Commit Graph

1227 Commits

Author SHA1 Message Date
Keegan McAllister ac6a74bd73 test_public_urls: Fix docstring
(imported from commit 18bf6595386ca65e0a928c9e0b60e8e0a46f77e2)
2012-11-02 14:57:38 -04:00
Keegan McAllister 02aa92a604 Correct comment on filter_by_subscriptions
This isn't dead code; it's used by tests.

(imported from commit ce6cfc049d2cb8050aff1fef1b77a3778b7ceacb)
2012-11-02 14:57:38 -04:00
Waseem Daher d545ae4884 Bugfix: event -> e.
The fact that we're inconsistent about this in our functions
is definitely going to lead to more bugs of this form
down the road.

(imported from commit 907badcb28c0834729e21436c621255fa6584d44)
2012-11-02 14:31:16 -04:00
Keegan McAllister b87a35c1ff bugdown: Disable + as a bullet character for an unordered list
Fixes #272.

(imported from commit 8afaf14965ed1f6a4bb3ccfc9d4c2d807148666d)
2012-11-02 14:04:09 -04:00
Keegan McAllister 7a6fe207c5 bugdown: Disable ordered lists
These get automatically re-numbered, which will do the wrong thing when people
split their lists across multiple messages.

Fixes #241.

(imported from commit 7f6f2c36a6ab27cef0a34008f304fc0fe25c8bd0)
2012-11-02 14:04:09 -04:00
Jessica McKellar 296f707aef Blur search buttons before hiding them, so they don't interfere with hotkeys.
We currently disable hotkeys if the focus is on a textbox or
button. Hidden buttons can still be in focus, so blur the search
buttons before hiding them.

(imported from commit 5fdab34ad9931ea5ea2ad1827b36dfe4c02d8797)
2012-11-02 12:00:31 -04:00
Jessica McKellar bd822bebcd Disable arrows when you have no more results in a direction.
(imported from commit 824f541fd0b71bf0a9887cb94bb9585059a5413b)
2012-11-02 11:04:16 -04:00
Jessica McKellar d91ddf9359 Hide search arrow keys until a search is active.
(imported from commit 2f6a11ccc410633157502e8beebb4acf32eca2b6)
2012-11-02 11:04:16 -04:00
Jessica McKellar c1cc9f0742 Don't re-focus on the search box after ending the search.
(imported from commit 35bffb245ad9dc58b394a1c5228b32db4830f2bd)
2012-11-02 11:04:16 -04:00
Jessica McKellar 336e4ac5a6 Add a '/' hotkey to initiate a search.
(imported from commit 893865b73ddef0202da8b2f57e341fb1dc0f4fa0)
2012-11-02 11:04:16 -04:00
Jessica McKellar 7877507fe6 Re-enable the search box.
(imported from commit 6fee7e6853e9608bcb5ef211939309eca46801c8)
2012-11-02 11:04:15 -04:00
Tim Abbott 3aa7cc521f Workaround missing keyup event when user types ctrl-f.
(imported from commit ad37e0c9069ee29dd8159e020682cc05738b300b)
2012-11-02 10:50:59 -04:00
Waseem Daher a6dbb88d0a Three autocompletes for subject, for consistency with stream.
(imported from commit 08e12fa2cfbe37b53a06888b879babbcf12733bf)
2012-11-01 21:56:37 -04:00
Waseem Daher 41290f3e23 Fix XSS issue in composebox typeahead.
Whenever we use a typeahead, we should use the escaping highlighter
unless we're explicitly going to put sanitized content in it.

(imported from commit 33086327fe56a7bcbbbf8a08fe3f39800b195e75)
2012-11-01 21:56:37 -04:00
Waseem Daher 69b534c0ba Move composebox typeahead code into its own module.
This also cleans up the autocomplete source specifications,
making the three typeaheads all look fairly consistent.

(imported from commit e72655d715db74cfc9ab45b51e7e2ff9e8ea84c5)
2012-11-01 21:56:33 -04:00
Waseem Daher e72279d6a8 Reintroduce XSS issues in composebox typeahead.
This makes the diff a bit cleaner.
Revert "Interim measure: Escape fullnames as well."
This reverts commit a634e6ac39ea337be499889b3ff64b3c4f4fcccb.

Revert "Interim measure: Escape subject names before they go into the typeahead."
This reverts commit 806bc719ab296ec0fe299b33c7aa6767a0c71b9d.

(imported from commit 5a579e3535846b2bc612cf03e43c562c83119812)
2012-11-01 17:16:27 -04:00
Zev Benjamin 6178cd830a Return the error if return_messages_immediately returns an error response
We previously started long-polling.

(imported from commit 5860e484c63088ed34226f39f5aeb74e3ed43f91)
2012-11-01 16:02:28 -04:00
Tim Abbott 08b76126b4 Make the mouseover date string always include a timezone.
(imported from commit 5b4a98c6e0cdfc87ba57f6d6454488fff2810603)
2012-11-01 14:07:10 -04:00
Tim Abbott 7c3a189c03 Combine api_subscribe and json_add_subscriptions.
(imported from commit 1a5df7c88beb2c27a048b1880136b9c7cb4451b2)
2012-11-01 13:05:52 -04:00
Tim Abbott 7e0cbd1c8b Change json_add_subscription to use the same interface as api_subscribe.
(imported from commit 9b9eb0284ad262ce9701ef81162d954544435d52)
2012-11-01 13:05:52 -04:00
Tim Abbott 27867b0022 Rename add_for_send to subscribe_for_send.
(imported from commit 19f6a0710a84bf8204b81957ca49b09ec9174188)
2012-11-01 13:05:52 -04:00
Tim Abbott aca815d727 Don't add duplicate entries to subscriptions_table.
While we're at it, fix the fact that we're currently not adding
entries to the subscriptions_table at all when we do
subscribe-and-send.

(imported from commit 99bf574a4a296463e562a44186e2282654464542)
2012-11-01 13:05:52 -04:00
Tim Abbott 01bf0868a9 Rename new_subscription argument to streams.
(imported from commit 8024f47564fe580734d5e452f5092520870003a7)
2012-11-01 13:05:52 -04:00
Tim Abbott 0120b2b239 Don't show a user-facing error when subscribe-and-sending and already subscribed.
(imported from commit 7262740e8d967bf69a61fb9fddd74270a3211f5f)
2012-11-01 13:05:52 -04:00
Keegan McAllister cb9cdf22c3 tests: Correct documentation on test_message_to_nonexistent_stream
(imported from commit 76176083c1a0494856a3507214e2cfc3844d1fc1)
2012-11-01 12:08:38 -04:00
Keegan McAllister b81ef9cca7 Replace template variables static_{third,public} with hardcoded paths
So that the 500 error view will render properly, even though no variables are
set.  We keep the variable static_hidden, which by design is not used on the
500 page.

Fixes #240.

(imported from commit 3c7534f896479b7d7edbe5ef13958481e169a13c)
2012-10-31 18:43:44 -04:00
Waseem Daher f0fd80a294 Interim measure: Escape fullnames as well.
I'm sure this problem exists in a latent way with stream names and
email addresses as well. Once I figure out a general way to fix this,
I'd like to go back and handle these three cases in a cleaner,
symmetric way, but this'll do for now.

(imported from commit a634e6ac39ea337be499889b3ff64b3c4f4fcccb)
2012-10-31 17:49:19 -04:00
Waseem Daher 4d83aa96ff Interim measure: Escape subject names before they go into the typeahead.
This is problematic because if your subject name is <b>hi</b>,
selecting it from the typeahead comes back with:
 &lt;b&gt;hi&lt;/b&gt;
which obviously isn't really OK.

(imported from commit 806bc719ab296ec0fe299b33c7aa6767a0c71b9d)
2012-10-31 17:26:13 -04:00
Waseem Daher 765aa833bc Clean up jQuery selectors for the composebox send button.
(imported from commit 6bf7ee00f23290ae5e254b4964db3ed51527368b)
2012-10-31 16:36:22 -04:00
Waseem Daher 1e34e46a2e Make Tab-Enter work as a "send message" shortcut in Safari.
(imported from commit 2eccaea06594a7c3d3e8c6d3c00a20c4c94116a2)
2012-10-31 16:36:22 -04:00
Tim Abbott 22bb5a5830 Fix longpolling on messages to nobody.
This is what caused our server to hang when receiving certain messages
over the last couple days.  It was introduced by me making in the
assumption that doing the same thing we did after validate_notify
failed was a correct way to immediately return from
notify_new_message, which it was not.  The code of validate_notify
actually finished the handler in the event that validation failed,
which isn't "correct", but did not manifest in a visible problem.

The correct way to trigger an immediate response from a tornado view
is to just return the value, not call handler.finish() and then return
None.

Similarly, the correct way to trigger longpolling from a tornado view
is to either return None (or equivalently, / drop off the end of the
function) or return a generator.

(imported from commit 5b931248b4650fc88d5d68f5936a95f19e097af9)
2012-10-31 16:35:30 -04:00
Keegan McAllister 5a7b307d71 Create the narrowbar using a Handlebars template
This fixes an XSS hole (#249).

(imported from commit 5f70c0bc23e0d992f2d85889e2ba9157f1b73b3a)
2012-10-31 16:02:17 -04:00
Tim Abbott 5a3d52baa7 Make the narrowing tooltips a bit more verbose.
(imported from commit ab2cbaa7bfe4eeb0b1d1dd00b6db6aa76574cbff)
2012-10-31 14:06:35 -04:00
Tim Abbott b33c0c4eee Send the stripped stream name to add_subscriptions_backend.
(imported from commit c3bbb9bd200629020fe7e60d42644beaab30bff5)
2012-10-31 14:06:35 -04:00
Tim Abbott 426ab9559d Fix creating new users via zephyr mirroring.
(imported from commit 05e01efabdce081fc574486916c7db343f2cdb1d)
2012-10-31 14:06:35 -04:00
Zev Benjamin 564565f627 When narrowing a second time, don't move the pointer and display the persistent pointer
(imported from commit f49222f3a5df636517cadcafbc3d278f4f0ced00)
2012-10-31 12:03:00 -04:00
Keegan McAllister eac48d9b04 Clear password boxes on settings change submission
(imported from commit 523df7ee039db7be30e66608c491cc441f14fd70)
2012-10-30 17:05:10 -04:00
Tim Abbott 30aab26ccd Fix test_missing_last_received to match current behavior.
(imported from commit 101b08d740ddf46d100c9763f2b78b86e2b07a00)
2012-10-30 16:59:25 -04:00
Tim Abbott 70f21f9d8e Fix 'Stream does not exist' test.
(imported from commit d4f0f3deaa3cc4b9cab67c90b87aa8bff2e72653)
2012-10-30 16:59:25 -04:00
Tim Abbott e48bdfe847 Use json_success for api_fetch_api_key.
(imported from commit 395d992fa634f5304f8a44f38f0251109c1a0810)
2012-10-30 16:59:18 -04:00
Tim Abbott c00e37c106 Use json_error rather than HttpResponseBadRequest and friends.
(imported from commit a9f6df2e561218db46f4ade86bac1ecd87b6ca78)
2012-10-30 16:59:18 -04:00
Tim Abbott 9fa2f0d4f8 Use @require_post for login_required_json_view.
(imported from commit e7efea5f016b1b44a0a3deba024e3df828006cfa)
2012-10-30 16:59:18 -04:00
Waseem Daher e7e05d8617 Fix up some overzealous "instance->subject" renames.
(imported from commit f4ddcfd3749d374cc6abee3b1e7a5aacc3b83e16)
2012-10-30 16:48:00 -04:00
Luke Faraone 75c6fa7202 When doing a deployment, set the site name to app.humbughq.com.
(imported from commit b89f72f0cb94fae7678db570a1e9774dbe471ba9)
2012-10-30 15:13:12 -04:00
Tim Abbott 4e9df28c12 send_message: Don't create streams automatically on send.
(imported from commit 7be1b72c5fdf9a21167d2be3948cf1febf8da8ed)
2012-10-30 15:02:45 -04:00
Luke Faraone 1d6a5741e0 Previously conditionals used the wrong case to reference request.POST.
(imported from commit 2624def3745c3b26114ee1a1a9a20288e078b243)
2012-10-30 13:29:40 -04:00
Luke Faraone 9f61e27218 Fix broken conditionals in get_old_messages_backend.
(imported from commit 13b934cdd2805d45efff18f7ce485b3e17e11c1a)
2012-10-30 13:24:02 -04:00
Keegan McAllister 4a6eafd6bf Provide the static access control link for the 404 page
(imported from commit 3915ff409e1026c35a6d976ed5eea51ba679e0c3)
2012-10-30 11:01:36 -04:00
Keegan McAllister f0c2421f00 Customize the 404 error page Nginx serves for missing static content
(imported from commit 70fc821f9ae29b8a902c48ce57e39273c90f57ff)
2012-10-30 11:00:10 -04:00
Keegan McAllister 7267ba9cd2 Fix test for /accounts/logout
(imported from commit 256929fc4d462832358c31c99bd470a23ffaba29)
2012-10-30 00:18:01 -04:00