Merge remote-tracking branch 'upstream/master'

package.json

@@ -53,8 +53,8 @@
     "nodebb-plugin-spam-be-gone": "0.4.5",
     "nodebb-rewards-essentials": "0.0.6",
     "nodebb-theme-lavender": "3.0.6",
-    "nodebb-theme-persona": "4.0.70",
+    "nodebb-theme-persona": "4.0.72",
-    "nodebb-theme-vanilla": "5.0.42",
+    "nodebb-theme-vanilla": "5.0.43",
     "nodebb-widget-essentials": "2.0.5",
     "nodemailer": "2.0.0",
     "nodemailer-sendmail-transport": "1.0.0",

public/src/admin/admin.js

@@ -5,6 +5,11 @@
 	$(document).ready(function() {
 		setupKeybindings();
 
+		// on page reload show correct tab if url has #
+		if (window.location.hash) {
+			$('.nav-pills a[href=' + window.location.hash + ']').tab('show');
+		}
+
 		if(!/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i.test(navigator.userAgent)) {
 			require(['admin/modules/search'], function(search) {
 				search.init();

public/src/app.js

@@ -25,7 +25,7 @@ app.cacheBuster = null;
 
 	app.load = function() {
 		$('document').ready(function () {
-			var url = ajaxify.start(window.location.pathname.slice(1) + window.location.search, true);
+			var url = ajaxify.start(window.location.pathname.slice(1) + window.location.search + window.location.hash, true);
 			ajaxify.end(url, app.template);
 
 			handleStatusChange();
@@ -276,7 +276,7 @@ app.cacheBuster = null;
 			if (err) {
 				return app.alertError(err.message);
 			}
-			if (!ajaxify.currentPage.startsWith('chats/')) {
+			if (!ajaxify.currentPage.startsWith('chats')) {
 				app.openChat(roomId);
 			} else {
 				ajaxify.go('chats/' + roomId);

public/src/client/account/edit.js

@@ -78,6 +78,7 @@ define('forum/account/edit', ['forum/account/header', 'uploader', 'translator'],
 				if (err) {
 					return app.alertError(err.message);
 				}
+			
 				templates.parse('partials/modals/change_picture_modal', {
 					pictures: pictures,
 					uploaded: !!ajaxify.data.uploadedpicture,
@@ -191,7 +192,6 @@ define('forum/account/edit', ['forum/account/header', 'uploader', 'translator'],
 			$('#user-current-picture, img.avatar').attr('src', urlOnServer);
 			updateHeader(urlOnServer);
 			uploadedPicture = urlOnServer;
-			ajaxify.refresh();
 		}
 
 		function onRemoveComplete(urlOnServer) {

public/src/client/groups/list.js

@@ -80,6 +80,12 @@ define('forum/groups/list', ['forum/infinitescroll'], function(infinitescroll) {
 				filterHidden: true
 			}
 		}, function(err, groups) {
+			if (err) {
+				return app.alertError(err.message);
+			}
+			groups = groups.filter(function(group) {
+				return group.name !== 'registered-users' && group.name !== 'guests';
+			});
 			templates.parse('partials/groups/list', {
 				groups: groups
 			}, function(html) {

public/src/modules/notifications.js

@@ -51,7 +51,7 @@ define('notifications', ['sounds', 'translator', 'components'], function(sound,
 
 			socket.emit('notifications.mark' + (unread ? 'Read' : 'Unread'), liEl.attr('data-nid'), function(err) {
 				if (err) {
-					app.alertError(err.message);
+					return app.alertError(err.message);
 				}
 
 				liEl.toggleClass('unread');
@@ -131,7 +131,7 @@ define('notifications', ['sounds', 'translator', 'components'], function(sound,
 
 	Notifications.updateNotifCount = function(count) {
 		var notifIcon = components.get('notifications/icon');
-
+		count = Math.max(0, count);
 		if (count > 0) {
 			notifIcon.removeClass('fa-bell-o').addClass('fa-bell');
 		} else {

public/src/modules/uploader.js

@@ -58,7 +58,7 @@ define('uploader', ['csrf', 'translator'], function(csrf, translator) {
 					},
 					error: function(xhr) {
 						xhr = maybeParse(xhr);
-						showAlert('error', xhr.responseJSON ? xhr.responseJSON.error : 'error uploading, code : ' + xhr.status);
+						showAlert('error', xhr.responseJSON ? (xhr.responseJSON.error || xhr.statusText) : 'error uploading, code : ' + xhr.status);
 					},
 
 					uploadProgress: function(event, position, total, percent) {

src/controllers/accounts/edit.js

@@ -25,6 +25,7 @@ editController.get = function(req, res, callback) {
 		userData.allowProfileImageUploads = parseInt(meta.config.allowProfileImageUploads) === 1;
 		userData.allowAccountDelete = parseInt(meta.config.allowAccountDelete, 10) === 1;
 		
+
 		userData.title = '[[pages:account/edit, ' + userData.username + ']]';
 		userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[user:edit]]'}]);
 
@@ -94,30 +95,25 @@ function getUserData(req, next, callback) {
 editController.uploadPicture = function (req, res, next) {
 	var userPhoto = req.files.files[0];
 
-	var updateUid = req.uid;
+	var updateUid;
 
 	async.waterfall([
 		function(next) {
 			user.getUidByUserslug(req.params.userslug, next);
 		},
 		function(uid, next) {
-			if (parseInt(updateUid, 10) === parseInt(uid, 10)) {
+			updateUid = uid;
-				return next();
+			if (parseInt(req.uid, 10) === parseInt(uid, 10)) {
-			}
+				return next(null, true);
-
-			user.isAdministrator(req.uid, function(err, isAdmin) {
-				if (err) {
-					return next(err);
 			}
 
-				if (!isAdmin) {
+			user.isAdminOrGlobalMod(req.uid, next);
+		},
+		function(isAllowed, next) {
+			if (!isAllowed) {
 				return helpers.notAllowed(req, res);
 			}
-				updateUid = uid;
+			
-				next();
-			});
-		},
-		function(next) {
 			user.uploadPicture(updateUid, userPhoto, next);
 		}
 	], function(err, image) {

src/controllers/accounts/helpers.js

@@ -57,23 +57,24 @@ helpers.getUserDataByUserSlug = function(userslug, callerUID, callback) {
 			var userData = results.userData;
 			var userSettings = results.userSettings;
 			var isAdmin = results.isAdmin;
+			var isGlobalModerator = results.isGlobalModerator;
 			var self = parseInt(callerUID, 10) === parseInt(userData.uid, 10);
 
 			userData.joindateISO = utils.toISOString(userData.joindate);
 			userData.lastonlineISO = utils.toISOString(userData.lastonline || userData.joindate);
 			userData.age = Math.max(0, userData.birthday ? Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000) : 0);
 
-			if (!(isAdmin || self || (userData.email && userSettings.showemail))) {
+			if (!(isAdmin || isGlobalModerator || self || (userData.email && userSettings.showemail))) {
 				userData.email = '';
 			}
 
 			userData.emailClass = (self && !userSettings.showemail) ? '' : 'hide';
 
-			if (!isAdmin && !self && !userSettings.showfullname) {
+			if (!isAdmin && !isGlobalModerator && !self && !userSettings.showfullname) {
 				userData.fullname = '';
 			}
 
-			if (isAdmin || self) {
+			if (isAdmin || isGlobalModerator || self) {
 				userData.ips = results.ips;
 			}
 
@@ -81,10 +82,11 @@ helpers.getUserDataByUserSlug = function(userslug, callerUID, callback) {
 			userData.yourid = callerUID;
 			userData.theirid = userData.uid;
 			userData.isAdmin = isAdmin;
-			userData.isGlobalModerator = results.isGlobalModerator;
+			userData.isGlobalModerator = isGlobalModerator;
-			userData.canBan = isAdmin || results.isGlobalModerator;
+			userData.canBan = isAdmin || isGlobalModerator;
+			userData.canChangePassword = isAdmin || self;
 			userData.isSelf = self;
-			userData.showHidden = self || isAdmin;
+			userData.showHidden = self || isAdmin || isGlobalModerator;
 			userData.groups = Array.isArray(results.groups) && results.groups.length ? results.groups[0] : [];
 			userData.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1;
 			userData['email:confirmed'] = !!parseInt(userData['email:confirmed'], 10);
@@ -133,6 +135,9 @@ helpers.getBaseUser = function(userslug, callerUID, callback) {
 				isAdmin: function(next) {
 					user.isAdministrator(callerUID, next);
 				},
+				isGlobalModerator: function(next) {
+					user.isGlobalModerator(callerUID, next);
+				},
 				profile_links: function(next) {
 					plugins.fireHook('filter:user.profileLinks', [], next);
 				}
@@ -147,7 +152,7 @@ helpers.getBaseUser = function(userslug, callerUID, callback) {
 			results.user.theirid = results.user.uid;
 			results.user.status = user.getStatus(results.user);
 			results.user.isSelf = parseInt(callerUID, 10) === parseInt(results.user.uid, 10);
-			results.user.showHidden = results.user.isSelf || results.isAdmin;
+			results.user.showHidden = results.user.isSelf || results.isAdmin || results.isGlobalModerator;
 			results.user.profile_links = filterLinks(results.profile_links, results.user.isSelf);
 
 			results.user['cover:url'] = results.user['cover:url'] || require('../../coverPhoto').getDefaultProfileCover(results.user.uid);

src/groups.js

@@ -241,8 +241,8 @@ var utils = require('../public/src/utils');
 		if (group) {
 			group.nameEncoded = encodeURIComponent(group.name);
 			group.displayName = validator.escape(group.name);
-			group.description = validator.escape(group.description);
+			group.description = validator.escape(group.description || '');
-			group.userTitle = validator.escape(group.userTitle) || group.displayName;
+			group.userTitle = validator.escape(group.userTitle || '') || group.displayName;
 		}
 	};
 

src/groups/create.js

@@ -9,7 +9,7 @@ var async = require('async'),
 module.exports = function(Groups) {
 
 	Groups.create = function(data, callback) {
-		var system = data.name === 'administrators' || data.name === 'registered-users' || data.name === 'Global Moderators' || Groups.isPrivilegeGroup(data.name);
+		var system = data.system === true || parseInt(data.system, 10) === 1 || data.name === 'administrators' || data.name === 'registered-users' || data.name === 'Global Moderators' || Groups.isPrivilegeGroup(data.name);
 		var groupData;
 		var timestamp = data.timestamp || Date.now();
 

src/groups/membership.js

@@ -15,18 +15,27 @@ module.exports = function(Groups) {
 		function join() {
 			var tasks = [
 				async.apply(db.sortedSetAdd, 'group:' + groupName + ':members', Date.now(), uid),
-				async.apply(db.incrObjectField, 'group:' + groupName, 'memberCount'),
+				async.apply(db.incrObjectField, 'group:' + groupName, 'memberCount')				
-				async.apply(db.sortedSetIncrBy, 'groups:visible:memberCount', 1, groupName)
 			];
 
 			async.waterfall([
 				function(next) {
+					async.parallel({
+						isAdmin: function(next) {
 							user.isAdministrator(uid, next);		
 						},
-				function(isAdmin, next) {
+						isHidden: function(next) {
-					if (isAdmin) {
+							Groups.isHidden(groupName, next);
+						}
+					}, next);					
+				},
+				function(results, next) {
+					if (results.isAdmin) {
 						tasks.push(async.apply(db.setAdd, 'group:' + groupName + ':owners', uid));
 					}
+					if (!results.isHidden) {
+						tasks.push(async.apply(db.sortedSetIncrBy, 'groups:visible:memberCount', 1, groupName));
+					}
 					async.parallel(tasks, next);
 				},
 				function(results, next) {
@@ -181,7 +190,6 @@ module.exports = function(Groups) {
 
 		var tasks = [
 			async.apply(db.sortedSetRemove, 'group:' + groupName + ':members', uid),
-			async.apply(db.sortedSetIncrBy, 'groups:visible:memberCount', -1, groupName),
 			async.apply(db.setRemove, 'group:' + groupName + ':owners', uid),
 			async.apply(db.decrObjectField, 'group:' + groupName, 'memberCount')
 		];
@@ -203,9 +211,13 @@ module.exports = function(Groups) {
 
 				if (parseInt(groupData.hidden, 10) === 1 && parseInt(groupData.memberCount, 10) === 0) {
 					Groups.destroy(groupName, callback);
+				} else {
+					if (parseInt(groupData.hidden, 10) !== 1) {
+						db.sortedSetAdd('groups:visible:memberCount', groupData.memberCount, groupName, next);			
 					} else {
 						callback();	
 					}					
+				}
 			});
 		});
 	};

src/messaging.js

@@ -418,7 +418,9 @@ var async = require('async'),
 							next();
 						}
 					});
-				}, next);
+				}, function(err) {
+					next(err, roomId);
+				});
 			}
 		], callback);
 	};

src/middleware/middleware.js

@@ -145,7 +145,7 @@ middleware.checkAccountPermissions = function(req, res, next) {
 				return next(null, true);
 			}
 
-			user.isAdministrator(req.uid, next);
+			user.isAdminOrGlobalMod(req.uid, next);
 		}
 	], function (err, allowed) {
 		if (err || allowed) {

src/search.js

@@ -1,45 +1,44 @@
 'use strict';
 
-var async = require('async'),
+var async = require('async');
-	validator = require('validator'),
+var validator = require('validator');
-
+
-	db = require('./database'),
+var db = require('./database');
-	posts = require('./posts'),
+var posts = require('./posts');
-	topics = require('./topics'),
+var topics = require('./topics');
-	categories = require('./categories'),
+var categories = require('./categories');
-	user = require('./user'),
+var user = require('./user');
-	plugins = require('./plugins'),
+var plugins = require('./plugins');
-	privileges = require('./privileges'),
+var privileges = require('./privileges');
-	utils = require('../public/src/utils');
+var utils = require('../public/src/utils');
 
 var search = {};
 
 module.exports = search;
 
 search.search = function(data, callback) {
-	function done(err, result) {
-		if (err) {
-			return callback(err);
-		}
-
-		result.search_query = validator.escape(data.query);
-		result.time = (process.elapsedTimeSince(start) / 1000).toFixed(2);
-		callback(null, result);
-	}
 
 	var start = process.hrtime();
-
 	var searchIn = data.searchIn || 'titlesposts';
 
+	async.waterfall([
+		function (next) {
 			if (searchIn === 'posts' || searchIn === 'titles' || searchIn === 'titlesposts') {
-		searchInContent(data, done);
+				searchInContent(data, next);
 			} else if (searchIn === 'users') {
-		user.search(data, done);
+				user.search(data, next);
 			} else if (searchIn === 'tags') {
-		topics.searchAndLoadTags(data, done);
+				topics.searchAndLoadTags(data, next);
 			} else {
-		callback(new Error('[[error:unknown-search-filter]]'));
+				next(new Error('[[error:unknown-search-filter]]'));
+			}
+		},
+		function (result, next) {
+			result.search_query = validator.escape(data.query || '');
+			result.time = (process.elapsedTimeSince(start) / 1000).toFixed(2);
+			next(null, result);
 		}
+	], callback);
 };
 
 function searchInContent(data, callback) {

src/socket.io/user.js

@@ -188,12 +188,20 @@ SocketUser.saveSettings = function(socket, data, callback) {
 		return callback(new Error('[[error:invalid-data]]'));
 	}
 
-	user.isAdminOrSelf(socket.uid, data.uid, function(err) {
+	async.waterfall([
-		if (err) {
+		function(next) {
-			return callback(err);
+			if (socket.uid === parseInt(data.uid, 10)) {
+				return next(null, true);
 			}
-		user.saveSettings(data.uid, data.settings, callback);
+			user.isAdminOrGlobalMod(socket.uid, next);
-	});
+		}, 
+		function(allowed, next) {
+			if (!allowed) {
+				return next(new Error('[[error:no-privileges]]'));
+			}
+			user.saveSettings(data.uid, data.settings, next);
+		}
+	], callback);
 };
 
 SocketUser.setTopicSort = function(socket, sort, callback) {

src/socket.io/user/profile.js

@@ -54,7 +54,13 @@ module.exports = function(SocketUser) {
 		async.parallel({
 			isAdmin: async.apply(user.isAdministrator, uid),
 			hasPassword: async.apply(user.hasPassword, data.uid),
-			passwordMatch: async.apply(user.isPasswordCorrect, data.uid, data.password)
+			passwordMatch: function(next) {
+				if (data.password) {
+					user.isPasswordCorrect(data.uid, data.password, next);
+				} else {
+					next(null, false);
+				}
+			}
 		}, function(err, results) {
 			if (err) {
 				return callback(err);
@@ -116,18 +122,18 @@ module.exports = function(SocketUser) {
 					return next(new Error('[[error:invalid-data]]'));
 				}
 
-				user.isAdministrator(socket.uid, next);
+				user.isAdminOrGlobalMod(socket.uid, next);
 			},
-			function(isAdmin, next) {
+			function(isAdminOrGlobalMod, next) {
-				if (!isAdmin && socket.uid !== parseInt(data.uid, 10)) {
+				if (!isAdminOrGlobalMod && socket.uid !== parseInt(data.uid, 10)) {
 					return next(new Error('[[error:no-privileges]]'));
 				}
 
-				if (!isAdmin && parseInt(meta.config['username:disableEdit'], 10) === 1) {
+				if (!isAdminOrGlobalMod && parseInt(meta.config['username:disableEdit'], 10) === 1) {
 					data.username = oldUserData.username;
 				}
 
-				if (!isAdmin && parseInt(meta.config['email:disableEdit'], 10) === 1) {
+				if (!isAdminOrGlobalMod && parseInt(meta.config['email:disableEdit'], 10) === 1) {
 					data.email = oldUserData.email;
 				}
 

src/user/picture.js

@@ -3,6 +3,7 @@
 var async = require('async'),
 	path = require('path'),
 	fs = require('fs'),
+	os = require('os'),
 	nconf = require('nconf'),
 	crypto = require('crypto'),
 	winston = require('winston'),
@@ -24,6 +25,7 @@ module.exports = function(User) {
 		var updateUid = uid;
 		var imageDimension = parseInt(meta.config.profileImageDimension, 10) || 128;
 		var convertToPNG = parseInt(meta.config['profile:convertProfileImageToPNG'], 10) === 1;
+		var uploadedImage;
 
 		async.waterfall([
 			function(next) {
@@ -52,48 +54,42 @@ module.exports = function(User) {
 				} else {
 					next();
 				}
-			}
+			},
-		], function(err) {
+			function(next) {
-			function done(err, image) {
-				if (err) {
-					return callback(err);
-				}
-
-				User.setUserFields(updateUid, {uploadedpicture: image.url, picture: image.url});
-
-				callback(null, image);
-			}
-
-			if (err) {
-				return callback(err);
-			}
-
 				if (plugins.hasListeners('filter:uploadImage')) {
-				return plugins.fireHook('filter:uploadImage', {image: picture, uid: updateUid}, done);
+					return plugins.fireHook('filter:uploadImage', {image: picture, uid: updateUid}, next);
 				}
 
 				var filename = updateUid + '-profileimg' + (convertToPNG ? '.png' : extension);
 				
-			User.getUserField(updateUid, 'uploadedpicture', function (err, oldpicture) {
+				async.waterfall([
-				if (err) {
+					function(next) {
-					return callback(err);
+						User.getUserField(updateUid, 'uploadedpicture', next);
-				}
+					},
-
+					function(oldpicture, next) {
 						if (!oldpicture) {
-					return file.saveFileToLocal(filename, 'profile', picture.path, done);
+							return file.saveFileToLocal(filename, 'profile', picture.path, next);
 						}		
+						var oldpicturePath = path.join(nconf.get('base_dir'), nconf.get('upload_path'), 'profile', path.basename(oldpicture));
 
-				var absolutePath = path.join(nconf.get('base_dir'), nconf.get('upload_path'), 'profile', path.basename(oldpicture));
+						fs.unlink(oldpicturePath, function (err) {
-
-				fs.unlink(absolutePath, function (err) {
 							if (err) {
 								winston.error(err);
 							}
 
-					file.saveFileToLocal(filename, 'profile', picture.path, done);
+							file.saveFileToLocal(filename, 'profile', picture.path, next);
-				});
-			});
 						});
+					},					
+				], next);
+			},
+			function(_image, next) {
+				uploadedImage = _image;
+				User.setUserFields(updateUid, {uploadedpicture: uploadedImage.url, picture: uploadedImage.url}, next);
+			},
+			function(next) {
+				next(null, uploadedImage);
+			}
+		], callback);
 	};
 
 	User.uploadFromUrl = function(uid, url, callback) {
@@ -134,7 +130,7 @@ module.exports = function(User) {
 	};
 
 	User.updateCoverPicture = function(data, callback) {
-		var tempPath, url, md5sum;
+		var url, md5sum;
 
 		if (!data.imageData && data.position) {
 			return User.updateCoverPosition(data.uid, data.position, callback);
@@ -160,20 +156,23 @@ module.exports = function(User) {
 				md5sum.update(data.imageData);
 				md5sum = md5sum.digest('hex');
 
-				tempPath = path.join(nconf.get('base_dir'), nconf.get('upload_path'), md5sum);
+				data.file = {
+					path: path.join(os.tmpdir(), md5sum)
+				};
+
 				var buffer = new Buffer(data.imageData.slice(data.imageData.indexOf('base64') + 7), 'base64');
 
-				fs.writeFile(tempPath, buffer, {
+				fs.writeFile(data.file.path, buffer, {
 					encoding: 'base64'
 				}, next);
 			},
 			function(next) {
-				file.isFileTypeAllowed(tempPath, next);
+				file.isFileTypeAllowed(data.file.path, next);
 			},
 			function(tempPath, next) {
 				var image = {
 					name: 'profileCover',
-					path: data.file ? data.file.path : tempPath,
+					path: tempPath,
 					uid: data.uid
 				};
 
@@ -198,7 +197,7 @@ module.exports = function(User) {
 				User.setUserField(data.uid, 'cover:url', uploadData.url, next);
 			},
 			function(next) {
-				require('fs').unlink(data.file ? data.file.path : tempPath, function(err) {
+				fs.unlink(data.file.path, function(err) {
 					if (err) {
 						winston.error(err);
 					}
@@ -207,7 +206,7 @@ module.exports = function(User) {
 			}
 		], function(err) {
 			if (err) {
-				return fs.unlink(tempPath, function(unlinkErr) {
+				return fs.unlink(data.file.path, function(unlinkErr) {
 					callback(err);	// send back the original error
 				});
 			}