Commit Graph

4295 Commits

Author SHA1 Message Date
Shubham Padia f0d874d51f hashchange: Handle trailing slashes in narrowing URLs.
Fixes #9305.
Empty operators are not allowed while parsing narrowing URLs.
`parse_narrow` stops parsing further if it encounters an empty string
operator.
2018-05-15 09:34:50 -07:00
Steve Howell b5904b264d minor: Pull statements out of loops in unread.js.
We were recalculating the same sub for every iteration
in these two loops.  It's a pretty fast operation
but still nice to do only one time.
2018-05-13 08:47:55 -07:00
Steve Howell 0c9cf12933 Avoid some server fetches for sender:foo queries.
If we find unread messages for a sender, we will
try to render locally narrow for sender searches.

Note that our current implementation brute forces
through all the unread ids.  We can improve this,
although it's not really a bottleneck until we
also support buckets for general filtering.
2018-05-13 08:47:55 -07:00
Steve Howell 6ca145b2ed Add unread.get_all_msg_ids(). 2018-05-13 08:47:55 -07:00
Tim Abbott 4abbfe9154 people: Fix issues with client_gravatar and upper-case emails.
We weren't properly canonicalizing user email addresses when consuming
gravatar URLs.

See http://en.gravatar.com/site/implement/hash/ for the specification.

Fixes #9357.
2018-05-10 12:35:20 -07:00
Steve Howell 815f54cda4 Use local messages for more narrow searches.
We now try harder to find the first unread message in an
upcoming narrow, which has the user-visible effect that we
select the unread message before waiting for search results.

Before this change, we only applied this logic to searches
that were things like exactly stream/topic or exactly is-private.

Now we will also handle things like stream/topic/sender.  For
the stream/topic piece we look up candidate unread ids using
the steam/topic buckets in unread.js, but then we still filter
those messages by stream/topic/sender as we look for the first
unread id.
2018-05-10 06:36:13 -04:00
Steve Howell 5d6d1ca8f9 refactor: Rename narrow_state.get_unread_ids().
I renamed get_unread_ids() to _possible_unread_message_ids().
The name is deliberately verbose, since we're about
to make it have kind of unusual semantics that only make sense
for its one caller.

The outside code will continue to call get_first_unread_info().

In the tests I wrap this function in a wrapper with the more
pleasant name of "candidate_ids", since in the test there's
less worry about unwittingly exposing a kind of janky function.
2018-05-10 06:36:13 -04:00
Steve Howell 9b15c2cd46 minor: Re-order code blocks.
This is setting up for a subsequent commit to have a smaller
diff.  The current ordering of the code blocks doesn't matter,
since only one of the conditions will be true, so this won't
change any behavior.  (Later commits will make the order matter.)
2018-05-10 06:36:13 -04:00
Steve Howell 19ac0b23ab Add filter.can_bucket_by(). 2018-05-10 06:36:13 -04:00
Steve Howell ea581c546c Add filter.is_valid_id_from().
We will use this to find the first id from a list of
message ids that matches a filter.  (This will help us
during narrowing to determine whether we have at least
one good message locally, so that we can render something
useful before waiting for the server.)
2018-05-08 12:13:55 -07:00
Steve Howell a176380df5 refactor: Introduce filter.is_exactly().
This new API replaces some more specific functions that were
only recently introduced:

        is_stream_only
        is_stream_topic_only
        is_pm_with_only
        is_for_only

We use the deterministically sorted "term_type" values for
matching.  (Notably "stream" will come before "topic".)
2018-05-08 12:13:55 -07:00
Steve Howell 60e399f717 Add filter.sorted_term_types. 2018-05-08 12:13:55 -07:00
Steve Howell 081e789405 Add static Filter.sorted_term_types(). 2018-05-08 12:13:55 -07:00
Steve Howell c267d3a6ba Add Filter.term_type. 2018-05-08 12:13:55 -07:00
Steve Howell 27b7461e0a Revert "js: Implement DynamicText class."
This reverts commit 6e7305f784.

We never ending up using this class.
2018-05-08 12:13:55 -07:00
Max Nussenbaum a0dacea811 portico: Remove transition on page load.
Removes the fade in and fade out that used to happen when a
page was loaded.
2018-05-08 09:28:39 -07:00
Yago González 6837fc5d56 i18n: Add missing strings for custom profile fields and fix capitalization.
The "Short/Long Text" option for custom profile fields wasn't properly
capitalized (i.e. "Text" should have been all lowercase), and also
wasn't properly tagged for translation.

For the sake of consistency, the change to proper capitalization has
also been applied to the models and any tests involving this feature.

Due to a bug in Django, it complained about the models having changed
and thus not being consistent with the migrations. That isn't actually
true (since the database stores the numeric values for each key), but
the migrations have been modified to avoid this error. This does not
affect the migrations' behaviour in any way.
2018-05-06 19:44:36 -07:00
Tim Abbott 063d11b139 js: Standardize indentation of switch/case statements.
This gets my current draft eslint indentation configuration passing
cleaning on static/js.
2018-05-06 19:35:18 -07:00
Tim Abbott d6db335f68 js: Reindent case clauses consistently. 2018-05-06 19:35:18 -07:00
Tim Abbott df98fd5cd9 hotkey: Make it possible to use ctrl+K from inside compose.
This works for other text boxes as well, but compose is the main one
that one would want to do a search from.

It's possible we'll find after doing this that "getting back into
compose" becomes a problem, but I guess we can handle that when the
time comes.
2018-05-06 19:30:31 -07:00
Aastha Gupta 66edc003ca hotkey: Make 'Ctrl' hotkeys work with 'CMD' on MacOS.
We only have a couple hotkeys with this model, but they should both
do the correct corresponding thing on MacOS.
2018-05-06 19:21:36 -07:00
Aastha Gupta 19806a0283 keyboard UI: Add Ctrl + k hotkey.
Fixes #8216
This commit binds the Ctrl + k to go to the search bar.
2018-05-06 19:19:00 -07:00
Tim Abbott 7ab8a8e820 js: Fix a bunch of indentation issues found by eslint.
This is preparation for enabling an eslint indentation configuration.
90% of these changes are just fixes for indentation errors that have
snuck into the codebase over the years; the others are more
significant reformatting to make eslint happy (that are not otherwise
actually improvements).

The one area that we do not attempt to work on here is the
"switch/case" indentation.
2018-05-06 16:25:02 -07:00
Tim Abbott 4d0e64ee41 js: Fix some invalid whitespace.
These were detected using eslint.
2018-05-06 12:38:44 -07:00
Tim Abbott 384a8f2e9f custom fields: Clean up template logic for field ID.
This makes a few important cleanup changes:
* Using the more standard data-field-id name for the ID value.
* Using $(e.target).closest() rather than `.parent`, which is more
  robust to future changes in markup.
2018-05-05 15:40:16 -07:00
Yashashvi Dave 06e63af4b4 custom fields: Add UI for choice type custom fields. 2018-05-05 11:59:08 -07:00
Yashashvi Dave 512ab5dbaf js/settings_account.js: Remove hard-coded field no, clean template context. 2018-05-05 11:59:08 -07:00
Steve Howell 264dcb6f40 refactor: Extract MessageListData class.
Most of this was straightforward.

Most functions that were grabbed verbatim and whole from
the original class still have one-line wrappers.

Many functions are just-the-data versions of functions that
remain in MessageList:  see add, append, prepend, remove as
examples.  In a typical pattern the MessageList code becomes
super simple:

    prepend: function MessageList_prepend(messages) {
        var viewable_messages = this.data.prepend(messages);
        this.view.prepend(viewable_messages);
    },

Two large functions had some minor surgery:

    triage_messages =
            top half of add_messages +
            API to pass three lists back

    change_message_id =
            original version +
            two simple callbacks to list

For the function update_muting_and_rerender(), we continue
to early-exit if this.muting_enabled is false, and we copied
that same defensive check to the new function
named update_items_for_muting(), even though it's technically
hidden from that codepath by the caller.
2018-05-05 06:31:51 -07:00
Vishwesh Jainkuniya 3a514c7e41 stream-edit: Fix typo in comment. 2018-05-05 06:25:06 -07:00
Steve Howell 0463bb2c5e Fix corner case with recent narrowing optimization.
For a commit that was just merged I had the "back-out" case
at the wrong nesting level.  It was a pretty obscure failure
scenario that never came up in practice, but basically if you
were starting at a message that was not in your narrow, but
we did have some messages in your narrow, we would try to
go near the old message instead of talking to the server to
find the next unread message in that narrow.
2018-05-04 17:34:34 -07:00
Steve Howell 4573bdd005 narrow: Load messages locally for most sidebar clicks.
Barring a few minor edge cases, when we now do a narrow
that is based on a sidebar-like search (e.g. stream/topic,
no extra conditions), we now go directly to either the
first unread message we know about locally or the last
message if we're all caught up.

We of course used to do this in master until recently; this behavior
was broken by Tim's narrowing refactor branch (ending with
26ac1d237b) which moved us to always
using the select_first_unread flag, by default (fixing issues where if
you clicked around while your pointer was behind, you'd land in the
wrong place).

We now have arguably the best of both worlds:
* The pointer is not considered when computing narrowing positioning
* We only go to the server for sidebar clicks if the data isn't
  available in the browser.
2018-05-04 16:36:51 -07:00
Steve Howell da0c01e4ba Fix regression with topic edits clearing narrows.
We had a recent regression that had kind of a funny symptom.
If somebody else edited a topic while you were in a topic
narrow, even if wasn't your topic, then your narrow would
mysteriously go empty upon the event coming to you.

The root cause of this is that when topic names change,
we often want to rerender a lot of the world due to muting.
But we want to suppress the re-render for topic narrows that
don't support the internal data structures.

This commit restores a simple guard condition that got lost
in a recent refactoring:

        see 3f736c9b06

From tabbott: This is not the correct ultimate place to end up,
because if a topic-edit moves messages in or out of a topic, the new
behavior is wrong.  But the bug this fixes is a lot worse than that,
and no super local change would do the right thing here.
2018-05-04 16:33:23 -07:00
Tim Abbott 43fa0aacbf attachments: Implement frontend for real-time sync.
We now do real-time sync to update the attachments UI when new
attachments are uploaded/deleted.

While we're at it, we fix the UI for the delete option to not do a
weird local echo thing.

This completes the work of a couple issues.  There's still useful
performance work to do here (see the TODO), but it's a minor issue in
a rarely-used screen.

Fixes #6731.
Fixes #3710.
2018-05-04 16:22:27 -07:00
Tim Abbott 19737aab3e attachments: Store the attachments state in a global. 2018-05-04 16:22:27 -07:00
Tim Abbott 802636fbde attachments: Extract format_attachments_data. 2018-05-04 16:22:27 -07:00
Tim Abbott 62a92764f1 attachments: Move one-time-rendering logic out of set_up_attachments. 2018-05-04 16:22:27 -07:00
Tim Abbott 02ad498aa2 attachments: Use data-attachment-id to refer to attachments.
This may fix an issue with the delete button not actually sending the
right data to the server; I'm not sure.  Extracted from a patch by
Aastha Gupta.
2018-05-04 16:22:27 -07:00
Tim Abbott 956bd74905 attachments: Send events for attachment updates.
We send add events on upload, update events when sending a message
referencing it, and delete updates on removal.

This should make it possible to do real-time sync for the attachments
UI.

Based in part on work by Aastha Gupta.
2018-05-04 16:22:27 -07:00
Tim Abbott 69c4645bd2 attachments: Stop fetching attachments in / endpoint.
We only use this data in a rarely-used settings screen, and it can be
large after years of posting screenshots.

So optimize the performance of / by just loading these data when we
actually visit the page.

This saves about 300ms of runtime for loading the home view for my
user account on chat.zulip.org.
2018-05-04 16:22:26 -07:00
Steve Howell 0067ccb931 refactor: Add filtering helpers to message_list.js. 2018-05-04 10:59:56 -07:00
Steve Howell af24f51f0d Add MessageList.is_search().
This prevents MessageListView from having to know about
list.filter.
2018-05-04 10:59:56 -07:00
Steve Howell a68fa980d3 Add starred messages to our new API for unread ids.
Even though starred messages are never unread, it's useful
for us to have helper functions for them.

This change makes it so that clicking on "Starred Messages"
takes you to the last read message immediately, without a
server delay.
2018-05-03 14:36:34 -07:00
Steve Howell 3e19efca36 Change narrow.get_first_read_id -> get_first_read_info.
This function, which is only used in tests so far, needs
to return something more meaningful than undefined when
we don't find an id.
2018-05-03 12:44:30 -07:00
Steve Howell 4eb033964e Add fetch_status.has_found_newest(). 2018-05-03 12:44:30 -07:00
Tim Abbott 42fe331093 echo: Fix exception when topic-editing locally echoed messages.
Previously, if you topic-edited locally echoed messages, it would
throw this exception:

TypeError: Cannot read property 'indexOf' of undefined
    at Object.h.is_status_message (https://chat.zulip.org/static/min/app.274582375298.js:1742:154)
           = static/js/markdown.js line 125 column 13

    at Object.h.apply_markdown (https://chat.zulip.org/static/min/app.274582375298.js:1741:291)
           = static/js/markdown.js line 93 column 29

    at Object.a.edit_locally (https://chat.zulip.org/static/min/app.274582375298.js:1750:195)
           = static/js/echo.js line 176 column 5

    at Object.d.save (https://chat.zulip.org/static/min/app.274582375298.js:1921:376)
           = static/js/message_edit.js line 132 column 13

The behavior with this patch is still not ideal, in that we don't ever
send the edit to the server (if the issue was lag, not an actual error
on sending), but this at least makes the on-error case correct.
2018-05-03 12:14:43 -07:00
Shubham Dhama 9f78540bd0 org settings: Make save-discard widget look better.
This fixes some minor glitches with buttons:
* Movement of the organization-settings-parent block on the
  appearance of widgets.
* Large and odd look of save button.
* Use of fadeIn and fadeOut rather than changing opacity as
  opacity don't actually remove them.
2018-05-03 10:32:34 -07:00
Tim Abbott 0ada5fa9d8 stream_data: Fix exception when notifications_stream is private.
If notifications_stream is private and the current user has never been
subscribed, then we would throw an exception when trying to look up
notifications_stream.  In this situation, we should just treat it like
the stream doesn't exist for the purposes of this user.
2018-05-03 08:33:07 -07:00
Steve Howell c00a054893 minor: Update comment in narrow.activate(). 2018-05-03 07:52:15 -07:00
Steve Howell 93ce1fa95c refactor: Extract save_pre_narrow_offset_for_reload().
This is purely to make it easier to read narrow.activate()
without having to page past lots of unnecessary detail when
you're trying to understand things like how we set the
selection.
2018-05-03 07:52:15 -07:00
Steve Howell e0557046f3 refactor: Extract narrow.update_selection().
The maybe_select_closest helper, when first introduced, was
tiny and close to its callers.

As it's grown, it's become kind of a big hurdle to reading
narrow.activate(), because it's out of chronological order
and it's hard to tell at a glance which variables it's closing
on.

Now we just move it out to module scope.

It's mostly moving code, with these minor changes:

        * we pass in opts for the old closure vars
        * we rename then_select_offset -> select_offset
        * we early-exit on empty lists
2018-05-03 07:52:15 -07:00
Steve Howell d359c89b0c refactor: Introduce select_strategy in narrow.activate.
We replace these variables in narrow.activate:

        then_select_id (int w/-1 as a sentinel)
        select_first_unread (boolean)

The main goal here is to get away from the boolean, since
we are about to introduce a third select strategy.

The new var is select_strategy and it has a union
type with these flavors:

        "exact" (was select_first_unread === false)
        "first_unread" (was select_first_unread === true)

The new flavor will be something like "last_id".

Eliminating then_select_id is also nice, since the -1
sentinel value could be a pitfall, and it's semantically
cleaner to encapsulate behind a check for
select_strategy.flavor.
2018-05-03 07:52:15 -07:00
Steve Howell b046b158d9 refactor: Add a fetch_message IIFE in narrow.activate.
We use an IIFE (immediately invoked function expression)
to fetch messages.  This will allow us to introduce some
local vars in a subsequent commit without creating an ugly
diff and without cluttering an already crowded namespace.
2018-05-03 07:52:15 -07:00
Steve Howell 0bbbdb65b4 minor: Introduce msg_id in maybe_select_closest().
This cleans up a subsequent diff.  Within the context of
`maybe_select_closest`, there's only one `msg_id` we care about,
so the more convoluted name `then_select_id` makes much less
sense than it does in the enclosing scope, and it will make
even less sense after some future changes.

There's also some cosmetic cleanup here.
2018-05-03 07:52:15 -07:00
Steve Howell df0e4a73fa refactor: Remove brittle check for !select_first_unread.
When we are deciding whether to preserve scroll position, we
mainly care that then_select_offset is set to a value.  If
we had no intention of preserving scroll offset, we would have
never bothered to set it.  The check for !select_first_unread
is always redundant, as verified by lots of clicking around
with some print debugging.  And it's a brittle check,
because it couples the decision of scrolling destination to
the mechanism by which we decide our selection.  While those
things are closely related, it's possible in the future that
we'll decide to advance to an unread message and still want
to set then_select_offset, but we might forget to mutate
select_first_unread.

Long story short, the code is simpler and safer now.
2018-05-03 07:52:15 -07:00
Steve Howell 3e08270d48 refactor: Simplify then_select_offset calculation.
We move the var declaration of then_select_offset closer to
where it gets calculated, and we avoid code duplication in
calling current_msg_list.get_row().
2018-05-03 07:52:15 -07:00
Steve Howell d021a51047 Avoid brittle attempt to get messages with id === -1.
Even when then_select_id has the sentinel value of -1, we were
trying to look it up in our message_list.all object.  This would
have returned undefined, which is fine, but it's more explicit
to just bypass the check.
2018-05-03 07:52:15 -07:00
Aditya Bansal 583f50179c public_archives: Add floating recipient bar. 2018-05-02 15:23:33 -07:00
Aditya Bansal 898c281692 public_archives: Add styling to the public topics. 2018-05-02 15:23:33 -07:00
Steve Howell 1941a0eb51 refactor: Swap conditions for pre-filling narrows.
This mostly sets up the next commit.  The two conditions here
are both inexpensive to check, but we want to bypass an upcoming
expensive operation if can_apply_locally() returns false.
2018-05-02 13:34:54 -07:00
Steve Howell 66cd2edee4 Add narrow_state.get_first_unread_id(). 2018-05-02 13:34:54 -07:00
LuisFSilva a072b2a153 right-sidebar: Fix group PMs online indicator.
People found it confusing that it would show up at light-green when
the users in the thread were idle.

Fixes #8242.
2018-05-02 12:41:01 -07:00
Shubham Dhama 02c3223985 upload: Improve logic for hiding progress bar for fast upload.
With past logic, on fast upload progress bar don't appears because
uploadFinished is called as soon as upload is finished so
progress bar get disappeared. To make these hiding of progress bar
smooth we set setTimeout for every hiding of progress bar as well
as complete status element.
2018-05-02 12:32:13 -07:00
Shubham Dhama c67897ba5b upload: Make progress bar for each file independent.
Here `file.lastModified` is unique for each upload so it is used
to track each upload individually.
Also, we have used `uploadStarted` function because it is
called for each file during an upload.

Fixes: #9068.
2018-05-02 12:32:13 -07:00
Shubham Dhama 6d33e73b5f upload: Remove progress bar only when upload is finished.
Previous logic was little buggy, as many time there can be considerable
difference between uploadFinished and progressUpdated as progressUpdated
can finish much earlier(on a slow connection) and the "uploaded file"
markdown text is inserted with some delay.
It is also a preliminary commit for making each progress bar independent
as currently progressUpdated may close upload_bar even after only
one file out of many files is uploaded.
2018-05-02 12:32:13 -07:00
Shubham Dhama 4c28a79815 org settings: Clean up the context for admin pages.
This is a minor clean up of some contexts for admin pages
which we don't need anymore.
2018-05-02 11:42:28 -07:00
Shubham Dhama c293bb82c4 org settings: Change user joining invitation setting to dropdown. 2018-05-02 11:42:26 -07:00
Steve Howell 230ecb24ed Add narrow_state.get_unread_ids(). 2018-05-02 11:23:58 -07:00
Steve Howell ceee49c075 Add filter.is_for_only(operand). 2018-05-02 11:23:58 -07:00
Steve Howell 7bc95efb41 Add unread.get_msg_ids_for_mentions(). 2018-05-02 11:23:58 -07:00
Steve Howell 9987ea525f Add unread.get_msg_ids_for_private(). 2018-05-02 11:23:58 -07:00
Steve Howell 7222dbd99b refactor: Simplify narrow_state.is_for_stream_id().
This takes advantage of the new function narrow_state.stream_id().

We now assume the incoming stream_id is a valid stream_id, so we
no longer need to test some of the error checking.  (It's possible that
the incoming stream_id may no longer be for a stream you subscribe
to, but the nice benefit of working more in "id space" is that if
it doesn't match the narrow's stream id, we know false is a safe
return value.)
2018-05-02 09:16:24 -07:00
Steve Howell a62c85c015 Add narrow_state.stream_sub() and narrow_state.stream_id(). 2018-05-02 09:16:24 -07:00
Steve Howell 0232e92038 Add filter.is_pm_with_only(). 2018-05-02 09:16:24 -07:00
Steve Howell 2a70f0dba4 Add filter.is_stream_topic_only(). 2018-05-02 09:16:24 -07:00
Steve Howell 08307c0e87 Add filter.is_stream_only(). 2018-05-02 09:16:24 -07:00
Steve Howell 861cb16c3e minor: Remove redundant function names in Filter class.
We no longer use the style of giving a function name to a
function that already has a name from the object it gets
attached to.
2018-05-02 09:16:24 -07:00
Steve Howell 0150c01027 Add unread.get_msg_ids_for_person(). 2018-05-02 09:16:24 -07:00
Steve Howell 2b35f26b88 Add unread.get_msg_ids_for_stream(). 2018-05-02 09:16:24 -07:00
Steve Howell c432acb436 Add unread.get_msg_ids_for_topic().
This will be useful for some narrowing related changes.
2018-05-02 09:16:24 -07:00
Steve Howell 76b97d8b54 refactor: Add util.sorted_ids().
We borrowed this from typing_data.js and gave it a slightly
different name (sorted -> sorted_ids).
2018-05-02 09:16:24 -07:00
gooca a8830ec8da hello.html: Add testimonial carousel.
Replaces single testimonial and replaces it with multi-testimonial
slider.

Quote added by Tim Abbott with permission from Jacinda.
2018-05-01 16:45:52 -07:00
Angelika Serwa f4f64243dd custom_profile_fields: Support changing the sort order of the fields.
Tweaked by tabbott for variable naming and the URL.

Closes #8879.
2018-04-30 18:17:41 -07:00
Shubham Padia 23e82315b5 stream-settings: Remove redundant actually_filter_streams function call.
After adding a newly created stream to the top of the stream list,
call to actually_filter_streams in stream_events.mark_subscribed
rerendered the filter_table and the stream list was refreshed.  The
call to actually_filter streams was introduced to rerender the
subscriber list but stream_edit.rerender_subscribers_list takes care
of it already.

Fixes #9033.
2018-04-30 11:38:47 -07:00
Yashashvi Dave dbd24c5c93 create stream: Fix preview btn not showing on private stream creation.
Fixes #9028
2018-04-30 11:15:07 -07:00
Yashashvi Dave 86eddd79bc stream settings: Fix scrollbar bug on unsubscribing themselves.
Fix scrollbar not updating when user unsubscribe themselves
from "Stream members" list, by clicking "Unsubscribe" button.

Fixes #9029
2018-04-30 11:15:07 -07:00
Yashashvi Dave 0d7d94d0db custom fields: Add support for custom URL field type. 2018-04-30 10:53:23 -07:00
Yashashvi Dave d2128105dd custom fields: Fix bug in real time sync for user settings.
Currently when admin add/remove/update custom fields, changes
are not reflected in user settings page, if settings tab
is already open. This might be rare case, but it looks like
an error when admin go to user settings page just after
updating custom fields in org settings.

Fix this by re-rendering custom fields in user settings
on custom_profile_fields event.
2018-04-30 23:04:25 +05:30
Yashashvi Dave 4033f210af custom fields: Add support for custom date field type. 2018-04-30 23:04:25 +05:30
Yashashvi Dave 5e63e6061b custom fields: Add UI for custom field hint.
Fixes #8876
2018-04-30 10:14:50 -07:00
Yashashvi Dave 66759358e2 create stream: Add maxlength restriction on name and description. 2018-04-30 10:11:25 -07:00
Yashashvi Dave a28adb0ba3 stream settings: Reset stream description on error.
Reset old value of stream description on error. This commit
also update the error message on updating stream name and
description.
2018-04-30 10:11:25 -07:00
Yashashvi Dave 8729c9001d static/js/settings_streams.js: Move delete_stream func to `stream_edit.js`. 2018-04-30 17:48:16 +05:30
Yashashvi Dave 7bbe44d7a0 org settings: Remove "Delete streams" administrative tab from settings.
Fixes #9227
2018-04-30 17:47:34 +05:30
Tim Abbott 9729b1a4ad search: Remove buggy double-call of set_message_booleans.
In a refactor last fall, we changed `set_message_booleans` to mutate
state (specifically, destroying msg.flags in favor of setting
properties like `msg.unread`).  This was fine for most code paths, but
the maybe_add_narrowed_messages code path called
`message_store.add_message_metadata` twice (once after talking to the
server to find out whether the messages go into the current narrow),
and so when we extracted set_message_booleans from that, the second
call didn't properly short-circuit.

We fix this by just removing the second call, and also add a comment
warning about the add_message_metadata call there as being dangerous.

Fixes #8184.
2018-04-28 14:39:24 -07:00
Tim Abbott 7d6bb3dcb4 settings: Remove obsolete default_desktop_notifications setting.
This actually hasn't been hooked up to do anything in years.

While we're at it, we remove the entire "Zulip Labs" settings page.
2018-04-28 13:46:07 -07:00
Shubham Dhama 7f679bcdce org settings: Make allowed domain table status element fade out. 2018-04-28 13:24:59 -07:00
Shubham Dhama 689c717284 message_edit: Don't offer UI to edit topics after time limit.
This fixes a couple places where with community topic editing, we'd
show the edit-topic UI basically indefinitely.
2018-04-28 13:14:27 -07:00
Shubham Dhama da8157d414 message: Extract function for editability of topic. 2018-04-28 13:00:29 -07:00
Shubham Dhama 7f9cfab15a org settings: Add frontend for allow_community_topic_editing. 2018-04-28 13:00:29 -07:00
Steve Howell c22a1d1f23 refactor: Simplify return values for would_receive_message().
Instead of treating false differently from undefined, our
function is now a regular boolean function, and we limit our
code comments to the one corner case where the true/false
decision is kind of arbitrary and possibly confusing.
2018-04-28 11:15:14 -07:00
Steve Howell 2efae10c7c refactor: Remove dead code from would_receive_message().
The buddy list never includes yourself nor bots, so we
remove the special case handling for those situations.

If we were to put bots or the current user back in the list,
I'm not convinced the old logic was what we'd want in either
case going forward.

For example, we might want to fade bots that aren't subscribed
to public streams, since they might otherwise confuse people,
but then again they would receive messages.  And then "yourself"
is a recipient in the technical sense but they're kinda
not and either way it doesn't provide much signal either way.
2018-04-28 11:15:14 -07:00
Steve Howell d1bf6028ef Remove hack for stream cog.
We don't need to special-case the stream cog handler when we
handle the click event for the surrounding header.  The browser
will fire the event for the cog first, which stops propagation.
2018-04-28 11:15:14 -07:00
Steve Howell e9c6f3a07d stream list: Use newer code for the list cursor.
The new list_cursor class is more generic and saves the state
of your cursor across redraws.

Note that we no longer cycle from bottom to top or vice versa.

The node test code that was removed here was kind of complex
and didn't actually assert useful things after calling methods.
2018-04-28 11:15:14 -07:00
Steve Howell 97b9367d20 refactor: Extract scroll_util.js.
We now use scroll_element_into_container() in two different
places, so it's worth extracting.
2018-04-28 11:15:14 -07:00
Steve Howell 068e4bf32b buddy list: Populate user-fade via templates.
When we populate the buddy list or update it for activity, we now
have buddy_data set a faded flag that is rendered in the template.
This avoids some re-rendering overhead and is on the eventual path
to having our widget be more data-oriented (and all rendering happens
"behind" the widget).

We still do direct DOM updates when the compose state changes or
when we get peer subscription events.
2018-04-28 11:15:14 -07:00
Steve Howell d88d6df53b refactor: Fix naming conventions in compose_fade.js.
We don't really need the "_" prefix for private functions, since
public functions are exported, and it was a bit distracting.
2018-04-28 11:15:14 -07:00
Steve Howell d4fc92c1c7 refactor: Rename method to compose_fade.update_all().
The function was misnamed before.
2018-04-28 11:15:14 -07:00
Steve Howell 5d6c9c1b47 compose_fade: Extract user_fade_config.
This commit extracts the key UI elements of updating the buddy
list for compose fade into a configuration, and we interact with
the buddy_list API.
2018-04-28 11:15:14 -07:00
Steve Howell fb712027bf buddy list: Fix and simplify up/down navigation.
This introduces a generic class called list_cursor to handle the
main details of navigating the buddy list and wires it into
activity.js.  It replaces some fairly complicated code that
was coupled to stream_list and used lots of jQuery.

The new code interacts with the buddy_list API instead of jQuery
directly.  It also persists the key across redraws, so we don't
lose our place when a focus ping happens or we type more characters.

Note that we no longer cycle to the top when we hit the bottom, or
vice versa.  Cycling can be kind of an anti-feature when you want to
just lay on the arrow keys until they hit the end.

The changes to stream_list.js here do not affect the left sidebar;
they only remove code that was used for the right sidebar.
2018-04-28 11:15:14 -07:00
Steve Howell c63f2db25b hotkeys: Remove call to activity.blur_search().
The blur_search() function was removed in this commit:

See da06832837

We now no longer attempt to call it.  It's not completely clear
to me what this did before, but we are rewriting a lot of the
keyboard navigation for search anyway.
2018-04-28 11:15:14 -07:00
Steve Howell f11b3c9934 buddy_list: Clean up selector references.
In this cleanup I make it so that all jQuery selector references
are toward the top of the module, and we do all finds relative
to the container ('#user_presences').

This will make it easier to make a better list abstraction for
the buddy list, for things like progressive rendering.
2018-04-28 11:15:14 -07:00
Steve Howell 65d8eb3189 buddy list: Extract user_search.js.
This was a bit more than moving code.  I extracted the
following things:

        $widget (and three helper methods)
        $input
        text()
        empty()
        expand_column
        close_widget
        activity.clear_highlight

There was a minor bug before this commit, where we were inconsistent
about trimming spaces.  The introduction of text() and empty() should
prevent bugs where users type the space bar into search.
2018-04-28 11:15:14 -07:00
Steve Howell 2879a63bcc buddy list: Relax count limit when doing searches.
A recent change filtered out offline users from the buddy list
whenever the list size would otherwise exceed 600.

This commit reverts half that change--we can now show 600+ users
again, but only when searching.
2018-04-28 11:15:14 -07:00
Tim Abbott 955ef3b18c bot settings: Fix spelling of data-user-id. 2018-04-28 10:23:46 -07:00
Shubham Dhama ccd5581bcd org settings: Handle floating point durations better for time limits.
Fixes: #9253.
2018-04-28 09:33:31 -07:00
Shubham Dhama fdc4de9435 org settings: Remove redundant case in update_dependent_subsettings.
This is because we cover the case of `realm_allow_message_editing` by
`realm_msg_edit_limit_setting` after the conversion into dropdown.

This commit also contains a minor variable renaming.
2018-04-27 19:35:22 -07:00
YJDave 6bef44a9fa org setting: Add time limits for message deleting.
Add realm setting to set time limit for message deleitng.
Set default value of message_content_delete_limit_seconds
to 600 seconds(10 min).

Thanks to Shubham Dhama for rebasing and reworking this.  Some final
edits also done by Tim Abbott.

Fixes #7344.
2018-04-27 19:22:28 -07:00
Tim Abbott 2d5d6a1fd1 message_edit: Fix buggy error string for message deletion.
The previous model resulted in an ugyl `.:` sequence.
2018-04-27 19:12:18 -07:00
Akash Nimare bfcff052fe desktop-app: Update app to latest v2.0.0. 2018-04-27 17:23:17 -07:00
Tim Abbott a0fcc6ceb5 compose: Don't auto-scroll very tall messages on click.
This fixes an issue where with very tall messages (more than about a
screen in height), one would end up scrolled to the bottom of the
message if you clicked on it, which usually felt annoying.

Fixes #8941.
2018-04-27 14:19:58 -07:00
Vishnu Ks d504c336dc portico: Mention about thirdparty desktop apps. 2018-04-27 11:14:17 -07:00
Tim Abbott 31f2c5e385 message_list: Fix hiding messages edited to a muted topic.
Previously, we did a rerender without first re-computing which
messages were muted; this was incorrect, because whether a message is
muted can change if the topic changes.

Fixes #9241.
2018-04-27 08:52:24 -07:00
Tim Abbott 3f736c9b06 message_list: Clean up API for rerender_after_muting_changes.
This was only called from two places in one function, and we can just
check muting_enabled in the caller.

This refactor is important, because we might need to update muting
after other changes (specifically, message editing to move a topic to
be muted/non-muted).
2018-04-27 08:52:24 -07:00
Tim Abbott 88951d627a viewport: Hide right-sidebar buddy list below 1024px.
This is a slight change in the responsive design, moving the 975px
cutoff to 1025px; the main effect is that for windows that just barely
had a right sidebar, we now hide the ride sidebar.  This is pretty
beneficial for the user experience specifically in the common size of
1024px, where that sidebar was making things feel a bit too
constrained.
2018-04-26 14:33:28 -07:00
Steve Howell e5885fa8e4 Add compose.needs_subscribe_warning.
This function replaces part of compose_fade.would_receive_message(),
which has a real janky interface of returning true, false, or
undefined.

We don't need to couple the semantics of compose fading to whether
we help subscribe a mentioned user.  They're mostly similar, but they
will probably diverge for things like bots, and the coupling makes
it difficult to do email -> user_id conversions.

One thing that changes here is that we get the stream name from
compose_state, instead of compose_fade.focused_recipient.  The
compose_fade code uses focused_recipient for kind of complicated
reasons that don't concern us here.
2018-04-26 08:42:47 -07:00
Umair Khan 93bb3e8d6e profile: Add UI for Choice field. 2018-04-26 00:35:54 -07:00
Umair Khan cf2f6b38dd profile: Add choice field.
Fixes part of #8878
2018-04-26 00:35:51 -07:00
Shubham Dhama b411bc050e org settings: Change join org permissions to dropdown. 2018-04-25 16:00:55 -07:00
Sampriti Panda e86d5139bb copy_and_paste.js: Remove excess newlines while pasting markdown html.
Fixes #8963
2018-04-24 08:27:43 -07:00
Shubham Dhama f19b0b3254 org settings: Change message_edit settings to dropdown.
This coverts the "checkbox" for `realm_allow_message_editing`  and
"input" for `realm_message_content_edit_limit_seconds` into a
dropdown with the option for custom time limit option.
2018-04-23 18:22:35 -07:00
Tim Abbott 3e49850d6b popovers: Fix broken node test.
This seems to have been introduced when rebasing
7533796ea9.
2018-04-23 17:29:15 -07:00
Vishnu Ks 7533796ea9 popover: Add an option to show user profile.
Fixes #8880
2018-04-23 16:56:24 -07:00
Tim Abbott 322fc52cd5 people: Suppress reporting late user additions when reloading.
If the browser is in the progress of reloading when it finishes
fetching some messages, it's not really a bug, and we shouldn't report
it as such.

This should help make Zulip's browser error reporting less spammy.
2018-04-23 12:20:27 -07:00
Tim Abbott 048f15e975 unread: Fix messages that cannot be marked as read in narrows.
If you visit a narrow that has unread messages on it that aren't part
of the home view (e.g. in a muted stream), then we were never calling
`message_util.do_unread_count_updates`, and more importantly,
`unread.process_loaded_messages` on those messages.  As a result, they
would be unread, and moving the cursor over them would never mark
those messages as read (which was visible through the little green
marker never disappearing).

I can't tell whether this fixes #8042 and/or #8236; neither of them
exactly fits the description of this issue unless the PM threads in
question were muted or something, but this does feel related.
2018-04-23 11:46:46 -07:00
Vishnu Ks c9e932a7ce settings: Add support for Hangouts as the video chat provider.
The only thing that's annoying about this feature is that you need to
be a paying G Suite customer to use it.
2018-04-23 09:39:47 -07:00
Tim Abbott 26ac1d237b narrow: Remove now-unnecessary use_initial_narrow_pointer option.
We replace it with the much more intuitive then_select_offset option.
2018-04-22 21:33:34 -07:00
Tim Abbott ccd546cc75 narrow: Migrate code for use_initial_narrow_pointer. 2018-04-22 21:33:33 -07:00
Tim Abbott a0c6930ca9 narrow: Remove confusing code to unset use_initial_narrow_pointer.
Nothing reads that variable after this point, so we don't need to mutate it.
2018-04-22 21:33:33 -07:00
Tim Abbott 35585f75d9 narrow: Move select_first_unread to be a local variable.
This makes the API more obvious that this is not a parameter to be
passed into narrow.activate.
2018-04-22 21:33:33 -07:00
Tim Abbott e4c50ff4fd narrow: Remove unnecessary select_first_unread option.
We consistently either pass a `then_select_id` into narrow.activate,
or were using the select_first_unread option.  Now, we just compute
select_first_unread based on the value of then_select_id.
2018-04-22 21:33:33 -07:00
Tim Abbott 0c9b1dc9ff search: Use select_first_unread when narrowing.
Apparently, our search code was the last holdout that was still using
the pointer to determine where to place a narrow.
2018-04-22 21:33:33 -07:00
Tim Abbott 6bab4e0aad narrow: Fix narrowing behavior when loading a new tab.
In the very early days of Zulip, we didn't have unread counts; just
the pointer, and the correct behavior when opening a new tab was to
place you near the pointer.  That doesn't make any sense now that we
do have unread counts, and this corner case has been a wart for a long
time.

This commit does the main behavior change here.  However, there's a
bug we need to fix, where we might end up trying to pre-render a view
of the narrow based on the `all_msg_list` data before `all_msg_list`
is caught up).  We need to fix that bug before we can merge this; it
should be possible to determine that using `FetchStatus` on
`all_msg_list`, or with better performance by using the `unread_msgs`
structure to determine whether the message we should be selecting is
present locally.

Fixes #789.
Fixes #9070.
2018-04-22 21:33:17 -07:00
Tim Abbott 1d5204c82b narrow: Fix incorrect values for use_first_unread_anchor.
Apparently, we were incorrectly passing through something related to
opts.use_initial_narrow_pointer as the value for `use_first_anchor`.

If you read the logic in narrow.js carefully,
use_initial_narrow_pointer was unconditionally false.

The correct value for this attribute is when we're trying to narrow to
the first unread message in a given context.  There are two things to
check:

* then_select_id is -1; i.e. we don't have a specific message ID we're
  trying to narrow around.
* select_first_unread is True, i.e. we're trying to narrow to the
  first unread message.

A bit more work should allow us to get rid of the second condition,
but I'm not quite confident enough to do that yet.
2018-04-22 21:33:14 -07:00
Steve Howell 6d4855bd6a lint: Prevent accidental use of const.
This prevents us from using const in our JS code, with exceptions
for test code and the portico.  Hopefully this is just a temporary
rule until we make our pipelines with work with ES6.

I tried to prevent "let", but that was too noisy.

This adjusts the one false-negative case of using const in a comment.
2018-04-22 20:11:38 -07:00
Steve Howell 76d83af62b buddy list: Extract activity.narrow_for_user.
This change makes a common code path for these two operations:
        * clicking on a user
        * hitting enter when a user is highlighted

The newer codepath, for the enter key, had some differences that
were just confusing.  For example, there's no need to open the
compose box, since that's already handled by the narrowing code.

For possibly dubious reasons, I let each handler still call
popovers.hide_all() on its own, since it makes the code a bit
more consistent with existing code patterns.
2018-04-22 20:08:08 -07:00
Steve Howell 54389f7b41 buddy list: Shrink overly large lists.
If we would have more than 600 people in a buddy list, it's kind of
cumbersome to scroll through it, and it's also expensive to render
it (short of doing progressive rendering, which adds a lot of
complexity).

So, as a short term measure, we filter out offline users whenever the
list would exceed 600 users.  Note that if you are doing a search that
narrows to fewer 600 users, the offline users will appear again.
2018-04-22 20:08:08 -07:00
Steve Howell 3f1930f9c5 buddy list: Extract buddy_data.js. 2018-04-22 20:08:08 -07:00
Steve Howell 536236d9b1 buddy list: Extract buddy_list.js. 2018-04-22 20:08:08 -07:00
Utkarsh Patil 955d03b8a0 emoji: Prefix sort for emojis.
Emoji prefix sort for "popular emojis first". Fixes #7625.
2018-04-21 22:28:45 -07:00
Utkarsh Patil 59f5af6b62 emoji: Export popular emojis list.
Provisions to export popular emojis list.
2018-04-21 22:24:07 -07:00
Steve Howell 5f53fb1561 refactor: Remove factory code for toggle component.
We now have components.toggle simply return an object, without
putting the object into a lookup table.  The consumers of the
objects have all been changed to just store the object in their
own module scope.

The diff is a bit hard to read here, but it's mostly de-denting
code and removing these things:

        - we don't have opts.name
        - we don't have __toggle.lookup
        - we don't have keys
        - we don't create a sibling object to the prototype object
2018-04-20 13:45:58 -07:00
Steve Howell f73bfd2a5c refactor: Extract settings_toggle.js.
This mostly moves code, and we also abandon the lookup mechanism
for finding our toggler.
2018-04-20 13:45:58 -07:00
Shubham Dhama 9aa9ed9472 org settings: Refactor code for get_property_value.
This just makes the code for getting the property value more readable
and less confusing.
2018-04-19 21:47:04 -07:00
Shubham Dhama b41a204dbb org settings: Remove redundant property type from org_permissions object.
`add_emoji_by_admins_only` is already covered in
`get_complete_data_for_subsection` function.
2018-04-19 14:58:12 -04:00
Umair Khan 79ff89ed8b profile: Add hint field in the settings UI.
We still don't actually display it in the "Edit your profile" UI.
2018-04-19 11:32:45 -07:00
Shubham Dhama 6a11ff5b28 settings: Deduplicate the template code for checkboxes. 2018-04-19 11:02:30 -07:00
Shubham Dhama b26c38bc47 analytics: Make stats of all realms accessible to server admins.
In this commit:
Two new URLs are added, to make all realms accessible for server
admins. One is for the stats page itself and another for getting
chart data i.e. chart data API requests.
For the above two new URLs corresponding two view functions are
added.
2018-04-18 11:06:50 -07:00
Greg Price e78158bcc3 activity: Refactor code for getting chart data.
This simply refactored the repetitive code for getting stats chart
data.
(commit message tweaked by shubhamdhama)
2018-04-17 17:58:01 -07:00
Steve Howell b3cd29a63e Move stream filter code into stream_list.initialize().
This is just moving code around.  The diff is a little big
due to appeasing the linter, which doesn't like out-of-order
function declarations.
2018-04-17 17:52:19 -07:00
Shubham Dhama 03f95ba993 upload: Rename `uploadStarted` to `drop` to match original convention.
We used uploadStarted for drop callback which is kind of confusing
for new contributors as there is a big difference between uploadStarted
and drop like uploadStarted is called for each file in an upload whereas
the drop is called once when the file(s) are uploaded.
2018-04-16 11:16:42 -07:00
Shubham Dhama 0d0f971ae1 upload: Fix stacking of progress bar on canceling the upload.
This fixes stacking of upload progress bar when upload is canceled
and later made another upload.
2018-04-16 23:00:21 +05:30
Cynthia Lin 7cbc9f40bf compose: Change styling of upload progress bar.
Related to #9095.
2018-04-16 09:46:35 -07:00
Steve Howell 7666e9c7a9 stream settings: Simplify how we select streams tabs.
This commit introduces a helper function called
maybe_select_tab() that goes to the correct tab in the
toggler widget.

It avoids the "lookup" mechanism, which I am hoping to
deprecate, and it handles hypothetical startup issues
by warning instead of crashing.
2018-04-14 11:40:03 -07:00
Steve Howell 9319da8e1d stream settings: Fix bug with Subscribed/All.
Before this commit, this sequence would lead to errors:

        * Open streams page via the gear menu.
        * Go to "All" tab.
        * Leave streams settings.
        * Re-open stream settings via the gear menu.

After doing this, the tab would show "Subscribed" but the list
would be of all messages.

Now we explicitly goto the first tab.

I added a long comment explaining how subs.js contributed
to this bug--in short, we re-build the widget instead of just
re-opening this.

We may also want the toggle component to simply default the
initial tab to the first tab.
2018-04-14 11:40:03 -07:00
Steve Howell a2354ce699 Prevent traceback with info overlays.
We now make sure our toggler exists before invoking its `goto`
method.  Usually a toggler exists pretty early during app
startup, but _setup_info_overlay is wrapped in i18n.ensure_i18n,
which asynchronously fetches translation data.

This commit also simplifies how we find the toggler, by just
storing it in the module where it gets created and consumed.

Fixes #9085.
2018-04-14 11:40:03 -07:00
Tim Abbott 012115c9e0 message_events: Fix updating compose fade after topic editing.
If you started composing a message to a topic, and then the topic was
edited, we would update the compose box and message list state, but we
didn't correctly update the fade state after updating your compose box
(and the message list), resulting in the messages being incorrectly
faded.
2018-04-13 16:31:18 -07:00
Tim Abbott 5ae9505fdc message_list: Move set_message_offset into message_list_view.
The refactor in 12509515ae had a subtle
bug, which is that we switched from accessing the message list "this"
(aka the message list being rerendered) to current_msg_list.  This
meant that when the narrowed_msg_list was in view and code needed to
modify home_msg_list, we accessed the wrong `selected_row` to preserve
the scroll position of (namely, the one in current_msg_list, not the
one in home_msg_list).

Fix this, by moving the function to be a property of the
message_list_view object, which makes more sense structurally, anyway.

We may, in the future, want to do a similar migration for more of
message_viewport.js.

Fixes #8854.
2018-04-13 16:31:18 -07:00
Tim Abbott dbbd3627b5 message_list: Show empty narrow notice after emptying narrow.
If muting, topic editing, or deletion causes a narrow loses its last
message, we should show the empty-narrow notice; similarly, if
un-muting adds the first message, we should hide the notice.

We do this in `rerender()` since that's the common code path for
re-rendering the message list after events that might change this.

This has likely been broken since the very first muting
and topic editing implementations.
2018-04-13 16:31:18 -07:00
Tim Abbott a8d237b252 message_list: Extract rerender_with_target_scrolltop.
We may find this useful in upcoming edits to the muting code.
2018-04-13 16:31:18 -07:00
Aastha Gupta 0c219a1905 invites ui: fixed rerendering of invites list
Earlier it was re-initialising invites list on every load.
Now, if the list is already initialised, it will reutilise
those resources.
2018-04-13 12:07:42 -07:00
Rohitt Vashishtha 7a4788b364 node-tests: Add basic tests for notifications API.
This commit exposes some inner variables of notifications.js to make
them easily testable. The first test added simply checks whether the
showing and closing of notifications works properly, and doesn't yet
verify the main code logic of the notification generation.
2018-04-13 09:13:50 -07:00
Shubham Dhama 50545a3571 settings: Revert checkmark icon to fontawesome and checkbox-green.
In 7b8da9b we have introduced some other checkmark icons
which aren't necessary as old icons still make sense there.

So removing them as they don't add any extra value.

Fixes: #8995.
2018-04-12 11:06:43 -07:00
Tim Abbott feef35bf25 linter: Add checks for sloppy use of .html().
Since jQuery's .html() can be a source of security bugs, we add a new
lint rule that tries to catch common problematic uses.
2018-04-12 09:50:14 -07:00
Tim Abbott 5f0f492205 unread: Clean up variable names around bankruptcy modal.
unread_info was a particularly bad name for the HTML.
2018-04-12 09:48:02 -07:00
Tim Abbott a6d80969f5 subs: Clean up variable name for rendered subscription count. 2018-04-12 09:48:02 -07:00
Tim Abbott ab8fb23164 emoji: Clean up variable names for rendered template content. 2018-04-12 09:48:02 -07:00
Tim Abbott c90fbff703 settings: Clarify variable names for tab template rendering. 2018-04-12 09:48:02 -07:00
Tim Abbott dbb62ba5cb compose: Clean up variable names for preview logic.
This makes it more clear that the content has already been rendered.
2018-04-12 09:48:02 -07:00
Tim Abbott f4aea3ec22 invite: Clarify variable names for rendered_email_msg. 2018-04-12 09:48:02 -07:00
Tim Abbott 0db715d222 search_suggestion: Add escaping for email addresses.
This is probably unnecessary, but makes me feel better about every
code path in this file doing proper escaping to avoid XSS issues.
2018-04-12 09:47:01 -07:00
Tim Abbott 65b9d9e0f3 CVE-2018-9990: Fix XSS issue with stream names in topic typeahead.
Zulip's search typeahead had a security bug, where when autocompleting
a specially crafted stream name, and then hitting space, code within
the stream name would be executed.

Zulip was doing HTML escaping correctly in the main code path using
Filter.describe to describe a narrow, but the escaping function was
not called in a few parallel code paths.  We fix this in a way that
should protect all of these code paths, by making Filter.describe
return properly escaped HTML, rather than depending on its callers to
do so.

Thanks to w2w for reporting this issue.
2018-04-12 09:46:54 -07:00
Rohitt Vashishtha 3bdc8bbaa5 CVE-2018-9986: Fix XSS issues with frontend markdown processor.
This fixes a set of XSS issues with Zulip's frontend markdown
processor, which is used in a limited set of contexts, such as local
echo of messages and the drafts feature.

The implementation of several syntax elements, including the <em>
syntax, user and stream mentions, and some others failed to properly
escape the content inside the syntax.

Fix this, and add tests for each corrected code path.

Thanks to w2w for reporting this issue.
2018-04-12 09:46:37 -07:00
Tim Abbott 1207a08b36 CVE-2018-9987: Fix XSS issue with muting notifications.
This fixes an XSS issue with Zulip's muting UI, where if a stream or
topic name contained malicious HTML containing JavaScript, and the
user did a muting interaction, the malicious JavaScript could run when
rendering the "you just muted a topic" notification.

We did an audit for similarly problematic use of `.html`, and found
none; for the next release we'll be merging a series of changes to our
linter to prevent future instances of this being added.

Thanks to Suhas Sunil Gaikwad for reporting this issue.
2018-04-12 09:46:03 -07:00
YJDave 92a04b31a0 custom fields: Clean custom fields to use existing defined function. 2018-04-12 09:40:09 -07:00
Tim Abbott e6833b6427 cleanup: Remove the legacy Dropbox file upload integration.
This has been hard-disabled for years, we have no plans to re-enable
it, and it has some hacky code in it.
2018-04-11 11:39:48 -07:00
YJDave 95461761e4 subscription: Show current user on top of subscribers list if present.
Fixes #9027.
2018-04-11 09:54:42 -07:00
YJDave c662867f14 subscription: Add comments for recent changes covering corner cases. 2018-04-11 09:51:52 -07:00
Marco Burstein c36a658fee uploads: Fix the upload progress bar.
There was already a progress bar set up, but it became non-functional
after refactoring.  This fixes it.

The default animation was getting cut off when `uploadFinished` is
called, so we add a delay before removing the upload bar to make it
get to the end.

Tweaked by tabbott to have a more natural feeling animation setup
(where we don't animate the width adjustments; just the disappearance
of the bar).

Fixes #8863.
2018-04-09 22:53:06 -07:00
Tim Abbott a4def8d409 copy_and_paste: Re-disable copy-paste handler in production.
This reverts commit 6e048c5d3f.

See #8963 for the main issue we need to fix before re-enabling this;
basically, some combination of toMarkdown and the way text/html gets
written was introducing a lot of bonus/bogus whitespace, both in the
form of newlines and spaces converted to `&nbsp;`.
2018-04-09 22:10:28 -07:00
Shubham Dhama b650b6b38c markdown: Add @stream as an alias for @all.
Fixes: #8930.
2018-04-09 16:35:14 -07:00
Shubham Dhama 771db7fb90 compose typeahead: Refactor repeating code for all and everyone mentions.
This is minor refactor with which we can simply add other aliases for
"all" and "everyone" mentions.
2018-04-09 16:35:14 -07:00
Marco Burstein 7c66d11781 compose: Show avatars for people in typeahead autocompletes.
`@everone` and `@all` will have a megaphone icon from FontAwesome in
place of the avatar.

Also, fix the `composebox_typeahead` tests to account for the images.

Fix #6635.
2018-04-09 15:47:11 -07:00
Tim Abbott 37a83285c4 people: Clean up now-unnecessary url variable. 2018-04-09 12:12:44 -07:00
Tim Abbott 40421c5000 people: Refactor small_avatar_url logic for emails. 2018-04-09 12:12:44 -07:00
Tim Abbott dfac0302fc people: Extract small_avatar_url_for_person.
This is intended to be used in places like compose typeahead to
display users' avatars.
2018-04-09 12:12:44 -07:00
Tim Abbott 3bfd96d8ed people: Use a return for message.avatar_url code path.
This helps clean up this code path a bit.
2018-04-09 12:07:41 -07:00
Tim Abbott 5bcfecd0dc people: Extract gravatar_url_for_email. 2018-04-09 12:07:41 -07:00
YJDave 025956482a subscription: Fix error in appending current user on top of subscriber list. 2018-04-08 16:54:12 -07:00
YJDave f5a7d125c9 subscription: Clean functions `peer_subscribe` and `peer_unsubscribe`. 2018-04-08 16:54:12 -07:00
YJDave dcf9355502 subs.js: Rename function to `check_button_for_sub` to be more specific. 2018-04-08 16:54:12 -07:00