We add a box shadow at top of the recipient bar to hide message
text that are partially visible above the recipient bar. At 100%
zoom, this issue is not visible but it has been reported by a user
at 150% zoom.
Following this change we don't need to do change any of our JS
calculations since `y` position of header remains the same
and when determining if a header `is_sticky` that is the only
thing we verify.
The "hotkey-hint" class name used internally in
d66f2d900f conflicted with the
preexisting class name for hotkey hints into popovers, introduced in
80ff3d8da5.
Given that the new class is for a styling of hotkey hints designed for
use in tooltips, it was a bad name anyway, so just rename it to
tooltip-hotkey-hint. We rename the related cluster of variable names
to match this.
This is a follow up to 875ad8e implementing a better approach. We call
`cursor_at_start_of_whitespace_in_compose` from `focus_in_empty_compose`
itself if and when needed.
This commit adds code to live-update the inline-topic edit
icon on changing move_messages_within_stream_limit_seconds
or edit_topic_policy. We simply rerender the message list
as it becomes difficult to check for each recipient row
and update it because topic edit permission depends on
when the message was sent.
This also live-updates the resolve topic icon as it depends
on topic edit permission only.
This commit adds dropdown for move_messages_between_streams_limit_seconds
setting which is used to control for how long the user is allowed to
edit stream.
This commit adds dropdown for move_messages_within_stream_limit_seconds
setting which is used to control for how long the user is allowed to
edit topic.
This commit adds code to check time limit as per recently added
move_messages_between_streams_limit_seconds setting when moving
messages between streams in webapp. There is no time limit for
admins and moderators.
We add a new function "is_stream_editable" (similar to already
existing is_topic_editable function) to check whether user is
allowed to move message between streams.
This commit adds time restriction on moving messages between streams
using the move_messages_between_streams_limit_seconds setting in the
backend. There is no time limit for admins and moderators.
We now use realm_move_messages_within_stream_limit_seconds setting in
webapp to check topic edit permission replacing the 3-day limit.
As was the case previously, there is no limit for admins and
moderators.
We now use the newly added move_messages_within_stream_limit_seconds
setting to check for how long the user can edit the topic replacing
the previously used 3-day limit. As it was previously, there is no
time limit for admins and moderators.
This commit renames parse_message_content_edit_or_delete_limit
to parse_message_time_limit_setting and also renames
MESSAGE_CONTENT_EDIT_OR_DELETE_LIMIT_SPECIAL_VALUES_MAP to
MESSAGE_TIME_LIMIT_SETTING_SPECIAL_VALUES_MAP.
We do this change since this function and object will also be
used for message move limit and it makes sense to have a more
generic name.
This commit extracts a function to parse message time limit type settings
and to set it if the new setting value is None.
This function is currently used for message_content_edit_limit_seconds and
message_content_delete_limit_seconds settings and will be used for
message_move_limit_seconds setting to be added in further commits.
This commit adds code to update move_messages_between_streams_policy
in page_params dict and also call sync_realm_settings which updates
the setting element in UI.
Documents the Do Not Disturb option with a dedicated page in
the Notifications section.
The capitalization is not our standard style because the desktop app
doesn't follow that style convention.
Fixes#24169.
Previously, when sending a message to a resolved topic, if you disissed
the 'You are sending a message to a resolved topic' banner, it would
reappear as soon as the user enters another character.
Fix this by showing the banner at most once per narrow. It does not
reappear if the user closes the banner and continues typing. It will
only be shown again if the user closes compose, changes stream/topic,
sends a message or otherwise clears the compose box state.
We also remove the existing check for whether this banner is already
visible; this is essentially a more precise version of the same logic.
Fixes#24245.
Uptil now, the right sidebar user list unread count included bot and group
PMs which sometimes resulted in the confusing state of the user list icon
indicating unread messages but on expanding the user list, no username
had a counter beside it, since the list only has individual human users.
Now this right sidebar unread count too excludes bots and groups, so the
unread count and the user list are consistent, without any ghost counts.
Set width of the heading tag displaying user profile name heading, which
doesn't let the edit button get pushed off the user profile modal.
Ellipsis property is applied to user profile name on text overflow.
Fixes: #23781.
Changed the width of the file column to show the names properly,
while making sure that the table UI remains consistent in different
languages too (checked the same for Russian language).
Drop the file size column if the viewport is less than 992px (lg_min)
to ensure that the size word doesn't break when there are no uploaded files.
Discussed on CZO thread.
Changed the position of the Date uploaded arrow to stay visible
in all view ports and added word-break to prevent spill over of Mentioned-in
and date uploaded.
Fixes: #23738
Overlays.js incorrectly checked for whether `#groups` overlay
was open, so it re-assigned the global `open_overlay_name`
variable. As a consequence unwanted bluslip errors were thrown
when closing the groups overlay after any group event was
received while the `#groups` overlay was open.
The new `#groups` overlay had no way for user groups to be deleted.
This commit adds UI support for removing user groups along with
adding support for live update of `#groups` overlay on remove
event for user groups.
We add live update support for user group events as part of
https://github.com/zulip/zulip/issues/19526.
This however has a few TODOs:
1. Deciding on how we want to sort the group list on left of
#groups overlay.
2. How we highlight the newly created groups after it is added
to the list.
These will be covered as we add support for more groups events.
Since we do not currently have live update on newly
created ui for user group management, alert shown
after successful creation of user group apeared across
full width of right panel of #groups overlay. Which
made it look a bit awkward, so we add margins to that
alert info.
This removes the focus outline on `simplebar-content-wrapper` in
the left sidebar and other places in the app when focused since
it doesn't look visually nice.
This commit fixes the code which incorrectly set the cursor
property to "pointer" for input and textarea elements where
only select elements should have it. The code causing this bug
was added in d708bc338.
In Zulip, message topics are case-insensitive but case-preserving.
The `get_context_for_message` function erroneously did a
case-sensitive search, and thus only messages whose topic matched
exactly were pulled in as context.
Make the missed-message pipeline aware that message topics are not
case-sensitive. This means that, when collapsing adjacent messages,
we merge messages with topic headers which are "different"; create a
separate explicit "grouping" to know which to collapse.
Similar to the previous commit, Django was responsible for setting the
Content-Disposition based on the filename, whereas the Content-Type
was set by nginx based on the filename. This difference is not
exploitable, as even if they somehow disagreed with Django's expected
Content-Type, nginx will only ever respond with Content-Types found in
`uploads.types` -- none of which are unsafe for user-supplied content.
However, for consistency, have Django provide both Content-Type and
Content-Disposition headers.
The Content-Type of user-provided uploads was provided by the browser
at initial upload time, and stored in S3; however, 04cf68b45e
switched to determining the Content-Disposition merely from the
filename. This makes uploads vulnerable to a stored XSS, wherein a
file uploaded with a content-type of `text/html` and an extension of
`.png` would be served to browsers as `Content-Disposition: inline`,
which is unsafe.
The `Content-Security-Policy` headers in the previous commit mitigate
this, but only for browsers which support them.
Revert parts of 04cf68b45e, specifically by allowing S3 to provide
the Content-Disposition header, and using the
`ResponseContentDisposition` argument when necessary to override it to
`attachment`. Because we expect S3 responses to vary based on this
argument, we include it in the cache key; since the query parameter
has dashes in it, we can't use use the helper `$arg_` variables, and
must parse it from the query parameters manually.
Adding the disposition may decrease the cache hit rate somewhat, but
downloads are infrequent enough that it is unlikely to have a
noticeable effect. We take care to not adjust the cache key for
requests which do not specify the disposition.
This was missed in 04cf68b45ebb5c03247a0d6453e35ffc175d55da; as this
content is fundamentally untrusted, it must be served with
`Content-Security-Policy` headers in order to be safe. These headers
were not provided previously for S3 content because it was served from
the S3 domain.
This mitigates content served from Zulip which could be a stored XSS,
but only in browsers which support Content-Security-Policy headers;
see subsequent commit for the complete solution.
In nginx, `location` blocks operate on the _decoded_ URI[^1]:
> The matching is performed against a normalized URI, after decoding
> the text encoded in the “%XX” form
This means that if a user-uploaded file contains characters that are
not URI-safe, the browser encodes them in UTF-8 and then URI-encodes
them -- and nginx decodes them and reassembles the original character
before running the `location ~ ^/...` match. This means that the `$2`
_is not URI-encoded_ and _may contain non-ASCII characters.
When `proxy_pass` is passed a value containing one or more variables,
it does no encoding on that expanded value, assuming that the bytes
are exactly as they should be passed to the upstream. This means that
directly calling `proxy_pass https://$1/$2` would result in sending
high-bit characters to the S3 upstream, which would rightly balk.
However, a longstanding bug in nginx's `set` directive[^2] means that
the following line:
```nginx
set $download_url https://$1/$2;
```
...results in nginx accidentally URI-encoding $1 and $2 when they are
inserted, resulting in a `$download_url` which is suitable to pass to
`proxy_pass`. This bug is only present with numeric capture
variables, not named captures; this is particularly relevant because
numeric captures are easily overridden by additional regexes
elsewhere, as subsequent commits will add.
Fixing this is complicated; nginx does not supply any way to escape
values[^3], besides a third-party module[^4] which is an undue
complication to begin using. The only variable which nginx exposes
which is _not_ un-escaped already is `$request_uri`, which contains
the very original URL sent by the browser -- and thus can't respect
any work done in Django to generate the `X-Accel-Redirect` (e.g., for
`/user_uploads/temporary/` URLs). We also cannot pass these URLs to
nginx via query-parameters, since `$arg_foo` values are not
URI-decoded by nginx, there is no function to do so[^3], and the
values must be URI-encoded because they themselves are URLs with query
parameters.
Extra-URI-encode the path that we pass to the `X-Accel-Redirect`
location, for S3 redirects. We rely on the `location` block
un-escaping that layer, leaving `$s3_hostname` and `$s3_path` as they
were intended in Django.
This works around the nginx bug, with no behaviour change.
[^1]: http://nginx.org/en/docs/http/ngx_http_core_module.html#location
[^2]: https://trac.nginx.org/nginx/ticket/348
[^3]: https://trac.nginx.org/nginx/ticket/52
[^4]: https://github.com/openresty/set-misc-nginx-module#set_escape_uri
This commit fixes the issue where the "Click to view or download" comes
to the right of the image title. We add a parent division in this commit
that leads to the break tag being applied successfully, shifting the
secondary tooltip content ("Click to view or download") to next line.