Neil Lalonde
e0df404d7e
Add site setting tos_accept_required. If enabled, users must check a box saying that they've read and accept the terms of service.
2014-02-07 16:04:13 -05:00
slainer68
748e1e0748
Allow using the API when Login required site setting is on.
2014-01-24 14:02:49 +01:00
Neil Lalonde
259295d865
Add post_edit_time_limit site setting to limit the how long a post can be edited and deleted by the author. Default is 1 year.
2014-01-09 11:55:04 -05:00
christophe
dfb9b8fa58
Fix unused parameter
2014-01-04 08:53:27 +01:00
Neil Lalonde
1f0a59584b
Revert "Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations."
2013-12-18 14:47:22 -05:00
Régis Hanol
94fda12795
use a helper instead of a view for custom HTML content
2013-12-17 18:56:59 +01:00
Régis Hanol
4c6b535cc0
move arbitrary html content out of noscript and into the preloadstore
2013-12-17 18:25:27 +01:00
Neil Lalonde
5171a23a9c
Re-apply with fixes: Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations.
2013-12-11 11:19:22 -05:00
Neil Lalonde
2596f7dec2
Revert "Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations."
2013-12-09 16:28:11 -05:00
Neil Lalonde
ca5d4d5e54
Stop using user agent to detect mobile devices. Use a media query and yepnope to load the appropriate css and customizations.
2013-12-09 13:28:42 -05:00
Harry Seo
2d9876a6ac
FIX: set_locale filter must be executed before check_xhr filter because check_xhr filter renders html in some cases
2013-12-04 20:49:54 +09:00
Robin Ward
7207cef7aa
TopicQuery cleanup in advance of custom sorting:
...
- Move SQL method constants into a module
- Removed unused count methods
- Moved methods that don't return a TopicList into Topic
- Replaced some confusing method signatures
2013-11-13 12:26:32 -05:00
Régis Hanol
e9f9d22482
add query parameter to temporarily disable customization
2013-11-12 18:14:22 +01:00
Robin Ward
de30af9302
Support for inviting to a forum from a user's invite page.
2013-11-06 12:56:50 -05:00
Vikhyat Korrapati
855ee3b43d
Fix ActiveRecord::Associations::CollectionProxy serialization in Rails 4.
2013-11-03 10:41:38 +05:30
Robin Ward
348e2e3ef2
Support for per-user API keys
2013-10-22 17:34:39 -04:00
Sam
3d647a4b41
remove rack cache, it has been causing trouble
...
instead implement an aggressive anonymous cache that is stored in redis
this cache is sitting in the front of the middleware stack enabled only in production
TODO: expire it more intelligently when stuff is created
2013-10-16 16:39:18 +11:00
Sam
939a452293
require dependency was leading to errors in dev
2013-10-09 17:22:41 +11:00
Sam
7993845bfa
add current_user_provider so people can override current_user bevior cleanly, see
...
http://meta.discourse.org/t/amending-current-user-logic-in-discourse/10278
2013-10-09 15:11:54 +11:00
Neil Lalonde
45d7765936
Merge branch 'master' into mobile
2013-09-05 15:54:22 -04:00
Robin Ward
f157ec1f91
Select +Replies for bulk operations
2013-09-05 11:03:29 -04:00
Neil Lalonde
9efa29e688
Detect whether to use mobile view. Session var mobile_view can override automatic detection.
2013-08-27 14:57:42 -04:00
Sam
c4a0152dc6
recover from bad CSRF tokens without requiring a hard refresh of the browser
2013-08-27 15:56:12 +10:00
Sam
11dca1fd92
make code climate a bit happier
2013-08-06 06:25:44 +10:00
Sam
aa6c92922d
SECURITY: correct our CSRF implementation to be much more aggressive
2013-07-29 15:13:13 +10:00
Sam
ecf17cfebb
work in progress, add fidelity to category group permissions (full, create posts, readonly)
2013-07-16 15:46:11 +10:00
Robin Ward
19c169540c
Staff can enter and view deleted topics
2013-07-11 16:39:35 -04:00
Stephan Kaag
e39cc464b1
Refactor routes in order to be compatible with Rails 4
2013-07-01 20:00:06 +02:00
Sam
92562c2090
Merge pull request #1057 from house9/list-controller-1
...
refactor list_controller
2013-06-25 17:36:56 -07:00
Neil Lalonde
a86b35c873
Remove the access_password site setting
2013-06-25 15:05:25 -04:00
Jesse House
2e12eb2b62
refactor list_controller
...
- minor refactoring of actions 'category' and 'category_feed'
- fix defect in 'category' where check was for literal
string 'uncategorized' instead of SiteSetting.uncategorized_name
- major refactoring on defined topic actions
2013-06-25 08:29:00 -07:00
Vipul A M
4ddc0825f5
Remove code duplication in ApplicationController
2013-06-20 21:17:33 +05:30
Sam
7ca5ab3da3
allow api for restricted by global password sites
2013-06-17 16:09:59 +10:00
Sam
b97d186cb5
automatic groups should not allow you to muck with the listed users in the group
2013-06-17 12:54:25 +10:00
Sam
e6e81efe85
correct information leak in page not found
2013-06-13 10:27:17 +10:00
Robin Ward
5217602ec3
FIX: RSS paths render a 404 for missing topics.
2013-06-07 12:52:12 -04:00
Neil Lalonde
62041da7e0
Handle /t/only-the-slug urls by trying to find the topic by slug (second try)
2013-06-06 14:41:37 -04:00
Ian Christian Myers
0d01c33482
Enabled strong_parameters across all models/controllers.
...
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.
The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.
It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Chris Hunt
92a4828f72
Redirect all controllers to login if required
...
We want to skip the filter for sessions controller so that we can login
and we want to skip the filter for static pages because those should be
visible to visitors.
2013-06-04 16:10:10 -07:00
Robin Ward
02b1f78410
FIX: Include preloaded data even if the request type isn't explicitly text/html
2013-06-04 12:56:12 -04:00
Neil Lalonde
42714b424f
For 403 errors, show the same html page as 404
2013-05-30 16:39:39 -04:00
Sam
e93b7a3b20
more progress towards live unread and new counts, unread message implemented, still to implement delete messages
2013-05-30 16:49:57 +10:00
Robin Ward
830b93a16b
Reduced complexity of admin flags controller, split up into methods, moved reports into model.
2013-05-29 16:49:34 -04:00
Robin Ward
0f296cd42b
Refactor + Fix: Wasn't correctly loading activity streams. Code is a lot more Ember-y now.
2013-05-22 12:06:37 -04:00
Sam
fc57578c85
proper 404 for json request 404
2013-05-20 17:28:32 +10:00
Sam
80fb20816c
get rid of nonsense 404.html
...
correct 404 handling for invalid pages
2013-05-20 10:29:49 +10:00
Sam
b6bf95e741
speed up startup (avoid loading some gems on startup)
...
correct group permission leaks
add Discourse.cache for richer caching support
2013-05-13 18:04:03 +10:00
Sam
cef9a74053
route for markdown /md/topic_id/post_number
2013-04-30 16:30:41 +10:00
Régis Hanol
017ee7c2da
FIX: [security bug] XHR check bypass
2013-04-30 02:34:19 +02:00
Sam
f9e33ec6b8
store ip address and current user with incoming links
...
make links long an readable in share dialog
2013-04-26 16:18:55 +10:00