osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
28,832 Commits 130 Branches 462 Tags 739 MiB
b02e29829e
Commit Graph

28832 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Régis Hanol
b02e29829e SECURITY: force IM decoder based on file extension - part 2 2018-07-25 23:08:25 +02:00
Régis Hanol
a39aa9c61d SECURITY: force IM decoder based on file extension 2018-07-25 22:00:53 +02:00
David Taylor
7926a1f7bb FIX: Remove plugin.enabled? checks at initialization time (#6166) 
Checking `plugin.enabled?` while initializing plugins causes issues in two ways:
  - An application restart is required for changes to take effect. A load-balanced multi-server environment could behave very weirdly if containers restart at different times.
  - In a multisite environment, it takes the `enabled?` setting from the default site. Changes on that site affect all other sites in the cluster.

Instead, `plugin.enabled?` should be checked at runtime, in the context of a request. This commit removes `plugin.enabled?` from many `instance.rb` methods.

I have added a working `plugin.enabled?` implementation for methods that actually affect security/functionality:
  - `post_custom_fields_whitelist`
  - `whitelist_staff_user_custom_field`
  - `add_permitted_post_create_param`
 2018-07-25 16:45:24 +01:00
Robin Ward
66a96b1ed2 SECURITY: Consider 0.0.0.0 a private IP 2018-07-24 11:16:57 -04:00
Vinoth Kannan
a286be473a FIX: returns provider_not_enabled error even if enabled 2018-07-16 11:06:48 +01:00
Sam
6fc8c494a3 SECURITY: extra CORS headers should be set on correct host 2018-07-11 09:30:02 +10:00
David Taylor
d0130e4ab9 SECURITY: Do not allow authentication with disabled plugin-supplied a… (#6071) 
Do not allow authentication with disabled plugin-supplied auth providers
 2018-07-09 14:27:04 +10:00
Sam
284e65f7d3 SECURITY: category badges should HTML escape names 2018-06-28 18:15:47 +10:00
Joffrey JAFFEUX
96cb283170 SECURITY: prevents XSS when showing tooltip 2018-06-27 14:46:57 +02:00
Dax74
3d5b8c16b7
Link updated 
There was a link to a deleted guide, see https://meta.discourse.org/t/wrong-link-on-manual-admin-creation/90849
 2018-06-27 11:33:09 +02:00
Neil Lalonde
f5ee848ab0 Version bump 2018-06-21 10:42:01 -04:00
Neil Lalonde
544254f7a8 Version bump to v2.1.0.beta2 2018-06-21 10:41:52 -04:00
Kris
5d0d56e474 removing unneeded line-height 2018-06-21 10:37:30 -04:00
Neil Lalonde
072659c22a Update translations 2018-06-21 10:34:09 -04:00
Guo Xiang Tan
97d8cd820e No need to expire readonly mode key immediately. 2018-06-21 17:52:42 +08:00
Guo Xiang Tan
68388dfd25 Fix the build. 2018-06-21 15:57:59 +08:00
Guo Xiang Tan
71908cd634 Make prettier happy. 2018-06-21 15:37:24 +08:00
Guo Xiang Tan
9a7a079f4d Force summary mode when user enters at the top of megalodoon topics. 2018-06-21 15:18:52 +08:00
Guo Xiang Tan
f7d22bad90 FEATURE: Forced summary mode for megalodon topics. 
This is mainly done for performance reasons and megalodon
topics are usually a byproduct of imports where site setting
limits are not respected.
 2018-06-21 14:00:20 +08:00
Guo Xiang Tan
ac80360bea PERF: Help postgres make use of index in Post.summary. 2018-06-21 13:29:16 +08:00
Guo Xiang Tan
5cef4e281b PERF: Memoize TopicView#gaps results. 2018-06-21 12:37:24 +08:00
Guo Xiang Tan
6ddd214476 FIX: Post#summary returning posts from other topics. 2018-06-21 12:00:54 +08:00
Guo Xiang Tan
c5cc582549 FIX: Participants may not be in topic maps's attributes. 2018-06-21 10:23:55 +08:00
Guo Xiang Tan
c1972f8438 PERF: Add index_topic_id_percent_rank_on_posts. 
Speeds up the `Posts#summary` mode query for large topics.
 2018-06-21 09:49:15 +08:00
Sam
2d59d06916 PERF: mega_topics get no post counts per user 2018-06-21 11:09:45 +10:00
Sam
f66efc601d FIX: cubot android devices were detected as crawlers 2018-06-21 10:56:46 +10:00
Joffrey JAFFEUX
50d11fd582
FIX: improves durability display check 2018-06-20 23:15:11 +02:00
Joffrey JAFFEUX
95d99de7b4
FIX: hides durability section in dashboard if backups are disabled 2018-06-20 22:26:37 +02:00
Robin Ward
45a2c94fb3 FIX: Margin on post-info should be present in mobile and desktop 2018-06-20 15:39:36 -04:00
Robin Ward
5290138e84 Support for a decorator within the user name 2018-06-20 15:26:37 -04:00
Robin Ward
02cb944fee FIX: Linting error 2018-06-20 13:44:03 -04:00
Robin Ward
e7fbcf4ba4
UX: Refactor topic metadata's many floats into flexbox (#6018) 2018-06-20 13:06:20 -04:00
Joffrey JAFFEUX
2f7960bd2a
DEV: updates prettier and displays linters/prettifiers version in CI 2018-06-20 18:34:49 +02:00
Joffrey JAFFEUX
8126b603e4
fix prettier 2018-06-20 18:26:43 +02:00
Joffrey JAFFEUX
c5c1b45d19
higher loglevel for prettier 2018-06-20 16:51:48 +02:00
Robin Ward
fbc194c330 Don't use !important for wiki color. Allow themes to override it. 2018-06-20 10:47:27 -04:00
Robin Ward
bb11375590 FIX: Don't add undefined as a class name 2018-06-20 10:37:24 -04:00
Guo Xiang Tan
0365806b93 FIX: Properly display error when post action fails to create. 2018-06-20 21:20:23 +08:00
Joffrey JAFFEUX
fa43969fe2
FIX: crashes with date conversion in reports 2018-06-20 14:42:15 +02:00
Arpit Jalan
a171464a55 bump onebox version 2018-06-20 16:47:55 +05:30
Guo Xiang Tan
bb959e85e6 Pin exifr to 1.2.5. 2018-06-20 17:27:46 +08:00
Guo Xiang Tan
ff5fc3cb08 Use a fixed limit for mega topic posts count. 2018-06-20 16:58:52 +08:00
Guo Xiang Tan
9c925a66ff PERF: Don't display days ago on timeline for megatopics. 
Analysis using `pg_stat_statements` showed this query
to be eating up a significant portion of CPU.
 2018-06-20 16:25:54 +08:00
Sam
cbdab71179 PERF: stop counting participants on very large topics 
This query gets very expensive and can be bypassed on large topics
 2018-06-20 18:11:39 +10:00
Sam
35e0ccfc84 make linter happy 2018-06-20 18:03:27 +10:00
Sam
2f0e73f2d6 DEV: fast pluck to use type_map in mini_sql 2018-06-20 17:53:49 +10:00
Sam
44091f20c6 DEV: allow for method deprecation using Discourse.deprecate 
New method deprecator will ensure one log message an hour happens
for all deprecated method calls per call site

Also removes unused monkey patches to ActiveRecord::Base
 2018-06-20 17:53:49 +10:00
Sam
cb824a6b33 DEV: remove all calls to SqlBuilder use DB.build instead 
This is part of the migration to mini_sql, SqlBuilder.new is being
deprecated and replaced with DB.build
 2018-06-20 17:53:49 +10:00
Guo Xiang Tan
76707eec1b Update rails_multisite. 2018-06-20 15:11:41 +08:00
Arpit Jalan
ccb57e609f bump onebox version 2018-06-20 11:06:56 +05:30