Commit graph

3168 commits

Author SHA1 Message Date
Guo Xiang Tan
bf683178a8 FIX: Remove tag plugin code from tag hashtag check. 2016-08-02 10:59:12 +08:00
Régis Hanol
681f566a66 FIX: staff members should be able to see raw email of deleted posts 2016-08-01 23:55:22 +02:00
Régis Hanol
829143bf88 FIX: 'List-Unsubscribe' header wasn't added to emails sent when mailing_list_mode was enabled 2016-08-01 20:19:00 +02:00
Régis Hanol
c591429868 FIX: don't destroy uploads in queued posts and drafts 2016-08-01 18:35:57 +02:00
Sam
9018de39ed FEATURE: allow shipping bio markdown via SSO
- Also adds site setting for sso_overrides_bio to disable bio editing by end users
2016-08-01 15:29:28 +10:00
Neil Lalonde
82e170d6a6 FIX: 404 when filtering by category, no sub-category, and a tag 2016-07-28 16:19:03 -04:00
Robin Ward
2891f230d1 SECURITY: Make sure uploaded_urls have corresponding upload records 2016-07-28 13:54:17 -04:00
Robin Ward
cf5b756b1a SECURITY: Cross-Site Scripting in Category and Group Settings 2016-07-28 11:57:59 -04:00
Robin Ward
dc1a830d3d SECURITY: SQL Injection in Admin List Active Users 2016-07-28 11:42:06 -04:00
Robin Ward
2f8ab8cd30 SECURITY: XSS in "Account Suspended" Messages and Badge Descriptions 2016-07-28 11:38:12 -04:00
Sam
16a383ea1e SECURITY: limit bad cookie auth attempts
- Also cleans up the _t cookie if it is invalid
2016-07-28 12:58:49 +10:00
Sam
ab68e0c9db FEATURE: allow "developer" account flagging via developers table
This mechanism for flagging developer accounts will eventually replace
DISCOURSE_DEVELOPER_EMAILS
2016-07-28 10:14:06 +10:00
Sam
c6dbaca0dc SECURITY: disable user entered badge SQL by default
- Hidden site settings now must be change via rails console
2016-07-28 09:03:00 +10:00
Sam
cb3afd11b4 SECURITY: limit route access when using external avatars 2016-07-28 09:00:43 +10:00
Andre Pereira
8cbd585e20 FEATURE: Allow staff users to merge posts. 2016-07-27 12:04:14 +08:00
Robin Ward
2a4006fe0c Add YandexBot to our list of crawlers 2016-07-26 13:21:37 -04:00
Sam
b5fbff947b FIX: don't expire old sessions when logging in 2016-07-26 11:37:41 +10:00
Jeff Atwood
1379bd5053 fix all v=2 spec / test errors for emoji 2016-07-25 15:53:48 -07:00
Sam
12ecf8624a FIX: tokenize words with dots correctly
hello.world is now tokenized as "hello.world" and "world" that way the word
"world" will find the post with "hello.world"
2016-07-25 16:26:33 +10:00
Sam
e01802a13b FIX: strip quote from search term when searching within topic 2016-07-25 15:06:25 +10:00
Sam
df535c6346 FEATURE: refresh session cookie at most once an hour
This feature ensures session cookie lifespan is extended
when user is online.

Also decreases session timeout from 90 to 60 days.
Ensures all users (including logged on ones) get expiring sessions.
2016-07-25 12:07:31 +10:00
Acshi Haggenmiller
afa88f68ce added spec for localhost embeddable host validation 2016-07-22 17:12:57 -04:00
Sam
12dc511fea PERF: make score calculator cheaper when site has long topics 2016-07-22 09:48:44 +10:00
Robin Ward
c279889191 FIX: Watching First Post in groups was working incorrectly 2016-07-21 15:05:10 -04:00
Neil Lalonde
7c092b0fe0 FEATURE: add filter to show topics that have not been tagged 2016-07-20 16:21:51 -04:00
Robin Ward
09be741820 FIX: Don't alert on new posts in a topic unless it's a new record 2016-07-19 15:57:05 -04:00
Robin Ward
12cfc8cedd FIX: Email cooker should support links within blockquotes 2016-07-18 14:38:40 -04:00
Robin Ward
6db50b820d FIX: Email cooker should link links that don't begin a line 2016-07-18 13:46:13 -04:00
Vinoth Kannan
e99a73e16d New AWS S3 Storage Mumbai region added ()
* ap-south-1 region added

* Update client.en.yml

* ap-south-1 region added
2016-07-18 09:03:26 +02:00
cpradio
64bdededd3 Allow plugins that implement OAuth and OAuth2 to show up under associated accounts in the Admin area. () 2016-07-18 09:02:41 +02:00
Guo Xiang Tan
d55da4fe1b Revert "Revert "Update rails.""
This reverts commit 4d27d7e1d3.
2016-07-18 11:00:23 +08:00
Sam Saffron
46b34e3c62 FEATURE: remove user option for edit history public
Users can no longer opt-in for "public" edit history
if site owner disables it.

This feature adds cost and complexity to post rendering since
user options need to be premeptively loaded for every user in the
stream. It is also confusing to explain to communities with private edit
history.
2016-07-16 21:30:00 +10:00
Robin Ward
4d27d7e1d3 Revert "Update rails."
This reverts commit 898ec43989.
2016-07-15 16:35:57 -04:00
Régis Hanol
caa1aea995 FIX: ensure emojis have absolute URLs and uses CDN 2016-07-15 18:37:51 +02:00
Régis Hanol
7848a84e0e FIX: ensure summary emails have the 'List-Unsubscribe' header set 2016-07-15 11:39:29 +02:00
Guo Xiang Tan
9353013b40 Merge pull request from tgxworld/bunch_of_fixes_for_backup
Bunch of fixes for backup
2016-07-15 17:26:30 +08:00
Guo Xiang Tan
898ec43989 Update rails. 2016-07-15 13:18:30 +08:00
Guo Xiang Tan
5fe4837e28 Add PostCreator#create!. 2016-07-15 11:36:06 +08:00
Hu Ming
f8a12d4940 Add support for AWS cn () 2016-07-14 16:56:09 +02:00
Guo Xiang Tan
5fed886c8f FIX: Update post replies when we move posts. () 2016-07-13 17:34:21 +02:00
Guo Xiang Tan
41cbdb5dfa Fix the build. 2016-07-13 19:14:40 +08:00
Guo Xiang Tan
973a7c9d3a FIX: Redeeming an invitation fails if inviter has been destroyed. 2016-07-13 11:58:31 +08:00
Robin Ward
bb90129731 Improvements to email cook text rendering 2016-07-12 13:49:03 -04:00
Robin Ward
0c3b049176 FIX: Autolinking in email formatter was broken 2016-07-12 13:33:13 -04:00
Rafael dos Santos Silva
5915929166 FIX: Unicode aware text sentinel ()
* FIX: Handle unicode text on Text Sentinel

Uses active_support to properly handle unicode text

* Adds test cases to unicode Text Sentinel
2016-07-12 11:08:55 -04:00
Robin Ward
c1d4ca4031 FIX: Raw templates in customizations were broken 2016-07-11 12:57:05 -04:00
Robin Ward
7ff5b228cd REFACTOR: Raw Handlebars ported to ES6 2016-07-11 12:57:05 -04:00
Robin Ward
a546395397 REFACTOR: Migrate markdown functionality in ES6 2016-07-11 12:57:05 -04:00
Neil Lalonde
304f7040a3 FIX: tag filter dropdown was gone if some tags were restricted to a category. 2016-07-08 17:13:40 -04:00
Arpit Jalan
c626558d36 UX: group pages should not show Messages tab to unauthorised users () 2016-07-09 00:50:04 +05:30
Sam
4161ee210a FEATURE: improved tag and category watching and tracking
- present tags watched on the user prefs page
- automatically watch or unwatch old topics based on watch status

New watching and tracking logic takes care of handling old topics
(either with or without read state)

When you watch a topic you now watch historically

Also removes confusing warnings from user.
2016-07-08 12:58:30 +10:00
Guo Xiang Tan
423dc37f6c Merge pull request from tgxworld/fix_tags_not_in_category_showing
Tags which are not allowed in a category showing in drop down.
2016-07-08 10:28:10 +08:00
Guo Xiang Tan
8fd0414cdf
WIP: Tags which are not allowed in a category showing in drop down. 2016-07-08 10:27:56 +08:00
Robin Ward
5f91919663 Email support for watching first post 2016-07-07 12:23:19 -04:00
Robin Ward
2005565c9c Server side code for Watching First Post Only 2016-07-07 11:21:50 -04:00
Robin Ward
1eb64151f6 User interface for watching first post 2016-07-07 11:21:50 -04:00
Arpit Jalan
2facb6190f FEATURE: new site setting download_remote_images_max_days_old 2016-07-06 19:33:51 +05:30
Robin Ward
3fe4903e63 FIX: Support unicode replacements with multiple codepoints 2016-07-05 13:55:41 -04:00
James Kiesel
3588780ac3 Don't reject likes by email for closed topics () 2016-07-05 17:33:08 +02:00
Guo Xiang Tan
f256e3afb6 Merge pull request from tgxworld/handle_user_enabled_readonly_mode
Handle user enabled readonly mode
2016-07-05 19:54:32 +08:00
Guo Xiang Tan
e4a82cdd85 Merge pull request from tgxworld/add_discourse_event_trigger_when_user_logs_out
FEATURE: Add event trigger when a user is logged out.
2016-07-05 19:50:46 +08:00
Régis Hanol
17890f95a1 FIX: don't send emails to mailing_list users when bounce threshold is reached 2016-07-05 12:20:07 +02:00
Régis Hanol
59680af329 disable email white/blacklisting for staged users 2016-07-04 16:05:01 +02:00
Guo Xiang Tan
22ade1f811
FEATURE: Add event trigger when a user is logged out. 2016-07-04 17:20:30 +08:00
Guo Xiang Tan
bd07658a37
PERF: Split queries when cleaning uploads.
This reduces the number of scans that the db has to do in the query
to fetch orphan uploads. Futheremore, we were not batching our
records which bloats memory.
2016-07-04 16:34:32 +08:00
Sam
d61df21d69 FEATURE: allow people to send messages to themselves (for notes etc) 2016-07-04 11:36:43 +10:00
Sam
92daf44daf correct random suggested topic selection 2016-07-04 10:34:54 +10:00
Sam
e858def372 remove invalid specs 2016-07-04 10:34:26 +10:00
Arpit Jalan
2f3ee3b658 FEATURE: new site setting suggested_topics_max_days_old 2016-07-03 15:07:56 +05:30
Sam
813fcebdd1 FIX: email_always was not respected correctly
In the past email always meant, email me even if active UNLESS I read post

Now emails always means, always, even if I read the post
2016-07-01 11:22:07 +10:00
Matt Palmer
7a1e99dacb Add some clarifying specs around new-topic-creating emails work
Strangers get to create new topics (if the appropriate tickbox is ticked)
but low-TL existing users don't.  That might seem a bit backwards, but
the tickbox says 'strangers', not 'everyone'.
2016-06-30 22:24:25 +10:00
Sam
b15f6bd211 FIX: s3 cdn urls not remapped correctly 2016-06-30 18:58:38 +10:00
Guo Xiang Tan
8db3ab5f2a Merge pull request from tgxworld/rename_use_https_to_force_https
Rename `SiteSetting#use_https` to `force_https`.
2016-06-29 15:17:57 +08:00
Guo Xiang Tan
64858c10fe
FIX: Set a not expiring key for user enabled readonly mode. 2016-06-29 15:10:01 +08:00
Guo Xiang Tan
20359788dc
Rename SiteSetting#use_https to force_https. 2016-06-29 15:02:43 +08:00
Guo Xiang Tan
7619c2fa2f
FIX: Make sure we add a TTL when we enable readonly mode. 2016-06-29 13:55:17 +08:00
Sam
ef93e75f80 correct no need to muck with site settings, messes up repeat runs 2016-06-29 12:01:37 +10:00
Robin Ward
61ce5c210c FIX: S3Cdn link clicks weren't working 2016-06-28 15:52:38 -04:00
Régis Hanol
214f5bff5c don't send more than 1 reply per day to auto-generated emails 2016-06-28 16:42:05 +02:00
Sam
1411eedad3 FEATURE: offer to unwatch categories when unwatching category 2016-06-28 18:34:20 +10:00
Régis Hanol
800081f606 FIX: staged users weren't able to reply in restricted categories 2016-06-26 19:25:45 +02:00
Robin Ward
ccf9b70671 When restoring a backup, disable emails.
This prevents accidental sending of emails after a restore before
the admin has had a chance to review everything.
2016-06-24 17:15:15 -04:00
Robin Ward
94a4af6af7 FIX: If posts are deleted they should be updated in consistency jobs 2016-06-21 13:05:56 -04:00
James Kiesel
7a6bc3f1d7 Apply notification styles to mailing list email manually ()
* Apply notification styles to mailing list email manually

* Fix failing spec
2016-06-21 20:42:30 +05:30
Régis Hanol
874c18cbc1 FIX: unstage users when using SSO 2016-06-21 11:28:58 +02:00
Neil Lalonde
487c20959c FEATURE: max topics/replies per day for new users now starts counting from the first post, not signup date 2016-06-20 16:55:11 -04:00
Régis Hanol
e9a293beeb FIX: clean up uploads job 2016-06-20 22:05:41 +02:00
Guo Xiang Tan
b3a8f7d369 Merge pull request from tgxworld/fix_bug_when_post_creator_returns_nil
Fix bug when post creator returns nil
2016-06-20 18:15:52 +08:00
Guo Xiang Tan
9a0797204a
FIX: Add check to ensure post has been created. 2016-06-20 15:51:26 +08:00
Guo Xiang Tan
dfdc54957c
FIX: A blocked user should not be able to moderate anything. 2016-06-20 15:51:26 +08:00
Sam
8866169879 FEATURE: can invite/revoke groups on private messages 2016-06-20 16:29:27 +10:00
Robin Ward
83e46cc302 FIX: Restrict changing ownership to one topic 2016-06-17 14:20:14 -04:00
Sam
dd1a184955 Correct mailing list mode unsubscribe 2016-06-17 11:57:23 +10:00
Sam
852860de66 FEATURE: simpler and friendlier unsubscribe workflow
- All unsubscribes go to the exact same page
- You may unsubscribe from watching a category on that page
- You no longer need to be logged in to unsubscribe from a topic
- Simplified footer on emails
2016-06-17 11:28:49 +10:00
Robin Ward
84f0e5ad4d SECURITY: Unapproved, active users should not receive emails 2016-06-16 12:55:47 -04:00
Neil Lalonde
d62f2b4d67 UX: rename setting num_flags_to_block_new_user to num_spam_flags_to_block_new_user 2016-06-15 13:19:06 -04:00
Guo Xiang Tan
169d17edc3
Include cdn path in the stylesheet digest. 2016-06-16 00:19:38 +08:00
Neil Lalonde
1c9519636c FEATURE: new users can be blocked from posting if enough TL3 users flag their posts 2016-06-15 10:51:34 -04:00
Guo Xiang Tan
bf64280661
FIX: Incorrect scope when checking for existing topic link. 2016-06-15 14:13:30 +08:00
Régis Hanol
470da6205c FIX: staged users should not watch/track/mute categories by default 2016-06-14 16:45:47 +02:00