Open
Conversation
estradamarkjoseph595-ship-it
approved these changes
Jul 20, 2025
estradamarkjoseph595-ship-it
approved these changes
Jul 20, 2025
estradamarkjoseph595-ship-it
approved these changes
Jul 20, 2025
…34245) In #33558 we removed automatic_backups_enabled setting, and instead rely on backup_frequency being blank to disable. There was a big oversight there with the site setting type system, which will coerce the value to an integer. It also makes it so you can't blank the value out in the UI. This is a "fix forward" solution where instead of "set to blank to disable" we do "set to 0 to disable". This works along the grain of the site setting type system for a workable fix where we don't have to deal with the irreversible migration in the previous change. We can potentially go and add in "nullable" to the type system at a later point.
Internal topic: t/160291.
Early results of testing out goldiloader is promising so we want to start enabling it by default in the test environment to help catch potential problems early.
Many moons ago there was a [fix](#24595) to category urls in crawler view for a topic, due to subfolder. The old fix solved subfolders, but fumbled subcategories. This fix caters for both, such that subcategory links won't use its parent's URL.
…#34251) Updating wording of `user_selectable_unavailable_button_label` to be more clear and accurate.
The color input component autocompletes hex patterns to update 3 character codes to 6 characters. However we should only attempt to format common patterns, and don't intervene for non sequenced values. For example, we can: - change `eee` to `eeeeee` - change `f2f` to `f2f2f2` - skip non sequenced patterns like `0f8` and allow the user to complete manually --------- Co-authored-by: Jarek Radosz <jradosz@gmail.com>
This consolidates existing mobile and desktop modal styles into common/modal.scss — I've also removed some dead styles I noticed along the way. This shouldn't result in any significant visual changes.
This improves modal header padding in the case of mobile modals having a primary action Before: <img width="500" alt="image" src="https://github.com/user-attachments/assets/441579cc-0de8-4f1b-9819-0e04105f9e03" /> After: <img width="500" alt="image" src="https://github.com/user-attachments/assets/e081560e-c6de-4505-815e-5fc0dceac3da" /> Modals without primary actions look like (unchanged): <img width="500" alt="image" src="https://github.com/user-attachments/assets/47549411-3061-47d7-b939-4675cafc6373" />
Follow-up to 3837607 The change in outlet there made the gists stop appearing on mobile, so here I'm making the outlet conditional on mobile/desktop view and adding a spec to make sure they appear --------- Co-authored-by: Jarek Radosz <jradosz@gmail.com>
Since we're showing some more narrow screen CSS on desktop devices when applicable, we should change this to `auto` so the empty track doesn't show in cases where it's not needed. This wasn't needed on mobile devices because scrollbars generally don't appear. Before: <img width="806" height="252" alt="image" src="https://github.com/user-attachments/assets/7fdc98bb-68a2-4332-89d7-18909da89e2d" /> After: <img width="796" height="210" alt="image" src="https://github.com/user-attachments/assets/c03cc2d8-e2e9-4846-830b-413a55e00836" />
it works only because of… magic ;)
Refactors `post/avatar` logic to return the original user object directly when the `avatar_template` is unchanged, avoiding unnecessary use of proxies and improving efficiency.
Bumps [rubocop-rails](https://github.com/rubocop/rubocop-rails) from 2.33.0 to 2.33.1. - [Release notes](https://github.com/rubocop/rubocop-rails/releases) - [Changelog](https://github.com/rubocop/rubocop-rails/blob/master/CHANGELOG.md) - [Commits](rubocop/rubocop-rails@v2.33.0...v2.33.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [rspec-rails](https://github.com/rspec/rspec-rails) from 8.0.1 to 8.0.2. - [Changelog](https://github.com/rspec/rspec-rails/blob/main/Changelog.md) - [Commits](rspec/rspec-rails@v8.0.1...v8.0.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [regexp_parser](https://github.com/ammar/regexp_parser) from 2.11.1 to 2.11.2. - [Changelog](https://github.com/ammar/regexp_parser/blob/master/CHANGELOG.md) - [Commits](ammar/regexp_parser@v2.11.1...v2.11.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [lefthook](https://github.com/evilmartians/lefthook) from 1.12.2 to 1.12.3. - [Release notes](https://github.com/evilmartians/lefthook/releases) - [Changelog](https://github.com/evilmartians/lefthook/blob/master/CHANGELOG.md) - [Commits](evilmartians/lefthook@v1.12.2...v1.12.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Align lefthook linting with linting CI does - Call lefthook from bin/lint to handle linting (centralizes implementation)
After changes in this PR - #34062 - all color schemes are not selectable by default. CI did not pick up those broken specs because of DB caching.
…ble backport) (#36979) This backports #36601 to stable Fixes an issue where if a forum has disabled users from uploading media in posts, rich text editor mistakenly also prevents all pastes including plain text. Affects forums where `authorized_extensions` is empty, and non-staff users using the rich text editor.
…7051) What is the problem? Developers need to profile pages while browsing as anonymous users or while impersonating other users. Currently, MiniProfiler authorization is tied to the session, so it's lost when the session changes. What is the solution? Add a `/dev-mode` endpoint that sets an encrypted cookie to persist MiniProfiler authorization for 1 hour, independent of the session: - New `DevModeController` with CSRF-protected POST form - Only accessible to users in the Developer group - Cookie validated on each request by checking timestamp, user existence, and developer status --------- Co-authored-by: Chris Alberti <christo@discourse.org>
…stable) (#37185) The `TopicTrackingState.report` method builds two subqueries, one to find all new topics and one to find all topics with unread posts for the user. Both subqueries are built using the same `report_raw_sql` method. Previously that method was including a conditional to exclude muted categories, starting with `topic_users.last_read_post_number IS NULL AND ...`, but the subquery for unread topics already includes the condition `topic_users.last_read_post_number < topics.highest_post_number`. Since both of these conditions cannot be true, there's no need to include the muted categories conditional in that particular subquery. So _only_ in that case, we can skip adding that conditional. Ref dev topic: /t//168944/52 For the customer site discussed there, with many millions of topics, long time users for whom many topics have `topics.updated_at` more recent than `user_stat.first_unread_at` were experiencing the TopicTrackingState.report query taking ~1.5-2 seconds on every page load. This change brings it down to ~140ms. (stable backport of #37153 for the customer in the dev topic)
Previously, moderators had full access to all staff action logs, which exposed sensitive information including webhook secrets, API keys, site settings, private messages, and restricted categories. This change implements an allowlist approach where moderators can only see actions relevant to their role (user management, posts, topics, badges, etc.) while admin-only actions (site settings, webhooks, API keys, themes, etc.) are hidden. Additionally, content-level redaction ensures moderators cannot see details of logs referencing private topics, restricted categories, or deleted content they don't have access to. Site setting gates control visibility of category, trust level, and email actions based on existing moderator permission settings. Ref - t/171137
Permalinks pointing to access-restricted resources (private topics, categories, posts, or hidden tags) were redirecting users to URLs containing the resource slug, even when the user didn't have access. This leaked potentially sensitive information (e.g., private topic titles) via the redirect Location header and the 404 page's search box. This fix adds access checks via a new `PermalinkGuardian` module before redirecting or returning target URLs. If the current user cannot see the target resource, a 404 is returned instead. Also fixes `Guardian#can_see_tag?` to properly check hidden tag visibility instead of always returning true. Ref - t/172554
This prevents moderators from potentially taking over another user account by updating their email, which doesn't ask for confirmation when the "require_change_email_confirmation" setting is disabled.
Introduces a `Report.hidden?` class method that consolidates all report visibility checks into a single location. This replaces duplicated conditional logic that was scattered across the controller and query classes. The new method handles: - Admin-only reports (e.g., `top_uploads`) that moderators cannot access - Legacy pageview report visibility based on `use_legacy_pageviews` setting Previously, the controller's `#bulk` and `#show` actions each had their own inline checks for hidden reports, and `Reports::ListQuery` duplicated this logic again. Now all three locations delegate to `Report.hidden?`, making the visibility rules easier to maintain and extend. To prevent accidental privilege escalation, the `admin:` keyword argument is required with no default value. A forgotten parameter now raises an `ArgumentError` rather than silently granting admin access. This parameter flows from `current_user.admin?` in both the reports controller and the admin search controller through to the query and model, ensuring consistent access control. Ref - t/171141
… change owner (stable)
…rts (stable) There were no guardian checks to ensure that the `AdminDetailedUserSerializer#lastest_export` attribute can only be viewed by the right users. Follow-up: bf75bd3
Fixes an issue where matching a hostname in FinalDestination.resolve to Discourse.base_url_no_prefix was too loose, allowing bypass of SSRF checks and so on. See https://dev.discourse.org/t/loose-match-in-finaldestination-allows-to-bypass-security-checks/171053
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
18 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.