Commit Graph

48332 Commits

Author SHA1 Message Date
Anders Kaseorg 4a61e36def CVE-2022-36048: Rewrite only specific local links to relative.
Due to mismatches between the URL parsers in Python and browsers, it
was possible to hoodwink rewrite_local_links_to_relative into
generating links that browsers would interpret as absolute.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-24 16:29:09 -07:00
Tim Abbott 4ac4573c52 unread_ops: Harden against bugs involving recent topics.
In theory, this function should never be called when Recent Topics is
visible. But if it somehow is, ensure that we don't access
message_lists.current without first checking whether it's visible.
2022-08-24 16:13:56 -07:00
Tim Abbott 50f6d7ff73 message_lists: Avoid setting message_lists.current in recent topics.
The original change in 5f127c85f7 was
intended to make the loop in message_lists.js not include a
potentially stale message_lists.current in the event that one is
viewing recent topics.

We revert that change and instead do the simpler thing of explicitly
checking whether we're viewing recent topics.

I was not able to prove this code was responsible for incidents this
week where all messages were marked as read while working in "Recent
topics", but is suspicious.

Likely the correct thing is to set message_lists.current to undefined
in this code path; I'm pretty sure it's an orphaned message list that
is no longer visible when viewing topics.
2022-08-24 16:13:56 -07:00
David Rosa 104fd6566a help: Document "Private messages" mobile app feature.
Adds step-by-step instructions for mobile app users including the
corresponding image icons for the buttons that they should tap on
their screen.

Makes individual SVG image icons, for the help center docs, available
in `/static/images/help/`, instead of importing the entire set of
icons as dependencies.

Adds the icons for the "PMs" tab from https://feathericons.com, and
"Checkmark" and "Send" buttons from https://materialdesignicons.com.
Adds a new nested CSS selector to `.markdown img` so that the default
white border for images does not get applied to these icons.
2022-08-24 15:21:42 -07:00
David Rosa 23d41d09e2 help: Revise the "Private messages" article.
Some preliminary work is needed before documenting mobile feature.

Adds Desktop/Web tab and improves wording.
Splits instructions into "Send PM" / "Send group PM".
Documents sending a PM via the user actions menu.
2022-08-24 15:21:42 -07:00
Purushottam Tiwari 6242604b9d user groups: Fix hashchange logic for user group settings.
We were not handling hashchange for user group settings
under diffrent conditions. So this commit adds logic for
handling various diffrent cases of hashchange for user
group settings. We also take care that #groups only in
development environment.
2022-08-23 17:40:02 -07:00
Purushottam Tiwari c0acffb8a8 user groups: Set up right panel for user group edit.
This is preparatory commit that does basic UI set up for
user group edit in group settings overlay. This allows us to
write proper hashchange logic for user group settings overlay
under diffrent situations.
The work in this commit will be extended in further commits
to add proper UI and group edit logic.
2022-08-23 17:40:02 -07:00
Purushottam Tiwari a8c3be7fee user groups: Add new UI support for user group creation.
Add support for creation of user groups using right panel
of new user group settings overlay being developed as part
of https://github.com/zulip/zulip/issues/19526.

In further commits we will add support for editing user
groups using right panel of the overlay.

This commit also introduces a minor bug related hashchange
for #groups which would be a quick fix once we have UI
for group edit on #groups overlay.
2022-08-23 17:40:02 -07:00
Purushottam Tiwari c1cb5a6ef1 user groups: Set up right panel for user group settings overlay.
This is a preparatory commit to set up basic UI for right panel
in user group settings overlay. At this point we only ensure
the proper display of the two panels under different screen sizs.

Actual functionality for user group creation and user group
edit will be added in subsquent commits.
2022-08-23 17:39:52 -07:00
Purushottam Tiwari 072996141f user groups: Add filter for group list in group settings overlay. 2022-08-23 17:30:39 -07:00
Purushottam Tiwari 76aae8c5a0 user groups: Add user group rows in left for user group overlay. 2022-08-23 17:30:39 -07:00
Purushottam Tiwari 656f6a0fe9 user groups: Add overlay for user group settings.
Dedicated overlay for user group settings is added as part of
addressing zulip#19526.

The newely added overlay is currently empty and more UI
related to settings is to be added in further commits.
2022-08-23 17:30:39 -07:00
Purushottam Tiwari ff2db9c235 user groups: Rename settings_user_groups to settings_user_groups_legacy.
A preparatory commit to have legacy user group settings logic
as we move forward to redesign the user group settings.

This is done so that current user group settings are functional
while we are working on the redesign, and also to make it clear
that most of the code in this file will be deleted and developers
should avoid spending much time on it.
2022-08-23 17:30:39 -07:00
Sahil Batra 526914a996 settings: Set the custom input elem value to original value when hiding.
We now set the value inside custom input element of message and delete
limit setting to the original setting value when hiding the input in
process of changing the setting.

This fixes the bug of the save-discard button not hiding on doing
the following changes -
- Change the setting value from Anytime (or any other option) to custom.
- The save-discard widget appears. Now write something in custom input
box.
- Then change the setting value to the original value, which in this
case can be considered Anytime as mentioned above.

The save-discard widget should be hidden after above steps because
the setting value is changed to its already set value, but it does
not without doing the changes in this commit because
check_property_changed returns true for custom input element.
2022-08-23 16:17:25 -07:00
Sahil Batra ba0c5a2380 settings: Fix save button not being re-enabled correctly.
The "Save changes" button was not re-enabled if the initial
setting value was "Anytime" and then setting is changed to
"Custom" (which disabled the button since input is empty) and
then followed by changing to some other option.

This commit fixes the above mentioned bug. This bug was
introduced in #21837 where we added the functionality to
disable the save button.
2022-08-23 16:17:25 -07:00
Sahil Batra f3c15affd7 settings: Extract code for disabling save button in a function.
This is a prep commit so that we can reuse the function to enable
or disable the save button when changing the message edit and delete
setting dropdown.
2022-08-23 16:17:25 -07:00
Sahil Batra 1da7086c35 settings: Fix save button being disabled even for valid values.
On changing either one of message edit or delete limit setting
from "Any time" to "Custom", the "Save changes" button is not
enabled even after entering valid input.

We can see this bug if both the edit or delete limit setting is
set to "Anytime" initially and one of the setting is changed to
"Custom".

This is because the custom input for "Any time" case is empty even
though it is hidden and the check for disabling the button was
not checking whether the input is hidden or not.

This commit changes the code to consider the value in custom input
box only if the input is visible, i.e. the dropdown value is set to
"Custom".

This bug was introduced in #21837 where we added the functionality
to disable the save button.
2022-08-23 16:17:25 -07:00
Sahil Batra 1990a1ff99 settings: Hide save-discard widget correctly when setting is not changed.
This commit fixes the bug where save-discard was not hidden when message
edit or delete setting is first changed from "Anytime" to any other value
and then again to "Any time". The save-discard widget should be hidden
since the setting is value was "Any time" already.

The bug was because check_property_changed returned true for
"realm_message_content_edit_limit_minutes" and
"realm_message_content_delete_limit_minutes" for above case as value of
setting in page_params for "Any time" case is "null" and
get_input_element_value returned "undefined" as the custom input box is
empty for "Any time" case.

This bug was introduced in #21837 where we changed the input box to be
empty for "Any time" case.
2022-08-23 16:17:25 -07:00
Lauryn Menard 3de4fd5fbb recent-topics: Check topic exists when trying to revive focus.
When a message is deleted, if it was the only message in the topic
and it was the previously focused message in recent topics, then
the topic is no longer in the recent topics data.

In this case, we revive the focus to the adjacent message or, if it
was the last message in the view, the focus is reset to the search
bar.
2022-08-23 15:59:06 -07:00
Matt Keller 91e5ae84ac uwsgi: Increase timeout before harakiri.
Some legitimate requests in Zulip can take more than 20s to be
processed, and we don't have a current problem where having a 20s
limit here is preventing a problem.
2022-08-23 15:28:10 -07:00
Tim Abbott de275da70a release: Fix OUTDIR typo.
This was missed in 58962f0b7b.
2022-08-22 22:40:01 -07:00
Mateusz Mandera c1c9024af5 email_mirror: Replace disallowed characters in incoming email subject.
These characters are not allowed and trying to create a Zulip message
with those characters throws a JsonableError in check_stream_topic.

We don't want to reject emails with those chars in the subject, so
it's best to just modify it appropriately.
2022-08-22 17:16:20 -07:00
Hari Prashant Bhimaraju fd0b013bcd slack_incoming: Handle optional attachment fields aptly.
This commit checks for null values for keys within "attachment" in
the Slack integration's incoming payloads. These keys were expected
to exist optionally previously, and the existence of null values for
these wasn't anticipated. Due to an issue report for such null
values in the payload, their handling is updated appropriately.

The checks for these values are truthiness checks since the strategy
for these values being null or falsy ("", 0) is the same; we don't
process that key-value pair. This is consistent with how Slack handles
this scenario.

For the case where all the attachment fields have null values, Slack
displays this as an empty block with no content, and therefore our
strategy for this is a no-op.

Tests updated.
2022-08-22 16:40:13 -07:00
Aman Agrawal ef21f9107c urls: Move /hello files to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal 07f0104714 urls: Move /security files to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal 8da5368529 url: Move /self-hosting pages to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal c908c9b497 urls: Move /why-zulip pages to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal d15158e76b urls: Move /history files to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal c9ac233911 urls: Move /team files to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal 349bac4751 urls: Move /attribution files to the corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal 7cd8bcd004 urls: Move /development-community files to corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal 9ce7a784e7 urls: Move /apps files to corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal 4a9b4fb91b urls: Move /features files to corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal a5d7a334c4 urls: Move /plans files to corporate folder. 2022-08-22 15:53:43 -07:00
Aman Agrawal afd31b739d templates: Move case-studies and /for pages to corporate folder.
Since these pages don't belong in a self-hosted server.
2022-08-22 15:53:43 -07:00
Aman Agrawal 21a2fd482e portico: Move to corporate folder.
Since the URLs that use these function are present in corporate/urls,
this file belongs in the corporate folder.
2022-08-22 15:53:43 -07:00
Aman Agrawal 4b6df8a678 home: Only serve landing page at root domain on corporate servers. 2022-08-22 15:53:43 -07:00
Aman Agrawal e54ded49c4 urls: Move URLs that don't belong on self-hosted servers to corporate URLs.
Use absolute URLs for these links in files which will be served
to self-hosted servers.
2022-08-22 15:53:43 -07:00
Aman Agrawal f1a1868de8 urls: Remove duplicate developer-community redirect.
Exactly same call exists below this with a comment.
2022-08-22 15:53:43 -07:00
Zixuan James Li db92033b23 typing: Tighten type annotations for patch_queue_publish.
Since this decorator is only used for methods of
TestServiceBotEventTriggers, we can type the decorated method's
signature accurately without using ParamSpec.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Zixuan James Li 32a77fc0bf test_helpers: Move patch_queue_publish to test_service_bot_system.
This prepares us to tighten the type annotations for this helper.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Zixuan James Li 30536caa68 typing: Remove FuncT.
We can express the type of these decorators with Concatenate and ParamSpec
now for tighter type annotations.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Zixuan James Li 21fd62427d typing: Remove ViewFuncT.
This removes ViewFuncT and all the associated type casts with ParamSpec
and Concatenate. This provides more accurate type annotation for
decorators at the cost of making the concatenated parameters
positional-only. This change does not intend to introduce any other
behavioral difference. Note that we retype args in process_view as
List[object] because the view functions can not only be called with
arguments of type str.

Note that the first argument of rest_dispatch needs to be made
positional-only because of the presence of **kwargs.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 15:46:16 -07:00
Israel Ebonko 1f286ab283 integration: Add wekan integration.
Fixes #13086

Co-authored-by: Ganesh Pawar (ganpa3) <pawarg256@gmail.com>
2022-08-22 15:37:22 -07:00
Ganesh Pawar 544e472ec3 user profile modal: Don't close settings when opening modal.
Fixes #22572.
2022-08-22 15:32:18 -07:00
Zixuan James Li 965ed728e1 type_debug: Remove type_debug.
This module was originally introduced in 2016 to assist adding mypy
annotations to the project. Back then static type checking was not that
established throughout the codebase, so it was helpful to be able to
print out the types for type checking purposes.

This workflow is no longer helpful for improving type annotations right
now, and it has been unused for a while.

Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-08-22 13:19:09 -07:00
Sahil Batra cb15767df3 settings: Update label for realm-level default of send_read_receipts. 2022-08-20 15:38:34 -07:00
Anders Kaseorg 3e7d7ee86a integrations_dev_panel: Remove unused idempotent flag.
Followup to commit fde9b1d366 (#22753).

(This was a misuse of “idempotent”.  “Idempotent” means that
performing the request more than once in a row has the same effect as
performing it once; it says nothing about whether the response is
cacheable.)

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-19 16:45:09 -07:00
Anders Kaseorg d923096882 channel: Remove pending_requests list.
It’s been unused since commit 2eacc7317d
removed the only caller of abort_all and commit
ef815e9e79 removed abort_all itself.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-19 12:17:40 -07:00
Anders Kaseorg c84f35644d channel: Stop monkey-patching password change counts into XHR objects.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-19 12:17:40 -07:00