ddce
Add Google Oauth2 authenticator. The current Google OpenID authentication has been deprecated by Google and will NOT work for any new websites.
2014-05-21 18:35:10 -04:00
Robin Ward
64355c989e
FIX: Don't extract links from empty quotes
2014-05-20 17:20:52 -04:00
Neil Lalonde
27cbc06563
Add fixed_category_positions site setting to handle whether categories are ordered by specified positions or by activity.
2014-05-16 11:33:52 -04:00
Robin Ward
3211c60bbe
FEATURE: A new site setting public_user_custom_fields
which allows you
...
to whitelist custom fields that will be exposed to the Ember client
application.
2014-05-14 14:39:01 -04:00
Neil Lalonde
c4d3aa3d47
Theming: a UI to choose some base colors that are applied to all the site css. CSS compiled outside of asset pipeline.
2014-05-14 10:18:12 -04:00
Wojciech Zawistowski
960d64930c
Wiki Post
2014-05-13 08:53:11 -04:00
Neil Lalonde
e68e97d986
FIX: moderators can't see private topics that they aren't invited to see.
2014-05-12 15:26:46 -04:00
Sam
a2e2d0e886
Merge pull request #2316 from mutiny/refactor-where-first
...
Refactor `where(...).first` to `find_by(...)`
2014-05-08 09:10:45 +10:00
Neil Lalonde
f44bd4ec28
Don't allow sending private messages to suspended users. Emails to suspended users should tell them how to respond, since they can't.
2014-05-06 15:01:27 -04:00
Louis Rose
1574485443
Perform the where(...).first to find_by(...) refactoring.
...
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Neil Lalonde
014bfc0512
Use 10k most common passwords instead of 5k
2014-05-02 12:01:21 -04:00
Sam
f6c22cc299
Merge pull request #2297 from ligthyear/custom-fields
...
Custom fields for Topic, Category, Post and Group
2014-04-30 13:15:50 +10:00
Robin Ward
cd6ab981f3
FIX: preferences URL changed
2014-04-29 21:18:23 -04:00
Benjamin Kampmann
f757706861
Ensure Reload reloads custom_fields, too
2014-04-29 19:34:56 +02:00
Benjamin Kampmann
230453b411
use more explicit naming to prevent name clashes. fixes build.
2014-04-29 19:26:43 +02:00
Benjamin Kampmann
0cf07d41ae
Move Concern from lib into app/models. refs #2279
2014-04-29 19:26:43 +02:00
Benjamin Kampmann
1e70c3cbbd
Add Support for Arrays to CustomFields
2014-04-29 19:26:42 +02:00
Benjamin Kampmann
48f016c7f5
fix double save missing error by using copy not actual reference
2014-04-29 19:26:42 +02:00
Benjamin Kampmann
e6e03a1a96
move custom fields into its own concern
2014-04-29 19:26:42 +02:00
Sam
35952055e2
BUGFIX: web crawlers messing with anon caching
2014-04-29 10:48:09 +10:00
Neil Lalonde
495f78f574
oops, fix broken current_user_spec
2014-04-28 14:01:22 -04:00
Neil Lalonde
9fba385172
FIX: don't onebox hidden posts
2014-04-28 11:03:19 -04:00
Sam
e88e43bfb6
Merge pull request #2279 from fantasticfears/concern
...
move concerns to the model/concerns
2014-04-28 09:48:33 +10:00
Neil Lalonde
47d000edcc
Merge pull request #2292 from ligthyear/sass-variables
...
Improved Plugins SCSS management
2014-04-25 15:29:50 -04:00
Neil Lalonde
7993c27ce5
Also allow system_user to send pm's even if enable_private_messages is disabled
2014-04-25 14:52:57 -04:00
Benjamin Kampmann
64918c35f5
Improved Plugins SCSS management
...
- Moves the import of plugins for both mobile and desktop from common after discourse loading, allowing plugins to overwrite
- Make desktop-option behave like the mobile-option: SCSS/CSS marked with that option will only be loaded for desktop from now on and ignored in mobile
- Add variables-keyword, allowing plugins to ship and overwrite variables before they get imported by discourse (great for theming)
2014-04-25 18:25:45 +02:00
Neil Lalonde
ee8bbadfe8
Allow contact user to send private messages even if enable_private_messages is false
2014-04-23 17:00:22 -04:00
Robin Ward
84da39f5dc
FIX: Admins should always be able to see groups so they can edit them.
2014-04-23 15:15:46 -04:00
Régis Hanol
b61abe3107
FEATURE: warn the admin whenever we disable the download_remote_images_to_local site setting
2014-04-23 12:43:10 +02:00
Robin Ward
af877781b7
Allow admins to choose if groups are visible or not.
2014-04-22 16:43:46 -04:00
Erick Guan
6d45f71254
move concerns to the model/concerns
2014-04-19 12:00:40 +08:00
Régis Hanol
b2cb4b27a1
Merge pull request #2273 from paully21/development-branch
...
Add blurb of post to search results via API
2014-04-17 21:06:03 +02:00
Robin Ward
87682f7539
FIX: Don't include image meta data when embedded in an email
2014-04-17 12:32:51 -04:00
Robin Ward
b3ed8b6a32
Use query params for sortable table headings
2014-04-17 10:52:57 -04:00
paully21
84d100be85
Add blurb of post to search results via API
2014-04-17 07:58:51 -05:00
Régis Hanol
542d54e6bf
BUGFIX: uploads to S3
2014-04-15 13:04:14 +02:00
Régis Hanol
2505d18aa9
FEATURE: support email attachments
2014-04-14 22:55:57 +02:00
Sam
63f4a0e050
Tighten API, add spec for recovery, keep mutex semantics
2014-04-14 10:51:46 +10:00
Vikhyat Korrapati
56ee1ac569
Extract scheduler cross-process locking into DistributedMutex.
2014-04-13 00:05:46 +05:30
Sam
de9aa49b52
BUGFIX: default should register CSS for both mobile and desktop
...
If you want desktop only use :desktop option
2014-04-10 16:30:22 +10:00
Sam
b9d4edd91a
FEATURE: display unpinned state, allow unpinning by clicking on pin
2014-04-10 10:59:02 +10:00
Robin Ward
034287033e
Add back onebox support for flash video
2014-04-09 13:41:25 -04:00
Régis Hanol
c3a1c867dd
REFACTOR: poll mailbox specs
2014-04-09 19:26:19 +02:00
riking
9c4dd1cb35
Change comma-delim site settings to pipe-delim
2014-04-08 14:17:55 -07:00
Benjamin Kampmann
d22df7731d
Allow plugins to ship custom styles only for mobile
...
- adds another :mobile-flag to register_assets
- adds test for plugin registering of assets
- load plugins when on desktop and plugins_mobile when on mobile
2014-04-07 16:33:35 +02:00
Sam
0372b81d11
FEATURE: allow moderators to globally pin topics
2014-04-07 16:38:51 +10:00
Robin Ward
dbab628e16
Support for creating embedded topics via API
2014-04-03 14:42:44 -04:00
Robin Ward
558a06a117
Adds better reusable error message support. Added to fetching remote
...
posts. /cc @riking
2014-04-02 13:22:10 -04:00
Sam
eff20fdda7
fix bust spec
2014-04-02 16:22:12 +11:00
Sam
a3f270f0e9
BUGFIX: broken spec
2014-04-01 16:08:18 +11:00
Régis Hanol
706fd3c59a
Merge pull request #2206 from riking/posted
...
Fix the 'posted' view so that it actually does something
2014-03-31 23:05:48 +02:00
Sam
8fc2549873
Stop using global vars where not needed
...
Simplify local process site setting provider
Stop setting up methods over and over
Centralize cache clearing
2014-03-31 12:34:13 +11:00
riking
df5229a399
Add spec for posted list
...
The test fails on 956b14a
and passes on this branch
2014-03-30 14:21:35 -07:00
Régis Hanol
e6989b5313
Merge pull request #2192 from jorgemanrubia/configurable-emails-prefix
...
Option to change the subject prefix in emails
2014-03-28 15:08:50 +01:00
Neil Lalonde
fd504e741f
FIX: reply by email can handle emails with attachments. Attachments are still ignored, but a post or topic can be created from the email now.
2014-03-28 09:57:20 -04:00
Jorge Manrubia
806924dd7e
Option to change the email subject prefix
...
It adds a new setting 'email_prefix' to configure which [label] will be used in the subject of emails. Discourse currently uses '[title]'. The problem is that sometimes you need to set a longer title, that doesn't really work well for emails. I think this is very common since the HTML `<title>` tag is very important for SEO.
It will default to '[title]' if this setting is not used.
See: https://meta.discourse.org/t/where-to-change-the-email-subject-prefix/11989
2014-03-26 23:06:00 +01:00
Sam
5897d3419c
BUGFIX: identity_url was not fished out correctly
...
If I user logged in with Google and then changed email,
they would no longer be able to log in with google
2014-03-26 14:52:50 +11:00
Robin Ward
539890afdf
Let's not show tons of extra information about invites unless you're the
...
person who invited them.
2014-03-21 14:16:11 -04:00
Robin Ward
d3f1eb395d
Updated import for TypePad
2014-03-19 15:02:49 -04:00
Neil Lalonde
0b1550f9d4
Add excerpt column to topics table to remove N+1 query in ListableTopicSerializer
2014-03-18 15:24:29 -04:00
Sam
5c26b3dad1
FIX: broken specs after new link alerting code
2014-03-18 15:22:53 +11:00
Neil Lalonde
2c725e2779
FEATURE: Trust level 4 abilities: pin/unpin, close, archive, make invisible, split/merge topic
2014-03-17 14:50:28 -04:00
Benjamin Kampmann
e63b9b362e
allow apps to give custom admin javascripts
2014-03-17 13:19:08 +01:00
Sam
798b8444cf
BUGFIX: work correctly if process forks
2014-03-17 15:22:11 +11:00
Sam
2c8ae22b87
FEATURE: add a simple queue Scheduler::Defer.later {}
...
For quick jobs that do not need to be sent to sidekiq,
runs inline in a single thread but does not block
2014-03-17 12:16:19 +11:00
Sam
f4c2fef407
Merge pull request #2121 from LessonPlanet/disable-name-edit-for-sso
...
Adding name to the list of uneditable items in preferences UI
2014-03-17 10:05:11 +11:00
Vikhyat Korrapati
e3702ecb30
Improved crawler detection: add Twitterbot, Facebook, curl, Bing, Baidu.
2014-03-16 19:30:20 +05:30
Neil Lalonde
98284d771f
Mark failing spec as pending for Robin to investigate
2014-03-14 18:13:45 -04:00
Robin Ward
e22f1ae186
Support for a daily job at a certain hour. Convert backup job to run at
...
3am instead of randomly during the day.
2014-03-14 13:02:45 -04:00
Forest Carlisle
e904b2faad
Adding name to the list of uneditable items in preferences UI
...
* If enable_names, enable_sso, and sso_overrides_name settings are true.
* Added serialization of can_edit_name so the UI has access to the right.
2014-03-13 13:26:40 -07:00
Régis Hanol
fd1c824187
Revert "Merge pull request #2116 from LessonPlanet/disable-name-edit-for-sso"
...
This reverts commit 91aa21671a
, reversing
changes made to f19596af0d
.
2014-03-13 18:17:59 +01:00
Neil Lalonde
283dc7dd2d
Trust level 4: add ability to edit any post and see edit history
2014-03-13 10:47:49 -04:00
Forest Carlisle
e8c7c6fab7
Adding name to the list of uneditable items in preferences UI
...
* If enable_names, enable_sso, and sso_overrides_name settings are true.
2014-03-12 17:09:53 -07:00
Neil Lalonde
9ca516e58d
Rename nickname to username in the code. Use new hub routes. (Old routes still exist as aliases for old Discourse instances.)
2014-03-12 12:39:36 -04:00
Neil Lalonde
cf630207b7
Remove an unused variable in check_reviving_old_topic spec
2014-03-12 10:46:50 -04:00
Neil Lalonde
659e7fa4ce
FEATURE: Warn when reviving a topic that has been inactive for X days. Setting warn_reviving_old_topic_age controls when the warning is shown. Set it to 0 to disable this feature.
2014-03-12 10:44:12 -04:00
Neil Lalonde
2838e1c3b5
FIX: don't show option to flag with notify_user to trust level 0 users. they can't send private messages.
2014-03-10 11:48:40 -04:00
Douglas Browne
a1e70ac57e
Added spec for SSO override username/email changes
2014-03-09 21:38:36 -04:00
Robin Ward
c3e5ee1d7e
FIX: Failing specs
2014-03-07 12:06:20 -05:00
Sam
73ef91cf27
junk code removed
2014-03-07 19:00:36 +11:00
Sam
edf86a207b
fix build
2014-03-05 14:26:42 +11:00
Robin Ward
5e6764e9c9
FIX: Remove update, should fix issue with broken specs
2014-03-04 12:47:14 -05:00
Robin Ward
a2b0e2b50f
BUGFIX: Fix ailing tests
2014-03-03 16:24:20 -05:00
Sam
5c3f2feed4
BUGFIX: recovery code in case an unknown job is scheduled
2014-03-04 07:37:12 +11:00
Benjamin Kampmann
024597e643
Switch to proper exception handling system for better user feedback
...
- Replace implicit return code-system in Email::Receiver with proper exception system
- Update tests to check for exceptions instead
- Test the PollMailbox for expected failures
- Add proper email-handling of problematic emails
"
2014-02-28 17:02:58 +01:00