Commit Graph

3990 Commits

Author SHA1 Message Date
Shubham Dhama 6a11ff5b28 settings: Deduplicate the template code for checkboxes. 2018-04-19 11:02:30 -07:00
Shubham Dhama b26c38bc47 analytics: Make stats of all realms accessible to server admins.
In this commit:
Two new URLs are added, to make all realms accessible for server
admins. One is for the stats page itself and another for getting
chart data i.e. chart data API requests.
For the above two new URLs corresponding two view functions are
added.
2018-04-18 11:06:50 -07:00
Greg Price e78158bcc3 activity: Refactor code for getting chart data.
This simply refactored the repetitive code for getting stats chart
data.
(commit message tweaked by shubhamdhama)
2018-04-17 17:58:01 -07:00
Steve Howell b3cd29a63e Move stream filter code into stream_list.initialize().
This is just moving code around.  The diff is a little big
due to appeasing the linter, which doesn't like out-of-order
function declarations.
2018-04-17 17:52:19 -07:00
Shubham Dhama 03f95ba993 upload: Rename `uploadStarted` to `drop` to match original convention.
We used uploadStarted for drop callback which is kind of confusing
for new contributors as there is a big difference between uploadStarted
and drop like uploadStarted is called for each file in an upload whereas
the drop is called once when the file(s) are uploaded.
2018-04-16 11:16:42 -07:00
Shubham Dhama 0d0f971ae1 upload: Fix stacking of progress bar on canceling the upload.
This fixes stacking of upload progress bar when upload is canceled
and later made another upload.
2018-04-16 23:00:21 +05:30
Cynthia Lin 7cbc9f40bf compose: Change styling of upload progress bar.
Related to #9095.
2018-04-16 09:46:35 -07:00
Steve Howell 7666e9c7a9 stream settings: Simplify how we select streams tabs.
This commit introduces a helper function called
maybe_select_tab() that goes to the correct tab in the
toggler widget.

It avoids the "lookup" mechanism, which I am hoping to
deprecate, and it handles hypothetical startup issues
by warning instead of crashing.
2018-04-14 11:40:03 -07:00
Steve Howell 9319da8e1d stream settings: Fix bug with Subscribed/All.
Before this commit, this sequence would lead to errors:

        * Open streams page via the gear menu.
        * Go to "All" tab.
        * Leave streams settings.
        * Re-open stream settings via the gear menu.

After doing this, the tab would show "Subscribed" but the list
would be of all messages.

Now we explicitly goto the first tab.

I added a long comment explaining how subs.js contributed
to this bug--in short, we re-build the widget instead of just
re-opening this.

We may also want the toggle component to simply default the
initial tab to the first tab.
2018-04-14 11:40:03 -07:00
Steve Howell a2354ce699 Prevent traceback with info overlays.
We now make sure our toggler exists before invoking its `goto`
method.  Usually a toggler exists pretty early during app
startup, but _setup_info_overlay is wrapped in i18n.ensure_i18n,
which asynchronously fetches translation data.

This commit also simplifies how we find the toggler, by just
storing it in the module where it gets created and consumed.

Fixes #9085.
2018-04-14 11:40:03 -07:00
Tim Abbott 012115c9e0 message_events: Fix updating compose fade after topic editing.
If you started composing a message to a topic, and then the topic was
edited, we would update the compose box and message list state, but we
didn't correctly update the fade state after updating your compose box
(and the message list), resulting in the messages being incorrectly
faded.
2018-04-13 16:31:18 -07:00
Tim Abbott 5ae9505fdc message_list: Move set_message_offset into message_list_view.
The refactor in 12509515ae had a subtle
bug, which is that we switched from accessing the message list "this"
(aka the message list being rerendered) to current_msg_list.  This
meant that when the narrowed_msg_list was in view and code needed to
modify home_msg_list, we accessed the wrong `selected_row` to preserve
the scroll position of (namely, the one in current_msg_list, not the
one in home_msg_list).

Fix this, by moving the function to be a property of the
message_list_view object, which makes more sense structurally, anyway.

We may, in the future, want to do a similar migration for more of
message_viewport.js.

Fixes #8854.
2018-04-13 16:31:18 -07:00
Tim Abbott dbbd3627b5 message_list: Show empty narrow notice after emptying narrow.
If muting, topic editing, or deletion causes a narrow loses its last
message, we should show the empty-narrow notice; similarly, if
un-muting adds the first message, we should hide the notice.

We do this in `rerender()` since that's the common code path for
re-rendering the message list after events that might change this.

This has likely been broken since the very first muting
and topic editing implementations.
2018-04-13 16:31:18 -07:00
Tim Abbott a8d237b252 message_list: Extract rerender_with_target_scrolltop.
We may find this useful in upcoming edits to the muting code.
2018-04-13 16:31:18 -07:00
Aastha Gupta 0c219a1905 invites ui: fixed rerendering of invites list
Earlier it was re-initialising invites list on every load.
Now, if the list is already initialised, it will reutilise
those resources.
2018-04-13 12:07:42 -07:00
Rohitt Vashishtha 7a4788b364 node-tests: Add basic tests for notifications API.
This commit exposes some inner variables of notifications.js to make
them easily testable. The first test added simply checks whether the
showing and closing of notifications works properly, and doesn't yet
verify the main code logic of the notification generation.
2018-04-13 09:13:50 -07:00
Shubham Dhama 50545a3571 settings: Revert checkmark icon to fontawesome and checkbox-green.
In 7b8da9b we have introduced some other checkmark icons
which aren't necessary as old icons still make sense there.

So removing them as they don't add any extra value.

Fixes: #8995.
2018-04-12 11:06:43 -07:00
Tim Abbott feef35bf25 linter: Add checks for sloppy use of .html().
Since jQuery's .html() can be a source of security bugs, we add a new
lint rule that tries to catch common problematic uses.
2018-04-12 09:50:14 -07:00
Tim Abbott 5f0f492205 unread: Clean up variable names around bankruptcy modal.
unread_info was a particularly bad name for the HTML.
2018-04-12 09:48:02 -07:00
Tim Abbott a6d80969f5 subs: Clean up variable name for rendered subscription count. 2018-04-12 09:48:02 -07:00
Tim Abbott ab8fb23164 emoji: Clean up variable names for rendered template content. 2018-04-12 09:48:02 -07:00
Tim Abbott c90fbff703 settings: Clarify variable names for tab template rendering. 2018-04-12 09:48:02 -07:00
Tim Abbott dbb62ba5cb compose: Clean up variable names for preview logic.
This makes it more clear that the content has already been rendered.
2018-04-12 09:48:02 -07:00
Tim Abbott f4aea3ec22 invite: Clarify variable names for rendered_email_msg. 2018-04-12 09:48:02 -07:00
Tim Abbott 0db715d222 search_suggestion: Add escaping for email addresses.
This is probably unnecessary, but makes me feel better about every
code path in this file doing proper escaping to avoid XSS issues.
2018-04-12 09:47:01 -07:00
Tim Abbott 65b9d9e0f3 CVE-2018-9990: Fix XSS issue with stream names in topic typeahead.
Zulip's search typeahead had a security bug, where when autocompleting
a specially crafted stream name, and then hitting space, code within
the stream name would be executed.

Zulip was doing HTML escaping correctly in the main code path using
Filter.describe to describe a narrow, but the escaping function was
not called in a few parallel code paths.  We fix this in a way that
should protect all of these code paths, by making Filter.describe
return properly escaped HTML, rather than depending on its callers to
do so.

Thanks to w2w for reporting this issue.
2018-04-12 09:46:54 -07:00
Rohitt Vashishtha 3bdc8bbaa5 CVE-2018-9986: Fix XSS issues with frontend markdown processor.
This fixes a set of XSS issues with Zulip's frontend markdown
processor, which is used in a limited set of contexts, such as local
echo of messages and the drafts feature.

The implementation of several syntax elements, including the <em>
syntax, user and stream mentions, and some others failed to properly
escape the content inside the syntax.

Fix this, and add tests for each corrected code path.

Thanks to w2w for reporting this issue.
2018-04-12 09:46:37 -07:00
Tim Abbott 1207a08b36 CVE-2018-9987: Fix XSS issue with muting notifications.
This fixes an XSS issue with Zulip's muting UI, where if a stream or
topic name contained malicious HTML containing JavaScript, and the
user did a muting interaction, the malicious JavaScript could run when
rendering the "you just muted a topic" notification.

We did an audit for similarly problematic use of `.html`, and found
none; for the next release we'll be merging a series of changes to our
linter to prevent future instances of this being added.

Thanks to Suhas Sunil Gaikwad for reporting this issue.
2018-04-12 09:46:03 -07:00
YJDave 92a04b31a0 custom fields: Clean custom fields to use existing defined function. 2018-04-12 09:40:09 -07:00
Tim Abbott e6833b6427 cleanup: Remove the legacy Dropbox file upload integration.
This has been hard-disabled for years, we have no plans to re-enable
it, and it has some hacky code in it.
2018-04-11 11:39:48 -07:00
YJDave 95461761e4 subscription: Show current user on top of subscribers list if present.
Fixes #9027.
2018-04-11 09:54:42 -07:00
YJDave c662867f14 subscription: Add comments for recent changes covering corner cases. 2018-04-11 09:51:52 -07:00
Marco Burstein c36a658fee uploads: Fix the upload progress bar.
There was already a progress bar set up, but it became non-functional
after refactoring.  This fixes it.

The default animation was getting cut off when `uploadFinished` is
called, so we add a delay before removing the upload bar to make it
get to the end.

Tweaked by tabbott to have a more natural feeling animation setup
(where we don't animate the width adjustments; just the disappearance
of the bar).

Fixes #8863.
2018-04-09 22:53:06 -07:00
Tim Abbott a4def8d409 copy_and_paste: Re-disable copy-paste handler in production.
This reverts commit 6e048c5d3f.

See #8963 for the main issue we need to fix before re-enabling this;
basically, some combination of toMarkdown and the way text/html gets
written was introducing a lot of bonus/bogus whitespace, both in the
form of newlines and spaces converted to `&nbsp;`.
2018-04-09 22:10:28 -07:00
Shubham Dhama b650b6b38c markdown: Add @stream as an alias for @all.
Fixes: #8930.
2018-04-09 16:35:14 -07:00
Shubham Dhama 771db7fb90 compose typeahead: Refactor repeating code for all and everyone mentions.
This is minor refactor with which we can simply add other aliases for
"all" and "everyone" mentions.
2018-04-09 16:35:14 -07:00
Marco Burstein 7c66d11781 compose: Show avatars for people in typeahead autocompletes.
`@everone` and `@all` will have a megaphone icon from FontAwesome in
place of the avatar.

Also, fix the `composebox_typeahead` tests to account for the images.

Fix #6635.
2018-04-09 15:47:11 -07:00
Tim Abbott 37a83285c4 people: Clean up now-unnecessary url variable. 2018-04-09 12:12:44 -07:00
Tim Abbott 40421c5000 people: Refactor small_avatar_url logic for emails. 2018-04-09 12:12:44 -07:00
Tim Abbott dfac0302fc people: Extract small_avatar_url_for_person.
This is intended to be used in places like compose typeahead to
display users' avatars.
2018-04-09 12:12:44 -07:00
Tim Abbott 3bfd96d8ed people: Use a return for message.avatar_url code path.
This helps clean up this code path a bit.
2018-04-09 12:07:41 -07:00
Tim Abbott 5bcfecd0dc people: Extract gravatar_url_for_email. 2018-04-09 12:07:41 -07:00
YJDave 025956482a subscription: Fix error in appending current user on top of subscriber list. 2018-04-08 16:54:12 -07:00
YJDave f5a7d125c9 subscription: Clean functions `peer_subscribe` and `peer_unsubscribe`. 2018-04-08 16:54:12 -07:00
YJDave dcf9355502 subs.js: Rename function to `check_button_for_sub` to be more specific. 2018-04-08 16:54:12 -07:00
YJDave ed70a92ed3 subscription: Fix error in being re-subscribed to private stream.
Fixes #9023
2018-04-08 16:54:12 -07:00
YJDave 24f51739eb subscription: Add real time sync for user-just-deactivated case.
Currently, stream subscriptions aren't getting updated without
hard reload when user is deactivated in realm.

Fix this issue by updating stream subscription widgets on user
deactivation event.

Fixes #5623
2018-04-08 16:54:12 -07:00
YJDave cf40536ed2 stream_edit.js: Add helper func to rerender all subscriptions settings.
This add the function to rerender subscriptions settings which includes
subscriber count and subscriber list only if subscriptions tab is active.
2018-04-08 16:54:12 -07:00
YJDave 211eba2c56 stream_edit.js: Add helper func to check if sub settings tab is active.
This commit adds a new helper func to check if sub settings tab
is active or not and remove function `add_me_to_member_list`
function from `static/js/stream_edit.js`, cause we don't need to
render subscribers for particular case, as we are already doing that.
2018-04-08 16:54:12 -07:00
YJDave 386c56b466 stream_data.js: Replace user_email with user_id in func is_user_subscribed. 2018-04-08 16:54:12 -07:00