From 466263172ad061bff910060103401b78642af614 Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Wed, 9 Nov 2022 18:46:09 +0000 Subject: [PATCH 1/7] chore: incrementing version number - v2.5.8 --- install/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/package.json b/install/package.json index ef7ad84789..2425804386 100644 --- a/install/package.json +++ b/install/package.json @@ -2,7 +2,7 @@ "name": "nodebb", "license": "GPL-3.0", "description": "NodeBB Forum", - "version": "2.5.7", + "version": "2.5.8", "homepage": "http://www.nodebb.org", "repository": { "type": "git", From c9cd8975a23e813ec7da24eb8ba3e7246b61fdb9 Mon Sep 17 00:00:00 2001 From: Misty Release Bot Date: Wed, 9 Nov 2022 18:46:09 +0000 Subject: [PATCH 2/7] chore: update changelog for v2.5.8 --- CHANGELOG.md | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 50531c9433..7b0a3233e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,56 @@ +#### v2.5.8 (2022-11-09) + +##### Chores + +* really fix indents this time (c2024f34) +* fix indents (d50512e7) +* add bootstrap5 to test runner for now (be5d6d29) +* incrementing version number - v2.5.7 (5836bf4a) +* update changelog for v2.5.7 (17e948ab) +* incrementing version number - v2.5.6 (c7bd7dbf) +* incrementing version number - v2.5.5 (3509ed94) +* incrementing version number - v2.5.4 (e83260ca) +* incrementing version number - v2.5.3 (7e922936) +* incrementing version number - v2.5.2 (babcd17e) +* incrementing version number - v2.5.1 (ce3aa950) +* incrementing version number - v2.5.0 (01d276cb) +* incrementing version number - v2.4.5 (dd3e1a28) +* incrementing version number - v2.4.4 (d5525c87) +* incrementing version number - v2.4.3 (9c647c6c) +* incrementing version number - v2.4.2 (3aa7b855) +* incrementing version number - v2.4.1 (60cbd148) +* incrementing version number - v2.4.0 (4834cde3) +* incrementing version number - v2.3.1 (d2425942) +* incrementing version number - v2.3.0 (046ea120) + +##### New Features + +* new search hooks (b5d38bc6) +* add search data to filter:search.inContent (e3f21562) + +##### Bug Fixes + +* pass csrf_token into calls to /register/abort, #11017 (2f9d8c35) +* check for csrf token on /register/abort, + theme changes for v2.x branches of themes (55a197a7) +* upgrade script to work from 0.x to 2.x (a31ba824) +* #10519, image height in emails (673261ff) +* fallback language strings for #10987 (b9c8c02f) +* #10993, apply autoLocale middleware to guests only (6f673f80) +* check cid as well as template (9227b82e) +* revert breaking change, add back SocketUser.emailConfirm (9ee30fe7) +* in appropriately named language key `email-confirm-email2` (09f3ac65) +* correctly pass dev flag to package installer (7672194c) +* use `--omit=dev` flag for npm instead of `--production` (09cfd0bd) + +##### Refactors + +* use utils.debounce (d264c6ac) + +##### Tests + +* fix tests again (06d15391) +* fix test (c833d3cd) + #### v2.5.7 (2022-10-14) ##### Chores From 445f09f0dc9d3b5c2e7d6758beec134d05612acb Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Wed, 9 Nov 2022 13:48:07 -0500 Subject: [PATCH 3/7] chore: remove derpy extra changelog bits --- CHANGELOG.md | 65 ---------------------------------------------------- 1 file changed, 65 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b0a3233e4..37c93c0f8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,21 +7,6 @@ * add bootstrap5 to test runner for now (be5d6d29) * incrementing version number - v2.5.7 (5836bf4a) * update changelog for v2.5.7 (17e948ab) -* incrementing version number - v2.5.6 (c7bd7dbf) -* incrementing version number - v2.5.5 (3509ed94) -* incrementing version number - v2.5.4 (e83260ca) -* incrementing version number - v2.5.3 (7e922936) -* incrementing version number - v2.5.2 (babcd17e) -* incrementing version number - v2.5.1 (ce3aa950) -* incrementing version number - v2.5.0 (01d276cb) -* incrementing version number - v2.4.5 (dd3e1a28) -* incrementing version number - v2.4.4 (d5525c87) -* incrementing version number - v2.4.3 (9c647c6c) -* incrementing version number - v2.4.2 (3aa7b855) -* incrementing version number - v2.4.1 (60cbd148) -* incrementing version number - v2.4.0 (4834cde3) -* incrementing version number - v2.3.1 (d2425942) -* incrementing version number - v2.3.0 (046ea120) ##### New Features @@ -57,20 +42,6 @@ * incrementing version number - v2.5.6 (c7bd7dbf) * update changelog for v2.5.6 (e92238d0) -* incrementing version number - v2.5.5 (3509ed94) -* incrementing version number - v2.5.4 (e83260ca) -* incrementing version number - v2.5.3 (7e922936) -* incrementing version number - v2.5.2 (babcd17e) -* incrementing version number - v2.5.1 (ce3aa950) -* incrementing version number - v2.5.0 (01d276cb) -* incrementing version number - v2.4.5 (dd3e1a28) -* incrementing version number - v2.4.4 (d5525c87) -* incrementing version number - v2.4.3 (9c647c6c) -* incrementing version number - v2.4.2 (3aa7b855) -* incrementing version number - v2.4.1 (60cbd148) -* incrementing version number - v2.4.0 (4834cde3) -* incrementing version number - v2.3.1 (d2425942) -* incrementing version number - v2.3.0 (046ea120) ##### Performance Improvements @@ -82,19 +53,6 @@ * incrementing version number - v2.5.5 (3509ed94) * update changelog for v2.5.5 (e7d0040d) -* incrementing version number - v2.5.4 (e83260ca) -* incrementing version number - v2.5.3 (7e922936) -* incrementing version number - v2.5.2 (babcd17e) -* incrementing version number - v2.5.1 (ce3aa950) -* incrementing version number - v2.5.0 (01d276cb) -* incrementing version number - v2.4.5 (dd3e1a28) -* incrementing version number - v2.4.4 (d5525c87) -* incrementing version number - v2.4.3 (9c647c6c) -* incrementing version number - v2.4.2 (3aa7b855) -* incrementing version number - v2.4.1 (60cbd148) -* incrementing version number - v2.4.0 (4834cde3) -* incrementing version number - v2.3.1 (d2425942) -* incrementing version number - v2.3.0 (046ea120) ##### Bug Fixes @@ -108,18 +66,6 @@ * up plugins (b91ef6dd) * incrementing version number - v2.5.4 (e83260ca) * update changelog for v2.5.4 (aabf073c) -* incrementing version number - v2.5.3 (7e922936) -* incrementing version number - v2.5.2 (babcd17e) -* incrementing version number - v2.5.1 (ce3aa950) -* incrementing version number - v2.5.0 (01d276cb) -* incrementing version number - v2.4.5 (dd3e1a28) -* incrementing version number - v2.4.4 (d5525c87) -* incrementing version number - v2.4.3 (9c647c6c) -* incrementing version number - v2.4.2 (3aa7b855) -* incrementing version number - v2.4.1 (60cbd148) -* incrementing version number - v2.4.0 (4834cde3) -* incrementing version number - v2.3.1 (d2425942) -* incrementing version number - v2.3.0 (046ea120) #### v2.5.4 (2022-10-11) @@ -128,17 +74,6 @@ * 🤔 (7240e8ce) * incrementing version number - v2.5.3 (7e922936) * update changelog for v2.5.3 (fdf240f6) -* incrementing version number - v2.5.2 (babcd17e) -* incrementing version number - v2.5.1 (ce3aa950) -* incrementing version number - v2.5.0 (01d276cb) -* incrementing version number - v2.4.5 (dd3e1a28) -* incrementing version number - v2.4.4 (d5525c87) -* incrementing version number - v2.4.3 (9c647c6c) -* incrementing version number - v2.4.2 (3aa7b855) -* incrementing version number - v2.4.1 (60cbd148) -* incrementing version number - v2.4.0 (4834cde3) -* incrementing version number - v2.3.1 (d2425942) -* incrementing version number - v2.3.0 (046ea120) ##### Continuous Integration From b34e859c1b1eea55bcd8c63a59c0e1c8998a978b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Thu, 10 Nov 2022 13:31:51 -0500 Subject: [PATCH 4/7] refactor: don't prevent startup if staticDir is undefined https://community.nodebb.org/topic/16790/problems-with-upgrading-to-2-xx --- src/plugins/data.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/plugins/data.js b/src/plugins/data.js index 9f95703217..ba6e319e78 100644 --- a/src/plugins/data.js +++ b/src/plugins/data.js @@ -106,6 +106,11 @@ Data.getStaticDirectories = async function (pluginData) { return; } const dirPath = await resolveModulePath(pluginData.path, pluginData.staticDirs[route]); + if (!dirPath) { + winston.warn(`[plugins/${pluginData.id}] Invalid mapped path specified: ${ + route} => ${pluginData.staticDirs[route]}`); + return; + } try { const stats = await fs.promises.stat(dirPath); if (!stats.isDirectory()) { From 61090615016c522c0a0fd5d48fd427219bf8fa02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Fri, 11 Nov 2022 11:14:30 -0500 Subject: [PATCH 5/7] fix: check schedule privilege, closes #11032 --- src/api/helpers.js | 2 +- src/api/topics.js | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/api/helpers.js b/src/api/helpers.js index fd215aa241..24c2540ccb 100644 --- a/src/api/helpers.js +++ b/src/api/helpers.js @@ -13,7 +13,7 @@ const events = require('../events'); exports.setDefaultPostData = function (reqOrSocket, data) { data.uid = reqOrSocket.uid; data.req = exports.buildReqObject(reqOrSocket, { ...data }); - data.timestamp = parseInt(data.timestamp, 10) || Date.now(); + data.timestamp = Date.now(); data.fromQueue = false; }; diff --git a/src/api/topics.js b/src/api/topics.js index 187bc064be..3cd98f0c20 100644 --- a/src/api/topics.js +++ b/src/api/topics.js @@ -40,13 +40,19 @@ topicsAPI.create = async function (caller, data) { const payload = { ...data }; payload.tags = payload.tags || []; apiHelpers.setDefaultPostData(caller, payload); + const isScheduling = parseInt(data.timestamp, 10) > payload.timestamp; + if (isScheduling) { + if (await privileges.categories.can('topics:schedule', data.cid, caller.uid)) { + payload.timestamp = parseInt(data.timestamp, 10); + } else { + throw new Error('[[error:no-privileges]]'); + } + } - // Blacklist & Post Queue await meta.blacklist.test(caller.ip); const shouldQueue = await posts.shouldQueue(caller.uid, payload); if (shouldQueue) { - const queueObj = await posts.addToQueue(payload); - return queueObj; + return await posts.addToQueue(payload); } const result = await topics.post(payload); @@ -66,12 +72,10 @@ topicsAPI.reply = async function (caller, data) { const payload = { ...data }; apiHelpers.setDefaultPostData(caller, payload); - // Blacklist & Post Queue await meta.blacklist.test(caller.ip); const shouldQueue = await posts.shouldQueue(caller.uid, payload); if (shouldQueue) { - const queueObj = await posts.addToQueue(payload); - return queueObj; + return await posts.addToQueue(payload); } const postData = await topics.reply(payload); // postData seems to be a subset of postObj, refactor? From abcfb63126389146ff7d76bd5ce3e4e7426ea663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Tue, 15 Nov 2022 17:53:15 -0500 Subject: [PATCH 6/7] fix: #11044, allow banned users to post if given privileges --- src/user/posts.js | 6 +----- test/user.js | 41 ++++++++++++++++++++++++++++++++++------- 2 files changed, 35 insertions(+), 12 deletions(-) diff --git a/src/user/posts.js b/src/user/posts.js index 33f7464a71..9ca31cd6e7 100644 --- a/src/user/posts.js +++ b/src/user/posts.js @@ -18,7 +18,7 @@ module.exports = function (User) { return; } const [userData, isAdminOrMod] = await Promise.all([ - User.getUserFields(uid, ['uid', 'banned', 'mutedUntil', 'joindate', 'email', 'reputation'].concat([field])), + User.getUserFields(uid, ['uid', 'mutedUntil', 'joindate', 'email', 'reputation'].concat([field])), privileges.categories.isAdminOrMod(cid, uid), ]); @@ -30,10 +30,6 @@ module.exports = function (User) { return; } - if (userData.banned) { - throw new Error('[[error:user-banned]]'); - } - const now = Date.now(); if (userData.mutedUntil > now) { let muteLeft = ((userData.mutedUntil - now) / (1000 * 60)); diff --git a/test/user.js b/test/user.js index 176ee82827..d05f81778b 100644 --- a/test/user.js +++ b/test/user.js @@ -24,6 +24,7 @@ const file = require('../src/file'); const socketUser = require('../src/socket.io/user'); const apiUser = require('../src/api/users'); const utils = require('../src/utils'); +const privileges = require('../src/privileges'); describe('User', () => { let userData; @@ -1434,6 +1435,32 @@ describe('User', () => { assert.strictEqual(membership.get('verified-users'), true); assert.strictEqual(membership.get('unverified-users'), false); }); + + it('should be able to post in category for banned users', async () => { + const { cid } = await Categories.create({ + name: 'Test Category', + description: 'A test', + order: 1, + }); + const testUid = await User.create({ username: userData.username }); + await User.bans.ban(testUid); + let _err; + try { + await Topics.post({ title: 'banned topic', content: 'tttttttttttt', cid: cid, uid: testUid }); + } catch (err) { + _err = err; + } + assert.strictEqual(_err && _err.message, '[[error:no-privileges]]'); + + await Promise.all([ + privileges.categories.give(['groups:topics:create', 'groups:topics:reply'], cid, 'banned-users'), + privileges.categories.rescind(['groups:topics:create', 'groups:topics:reply'], cid, 'registered-users'), + ]); + + const result = await Topics.post({ title: 'banned topic', content: 'tttttttttttt', cid: cid, uid: testUid }); + assert(result); + assert.strictEqual(result.topicData.title, 'banned topic'); + }); }); describe('Digest.getSubscribers', () => { @@ -1899,7 +1926,7 @@ describe('User', () => { it('should get unread count for user', async () => { const count = await socketUser.getUnreadCount({ uid: testUid }); - assert.strictEqual(count, 2); + assert.strictEqual(count, 3); }); it('should get unread chat count 0 for guest', async () => { @@ -1922,15 +1949,15 @@ describe('User', () => { assert.deepStrictEqual(counts, { unreadChatCount: 0, unreadCounts: { - '': 2, - new: 2, - unreplied: 2, + '': 3, + new: 3, + unreplied: 3, watched: 0, }, - unreadNewTopicCount: 2, + unreadNewTopicCount: 3, unreadNotificationCount: 0, - unreadTopicCount: 2, - unreadUnrepliedTopicCount: 2, + unreadTopicCount: 3, + unreadUnrepliedTopicCount: 3, unreadWatchedTopicCount: 0, }); }); From 5aaebdd3d7dcd970369c1e6e6157449a397b9a3c Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Wed, 16 Nov 2022 12:13:07 -0500 Subject: [PATCH 7/7] fix: #10877, define a resolution for jquery subdependency of timeago --- install/package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/package.json b/install/package.json index 2425804386..95086f397c 100644 --- a/install/package.json +++ b/install/package.json @@ -166,6 +166,9 @@ "nyc": "15.1.0", "smtp-server": "3.11.0" }, + "resolutions": { + "timeago/jquery": "3.6.0" + }, "bugs": { "url": "https://github.com/NodeBB/NodeBB/issues" },