Prevents malformed user names (_not_ usernames) from
rendering HTML in the welcome banner. This would only
affect the user and any admin that impersonates that
user.
Fixes
https://meta.discourse.org/t/checkbox-in-color-palettes-user-selectable-yes-no-doesnt-work/378545?u=osama
This commit moves the sorting logic to server-side to avoid caching issues
where the (sorted) palettes list, which was stored as a property on the
controller, would need to be invalidated each time the user navigated to
the palettes list page because changes to palettes could've been made
between the last and new visits to the page. This PR also eliminates an
AJAX request that the palettes list page makes to fetch the default
theme by including the default theme in the same response that includes
the color palettes list.
Concerns "small posts" like this one
<img width="1564" height="176" alt="image"
src="https://github.com/user-attachments/assets/652188fd-a7bd-4363-96fb-0ba8f7541e51"
/>
When navigating posts via heading-to-heading navigation in a
screenreader, sometimes you can run into situations where there's no
next heading to be found towards the bottom of the infinite loading
page... and this can stop more posts from loading, even when more exist.
Marking up the small post content as a heading allows it to be navigated
like regular posts, and avoids this issue. So when a small post is near
the bottom of a page, it can be navigated to and trigger more posts to
load.
This also has the benefit of making the small post content a more
natural part of the post stream while navigating with a screen reader.
## 🔍 Overview
This update allows you to regenerate short summaries (gists) with the
click of a button. This is helpful for admins to fix short summaries
when they go wrong. This update adds a regenerate button in the topic
admin controls as well as the bulk select dropdown for topic lists.
## 📸 Screenshots
<img width="443" height="663" alt="Screenshot 2025-08-14 at 17 28 46"
src="https://github.com/user-attachments/assets/25784d3e-38b4-4eb6-8fde-a921ca9243f6"
/>
<img width="564" height="579" alt="Screenshot 2025-08-14 at 17 28 36"
src="https://github.com/user-attachments/assets/26ef3037-2d79-4a32-bca9-baa94430bf18"
/>
---------
Co-authored-by: Roman Rizzi <rizziromanalejandro@gmail.com>
This avoids messing with the `featuresOverride`, which we only did
before because of an attempt to filter the `onebox` feature out, which
may not be necessary.
The previous `buildEngine` call could strip information that's used by
customizations like `discourse-calendar`'s `[timezones]`, which relies
on the presence of a feature and hence is not being interpreted during
Markdown parsing as a token.
Various fixes and improvements for the color palettes admin page...
* Live previews stopped working because we were never running
`_captureInitialState()` so we had no comparison to see if we could live
preview
* `canPreviewColorScheme` also needed to check against "theme default"
user preference (-1)
* Refactors warning messages if admin user preferences differ from
defaults
<img width="2036" height="260" alt="image"
src="https://github.com/user-attachments/assets/30b6957a-6009-42e7-9cb7-01610536fd1c"
/>
We now warn on:
* Theme is different from the default (overrides color difference
warnings)
* Light and/or dark palette are different from the default
* Added specs for toasts on palette change, which is a light way to
check if live preview is working (when the conditions are met for the
live preview, we don't show the toast)
* If a color palette isn't editable, make the button say "view" and not
"edit" — we can improve this some more, but this is a simple iterative
step
Currently the following is erroneously shown only if the post author is
in the `content_localization_allowed_groups` setting. It should actually
be shown based on the current_user, not the post's user. This bug
prevents the privileged user from deleting translations.
We were not unsubscribing from this event, causing us to add more and
more listeners, after few pages visits you would end up with as many
subscriptions and as many ajax calls, eventually causing 429s.
A further improvement of this code could be to cache the events list,
there not much value in refetching each time given the query doesnt
change for each page.
This commit reverts the changes made to `SvgSprite.settings_icons` in
19af83d39e
which resulted in significantly slower boot times on multisite clusters
since `SvgSprite.settings_icons` is called during application preload.
Since #34350 changed "confirm" user fields to cast to a boolean type,
generating a user list export would cause an error.
This change ensures the export process treats all user field values as
strings, for inserting into the export CSV.
This change fixes two issues with the "confirm" type user field.
These user fields are rendered as checkboxes, so the user field value
was being used directly as the `@checked` param for the input element.
Non-boolean values would cause unexpected checkbox behaviour (for
example, a value of `"false"` would cause the checkbox to be checked, or
a value of `null` would cause the form to be submitted with an empty
value, instead of `false`).
Additionally, since we know that these fields will only have boolean
values, `User#user_fields` now automatically casts the string `"true"`
and `"false"` values for confirm fields into their boolean equivalent.
We want to temporarily disable user tips and the Discobot welcome PM
on all sites by default until we have time to improve their
functionality, because
right now they create a lot of noise for new members and admins without
providing obvious benefits.
This PR replaces the jquery-based autocomplete in full page search with
floatkit. I added a separate site setting for toggling autocomplete for
this and other input fields in future, and a new `offset` option for
customizing how much offset we want for the autocomplete menu.
Before this change, we would redirect the user back to the admin themes
index page without any UI indication on whether the theme has been
successfully destroyed.
Follows the same pattern as the color palette index, where we
sort the themes once, and then resort only when the themes array
from the model changes. This fixes the issue where if you installed
a new theme, it would not show up on the grid until you refreshed.
This commit essentially removes the half-way composer state on mobile,
and instead opts to keep it fullscreen. Regular minimise still works.
This has been int he design experiments for long enough that it seems
safe enough (famous last words).
Meta topic:
https://meta.discourse.org/t/mobile-composer-permanent-full-screen/374766
In the admin search, links to site settings for plugins that
are not using the new show page for plugins were pointing to
the admin route for the plugin. This is not useful, because most
plugins do not show their site settings here.
Instead, we should link to the plugin category on the
/admin/site_settings
route.
This commit introduces two changes:
1. It fixes the incorrect route used for the color palettes edit page.
2. Remove the edit color palette button in favor of an "edit colors"
link in the color palette selector description.
Fixes an issue where the history link on hover for a theme site setting
would point to the staff action logs for regular site settings, not the
theme site setting ones which include the theme name in the subject
and also have a different `change_theme_site_setting` action.
c.f.
https://meta.discourse.org/t/link-to-change-history-on-themeable-site-settings/377394
