IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity
47,828 Commits 186 Branches 505 Tags
5eaf0802398ff06604f03b27a28dd274f2ffa576
Commit Graph

47828 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Natalie Tay
5eaf080239 SECURITY: Limit chat drafts length and preloaded count (#19987) 
Only allow maximum of `50_000` characters for chat drafts. A hidden `max_chat_draft_length` setting can control this limit. A migration is also provided to delete any abusive draft in the database.

The number of drafts loaded on current user has also been limited and ordered by most recent update.

Note that spec files moved are not directly related to the fix.

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
 2023-01-25 13:50:10 +02:00
Loïc Guitaut
ec2ed5b7f6 FIX: Delete reviewables associated to posts automatically 
Currently we don’t have an association between reviewables and posts.
This sometimes leads to inconsistencies in the DB as a post can have
been deleted but an associated reviewable is still present.

This patch addresses this issue simply by adding a new association to
the `Post` model and by using the `dependent: :destroy` option.
 2023-01-25 09:45:36 +01:00
Martin Brennan
82182ec0c7 DEV: Add hashtag controller specs (#19983) 
This is just cleaning up a TODO I had to add more specs
to this controller -- there are more thorough tests on the
actual HashtagService class and the type-specific hashtag
classes.
 2023-01-25 17:13:32 +10:00
Martin Brennan
88a972c61b DEV: Delete dead Topic#incoming_email_addresses code (#19970) 
This code has been dead since b463a80cbf,
we can delete it now.
 2023-01-25 09:34:41 +10:00
dependabot[bot]
3866867e45 Build(deps-dev): Bump @embroider/test-setup in /app/assets/javascripts (#19982) 2023-01-24 22:51:23 +01:00
dependabot[bot]
69c7f676ea Build(deps): Bump ember-auto-import in /app/assets/javascripts (#19981) 2023-01-24 22:50:05 +01:00
Kris
75032f4752 UX: remove extra whitespace in search helper (#19980) 2023-01-24 15:27:05 -05:00
Kris
e71bf672cb UX: prevent user card status overflow (#19979) 2023-01-24 13:58:24 -05:00
Kris
4da8e15801 A11Y: discourse-tags should have a role and label (#19977) 2023-01-24 13:04:32 -05:00
Joffrey JAFFEUX
857f35f920 DEV: prevents flakey test (#19976) 2023-01-24 17:38:41 +01:00
Discourse Translator Bot
8b72f489e1 Update translations (#19974) 2023-01-24 16:32:34 +01:00
Kris
a57d6a0f75 A11Y: add aria-labels for flagging textareas (#19938) 2023-01-24 09:49:15 -05:00
Kris
7683b4bbfa UX: improve bulk button layout and alignment (#19966) 2023-01-24 09:47:35 -05:00
Jarek Radosz
17deb79fcb DEV: Fix random typos (#19973) 2023-01-24 15:41:01 +01:00
Aleksey Bogdanov
1bc39c1a4f FIX: text selection breaks opening of links in new tabs (#19867) 
When a user checks "Open all external links in a new tab" preference
he expects not to be overruled by unrelated text selections.
Yet if text is selected during a link click the link is followed on
the same tab. This change corrects that.
 2023-01-24 14:17:03 +01:00
David Taylor
eee97ad29a DEV: Patch capybara to ignore client-triggered errors (#19972) 
In dev/prod, these are absorbed by unicorn. Most commonly, they occur when a client interrupts a message-bus long-polling request.

Also reverts the EPIPE workaround introduced in 011c9b9973
 2023-01-24 11:07:29 +00:00
David Taylor
e2db764cdd DEV: Remove older ruby version logic (#19971) 
Discourse no longer boots on anything less than 3.1, so these code paths will never be used
 2023-01-24 10:42:56 +00:00
David Taylor
48713653df DEV: Add failing test for api.modifyClass with native getters (#19911) 
https://meta.discourse.org/t/251793/8
 2023-01-24 10:41:48 +00:00
Martin Brennan
63fdb6dd65 FIX: Do not add empty use/svg tags in ExcerptParser (#19969) 
There was an issue where if hashtag-cooked HTML was sent
to the ExcerptParser without the keep_svg option, we would
end up with empty </use> and </svg> tags on the parts of the
excerpt where the hashtag was, in this case when a post
push notification was sent.

Fixed this, and also added a way to only display a plaintext
version of the hashtag for cases like this via PrettyText#excerpt.
 2023-01-24 14:40:24 +10:00
Vinoth Kannan
799202d50b FIX: skip email if blank while syncing SSO attributes. (#19939) 
Also, return email blank error in `EmailValidator`  when the email is blank.
 2023-01-24 09:10:24 +05:30
Martin Brennan
0924f874bd DEV: Use UploadReference instead of ChatUpload in chat (#19947) 
We've had the UploadReference table for some time now in core,
but it was added after ChatUpload was and chat was just never
moved over to this new system.

This commit changes all chat code dealing with uploads to create/
update/delete/query UploadReference records instead of ChatUpload
records for consistency. At a later date we will drop the ChatUpload
table, but for now keeping it for data backup.

The migration + post migration are the same, we need both in case
any chat uploads are added/removed during deploy.
 2023-01-24 13:28:21 +10:00
Krzysztof Kotlarek
ac4ee1a3d4 FIX: TL4 user is not redirected to latest when delete topic (#19967) 
Continue of https://github.com/discourse/discourse/pull/19766

When TL4 is allowed to delete topic, they should not be redirected to / after that action.
 2023-01-24 11:28:04 +11:00
Martin Brennan
110c96e6d7 FIX: Do not count deleted post for upload ref security (#19949) 
When checking whether an existing upload should be secure
based on upload references, do not count deleted posts, since
there is still a reference attached to them. This can lead to
issues where e.g. an upload is used for a post then later on
a custom emoji.
 2023-01-24 10:01:48 +10:00
Blake Erickson
a6291cd854 FEATURE: Add api scope for suspending users (#19965) 
See: https://meta.discourse.org/t/request-separate-api-granular-api-scope-for-suspend-user/249928/5
 2023-01-23 16:20:49 -07:00
Blake Erickson
774feb6614 FEATURE: Add api scope for create invite endpoint (#19964) 
Adds an api scope for the POST /invite endpoint.
 2023-01-23 16:20:22 -07:00
dependabot[bot]
73deb31e3e Build(deps-dev): Bump selenium-webdriver from 4.7.1 to 4.8.0 (#19959) 2023-01-23 23:53:52 +01:00
dependabot[bot]
d76a30f6a1 Build(deps): Bump rubocop from 1.43.0 to 1.44.0 (#19961) 2023-01-23 23:52:59 +01:00
dependabot[bot]
bc9874033f Build(deps): Bump qunit from 2.19.3 to 2.19.4 in /app/assets/javascripts (#19962) 2023-01-23 23:52:22 +01:00
dependabot[bot]
b95c301a74 Build(deps): Bump concurrent-ruby from 1.1.10 to 1.2.0 (#19960) 2023-01-23 23:49:46 +01:00
Blake Erickson
09f5235538 FEATURE: Add api scope for search endpoint (#19955) 
Adds two new api scopes for the /search endpoints:

- `/search.json?q=term`
- `/search/query.json?term=term`

see: https://meta.discourse.org/t/search-api-key-permissions/227244
 2023-01-23 14:06:57 -07:00
Joffrey JAFFEUX
ad70a72de9 FIX: adds negative skidding to popper offset (#19958) 
Learn more about skidding here: https://popper.js.org/docs/v2/modifiers/offset/#skidding-1

This change has two goals:
- Fixes an issue when the user had zoomed the viewport and the popper would position on the opposite side
- Makes msg actions arguably more pleasant to the eye by preventing it to be right aligned with the message container
 2023-01-23 16:04:14 -05:00
David Taylor
87316d7a10 SECURITY: Bump Rails to v7.0.4.1 (#19956) 2023-01-23 15:38:49 -05:00
Kris
239815c4a4 UX: fixes and adjustments for user nav (#19954) 2023-01-23 14:28:55 -05:00
Kris
e3a48d2681 FIX: data-popper-reference-hidden too broad (#19937) 2023-01-23 14:28:48 -05:00
Jordan Vidrine
1d7b50a0d3 FIX: Fix margin on mini-tag-chooser (#19953) 2023-01-23 10:39:57 -06:00
Joffrey JAFFEUX
ffd222e883 FIX: prevents msg-actions to show hover text (#19952) 
This case was possible in restrained space when the top of the message was not visible in the viewport.
 2023-01-23 15:59:12 +01:00
Joffrey JAFFEUX
34d158c4aa FIX: generates automatic slug for trashed channels (#19908) 
Prior to this fix trashed channels would still prevent a channel with the same slug to be created. This commit generates a new slug on trash and frees the slug for future usage.

The format used for the slug is: `YYYYMMDD-HHMM-OLD_SLUG-deleted` truncated to the max length of a channel name.
 2023-01-23 15:05:47 +01:00
Jordan Vidrine
b26e0dcf35 UX: Set penalty history to sticky (#19933) 2023-01-23 07:14:23 -06:00
Jan Cernik
d0c820e816 FEATURE: Add better TikTok onebox support (#19934) 2023-01-23 09:49:02 -03:00
Martin Brennan
641e94fc3c FEATURE: Allow changing slug on create channel (#19928) 
This commit allows us to set the channel slug when creating new chat
channels. As well as this, it introduces a new `SlugsController` which can
generate a slug using `Slug.for` and a name string for input. We call this
after the user finishes typing the channel name (debounced) and fill in
the autogenerated slug in the background, and update the slug input
placeholder.

This autogenerated slug is used by default, but if the user writes anything
else in the input it will be used instead.
 2023-01-23 14:48:33 +10:00
Krzysztof Kotlarek
ae20ce8654 FIX: TL4 user can see deleted topics (#19946) 
New feature that TL4 users can delete/recover topics and post was introduced https://github.com/discourse/discourse/pull/19766

One guardian was missed to ensure that can see deleted topics
 2023-01-23 12:02:47 +11:00
dependabot[bot]
264f219fba Build(deps): Bump net-imap from 0.3.1 to 0.3.4 (#19613) 
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.3.1 to 0.3.4.
- [Release notes](https://github.com/ruby/net-imap/releases)
- [Commits](https://github.com/ruby/net-imap/compare/v0.3.1...v0.3.4)

---
updated-dependencies:
- dependency-name: net-imap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:37:00 +01:00
dependabot[bot]
54e5a2e4c4 Build(deps): Bump sass from 1.57.0 to 1.57.1 in /app/assets/javascripts (#19538) 
Bumps [sass](https://github.com/sass/dart-sass) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.57.0...1.57.1)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:36:16 +01:00
dependabot[bot]
8a595c4f5e Build(deps): Bump erubi from 1.11.0 to 1.12.0 (#19591) 
Bumps [erubi](https://github.com/jeremyevans/erubi) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/jeremyevans/erubi/releases)
- [Changelog](https://github.com/jeremyevans/erubi/blob/master/CHANGELOG)
- [Commits](https://github.com/jeremyevans/erubi/compare/1.11.0...1.12.0)

---
updated-dependencies:
- dependency-name: erubi
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:35:58 +01:00
dependabot[bot]
81721ea0ce Build(deps): Bump redis-namespace from 1.9.0 to 1.10.0 (#19589) 
Bumps [redis-namespace](https://github.com/resque/redis-namespace) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/resque/redis-namespace/releases)
- [Changelog](https://github.com/resque/redis-namespace/blob/master/CHANGELOG.md)
- [Commits](https://github.com/resque/redis-namespace/compare/v1.9...v1.10.0)

---
updated-dependencies:
- dependency-name: redis-namespace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:18:55 +01:00
dependabot[bot]
87fdbf3d6b Build(deps): Bump excon from 0.96.0 to 0.97.2 (#19940) 
Bumps [excon](https://github.com/excon/excon) from 0.96.0 to 0.97.2.
- [Release notes](https://github.com/excon/excon/releases)
- [Changelog](https://github.com/excon/excon/blob/master/changelog.txt)
- [Commits](https://github.com/excon/excon/compare/v0.96.0...v0.97.2)

---
updated-dependencies:
- dependency-name: excon
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 23:18:25 +01:00
dependabot[bot]
9bfb942b77 Build(deps): Bump css_parser from 1.13.0 to 1.14.0 (#19804) 
Bumps [css_parser](https://github.com/premailer/css_parser) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/premailer/css_parser/releases)
- [Changelog](https://github.com/premailer/css_parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/premailer/css_parser/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: css_parser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:56:29 +01:00
dependabot[bot]
f81c94637a Build(deps): Bump ember-rfc176-data in /app/assets/javascripts (#19925) 
Bumps [ember-rfc176-data](https://github.com/ember-cli/ember-rfc176-data) from 0.3.17 to 0.3.18.
- [Release notes](https://github.com/ember-cli/ember-rfc176-data/releases)
- [Changelog](https://github.com/ember-cli/ember-rfc176-data/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ember-cli/ember-rfc176-data/compare/v0.3.17...v0.3.18)

---
updated-dependencies:
- dependency-name: ember-rfc176-data
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:56:17 +01:00
dependabot[bot]
1000090fa8 Build(deps): Bump rails-html-sanitizer from 1.4.4 to 1.5.0 (#19943) 
Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.4.4 to 1.5.0.
- [Release notes](https://github.com/rails/rails-html-sanitizer/releases)
- [Changelog](https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rails/rails-html-sanitizer/compare/v1.4.4...v1.5.0)

---
updated-dependencies:
- dependency-name: rails-html-sanitizer
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:55:35 +01:00
dependabot[bot]
9be9f97373 Build(deps): Bump @babel/standalone in /app/assets/javascripts (#19945) 
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone) from 7.20.12 to 7.20.13.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.20.13/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/standalone"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-22 22:53:57 +01:00