Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
14,949 Commits 28 Branches 142 Tags 769 MiB
Commit Graph

14949 Commits

Author SHA1 Message Date
Tim Abbott 02f5ef1d23 streams: Move filter_stream_authorization to lib. 2017-01-29 20:26:59 -08:00
Tim Abbott de68dd2860 lint: Ban use of Stream.objects.* in zerver/views. 2017-01-29 20:26:59 -08:00
Tim Abbott bb86bba20d stream_exists_backend: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott eeeffa8704 urls: Review useless stream_exists_backend endpoints. 
The actual function was overcomplicated and was designed to check
whether a stream existed by name, not by ID, so there was no value in
having it be used for checking if a stream existed by ID.
 2017-01-29 20:26:59 -08:00
Tim Abbott 46e5b8a9cc streams: Remove unused json_remove_subscriptions. 2017-01-29 20:26:59 -08:00
Tim Abbott e57e2ee9f1 get_subscribers_backend: Use access_stream_by_id. 2017-01-29 20:26:59 -08:00
Tim Abbott 0d980b7cef json_get_stream_id: Use access_stream_by_name. 2017-01-29 20:26:59 -08:00
Tim Abbott 1ced8d3eb6 get_topics_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 6685885741 deactivate_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott 826cc80c9e update_stream_backend: Use access_stream_by_id. 2017-01-29 20:26:58 -08:00
Tim Abbott de38f3eb94 update_stream_backend: Clean up unnecessary stream_name variable. 2017-01-29 20:26:58 -08:00
Tim Abbott 2cf223470d streams: Eliminate get_subscription_or_die helper function. 2017-01-29 20:26:58 -08:00
Tim Abbott 0af34ee710 streams: Add zerver/lib/streams.py library for security checks. 
The goal of this library is to make it a lot easier to prevent bugs
like CVE-2017-0881 by having all of our views logic for fetching a
stream go through a couple carefully tested code paths.
 2017-01-29 20:26:58 -08:00
Tim Abbott de3e96162e middleware: Fix recursive DisallowedHost exceptions. 2017-01-29 20:26:58 -08:00
Tim Abbott 20f3705c00 logging_handlers: Add error handling for invalid hosts. 2017-01-29 19:57:09 -08:00
Tim Abbott 96d3bea6d5 Add changelog from Zulip 1.4.3 release. 2017-01-29 15:32:08 -08:00
Tim Abbott 7ecda1ac8e streams: Fix autosubscribe security bug (CVE-2017-0881). 
A bug in Zulip's implementation of the "stream exists" endpoint meant
that any user of a Zulip server could subscribe to an invite-only
stream without needing to be invited by using the "autosubscribe"
argument.

Thanks to Rafid Aslam for discovering this issue.
 2017-01-29 15:30:59 -08:00
Tim Abbott 7e0ce22808 errors: Remove build_request_repr logic. 
This interface is no longer supported in Django 1.10.
 2017-01-29 14:18:22 -08:00
Tim Abbott dea281557d events: Handle reactions events in apply_events. 
Previously, this race condition just threw an exception.
 2017-01-29 14:18:16 -08:00
Tim Abbott 70af09539f Fix unnecessary traceback in authenticated_rest_api_view. 
Apparently, we weren't returning the `json_error`, resulting in users
encountering this condition receiving a 500, rather than the proper
40x error.

This fixes a regresion introduced in 9ae68ade8b.
 2017-01-29 12:48:10 -08:00
Tim Abbott 234eb7a723 emoji: Add a bunch of documentation in comments for emoji rules. 2017-01-29 12:33:44 -08:00
Rishi Gupta e19f3d5534 emoji: Make minor adjustments to emoji names list. 2017-01-29 12:19:54 -08:00
Tim Abbott d38b552b02 docs: Add initial documentation on the emoji system. 2017-01-29 12:15:29 -08:00
Tim Abbott 0f75c8d4ed docs: Simplify integration guide discussion of writing docs. 
You don't need to know about the div structure of /integrations
anymore, so we shouldn't get into it.
 2017-01-29 11:53:09 -08:00
Tomasz Kolek 3b48f21f5a Add improvements to integration-guide.md. 
Fix some typos, add a few sentences that might clear it a little.
 2017-01-29 11:49:13 -08:00
Jackson db1d6933de docs: Add user guide for Using Zulip on Windows. 2017-01-29 11:38:12 -08:00
Tim Abbott e8fd780413 docs: Fix missing wget when downloading tsearch_extra. 
Fixes #3509.
 2017-01-29 11:23:34 -08:00
Cynthia Lin 522ac3ea4a frontend: Add #search-operators link to search icon; Fixes #1369. 2017-01-29 07:20:15 -08:00
Rishi Gupta 6f307ffd08 emoji: Switch the order of thumbs_up and thumbs_down in autocomplete. 2017-01-28 23:38:03 -08:00
Rishi Gupta 8ef5197d5c emoji: Remove problematic color emoji from autocomplete and picker. 2017-01-28 23:38:03 -08:00
Rishi Gupta a2890f7d7a emoji: Remove duplicates from autocomplete and emoji picker. 
Previously, if you searched for ':offi..' you would see both 🏢 and
:office_building: as possible completions, both of which are shortcodes for
the same unicode codepoint (and hence which have the same image). Also, we
sort the emoji in our emoji pickers alphabetically by shortcode, and so the
images for 🏢 and :office_building: show up next to each other, which
looks like a bug. This removes :office_building: as a shortcode, along with
several hundred other duplicates. It leaves some duplicates in that won't
give autocomplete or alphabetical ordering a problem, like (🚗,
:automobile:).
 2017-01-28 23:38:03 -08:00
Cynthia Lin d8c648ac05 docs: Update *Verify that you message has been successfully sent* doc. 
Change wording for better clarification.
 2017-01-28 22:56:09 -08:00
synicalsyntax 21534930b1 docs: Update *Searching for messages* doc. 2017-01-28 22:49:11 -08:00
synicalsyntax f6fc218ba3 docs: Fix *Join Zulip Chat button* doc. 
With tweaks from tabbott to clean it up and better explain it.
 2017-01-28 22:47:18 -08:00
Tim Abbott 5f4ddb9079 glossary: Add more clarity to private message discussions. 2017-01-28 22:39:35 -08:00
Tim Abbott 2fb51ff876 puppet: Use SIGINT to restart uwsgi. 
This results in a brief service interruption (not a graceful restart),
but fixes a bug where on a `supervisorctl restart zulip-django`, we'd
end up leaking a bunch of uwsgi processes.

The mechanism was that sending SIGHUP to uwsgi was a command for it to
gracefully restart, so it'd start doing that (whereas supervisor
expected it to be dying)... and then supervisor would start up the new
uwsgi process group, resulting in 2 uwsgi process groups running.

This, in turn, led to a memory leak that could eventually result in
OOM kills.
 2017-01-28 22:26:12 -08:00
synicalsyntax 4504818e5e docs: Add user guide for *Send someone a private message* 2017-01-28 19:16:56 -08:00
Cynthia Lin 30b7eee3ef docs: Add user guide for *Configure email notifications* 2017-01-28 19:09:03 -08:00
Yago González d0d0e6956a docs: Improve Spanish style guide. 2017-01-28 19:08:14 -08:00
Yago González 87a7691bfc translations: Improve some strings. 2017-01-28 18:58:09 -08:00
Tim Abbott f96979ae72 templates: Clean references to zulip.com. 2017-01-28 18:38:43 -08:00
Tim Abbott 37dbed7a81 zephyr: Remove Webathena text from translations. 2017-01-28 18:32:57 -08:00
Tim Abbott d73a19927f zephyr: Remove unnecessary hardcoding of hostname. 2017-01-28 18:26:38 -08:00
Tim Abbott b3cb9213d1 Fix malformed double-translated string in alert words code. 2017-01-28 18:23:56 -08:00
Tim Abbott bd6f71580e docs: Remove obsolete terms-enterprise page. 
This was documentation for the old zulip.com enterprise service that
no longer exists.
 2017-01-28 18:12:19 -08:00
Yago González 7fe090f902 translations: Improve some poorly-worded strings. 2017-01-28 18:04:17 -08:00
Tim Abbott 36d54cf5ff Replace references to zulip.com/dist with zulip.org/dist. 
Now that zulip.org has all the files to distribute, there's no reason
to still point to the soon-to-be-decommissioned zulip.com/dist.
 2017-01-28 17:56:25 -08:00
Tim Abbott 5d6f42d136 tests: Fix missing type annotation for events list. 2017-01-28 17:51:46 -08:00
Tim Abbott 153418de38 subs: Send create event to new subscribers of invite-only streams. 
This fixes a regression introduced by our migration to track
subscribers for all public streams, where now users who are added to
an invite-only stream were receiving a mark_subscribed event
for a stream their browser didn't know existed, causing an exception.

To fix this, we now send a stream create event to the browser just
before the user receives the notification that it was added to the
invite-only stream.
 2017-01-28 17:12:16 -08:00
Tim Abbott f665980079 test_subs: Add some additional asserts. 2017-01-28 17:11:39 -08:00