ab6f062ff9
fix: prevent crash in expandObjBy #9618
4 years ago
1bf263c4a2
9622 ( #9625 )
...
* fix : #9622
dont allow regular user to remove system tags
* refactor: add guest/spider check to isPrivileged
string/trim tag
4 years ago
0d975bc4fb
fix: dont show system tags in whitelist dropdown to regular users
4 years ago
84e065752f
fix : #9622 ( #9623 )
...
dont allow regular user to remove system tags
4 years ago
73f40e96a5
fix : #9620 , fix notif delay
4 years ago
c92fc19b5c
fix : #9619 , add group chat filter to /notifications
4 years ago
3cd9434b56
fix: scope
4 years ago
1eda538da5
fix : #9615 , catch exceptions in renderOverride
4 years ago
46a454f194
feat: add bodyClass to 500 page
4 years ago
8168c6c407
fix: purge uploaded images accordingly #9606 ( #9611 )
...
* fix: purge uploaded images accordingly
* fix: tests
* fix: relative paths
4 years ago
a2400f6baf
fix: accidental unnecessarily strict conditional that effectively rendered SSO state checking opt-in instead of opt-out
4 years ago
f9728aff2c
feat: clear reset tokens on successful login
4 years ago
5c42b3eab0
test: fixed broken tests from #9605 , removed token clean on token usage as it is superceded by token clean on generation (+ associated test)
4 years ago
f6c14d6b62
fix: introduce artificial delay + delay fudging on invalid email during reset token generation
4 years ago
229f96f872
fix : #9605 , expire all active reset tokens for a uid if that uid generates a new one
4 years ago
8c952aa381
fix: lint
4 years ago
be19f27f40
feat: add filter:categories.categorySearch
4 years ago
cc0cf99fed
feat: allow nested properties on category page ( #9601 )
...
* feat: allow nested properties on category page
* fix: remove debug
* fix: remove debug
4 years ago
8ea58432c9
feat: show ip on acp manage users
...
update url on search
show matching ip when searching by ip
add ip to export csv
4 years ago
6695927ea9
fix: pagination on acp users search
4 years ago
05cc7ccb60
feat: make undoTimeout configurable, closes #9599
4 years ago
2b42e7edb0
chore: lint
4 years ago
6f73261186
fix: extra ')'
4 years ago
d07229aa6b
chore: fix indentation
4 years ago
edcba61aa9
fix: disallow editing of other users' notes
...
Feel free to close this if it is intentional, but as you are not allowed to delete other users notes I expect you shouldn't be able to edit them. Editing another users post also changes ownership, allowing you to then delete it.
I also added `error:` to the errormessage so that they display properly.
4 years ago
ca72aa93d7
Locks bug failing test ( #9595 )
...
* test: failing test for issue
* fix : #9593 , don't lock if email is identical to username
* fix: lock calls after first call
* fix: add back email check
* test: remove invalid test
Co-authored-by: Julian Lam <julian@nodebb.org>
4 years ago
816856b0c6
feat: introduce boolean res.locals flag to bypass session reroll (used by session-sharing)
...
The session reroll logic is still standard practice, but in some cases, it is not necessary or causes UX issues. An issue opened in session sharing (julianlam/nodebb-plugin-session-sharing#95 ) brought this to attention in that parsing the cookie to log in the user caused a reroll (as expected), but caused the session open on other tabs to be mismatched. If "re-validate" was turned on, it basically meant that it was not possible to use NodeBB with multiple tabs.
Session sharing now sets `reroll` to `false` if re-validate is enabled.
4 years ago
286644d0b8
fix : #9592 , check session
4 years ago
3717df610a
fix: don't crash if session doesn't exist
4 years ago
66cae54ee3
fix: lint
4 years ago
57e46e41e3
feat: allow modifying default category privileges
4 years ago
16e0bca570
fix: improper use of filename extensions
4 years ago
d8d6c98970
fix: return null
4 years ago
ac7b093f99
feat: add filter:notifications.create
4 years ago
3fb7444580
fix: returnOriginal deprecation
...
https://github.com/mongodb/node-mongodb-native/pull/2808
4 years ago
3d5fef6e80
feat: pass req.query to getUnreadData
4 years ago
d2960aeb09
feat: added GET user route for api v3
4 years ago
48b8e3bb3f
fix: error when trying to trim an object
4 years ago
9ebfdeb7ee
fix : #9580 , proper 404 when ajaxifying
4 years ago
09f5179216
fix: lint
4 years ago
77dde41f7b
feat: keep query string when redirecting category
4 years ago
951e71a0e5
fix : #9567 fix tests
4 years ago
5215c30ade
fix : #9567 , use regular 404
4 years ago
3d6bdeb3df
feat: add req.query to flags.list/getCount
4 years ago
d35c64b1a2
feat: add filter:flags.getFlagIdsWithFilters
4 years ago
1ec9739629
switch to request-promise-native ( #9561 )
...
* refactor: cli/upgrade async/await
async/await cli/upgrade-plugins
remove unused payload.files
* fix: add missing await
* refactor: use request-promise-native
4 years ago
ac86937c88
refactor: cli/upgrade async/await ( #9558 )
...
* refactor: cli/upgrade async/await
async/await cli/upgrade-plugins
remove unused payload.files
* fix: add missing await
4 years ago
1ce595083a
fix: ioredis upgrade fix, maybe
4 years ago
4afca6900b
feat: add filter:user.getWatchedCategories
4 years ago
1d9cfe1e96
fix: bug where interstitial errors were not properly passed to the front-end via req.flash
4 years ago
518157d9fa
feat: pass req.query to getUserDataByUserSlug
4 years ago
0551642a35
fix : #9553 , use same fields for user search results in acp
4 years ago
94c12e3771
feat: #9508 , add cluster support
4 years ago
a3d6c56ec3
feat: #9551
4 years ago
ffa8016355
fix: lint
4 years ago
fad5988ed6
fix: tests
4 years ago
074ee859c4
fix: tests
4 years ago
1f3e660108
feat: add template to hook
4 years ago
a2442ee914
feat: add filter:account.getPostsFromUserSet
4 years ago
dd81dd03e0
fix( #9508 ): switch to ioredis ( #9545 )
...
* switch to ioredis
also need this fix in redisearch:
redis-search.js:98
```
redisClient.multi(cmds).exec(function(err, ids) {
if (err) {
return callback(err);
}
var errRes = ids[resultIndex];
if (errRes[0]) {
return callback(errRes[0]);
}
callback(null, errRes[1]);
});
```
* dbsearch compatible with ioredis
* fixed dbsearch?
4 years ago
0096cf178a
refactor: bubble other errors
4 years ago
a9bb108802
fix: wrong error message checked
4 years ago
ec6d1e2321
fix : #9507 session reroll causes socket.io to become confused ( #9534 )
...
* fix : #9507 session reroll causes socket.io to become confused
* fix: added return
* fix: simpler logic for error handling
* fix: overly sensitive catch
4 years ago
f6b583bb9d
feat: #9533 , allow redirect in build hooks
4 years ago
2c22b06feb
fix: isObjectField(s) empty field
4 years ago
7c1e163d82
Revert "feat: add _hooks metadata object to all hooks that have object-type params"
...
This reverts commit 46899ccadb
4 years ago
46899ccadb
feat: add _hooks metadata object to all hooks that have object-type params
4 years ago
d8e4fd4cdd
feat: add filter:categories.copySettingsFrom
4 years ago
084c985117
feat: guard against multiple resolves
4 years ago
5fe97b9c2e
revert: sync hooks
4 years ago
6ed8890c2e
fix : #9512 , fix chat icon if no privileges
4 years ago
b40fc4b64d
feat: #9511 send notifications on accept/reject
4 years ago
a478dc7ee8
feat: add filter:middleware.autoLocale
4 years ago
308252f566
fix : #9503 , dont error in markUnread if room doesnt exist
...
this prevents deleting the user if they are the only person in the chat room
4 years ago
9e07efc126
fix: use socket.request.headers
4 years ago
ed534f34f5
fix: buildReqObject headers for socket.io calls
4 years ago
01956af43a
feat: remove sync hooks support
4 years ago
4e490f6058
test: fix redis tests
4 years ago
92de49be00
test: add test for undefined fields in getObjectsFields
4 years ago
1db8920b18
refactor: make debug handler async
4 years ago
8b79c7f139
fix: regress. rescheduling shouldn't add to sets that pinning removed… ( #9477 )
...
* fix: regress. rescheduling shouldn't add to sets that pinning removed from
* test: remove the also from tests
4 years ago
9b71b087ec
feat: lang strings
4 years ago
435067aa5f
test: remove logs
4 years ago
2ea468daa3
test: clear cache between runs, require middleware later in helpers
4 years ago
d15e27107e
test: log
4 years ago
354e0a822d
test: remove equals
4 years ago
4dd3844680
fix: logic is hard
4 years ago
2e9efc0e8a
fix: wrong variable for cache
4 years ago
fa0c92a7c4
fix: eslint
4 years ago
ea22cd302a
fix: use req.ip instead, since guests can upload as well
4 years ago
a9978fcfd2
feat: rate limit file uploads
4 years ago
36f119a96a
fix : #9492 , keep query params on redirect
4 years ago
8faa6e4515
feat: filter flags by username #8489 ( #9451 )
...
* feat: filter flags by username #8489
* feat: toggle flag filter text
4 years ago
1fee6a702a
fix : #9487 , session data gathered during a session is lost upon login
...
e.g. returnTo, tids_viewed, etc.
4 years ago
697ed3bf37
feat: roll session identifier on login, as security best practice
...
see: https://owasp.org/www-community/attacks/Session_fixation
4 years ago
e845c34b52
fix: registration interstitials not handling promise rejections properly
4 years ago
4494728cf8
feat: allow different slugs
4 years ago
60eed8d89f
fix: let recent replies respect oldest/newest sort settings
4 years ago
6907837fce
fix : #9483 , fix events count display
4 years ago
161081e960
fix: escape flag reason
4 years ago
Barış Soner Uşaklı
Barış Soner Uşaklı
gasoved
Julian Lam
psychobunny
Mats
Peter Jaszkowiak