Robin Ward
2891f230d1
SECURITY: Make sure uploaded_urls have corresponding upload records
2016-07-28 13:54:17 -04:00
Robin Ward
cf5b756b1a
SECURITY: Cross-Site Scripting in Category and Group Settings
2016-07-28 11:57:59 -04:00
Robin Ward
dc1a830d3d
SECURITY: SQL Injection in Admin List Active Users
2016-07-28 11:42:06 -04:00
Robin Ward
2f8ab8cd30
SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions
2016-07-28 11:38:12 -04:00
Sam
16a383ea1e
SECURITY: limit bad cookie auth attempts
...
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
Sam
ab68e0c9db
FEATURE: allow "developer" account flagging via developers table
...
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
c6dbaca0dc
SECURITY: disable user entered badge SQL by default
...
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4
SECURITY: limit route access when using external avatars
2016-07-28 09:00:43 +10:00
Andre Pereira
8cbd585e20
FEATURE: Allow staff users to merge posts.
2016-07-27 12:04:14 +08:00
Robin Ward
2a4006fe0c
Add YandexBot
to our list of crawlers
2016-07-26 13:21:37 -04:00
Sam
b5fbff947b
FIX: don't expire old sessions when logging in
2016-07-26 11:37:41 +10:00
Jeff Atwood
1379bd5053
fix all v=2 spec / test errors for emoji
2016-07-25 15:53:48 -07:00
Sam
12ecf8624a
FIX: tokenize words with dots correctly
...
hello.world is now tokenized as "hello.world" and "world" that way the word
"world" will find the post with "hello.world"
2016-07-25 16:26:33 +10:00
Sam
e01802a13b
FIX: strip quote from search term when searching within topic
2016-07-25 15:06:25 +10:00
Sam
df535c6346
FEATURE: refresh session cookie at most once an hour
...
This feature ensures session cookie lifespan is extended
when user is online.
Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Acshi Haggenmiller
afa88f68ce
added spec for localhost embeddable host validation
2016-07-22 17:12:57 -04:00
Sam
12dc511fea
PERF: make score calculator cheaper when site has long topics
2016-07-22 09:48:44 +10:00
Robin Ward
c279889191
FIX: Watching First Post in groups was working incorrectly
2016-07-21 15:05:10 -04:00
Neil Lalonde
7c092b0fe0
FEATURE: add filter to show topics that have not been tagged
2016-07-20 16:21:51 -04:00
Robin Ward
09be741820
FIX: Don't alert on new posts in a topic unless it's a new record
2016-07-19 15:57:05 -04:00
Robin Ward
12cfc8cedd
FIX: Email cooker should support links within blockquotes
2016-07-18 14:38:40 -04:00
Robin Ward
6db50b820d
FIX: Email cooker should link links that don't begin a line
2016-07-18 13:46:13 -04:00
Vinoth Kannan
e99a73e16d
New AWS S3 Storage Mumbai region added ( #4335 )
...
* ap-south-1 region added
* Update client.en.yml
* ap-south-1 region added
2016-07-18 09:03:26 +02:00
cpradio
64bdededd3
Allow plugins that implement OAuth and OAuth2 to show up under associated accounts in the Admin area. ( #4333 )
2016-07-18 09:02:41 +02:00
Guo Xiang Tan
d55da4fe1b
Revert "Revert "Update rails.""
...
This reverts commit 4d27d7e1d3
.
2016-07-18 11:00:23 +08:00
Sam Saffron
46b34e3c62
FEATURE: remove user option for edit history public
...
Users can no longer opt-in for "public" edit history
if site owner disables it.
This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Robin Ward
4d27d7e1d3
Revert "Update rails."
...
This reverts commit 898ec43989
.
2016-07-15 16:35:57 -04:00
Régis Hanol
caa1aea995
FIX: ensure emojis have absolute URLs and uses CDN
2016-07-15 18:37:51 +02:00
Régis Hanol
7848a84e0e
FIX: ensure summary emails have the 'List-Unsubscribe' header set
2016-07-15 11:39:29 +02:00
Guo Xiang Tan
9353013b40
Merge pull request #4332 from tgxworld/bunch_of_fixes_for_backup
...
Bunch of fixes for backup
2016-07-15 17:26:30 +08:00
Guo Xiang Tan
898ec43989
Update rails.
2016-07-15 13:18:30 +08:00
Guo Xiang Tan
5fe4837e28
Add PostCreator#create!
.
2016-07-15 11:36:06 +08:00
Hu Ming
f8a12d4940
Add support for AWS cn ( #4327 )
2016-07-14 16:56:09 +02:00
Guo Xiang Tan
5fed886c8f
FIX: Update post replies when we move posts. ( #4324 )
2016-07-13 17:34:21 +02:00
Guo Xiang Tan
41cbdb5dfa
Fix the build.
2016-07-13 19:14:40 +08:00
Guo Xiang Tan
973a7c9d3a
FIX: Redeeming an invitation fails if inviter has been destroyed.
2016-07-13 11:58:31 +08:00
Robin Ward
bb90129731
Improvements to email cook text rendering
2016-07-12 13:49:03 -04:00
Robin Ward
0c3b049176
FIX: Autolinking in email formatter was broken
2016-07-12 13:33:13 -04:00
Rafael dos Santos Silva
5915929166
FIX: Unicode aware text sentinel ( #4301 )
...
* FIX: Handle unicode text on Text Sentinel
Uses active_support to properly handle unicode text
* Adds test cases to unicode Text Sentinel
2016-07-12 11:08:55 -04:00
Robin Ward
c1d4ca4031
FIX: Raw templates in customizations were broken
2016-07-11 12:57:05 -04:00
Robin Ward
7ff5b228cd
REFACTOR: Raw Handlebars ported to ES6
2016-07-11 12:57:05 -04:00
Robin Ward
a546395397
REFACTOR: Migrate markdown functionality in ES6
2016-07-11 12:57:05 -04:00
Neil Lalonde
304f7040a3
FIX: tag filter dropdown was gone if some tags were restricted to a category.
2016-07-08 17:13:40 -04:00
Arpit Jalan
c626558d36
UX: group pages should not show Messages tab to unauthorised users ( #4318 )
2016-07-09 00:50:04 +05:30
Sam
4161ee210a
FEATURE: improved tag and category watching and tracking
...
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status
New watching and tracking logic takes care of handling old topics
(either with or without read state)
When you watch a topic you now watch historically
Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Guo Xiang Tan
423dc37f6c
Merge pull request #4315 from tgxworld/fix_tags_not_in_category_showing
...
Tags which are not allowed in a category showing in drop down.
2016-07-08 10:28:10 +08:00
Guo Xiang Tan
8fd0414cdf
WIP: Tags which are not allowed in a category showing in drop down.
2016-07-08 10:27:56 +08:00
Robin Ward
5f91919663
Email support for watching first post
2016-07-07 12:23:19 -04:00
Robin Ward
2005565c9c
Server side code for Watching First Post Only
2016-07-07 11:21:50 -04:00
Robin Ward
1eb64151f6
User interface for watching first post
2016-07-07 11:21:50 -04:00
Arpit Jalan
2facb6190f
FEATURE: new site setting download_remote_images_max_days_old
2016-07-06 19:33:51 +05:30
Robin Ward
3fe4903e63
FIX: Support unicode replacements with multiple codepoints
2016-07-05 13:55:41 -04:00
James Kiesel
3588780ac3
Don't reject likes by email for closed topics ( #4311 )
2016-07-05 17:33:08 +02:00
Guo Xiang Tan
f256e3afb6
Merge pull request #4297 from tgxworld/handle_user_enabled_readonly_mode
...
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
e4a82cdd85
Merge pull request #4306 from tgxworld/add_discourse_event_trigger_when_user_logs_out
...
FEATURE: Add event trigger when a user is logged out.
2016-07-05 19:50:46 +08:00
Régis Hanol
17890f95a1
FIX: don't send emails to mailing_list users when bounce threshold is reached
2016-07-05 12:20:07 +02:00
Régis Hanol
59680af329
disable email white/blacklisting for staged users
2016-07-04 16:05:01 +02:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out.
2016-07-04 17:20:30 +08:00
Guo Xiang Tan
bd07658a37
PERF: Split queries when cleaning uploads.
...
This reduces the number of scans that the db has to do in the query
to fetch orphan uploads. Futheremore, we were not batching our
records which bloats memory.
2016-07-04 16:34:32 +08:00
Sam
d61df21d69
FEATURE: allow people to send messages to themselves (for notes etc)
2016-07-04 11:36:43 +10:00
Sam
92daf44daf
correct random suggested topic selection
2016-07-04 10:34:54 +10:00
Sam
e858def372
remove invalid specs
2016-07-04 10:34:26 +10:00
Arpit Jalan
2f3ee3b658
FEATURE: new site setting suggested_topics_max_days_old
2016-07-03 15:07:56 +05:30
Sam
813fcebdd1
FIX: email_always was not respected correctly
...
In the past email always meant, email me even if active UNLESS I read post
Now emails always means, always, even if I read the post
2016-07-01 11:22:07 +10:00
Matt Palmer
7a1e99dacb
Add some clarifying specs around new-topic-creating emails work
...
Strangers get to create new topics (if the appropriate tickbox is ticked)
but low-TL existing users don't. That might seem a bit backwards, but
the tickbox says 'strangers', not 'everyone'.
2016-06-30 22:24:25 +10:00
Sam
b15f6bd211
FIX: s3 cdn urls not remapped correctly
2016-06-30 18:58:38 +10:00
Guo Xiang Tan
8db3ab5f2a
Merge pull request #4292 from tgxworld/rename_use_https_to_force_https
...
Rename `SiteSetting#use_https` to `force_https`.
2016-06-29 15:17:57 +08:00
Guo Xiang Tan
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode.
2016-06-29 15:10:01 +08:00
Guo Xiang Tan
20359788dc
Rename SiteSetting#use_https
to force_https
.
2016-06-29 15:02:43 +08:00
Guo Xiang Tan
7619c2fa2f
FIX: Make sure we add a TTL when we enable readonly mode.
2016-06-29 13:55:17 +08:00
Sam
ef93e75f80
correct #4293 no need to muck with site settings, messes up repeat runs
2016-06-29 12:01:37 +10:00
Robin Ward
61ce5c210c
FIX: S3Cdn link clicks weren't working
2016-06-28 15:52:38 -04:00
Régis Hanol
214f5bff5c
don't send more than 1 reply per day to auto-generated emails
2016-06-28 16:42:05 +02:00
Sam
1411eedad3
FEATURE: offer to unwatch categories when unwatching category
2016-06-28 18:34:20 +10:00
Régis Hanol
800081f606
FIX: staged users weren't able to reply in restricted categories
2016-06-26 19:25:45 +02:00
Robin Ward
ccf9b70671
When restoring a backup, disable emails.
...
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Robin Ward
94a4af6af7
FIX: If posts are deleted they should be updated in consistency jobs
2016-06-21 13:05:56 -04:00
James Kiesel
7a6bc3f1d7
Apply notification styles to mailing list email manually ( #4283 )
...
* Apply notification styles to mailing list email manually
* Fix failing spec
2016-06-21 20:42:30 +05:30
Régis Hanol
874c18cbc1
FIX: unstage users when using SSO
2016-06-21 11:28:58 +02:00
Neil Lalonde
487c20959c
FEATURE: max topics/replies per day for new users now starts counting from the first post, not signup date
2016-06-20 16:55:11 -04:00
Régis Hanol
e9a293beeb
FIX: clean up uploads job
2016-06-20 22:05:41 +02:00
Guo Xiang Tan
b3a8f7d369
Merge pull request #4277 from tgxworld/fix_bug_when_post_creator_returns_nil
...
Fix bug when post creator returns nil
2016-06-20 18:15:52 +08:00
Guo Xiang Tan
9a0797204a
FIX: Add check to ensure post has been created.
2016-06-20 15:51:26 +08:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything.
2016-06-20 15:51:26 +08:00
Sam
8866169879
FEATURE: can invite/revoke groups on private messages
2016-06-20 16:29:27 +10:00
Robin Ward
83e46cc302
FIX: Restrict changing ownership to one topic
2016-06-17 14:20:14 -04:00
Sam
dd1a184955
Correct mailing list mode unsubscribe
2016-06-17 11:57:23 +10:00
Sam
852860de66
FEATURE: simpler and friendlier unsubscribe workflow
...
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Robin Ward
84f0e5ad4d
SECURITY: Unapproved, active users should not receive emails
2016-06-16 12:55:47 -04:00
Neil Lalonde
d62f2b4d67
UX: rename setting num_flags_to_block_new_user to num_spam_flags_to_block_new_user
2016-06-15 13:19:06 -04:00
Guo Xiang Tan
169d17edc3
Include cdn path in the stylesheet digest.
2016-06-16 00:19:38 +08:00
Neil Lalonde
1c9519636c
FEATURE: new users can be blocked from posting if enough TL3 users flag their posts
2016-06-15 10:51:34 -04:00
Guo Xiang Tan
bf64280661
FIX: Incorrect scope when checking for existing topic link.
2016-06-15 14:13:30 +08:00
Régis Hanol
470da6205c
FIX: staged users should not watch/track/mute categories by default
2016-06-14 16:45:47 +02:00
Régis Hanol
49f8a2baa7
FEATURE: support for mandrill webhooks
2016-06-13 12:32:14 +02:00
Guo Xiang Tan
95efdce74f
Improve spec.
2016-06-13 13:16:24 +08:00
Guo Xiang Tan
1fe499e893
FIX: Don't include reflections when checking for duplication topic links.
2016-06-13 13:14:35 +08:00
Guo Xiang Tan
0c8dd28395
FIX: Post count wasn't recovered when a post is recovered.
2016-06-13 11:25:06 +08:00
Robin Ward
3b9b492ea6
FIX: Weird spec
2016-06-10 11:32:32 -04:00
Régis Hanol
dffe50a2e6
new alternative reply by email addresses
2016-06-10 16:14:42 +02:00
Sam
65f466cf8c
FIX: topic link reflections deleted on second save
2016-06-10 17:25:59 +10:00
Sam
3015030fe2
FIX: unlisted topics do not get "slug auto correct" logic
2016-06-10 10:53:26 +10:00
Neil Lalonde
a6090339a7
FEATURE: tag group options: limit usage of one tag per group, tags in a group can't be used unless a prerequisite tag is used
2016-06-09 16:01:19 -04:00
Robin Ward
c3ad0f447a
FIX: Broken spec
2016-06-09 14:31:32 -04:00
Neil Lalonde
5047979f96
FIX: cannot remove tags from a topic
2016-06-09 12:04:34 -04:00
Guo Xiang Tan
ff577405ae
FIX: Randomly failing TopicList specs.
2016-06-09 22:03:13 +08:00
Régis Hanol
214e25f1b5
use proper 'Message-Id' field
2016-06-09 00:33:13 +02:00
Régis Hanol
3e3538d603
loosen security a bit on mailgun's webhook
2016-06-08 22:38:38 +02:00
Robin Ward
e38f17524b
FIX: Reflected links weren't being cleaned up properly
2016-06-08 16:09:01 -04:00
Robin Ward
b9df18360d
If you search a category by id, also include its children
2016-06-08 13:50:52 -04:00
Robin Ward
2169b1ecbc
FIX: Duplicate link message should link to the post
2016-06-08 12:35:11 -04:00
Arpit Jalan
40e9e1be66
FEATURE: user-friendly custom message
2016-06-08 18:23:22 +05:30
Neil Lalonde
a49ace0ffb
FEATURE: ability to restrict tags to categories using groups
2016-06-07 15:36:20 -04:00
Robin Ward
431179dd25
FEATURE: Prompt users when they are entering duplicate links
2016-06-07 14:47:22 -04:00
Robin Ward
6aaa484baa
REFACTOR: Move composer messages to store
2016-06-07 14:47:22 -04:00
Arpit Jalan
4253141700
FEATURE: custom email message for topic invites
2016-06-07 23:43:15 +05:30
Jeff Atwood
cc66bff730
we forgot to update the mailgun tests
2016-06-06 16:55:24 -07:00
Jeff Atwood
5c3e36aec2
Merge pull request #4252 from techAPJ/invite-email-improvements
...
FEATURE: customize invite email message
2016-06-06 14:24:39 -07:00
Neil Lalonde
f3f6c2f98f
FEATURE: tag groups
2016-06-06 14:18:48 -04:00
Régis Hanol
fe595f1653
FEATURE: mailjet webhook
2016-06-06 19:47:45 +02:00
Arpit Jalan
7b205ebba4
FEATURE: customize invite email message
2016-06-06 20:15:30 +05:30
Guo Xiang Tan
ecb2a0b9c7
Skip tests for now.
2016-06-06 18:18:12 +08:00
Guo Xiang Tan
bb92be5784
Clean up Redis after each test.
2016-06-06 17:32:09 +08:00
Régis Hanol
99ad251731
different email footer when mailing_list_mode is enabled
2016-06-03 15:48:54 +02:00
Arpit Jalan
a166869d67
FEATURE: search fallback to tags when category not found
2016-06-02 18:14:41 +05:30
Sam
e01dc54f2a
UX: we should always simply use emoji codes as opposed to treating as image
2016-06-02 12:29:25 +10:00
Régis Hanol
9704603fab
FEATURE: sendgrid webhooks
2016-06-01 21:48:06 +02:00
Neil Lalonde
0f8b4dcc86
FIX: trust level 3 should not be able to edit topics in categories that restrict them from doing so
2016-06-01 15:42:10 -04:00
Neil Lalonde
deb93044b4
FEATURE: new tags can be created from the "edit category" modal when defining the set of permitted tags
2016-05-31 17:27:22 -04:00
Robin Ward
6da097d91c
FIX: Deleted posts were showing the wrong dates in the timeline
2016-05-31 10:51:55 -04:00
Robin Ward
559fa36c18
FEATURE: Topic timeline widget
2016-05-31 10:51:39 -04:00
Neil Lalonde
6796b15857
FEATURE: restrict tags to be used in a category
2016-05-30 16:56:33 -04:00
Régis Hanol
116efffdaa
FEATURE: webhooks support for mailgun
2016-05-30 17:11:17 +02:00
Sam
3eec0a83b0
clean up stop semantics and bypass test
2016-05-30 13:59:58 +10:00
Guo Xiang Tan
cb5be1fe8f
Upgrade rspec to 3.4.0.
2016-05-30 11:38:38 +08:00
Sam
e11c83341c
add more specs
2016-05-30 12:43:01 +10:00
Sam
cc088956bc
correct some test concurrency bugs
2016-05-30 12:28:05 +10:00
Sam
c9dcffe434
FEATURE: store history for scheduled job execution
2016-05-30 11:38:08 +10:00
Sam
efc45aa704
correct specs
2016-05-27 12:35:22 +10:00
Neil Lalonde
884779b5c1
FIX: N+1 query when tagging enabled and no tags in topic list query. Topic query ignored tags input when tagging is disabled.
2016-05-26 18:03:50 -04:00
Neil Lalonde
f13470b96b
Use db schema for tags instead of plugin store and custom fields
2016-05-26 14:29:48 -04:00
David McClure
a92fd9d701
Add Site Setting to use HTML from incoming email when available. ( #4236 )
2016-05-26 10:13:01 +02:00
Neil Lalonde
a4cd068481
FEATURE: add caps to trust level 3 requirements for posts read and topics viewed, configurable in settings
2016-05-25 14:55:49 -04:00
Sam
a19e43fd3b
enough with the malloc limit, not needed
2016-05-25 21:09:07 +10:00
Sam
b3965eb069
was failing on latest phantom, fix test
2016-05-24 13:26:07 +10:00
Régis Hanol
667dd54a23
FEATURE: new 'crop_tall_images' site setting
2016-05-23 16:18:30 +02:00
Guo Xiang Tan
3a140a982f
Fix build.
2016-05-23 11:22:25 +08:00
Sam
695773db1c
FEATURE: upgrade from therubyracer to mini_racer
...
This pushes our internal V8 JavaScript engine from Chrome 32 to 50.
It also resolves some long standing issues we had with the old wrapper.
2016-05-23 09:57:15 +10:00
Arpit Jalan
f387dfe226
FIX: mixed case group mentions were not getting highligted in composer
2016-05-22 18:32:49 +05:30
James Kiesel
feffe23cc5
FEATURE: More granular mailing list mode ( #4068 )
...
* Rearrange frontend to account for mailing list mode
* Allow update of user preference for mailing list frequency
* Add mailing list frequency estimate
* Simplify frequency estimate; disable activity summary for mailing list mode
* Remove combined updates
* Add specs for enqueue mailing list mode job
* Write mailing list method for mailer
* Fix linting error
* Account for stale topics
* Add translations for default mailing list setting
* One query for mailing list topics
* Fix failing spec
* WIP
* Flesh out html template
* First pass at text-based mailing list summary
* Add user avatar
* Properly format posts for mailing list
* Move make_all_links_absolute into Email::Styles
* Apply first_seen_at to user
* Send mailing list email summary hourly based on first_seen_at
* Branch and test cleanup
* Use existing mailing list mode estimate
* Fix failing specs
2016-05-21 15:17:54 +02:00