In some edge cases (e.g. SSO plugin redirecting the user immediately), with modern browsers, the request is never "completed" for speed. This causes a condition where the session object never persists to the database, even though it has changed. This added line forces a db persist on a successful login.
Context: https://github.com/expressjs/session/pull/484
One notable change is line 200, where a conditional was changed. The conditional used to check for `user.hasOwnProperty('picture')` and was added so that icons would only be included in the response if the picture was requested. This doesn't seem to apply as picture could be set regardless (see default avatar logic above), so I explicitly check `requestedFields` now.
>
> A plugin wanted to use `response:rotuer.page` to 404 a specific page on some condition. res.render returns early in send404 and so must be awaited otherwise multiple responses will be sent
If URL was set to something like `http://example.com:8080`, and port
was set to 4567, keep listening on port 4567 and keep linking through
URL that was specified.
This allows to listen on port 4567, while having NGINX (or any proxy)
set to listen on port 8080 and route traffic to port 4567.
So NodeBB can be "hidden" behind proxy while URL can still contain
non-standard port, i.e., port different than 80 and 443.
fix: ensure proper admin privilege checking on remounted `/admin` mount
fix: guard against plugins sending back missing mounts
fix: no need to make addRemountableRoutes awaitable
For 7+ years we were escaping this value, but it is in many cases already sanitized (as it may be a post content). For those cases when it is not, I now run it through parse.raw.
Instead of escaping, it now strips p, img, and a tags.
* feat: wip categories pagination
* feat: add subCategoriesPerPage setting
* feat: add load more sub categories button to category page
* fix: openapi spec
* feat: show sub categories left on category page
hide button when no more categories left
* breaking: rename categories to allCategories on /search
categories contains the search results
* fix: spec
* refactor: remove cidsPerPage
* fix: tests
* feat: use component for subcategories
* fix: prevent negative subCategoriesLeft
* feat: new category filter/search WIP
* feat: remove categories from /tag
* fix: dont load all categories when showing move modal
* feat: allow adding custom categories to list
* breaking: dont load entire category tree on post queue
removed unused code
add hooks to filter/selector
add options to filter/selector
* feat: make selector modal work again
* feat: replace old search module
* fix: topic move selector
* feat: dont load all categories on create category modal
* fix: fix more categorySelectors
* feat: dont load entire category tree on group details page
* feat: dont load all categories on home page and user settings page
* feat: add pagination to /user/:userslug/categories
* fix: update schemas
* fix: more tests
* fix: test
* feat: flags page, dont return entire category tree
* fix: flag test
* feat: categories manage page
dont load all categories
allow changing root category
clear caches properly
* fix: spec
* feat: admins&mods page
dont load all categories
* fix: spec
* fix: dont load all children when opening dropdown
* fix: on search results dont return all children
* refactor: pass all options, rename options.cids to options.selectedCids
* fix: #9266
* fix: index 0
* fix: spec
* feat: #9265, add setObjectBulk
* refactor: shoter updateOrder
* feat: selectors on categories/category
* fix: tests and search filter
* fix: category update test
* feat: pagination on acp categories page
show order in set order modal
* fix: allow drag&drop on pages > 1 in /admin/manage/categories
* fix: teasers for deep nested categories
fix sub category display on /category page
* fix: spec
* refactor: use eslint-disable-next-line
* refactor: shorter
Login route saves the previous page by checking for the X-Return-To header. This header is automatically set by ajaxify.
Login takes this value and saves it to `req.session`.
Up until now, `/register` saved the previous URL in a hidden input, and redirected based on that value, but it occasionally conflicted with req.session.returnTo. It was also confusing because it did not match how login handled the values.
This commit updates the route handling so it works identically to `/login`.
Adds a `Service-Worker-Allowed` header on `assets/src/service-worker.js` URL and uses `scope` option during registration to ensure the service worker is correctly scoped to the entire forum and only the forum.
Julian Lam
Peter Jaszkowiak
Barış Soner Uşaklı
ahwayakchih
Barış Soner Uşaklı
gasoved
Opliko