For 7+ years we were escaping this value, but it is in many cases already sanitized (as it may be a post content). For those cases when it is not, I now run it through parse.raw.
Instead of escaping, it now strips p, img, and a tags.
When combining filters, the old logic assumed that every filter was
exclusive, unless that filter contained multiple items, in which
case it was added to a list of "or" filters that returned all
matching flags.
A fault was discovered in that if you passed in multiple "or"
states, it did not return flags with the expected filtering.
e.g. open flags, closed flags, flags of cid 1, flags of cid 2
This could return open flags of cid 3, since all of the filters
were "OR"'d.
This logic change updates the behaviour so disparate OR sets are
intersected (ANDed).
- Added new config flag:limitPerTarget, to disallow flags after an item has
already been flagged x times (default 0, or infinite)
- New zset flags:byTarget, score is the number of times a flag has been made
against that item
- "already-flagged" translation key removed, now "post-already-flagged" or
"user-already-flagged" -- this fixed bug where flagging a user you've already
flagged would tell you you've already flagged this post already.
- Refactored Flags.canFlag to throw errors only, instead of returning boolean
- Updated ACP form inputs for reputation settings page to be more bootstrappy
- +1 upgrade script
- Show account moderation history
- Ban and delete quick actions
Squashed commit of the following:
commit 0e782e65f4d48ae814708e510ec9d01bcdd914e0
Author: Julian Lam <julian@nodebb.org>
Date: Tue May 26 20:24:53 2020 -0400
fix(deps): use persona 10.1.41/vanilla 11.1.17
commit 369e073d3c3189d8ce181eb3d573489cbe54d4fc
Author: Julian Lam <julian@nodebb.org>
Date: Tue May 26 20:23:24 2020 -0400
fix: allow ban and delete exported methods to have cbs
commit b83a086ea31a77ec82d161306c0b9bc115cb2a3a
Merge: 525aae1ea 256ee45d3
Author: Julian Lam <julian@nodebb.org>
Date: Tue May 26 08:54:25 2020 -0400
Merge remote-tracking branch 'origin/master' into flags-improvements
commit 525aae1ea2e5d0103028a0f0c8dde05f172d088e
Author: Julian Lam <julian@nodebb.org>
Date: Tue May 26 08:53:39 2020 -0400
feat: integrate ban history and username changes to flag history list
commit 3e68ad28ba266f4c8620a676aa7f463f0a9d1df7
Author: Julian Lam <julian@nodebb.org>
Date: Mon May 25 18:22:53 2020 -0400
feat: allow ban and deletion from flag details page
commit a559ea1d8e8883385c2876868d855a0b93516c54
Author: Julian Lam <julian@nodebb.org>
Date: Mon May 25 18:22:00 2020 -0400
feat: export banAccount and deleteAccount methods from accounts module
* feat: testing suite integration for openapi spec
The testing suite now takes the openapi spec into account. It will
check each route defined, make a call to it, and compare the
response with the defined schema. Any mismatches will cause the
test to fail.
* fix(openapi): removed debug stuff from tests
* fix(openapi): fixed some tests
* fix(openapi): added additional check to tests, test fixes
* fix(openapi): better tests, fixed spec errors
* fix(openapi): bad conditional in test
* fix: oops
* fix(openapi): more tests fixing
* fix(openapi): more tests
* fix(openapi): fix some more tests
* fix: verbose'd an info log
* fix: topic pagination route returns schema-optimized pagination block
* fix(openapi): more test/spec fixes
* fix(openapi): accidentally sending in authenticated jar for anon routes
* fix(openapi): more test/spec fixes
* fix(openapi): more spec fixes
* fix: timestampReadable Invalid Date
* fix(openapi): more tests... almost there
* fix(openapi): more tests fixing
* fix(openapi): finally all tests passing
* fix(openapi): added reverse test to compare response to spec
... and fixed all the tests that broke
* fix: remove tests related to group covers, as route is gone
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): broken test on travis
* fix(openapi): object cache is not present for psql
* fix: tests
Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>
* feat: add assignee checking when updating flag
Prior to this, it was possible to update the assignee to any value (or
any user. This commit adds checking to allow only admins, global
moderators, or in the case of flagged posts, moderators.
Also some prep work was added for value checking `state`.
* feat: value checking `state` on flag update
The state should be one of the constants defined earlier in the file.
Fixed an issue where the flags detail page would crash if the
reporting user flagged a post and then proceeded to block the
post author.
Retrieval of a flag's target data should be irrespective of
block status.
fixes#6925
* Store config fields as JSON in the db
Fewer parseInts
* Remove unnecessary parseInts
* remove some dupe code add tests
* remove console.log
* remove more parseInts
* WIP: read meta.configs defaults from defaults.json
remove more parseInts
* more work
* add log for failing test
* update admin pwd
* fix tests, dont require posts/cache before configs are initialized
* handle saves
* Test boolean conditions
* remove more parseInts
* Fix boolean values
* remove lots more parseInts
* removed json parsing
* renamed var to number
* categories dont have timestamp
