Commit graph

20304 commits

Author SHA1 Message Date
Guo Xiang Tan
512922d776 SECURITY: Add filename validation for backup uploads. 2016-09-16 11:58:14 +08:00
Guo Xiang Tan
f63a797e39 SECUIRTY: Escape input made to system calls. 2016-09-16 11:58:14 +08:00
Guo Xiang Tan
8f36290c05 FIX: No need to list all the files. 2016-09-16 11:57:35 +08:00
Sam
e6fcaadd45 FIX: redirects back to origin for SSO and omniauth login 2016-09-16 13:48:50 +10:00
Sam
2f8c14fef1 FEATURE: allow write user api keys by default
app needs to write data regarding notifications and set read status etc
default allow.
2016-09-16 12:27:53 +10:00
Sam
25a82e7d22 PERF: only publish notification state if we changed it
also publish seen_notification_id so we can tell what is new and what is old
cleanup controller so it correctly checks user
fix bug around clearing notification when people click mark read
2016-09-16 12:02:19 +10:00
Sam
33578a2c17 FIX: always import avatars during SSO if they are missing 2016-09-16 09:45:00 +10:00
Neil Lalonde
b9801d2e26 UX: add text near group flair settings explaining that flair only shows for a user's primary group 2016-09-15 17:39:47 -04:00
Neil Lalonde
a74781fbbc fix jslint error 2016-09-15 16:50:23 -04:00
Neil Lalonde
d0ebde9d84 don't try to render flair if there's no primary group 2016-09-15 16:26:58 -04:00
Neil Lalonde
e3e15182df FEATURE: avatar flair on user cards 2016-09-15 16:15:18 -04:00
Robin Ward
cd571b26ba FIX: Allow Safe Redirections in Topic Embedding 2016-09-15 13:56:59 -04:00
Guo Xiang Tan
596fcfeb58 FIX: Set formatter for original Rails logger. 2016-09-15 23:51:22 +08:00
Arpit Jalan
5dbd6a304b add search-container class to search page 2016-09-15 13:46:22 +05:30
Guo Xiang Tan
baacb30ba1 FIX: Incorrect folder. 2016-09-15 15:20:07 +08:00
Guo Xiang Tan
b0752b1f91 FIX: Don't bypass validations. 2016-09-15 10:15:17 +08:00
Sam
fe7883eeea UX: don't allow user scaling in mobile view
on iOS 10 behavior of zoom restriction has changed.

This does not disable zooming on iOS 10 but it DOES stop it from randomly
zooming when you are composing
2016-09-15 07:36:16 +10:00
Arpit Jalan
92e716a1fd fix vbulletin import script 2016-09-14 08:15:48 +05:30
Neil Lalonde
8087cca54d Version bump to v1.7.0.beta4 2016-09-13 12:23:51 -04:00
Arpit Jalan
1a87960454 Update Translations 2016-09-13 21:21:19 +05:30
Robin Ward
aa7c735d34 FIX: Improve selecting text over line breaks 2016-09-13 11:36:17 -04:00
Arpit Jalan
e46204d195 FIX: allow long words if they contain periods 2016-09-13 09:15:05 +05:30
Robin Ward
2c9a47dda5 FIX: Validate the raw content of posts before enqueuing them 2016-09-12 12:26:49 -04:00
Neil Lalonde
06eb256d0a FIX: blocking users should never hide all posts if they are trust level 1 or higher 2016-09-12 11:58:10 -04:00
Sam
2d859ba0ed FIX: user api should always be available to staff 2016-09-12 15:42:06 +10:00
Neil Lalonde
b381d84dd9 FIX: tag search should not be case sensitive 2016-09-09 16:55:26 -04:00
Robin Ward
e78b7a243e FIX: Don't enqueue posts if the user can't create them (ex: closed) 2016-09-09 12:15:56 -04:00
Robin Ward
1f5325e3f0 FIX: Only validate uploaded URLs if they change 2016-09-08 12:06:18 -04:00
Arpit Jalan
ed0b355e15 generalize permalink URL in GetSatisfaction import script 2016-09-08 15:01:40 +05:30
Arpit Jalan
bade41db42 improve GetSatisfaction import script 2016-09-08 14:57:20 +05:30
Arpit Jalan
19ddf95efa FIX: add custom invite email templates 2016-09-08 00:54:48 +05:30
Robin Ward
9609a47016 Ability to skip email validation via a plugin 2016-09-07 14:05:46 -04:00
timur
aeae63a56a Change reverse.each
Change on reverse_each because reverse_each loops in reverse order (no
intermediate array created).
2016-09-07 14:57:31 +08:00
Robin Ward
610dd933a3 FEATURE: Support importing email from Twitter 2016-09-06 12:18:13 -04:00
Robin Ward
acaac02673 Merge pull request #4423 from SafaAlfulaij/arabic_client_plural_rules
Add Arabic Pluralization Rules for Client
2016-09-06 11:22:21 -04:00
Guo Xiang Tan
f69f225f65 FIX: Don't prevent unicorn worker from starting if warmup fails. 2016-09-06 14:02:08 +08:00
Matt Palmer
51854e56ac Don't hide e-mail in settings behind email-in plugins 2016-09-06 14:23:43 +10:00
Guo Xiang Tan
0fbb949af5 Merge pull request #4432 from tgxworld/migrate_upload_scheme_to_scheduled_job
FIX: Make `Jobs::MigrateUploadScheme` a scheduled job.
2016-09-06 08:39:27 +08:00
Guo Xiang Tan
35bc0c943f More randomly failing specs fixes. 2016-09-05 19:33:03 +08:00
Guo Xiang Tan
1b2b142f30 FIX: Post without a topic can be destroyed. 2016-09-05 19:00:49 +08:00
Guo Xiang Tan
52c70f8b45 Merge pull request #4426 from tgxworld/gsoc_webhooks
Gsoc webhooks
2016-09-05 18:46:03 +08:00
Erick Guan
9ce61b4586 FEATURE: Webhooks. 2016-09-05 18:44:00 +08:00
Guo Xiang Tan
1f70fc9e11 Make sure we reset global in specs. 2016-09-05 18:18:14 +08:00
Arpit Jalan
87e84756f0 improve Ning import script 2016-09-05 15:27:03 +05:30
Guo Xiang Tan
31d900f7e7 Fix build. 2016-09-05 17:03:41 +08:00
Guo Xiang Tan
aa1f306894 Properly clean up plugin event in specs.. 2016-09-05 16:10:03 +08:00
Guo Xiang Tan
aabb7a8592 FIX: DiscourseEvent should not be triggered from within the controller. 2016-09-05 15:58:04 +08:00
Guo Xiang Tan
ec90655c41 FIX: Clean up specs properly. 2016-09-05 15:48:59 +08:00
Guo Xiang Tan
aa9decf6fd Remove DiscourseEvent.clear. 2016-09-05 15:17:49 +08:00
Sam
e0a2346b92 no more protocol-less CDN urls 2016-09-05 16:05:48 +10:00