Commit Graph

30445 Commits

Author SHA1 Message Date
dependabot[bot]
efce57e23d
Build(deps-dev): Bump the babel group (#23622)
Bumps the babel group in /app/assets/javascripts with 2 updates: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone).


Updates `@babel/core` from 7.22.19 to 7.22.20
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.20/packages/babel-core)

Updates `@babel/standalone` from 7.22.19 to 7.22.20
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.20/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: babel
- dependency-name: "@babel/standalone"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: babel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 10:21:55 +02:00
dependabot[bot]
8c0639a8fb
Build(deps-dev): Bump qunit in /app/assets/javascripts (#23645)
Bumps [qunit](https://github.com/qunitjs/qunit) from 2.19.4 to 2.20.0.
- [Release notes](https://github.com/qunitjs/qunit/releases)
- [Changelog](https://github.com/qunitjs/qunit/blob/main/History.md)
- [Commits](https://github.com/qunitjs/qunit/compare/2.19.4...2.20.0)

---
updated-dependencies:
- dependency-name: qunit
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 10:14:21 +02:00
dependabot[bot]
f4b0a48952
Build(deps-dev): Bump eslint in /app/assets/javascripts (#23646)
Bumps [eslint](https://github.com/eslint/eslint) from 8.49.0 to 8.50.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.49.0...v8.50.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 10:13:52 +02:00
Ted Johansson
950357391a
DEV: Remove deprecated PostAction.act method (#23641)
The PostAction.act class method was deprecated four years ago and marked for removal in 2.9.0. This PR removes it.
2023-09-24 08:16:32 +01:00
Osama Sayegh
83621ccbe7
FIX: Parse the digest_suppress_tags setting correctly (#23623)
Meta topic: https://meta.discourse.org/t/suppress-these-tags-from-summary-emails-settings-is-not-working-in-preview-digest-email/279196?u=osama

Follow-up to 477a5dd371

The `digest_suppress_tags` setting is designed to be a list of pipe-delimited tag names, but the tag-based topic suppression logic assumes (incorrectly) that the setting contains pipe-delimited tag IDs. This mismatch in expectations led to the setting not working as expected.

This PR adds a step that converts the list of tag names in the setting to their corresponding IDs, which is then used to suppress topics tagged with those specific tags.
2023-09-18 10:45:43 +03:00
Kris
ebe68e15fc
UX: fix "More" menu at small tablet width (#23616) 2023-09-15 17:21:24 -04:00
Renato Atilio
d93c2cb3d2
FEATURE: site settings to revoke api keys older than a number of days (#23595)
* FEATURE: site settings to revoke api keys older than a number of days
2023-09-15 16:31:29 -03:00
Kris
1d14474e1d
A11Y: "more" nav link should use aria-expanded (#23613) 2023-09-15 11:27:02 -04:00
Renato Atilio
aa9510a731
FIX: use the destination_url cookie as return_path if present (#23594) 2023-09-15 12:11:03 -03:00
Ted Johansson
68c891609b
FIX: Add back missing 'delete spammer' flag option (#23605) 2023-09-15 17:21:03 +08:00
Canapin
bbad09df0e
UX: creates a vertical space between the title and the back link (#23558)
The link was to close to the title, there was no vertical space. Adding a space make elements spacing more even on the page.
2023-09-15 12:16:23 +10:00
dependabot[bot]
f60c01b7e4
Build(deps-dev): Bump the babel group (#23602)
Bumps the babel group in /app/assets/javascripts with 2 updates: [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) and [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone).


Updates `@babel/core` from 7.22.17 to 7.22.19
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.19/packages/babel-core)

Updates `@babel/standalone` from 7.22.17 to 7.22.19
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.19/packages/babel-standalone)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: babel
- dependency-name: "@babel/standalone"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: babel
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-15 01:00:18 +02:00
Jarek Radosz
8cb8f130d9
DEV: Convert request-group-membership-form to new modal api (#23600) 2023-09-15 00:39:52 +02:00
Kris
98c8dcecba
A11Y: disable non-essential CSS animations for reduced-motion users (#23571) 2023-09-14 17:31:43 -04:00
Jarek Radosz
4a1621c677
DEV: Use the Store to create User records (#23584) 2023-09-14 23:26:51 +02:00
Jarek Radosz
c75b379d6f
DEV: Future-proof htmlSafe interactions (#23596)
See https://github.com/discourse/discourse-encrypt/pull/282

> `cooked` was an Ember SafeString. The internal storage of the string changed from `.string` to `.__string` at some point between Ember 3.28 and Ember 5. Instead, we can use `toString()` which is guaranteed to work in all situations
2023-09-14 23:04:57 +02:00
Jarek Radosz
ed8d0656f9
DEV: Convert tag-upload to the new modal API (#23590) 2023-09-14 21:32:45 +02:00
Kris
e1c3b14b1a
A11Y: Activate user menu tab on keydown too (#23593) 2023-09-14 14:07:35 -04:00
Blake Erickson
2427af4c46
DEV: Adjust site setting search limiter (#23589)
DEV: Adjust site setting search limiter

This opens up the site setting search limiter some more so that when
searching for "min length" it will contain
"min_personal_message_post_length" as one of the results, but not open
it up so much so that when searching for "digest",
"pending_users_reminder_delay_minutes" won't show up in the results
because it isn't really related.

Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2023-09-14 09:52:25 -06:00
Kris
3340852328
A11Y: avatar upload button should be focusable (#23575) 2023-09-14 09:04:17 -04:00
David Taylor
45adb22abe
DEV: Automatically retry patch-package on failure (#23583)
We are seeing occasional flakes in `patch-package`, possibly caused by https://github.com/ds300/patch-package/issues/484. This wrapper script will retry patch-package three times before giving up. Longer-term we hope to upgrade to a package manager with built-in patch support.
2023-09-14 12:25:06 +01:00
Jarek Radosz
4571197e06
DEV: Convert global-notice to a native class (#23582) 2023-09-14 12:34:30 +02:00
David Taylor
a60d7a2bc7
DEV: Modernize admin-site-text route/controller (#23581)
- Switch to `@tracked` and native getters
- Remove queryParam defaults which are awkward to work with. Instead, add `resolvedBlah` getters
- Add 'no results found' text
- Use standard 'model' key instead of a custom `setupController` method
- Remove use of `route-action`
- Remove `{{action` helper

Default queryParams in ember controllers are tricky to work with, especially when combined with the new router service. Instead, we can handle defaults ourselves
2023-09-14 11:27:09 +01:00
Jarek Radosz
5df1b1c523
DEV: Upgrade the so-called share-and-invite modal (#23574) 2023-09-14 10:50:50 +02:00
Jarek Radosz
91e456ba30
DEV: Convert emoji-store into a native class (#23572) 2023-09-14 10:32:17 +02:00
Kelv
a4238a3726
DEV: upgrade grant badge modal to glimmer (#23526)
* DEV: upgrade grant badge modal to glimmer
* DEV: add unit tests for grant badge utils
* DEV: replace grant-badge-controller mixin with grant-badge-utils in admin-user-badges controller
* DEV: remove GrantBadgeController mixin
2023-09-14 10:05:29 +08:00
dependabot[bot]
041f522c85
Build(deps-dev): Bump sinon in /app/assets/javascripts (#23578)
Bumps [sinon](https://github.com/sinonjs/sinon) from 15.2.0 to 16.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v15.2.0...v16.0.0)

---
updated-dependencies:
- dependency-name: sinon
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-14 01:04:14 +02:00
Kris
3d3a556933
A11Y: add focus state for advanced search button (#23573) 2023-09-13 17:24:36 -04:00
Jarek Radosz
61f4af2995
DEV: Remove unused userInvitedShow logic (#23569)
share-and-invite modal doesn't seem to use it anymore
2023-09-13 23:07:19 +02:00
Sérgio Saquetim
e03dd76dc6
FEATURE: add outgoing web hooks for Chat messages 2023-09-13 17:31:42 -03:00
Jarek Radosz
6c20d8cc8c
DEV: Convert document-title to a native class (#23570)
Included: removed the `reset` method, used private fields, added explicit service injections
2023-09-13 22:12:33 +02:00
Juan David Martínez Cubillos
355aba50cf
FIX: Return 403 instead of redirect on username routes when hiding profiles (#23545)
* FIX: Return 403 instead of redirect on username routes when hidding profiles

* Updated raised error to better reflect the problem to the user

* implemented suggested changes
2023-09-13 14:33:47 -05:00
Isaac Janzen
3d6b812220
DEV: Move relevant glimmer search menu logic to service (#23483)
This will allow initializing the glimmer search menu without having to pass args directly from header.js widget, to help themes and plugins with search customizations

---------

Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
2023-09-13 14:32:12 -05:00
Jarek Radosz
6b218636ab
DEV: Convert ConditionalLoadingSpinner to gjs (#23565) 2023-09-13 20:12:38 +02:00
tshenry
c163634ff9
DEV: Bump theme compiler version for max svg sprite size change (#23567)
This should have been included in f6326d0
2023-09-13 10:02:08 -07:00
Joffrey JAFFEUX
ef0a049b87
FIX: scope animated-images-pause to topic-post (#23561)
This was causing issues on chat which is not properly supporting this for now.
2023-09-13 16:20:06 +02:00
Vinoth Kannan
e4849445ce
UX: hide warning if all users mentioned via group are already invited. (#23557)
Previously, a "`some_not_allowed`" warning message was appeared in composer even when all the users mentioned via group are already invited to the private message directly or via other groups.
2023-09-13 19:21:44 +05:30
David Battersby
6e2b484f12
FIX: prevent lightbox images from double escaping titles (#23458)
This change fixes an issue where lightbox images are showing escaped text in the link title and lightbox image description area.
2023-09-13 14:33:08 +08:00
Alan Guo Xiang Tan
038de393ed
DEV: Raise an error in test env when I18n interpolate argument is missing (#23527)
Why this change?

We have been bitten by bugs where tests are not catching missing
interpolate argument in our client side code because the JavaScript
tests are also using `I18n.translate` to assert that the right message
is shown. Before this change, `I18n.interpolate` will just replace the
missing interpolation argument in the final translation with some
placeholder. As a result, we ended up comparing a broken translation
with another broken translation in the test environment.

Why does this change do?

This change introduces the `I18n.testing` property which when set to
`true` will cause `I18n.translate` to throw an error when an interpolate
argument is missing. With this commit, we also set `I18n.testing = true`
when running qunit acceptance test.
2023-09-13 10:53:48 +08:00
Bianca Nenciu
6f782d8e45
SECURITY: Add limits for themes and theme assets
This commit adds limits to themes and theme components on the:

- file size of about.json and .discourse-compatibility
- file size of theme assets
- number of files in a theme
2023-09-12 15:31:31 -03:00
Daniel Waterworth
290306a932
SECURITY: Reduce maximum size of SVG sprite cache to prevent DoS
Co-authored-by: Penar Musaraj <pmusaraj@gmail.com>
2023-09-12 15:31:28 -03:00
Gerhard Schlager
e3a2446874
SECURITY: Limit number of drafts per user and length of draft_key
The hidden site setting max_drafts_per_user defaults to 10_000 drafts per user.
The longest key should be "topic_<MAX_BIG_INT>" which is 25 characters.
2023-09-12 15:31:26 -03:00
OsamaSayegh
c1b5faa5fd
SECURITY: Limit name field length of TOTP authenticators and security keys 2023-09-12 15:31:17 -03:00
Joffrey JAFFEUX
85fddf58bc
Revert "DEV: FloatKit (#23541)" (#23549)
This reverts commits

0623ac684a
408e71e437
a32fa3b947

User tips were running into some issues.
2023-09-12 13:55:12 -04:00
Joffrey JAFFEUX
408e71e437
FIX: tooltips can be over the header (#23548)
As a result they need a high z-index
2023-09-12 19:17:35 +02:00
Joffrey JAFFEUX
a32fa3b947
FIX: cancel post toolbar on click outside (#23546)
On `mousedown` if the click is outside a cooked element cancel the `mousedown`/`mouseup` sequence and only rely on the `selectionchange` event.

This change ensures a click on avatar for example will work, even if user is doing a rather slow click (meaning: the mousedown has been hold for more than 100ms).
2023-09-12 18:49:06 +02:00
Blake Erickson
9ac5e09179
DEV: Show separate error message for backup uploads (#23480)
Due to server upload limits backups may receive a 413 error so we need
to display a different error message than the default one we have set
for attachments.
2023-09-12 09:58:29 -06:00
David Taylor
c3061d580c
DEV: Remove decorateCookedElement id parameters (#23544)
These are no longer required per https://github.com/discourse/discourse/pull/23543
2023-09-12 16:32:04 +01:00
David Taylor
e0d8dae0b3
DEV: Improve api.decorateCookedElement implementation (#23543)
Previously, calling `decorateCookedElement` would re-open a number of components and introduce new event listeners. This kind of thing cannot be undone, and so we were forced to introduce the unique 'id' parameter. If a given decorator id had already been applied, we would skip re-applying it. This helped, but it was still problematic because all tests would be using the callback which was registered in the first test. If its closure had any references to the ApplicationInstance, then those references would be destroyed and useless in future tests.

This commit switches strategy to use `appEvents` instead of `klass.reopen`. This is a much more obvious system and, since appEvent registrations are reset for every ApplicationInstance, we can drop the requirement for unique ids on `decorateCookedElement` calls. The callback used will always be the one registered against the current ApplicationInstance.

This commit also updates our `wrapWithErrorHandler` implementation so that it throws errors in tests. This ensures that errors are not silently swallowed in CI.
2023-09-12 16:21:15 +01:00
Renato Atilio
40ae6432f3
UX: remove unsupported filterable attr from form template sample (#23535) 2023-09-12 12:20:55 -03:00