Sam
e0ff57ca75
SECURITY: prevent reuse of password reset
2016-12-19 18:00:22 +11:00
Sam
eb2db23b40
FEATURE: remove email_token_grace_period_hours
...
The site setting email_token_grace_period_hours just causes confusion and
should not be used anyway.
Out of the box, tokens stop working once confirmed, no need to add complexity here
2016-12-19 17:15:20 +11:00
Sam
7918d99a2e
SECURITY: update onebox gem
2016-12-19 13:17:51 +11:00
Sam
dd383300b1
FEATURE: rate limit by login on password reset
2016-12-19 11:03:07 +11:00
Sam
0599bd0154
FEATURE: add referrer never tag to password reset page
2016-12-19 11:01:58 +11:00
Sam
15b5fddd49
SECURITY: protect upload params, only allow very strict filenames
2016-12-19 10:16:18 +11:00
Sam
30e0154e5d
SECURITY: fix reflected XSS with safe_mode param
...
(only applies to beta and master)
2016-12-19 10:11:51 +11:00
Jeff Atwood
81956cb1d6
Merge pull request #4590 from xfalcox/css-highligth
...
Use CSS animations for post and topic highlights
2016-12-16 14:22:25 -08:00
Rafael dos Santos Silva
e9fa936389
Uses CSS animation for highlight on mobile too
2016-12-16 19:26:49 -02:00
Arpit Jalan
ab6843dcde
FIX: username route was broken
2016-12-16 23:56:22 +05:30
Guo Xiang Tan
51679ef6b2
Fix JS tests.
2016-12-17 00:51:40 +08:00
Guo Xiang Tan
d8541c589a
FIX: Incorrect route for updating username.
2016-12-17 00:23:12 +08:00
Robin Ward
ddd299f4aa
Revert "Revert "Revert Ember 2.10+ for a short while""
...
This reverts commit 76bbc481cb
.
2016-12-16 10:29:30 -05:00
Robin Ward
76bbc481cb
Revert "Revert Ember 2.10+ for a short while"
...
This reverts commit 21682fd60b
.
2016-12-16 09:52:29 -05:00
Jeff Atwood
2600aca80b
add back in missing para in new user PM
2016-12-16 00:49:54 -08:00
Jeff Atwood
e26d6227a4
Merge branch 'master' of https://github.com/discourse/discourse
2016-12-16 00:39:00 -08:00
Jeff Atwood
a2feef0847
UX: switch to new user tips blog post PM
2016-12-16 00:38:56 -08:00
Guo Xiang Tan
e3213f127d
FIX: Regression with request membership button after migrating to component.
2016-12-16 16:07:11 +08:00
Sam
d4a0508744
FEATURE: outlet prior to Reply button at the bottom of topics
2016-12-16 17:10:32 +11:00
Sam
61eb134181
FEATURE: setting to allow arbitrary redirects from sso origin
...
if sso_allows_all_return_paths is set to true you can redirect off-site from sso success
2016-12-16 13:37:44 +11:00
Sam
6ff309aa80
SECURITY: don't grant same privileges to user_api and api access
...
User API is no longer gets bypasses that standard API gets.
Only bypasses are CSRF and XHR requirements.
2016-12-16 12:05:43 +11:00
Régis Hanol
197517d55e
FIX: locally uploaded audio & video files should onebox even when the extension is uppercase
2016-12-15 23:21:44 +01:00
Robin Ward
21682fd60b
Revert Ember 2.10+ for a short while
2016-12-15 16:43:38 -05:00
Neil Lalonde
f01f95d62d
FEATURE: new settings to customize some colors in emails
2016-12-15 14:43:53 -05:00
Neil Lalonde
62ba5ea33f
Name before username in summary email
2016-12-15 14:43:52 -05:00
Robin Ward
d0ddceb4e4
UX: Try improving the back button on the timeline
2016-12-15 14:24:58 -05:00
Robin Ward
ba8c6fd840
FIX: PhantomJS was crashing
2016-12-15 12:30:20 -05:00
Robin Ward
250ca11416
Add PluginAPI for registering a connector class
2016-12-15 11:54:37 -05:00
Robin Ward
0348f23f6d
FIX: Register a test waiter rather than using hidden properties
2016-12-15 11:36:21 -05:00
Robin Ward
40c944cb36
FIX: Was showing two rows for the title always
2016-12-15 10:47:43 -05:00
Robin Ward
d69b782737
FIX: Editing tags was double rendering
2016-12-15 10:40:11 -05:00
Robin Ward
2655be512f
FIX: Showing raw email and history were broken
2016-12-15 10:28:15 -05:00
Robin Ward
ea3db56d1c
FIX: Mobile raw templates were not being resolved
2016-12-15 10:28:15 -05:00
Robin Ward
a149913c4d
FIX: Template compilation was broken
2016-12-15 10:28:15 -05:00
Robin Ward
28699e66d8
Revert "REVERT: Ember 2.10 -- it's not building properly"
...
This reverts commit 600541c623
.
2016-12-15 10:28:15 -05:00
Guo Xiang Tan
ffc97f2298
FIX: Wait 30 days before dropping the column.
...
* Regressions from the past is resulting in `logo_url` with
no uploads record.
2016-12-15 22:45:04 +08:00
Guo Xiang Tan
c47b60a1e4
FIX: Check for column that we want to drop instead.
...
* Otherwise, the migration is called multiple times.
2016-12-15 20:53:10 +08:00
Guo Xiang Tan
0ab52b127b
Fix JS tests.
2016-12-15 16:52:47 +08:00
Guo Xiang Tan
e765e64cb1
Bump onebox for fixes.
2016-12-15 16:18:48 +08:00
Guo Xiang Tan
bbe067e735
Fix eslint.
2016-12-15 16:07:56 +08:00
Guo Xiang Tan
7888a16374
FEATURE: Add membership request to groups page.
2016-12-15 14:39:13 +08:00
Guo Xiang Tan
50aa9ba396
Fix JS tests.
2016-12-15 14:17:15 +08:00
Sam
162413862c
FEATURE: add staff
class to HTML body for staff
2016-12-15 16:23:03 +11:00
Sam
98f4a2adcb
FIX: on 404 from brotli asset path return a correctly encoded doc
...
old implementation would cache the 404 for 1 year with incorrect encoding
hilarity would ensue
2016-12-15 16:05:20 +11:00
Sam
f867af6bf9
bye bye byebug
2016-12-15 15:52:25 +11:00
Guo Xiang Tan
3666575b46
UX: Improve styling for groups page.
2016-12-15 12:19:13 +08:00
Guo Xiang Tan
3999afc279
FIX: Category logo not showing in navigation.
2016-12-15 12:11:21 +08:00
Guo Xiang Tan
b005e1ab58
UX: Left align columns on groups page.
2016-12-15 10:00:37 +08:00
Neil Lalonde
e6361d1228
Version bump to v1.7.0.beta10
2016-12-14 14:57:51 -05:00
Neil Lalonde
bad98a4987
Update translations
2016-12-14 13:55:24 -05:00