fix: broken flag history on flag update

* feat: store topic title and tags in diffs

allow restoring post diff if tags didn't change

* test: fix tests, fast computer problems

install/data/defaults.json

@@ -153,6 +153,7 @@
     "digestHour": 17,
     "passwordExpiryDays": 0,
     "cross-origin-embedder-policy": 0,
+    "cross-origin-opener-policy": "same-origin",
     "cross-origin-resource-policy": "same-origin",
     "hsts-maxage": 31536000,
     "hsts-subdomains": 0,

install/package.json

@@ -2,7 +2,7 @@
     "name": "nodebb",
     "license": "GPL-3.0",
     "description": "NodeBB Forum",
-    "version": "1.19.6",
+    "version": "1.19.10",
     "homepage": "http://www.nodebb.org",
     "repository": {
         "type": "git",
@@ -86,7 +86,7 @@
         "@nodebb/bootswatch": "3.4.2",
         "nconf": "0.12.0",
         "nodebb-plugin-2factor": "3.0.7",
-        "nodebb-plugin-composer-default": "7.0.22",
+        "nodebb-plugin-composer-default": "7.0.23",
         "nodebb-plugin-dbsearch": "5.1.3",
         "nodebb-plugin-emoji": "3.5.17",
         "nodebb-plugin-emoji-android": "2.0.5",
@@ -184,4 +184,4 @@
             "url": "https://github.com/barisusakli"
         }
     ]
-}
+}

public/language/ar/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/bg/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "Когато е включено (по подразбиране), стойността на заглавката ще бъде <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Стриктна транспортна сигурност",
 	"hsts.enabled": "Включване на HSTS (препоръчително)",

public/language/bn/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/cs/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Přísné zabezpečení přenosu",
 	"hsts.enabled": "Povolit HSTS (doporučeno)",

public/language/da/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/de/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "HSTS Aktivieren (empfohlen)",

public/language/el/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/en-GB/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/en-US/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/en-x-pirate/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/es/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Seguridad estricta del transporte",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/et/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/fa-IR/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/fi/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/fr/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "\nAccess-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "Lorsqu'il est activé (par défaut), définira l'en-tête sur <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Activer HSTS  (recommandé)",

public/language/gl/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/he/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/hr/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/hu/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Szigorú HTTP biztonság (HSTS)",
 	"hsts.enabled": "Szigorú HTTP biztonság (HSTS) bekapcsolása (ajánlott)",

public/language/id/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/it/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "Se abilitato (impostazione predefinita), imposterà l'intestazione su <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Rigorosa sicurezza trasporto",
 	"hsts.enabled": "Abilita HSTS (consigliato)",

public/language/ja/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "アクセス-制御-有効-ヘッダー",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/ko/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "HSTS 활성화 (권장)",

public/language/lt/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/lv/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "HTTP Strict Transport Security (HSTS)",
 	"hsts.enabled": "Iespējots HSTS (ieteicams)",

public/language/ms/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/nb/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/nl/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/pl/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Kontrola-Dostępu-Zezwól-Nagłówki",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Włączony HSTS (zalecane)",

public/language/pt-BR/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Habilitar HSTS (recomendado)",

public/language/pt-PT/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/ro/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/ru/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Строгая политика безопасности транспортного уровня",
 	"hsts.enabled": "Включить HSTS (рекомендуется)",

public/language/rw/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/sc/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/sk/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Prísne zabezpečenie prenosu",
 	"hsts.enabled": "Povoliť HSTS (odporúčané)",

public/language/sl/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Omogočen HSTS (priporočeno)",

public/language/sq-AL/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/sr/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/sv/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/th/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/tr/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Erişim-Kontrolü-Başlık-İzni",
 	"headers.coep": "Cross-Origin-Embed Politikası",
 	"headers.coep-help": "Etkinleştirildiğinde (varsayılan), başlığı  <code>require-corp</code> olarak ayarlayacaktır.",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin Kaynak Politikası",
 	"hsts": "STS",
 	"hsts.enabled": "HSTS'yi etkinleştir (önerilir)",

public/language/uk/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",

public/language/vi/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "Khi được bật (mặc định), sẽ đặt tiêu đề thành <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Bảo Vệ Truyền Tải Nghiêm Ngặt",
 	"hsts.enabled": "Đã bật HSTS (đề nghị)",

public/language/zh-CN/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "严格安全传输（HSTS）",
 	"hsts.enabled": "启用HSTS（推荐）",

public/language/zh-TW/admin/settings/advanced.json

@@ -17,6 +17,7 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
+	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "嚴格安全傳輸",
 	"hsts.enabled": "啟用HSTS（推薦）",

public/src/admin/settings/api.js

@@ -7,7 +7,7 @@ define('admin/settings/api', ['settings', 'alerts', 'hooks'], function (settings
 		settings.load('core.api', $('.core-api-settings'));
 		$('#save').on('click', saveSettings);
 
-		hooks.on('action:settings.sorted-list.itemLoaded', (ev, { element }) => {
+		hooks.on('action:settings.sorted-list.itemLoaded', ({ element }) => {
 			element.addEventListener('click', (ev) => {
 				if (ev.target.closest('input[readonly]')) {
 					// Select entire input text

public/src/client/flags/detail.js

@@ -26,7 +26,7 @@ define('forum/flags/detail', [
 						return memo;
 					}, {});
 
-					api.put(`/flags/${ajaxify.data.flagId}`, data).then((history) => {
+					api.put(`/flags/${ajaxify.data.flagId}`, data).then(({ history }) => {
 						alerts.success('[[flags:updated]]');
 						Detail.reloadHistory(history);
 					}).catch(alerts.error);

public/src/client/topic/events.js

@@ -158,7 +158,7 @@ define('forum/topic/events', [
 			hooks.fire('action:posts.edited', data);
 		}
 
-		if (data.topic.tags && tagsUpdated(data.topic.tags)) {
+		if (data.topic.tags && data.topic.tagsupdated) {
 			Benchpress.render('partials/topic/tags', { tags: data.topic.tags }).then(function (html) {
 				const tags = $('.tags');
 
@@ -171,19 +171,6 @@ define('forum/topic/events', [
 		postTools.removeMenu(components.get('post', 'pid', data.post.pid));
 	}
 
-	function tagsUpdated(tags) {
-		if (tags.length !== $('.tags').first().children().length) {
-			return true;
-		}
-
-		for (let i = 0; i < tags.length; i += 1) {
-			if (!$('.tags .tag-item[data-tag="' + tags[i].value + '"]').length) {
-				return true;
-			}
-		}
-		return false;
-	}
-
 	function onPostPurged(postData) {
 		if (!postData || parseInt(postData.tid, 10) !== parseInt(ajaxify.data.tid, 10)) {
 			return;

public/src/utils.js

@@ -290,13 +290,11 @@
 
 	const utils = {
 		generateUUID: function () {
-			/* eslint-disable no-bitwise */
+			// from https://github.com/tracker1/node-uuid4/blob/master/browser.js
-			return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
+			const temp_url = URL.createObjectURL(new Blob());
-				const r = Math.random() * 16 | 0;
+			const uuid = temp_url.toString();
-				const v = c === 'x' ? r : ((r & 0x3) | 0x8);
+			URL.revokeObjectURL(temp_url);
-				return v.toString(16);
+			return uuid.split(/[:\/]/g).pop().toLowerCase(); // remove prefixes
-			});
-			/* eslint-enable no-bitwise */
 		},
 		// https://github.com/substack/node-ent/blob/master/index.js
 		decodeHTMLEntities: function (html) {

src/controllers/authentication.js

@@ -244,7 +244,7 @@ authenticationController.login = async (req, res, next) => {
 	}
 
 	const loginWith = meta.config.allowLoginWith || 'username-email';
-	req.body.username = req.body.username.trim();
+	req.body.username = String(req.body.username).trim();
 	const errorHandler = res.locals.noScriptErrors || helpers.noScriptErrors;
 	try {
 		await plugins.hooks.fire('filter:login.check', { req: req, res: res, userData: req.body });

src/flags.js

@@ -807,9 +807,10 @@ Flags.notify = async function (flagObj, uid, notifySelf = false) {
 		});
 		uids = uids.concat(modUids[0]);
 	} else if (flagObj.type === 'user') {
+		const targetDisplayname = flagObj.target && flagObj.target.user ? flagObj.target.user.displayname : '[[global:guest]]';
 		notifObj = await notifications.create({
 			type: 'new-user-flag',
-			bodyShort: `[[notifications:user_flagged_user, ${displayname}, ${flagObj.target.user.displayname}]]`,
+			bodyShort: `[[notifications:user_flagged_user, ${displayname}, ${targetDisplayname}]]`,
 			bodyLong: await plugins.hooks.fire('filter:parse.raw', String(flagObj.description || '')),
 			path: `/flags/${flagObj.flagId}`,
 			nid: `flag:user:${flagObj.targetId}`,

src/posts/diffs.js

@@ -7,7 +7,7 @@ const db = require('../database');
 const meta = require('../meta');
 const plugins = require('../plugins');
 const translator = require('../translator');
-
+const topics = require('../topics');
 
 module.exports = function (Posts) {
 	const Diffs = {};
@@ -38,16 +38,24 @@ module.exports = function (Posts) {
 	};
 
 	Diffs.save = async function (data) {
-		const { pid, uid, oldContent, newContent, edited } = data;
+		const { pid, uid, oldContent, newContent, edited, topic } = data;
 		const editTimestamp = edited || Date.now();
-		const patch = diff.createPatch('', newContent, oldContent);
+		const diffData = {
+			uid: uid,
+			pid: pid,
+		};
+		if (oldContent !== newContent) {
+			diffData.patch = diff.createPatch('', newContent, oldContent);
+		}
+		if (topic.renamed) {
+			diffData.title = topic.oldTitle;
+		}
+		if (topic.tagsupdated && Array.isArray(topic.oldTags)) {
+			diffData.tags = topic.oldTags.map(tag => tag && tag.value).filter(Boolean).join(',');
+		}
 		await Promise.all([
 			db.listPrepend(`post:${pid}:diffs`, editTimestamp),
-			db.setObject(`diff:${pid}.${editTimestamp}`, {
+			db.setObject(`diff:${pid}.${editTimestamp}`, diffData),
-				uid: uid,
-				pid: pid,
-				patch: patch,
-			}),
 		]);
 	};
 
@@ -71,6 +79,8 @@ module.exports = function (Posts) {
 			content: post.content,
 			req: req,
 			timestamp: since,
+			title: post.topic.title,
+			tags: post.topic.tags.map(tag => tag.value),
 		});
 	};
 
@@ -130,6 +140,16 @@ module.exports = function (Posts) {
 		// Replace content with re-constructed content from that point in time
 		post[0].content = diffs.reduce(applyPatch, validator.unescape(post[0].content));
 
+		const titleDiffs = diffs.filter(d => d.hasOwnProperty('title') && d.title);
+		if (titleDiffs.length && post[0].topic) {
+			post[0].topic.title = validator.unescape(String(titleDiffs[titleDiffs.length - 1].title));
+		}
+		const tagDiffs = diffs.filter(d => d.hasOwnProperty('tags') && d.tags);
+		if (tagDiffs.length && post[0].topic) {
+			const tags = tagDiffs[tagDiffs.length - 1].tags.split(',').map(tag => ({ value: tag }));
+			post[0].topic.tags = await topics.getTagData(tags);
+		}
+
 		return post[0];
 	}
 
@@ -144,9 +164,12 @@ module.exports = function (Posts) {
 	}
 
 	function applyPatch(content, aDiff) {
-		const result = diff.applyPatch(content, aDiff.patch, {
+		if (aDiff && aDiff.patch) {
-			fuzzFactor: 1,
+			const result = diff.applyPatch(content, aDiff.patch, {
-		});
+				fuzzFactor: 1,
-		return typeof result === 'string' ? result : content;
+			});
+			return typeof result === 'string' ? result : content;
+		}
+		return content;
 	}
 };

src/posts/edit.js

@@ -29,7 +29,9 @@ module.exports = function (Posts) {
 			throw new Error('[[error:no-post]]');
 		}
 
-		const topicData = await topics.getTopicFields(postData.tid, ['cid', 'mainPid', 'title', 'timestamp', 'scheduled', 'slug']);
+		const topicData = await topics.getTopicFields(postData.tid, [
+			'cid', 'mainPid', 'title', 'timestamp', 'scheduled', 'slug', 'tags',
+		]);
 
 		await scheduledTopicCheck(data, topicData);
 
@@ -53,7 +55,10 @@ module.exports = function (Posts) {
 		]);
 
 		await Posts.setPostFields(data.pid, result.post);
-		const contentChanged = data.content !== oldContent;
+		const contentChanged = data.content !== oldContent ||
+			topic.renamed ||
+			topic.tagsupdated;
+
 		if (meta.config.enablePostHistory === 1 && contentChanged) {
 			await Posts.diffs.save({
 				pid: data.pid,
@@ -61,6 +66,7 @@ module.exports = function (Posts) {
 				oldContent: oldContent,
 				newContent: data.content,
 				edited: editPostData.edited,
+				topic,
 			});
 		}
 		await Posts.uploads.sync(data.pid);
@@ -109,6 +115,7 @@ module.exports = function (Posts) {
 				title: validator.escape(String(topicData.title)),
 				isMainPost: false,
 				renamed: false,
+				tagsupdated: false,
 			};
 		}
 
@@ -124,15 +131,16 @@ module.exports = function (Posts) {
 			newTopicData.slug = `${tid}/${slugify(title) || 'topic'}`;
 		}
 
-		data.tags = data.tags || [];
+		const tagsupdated = Array.isArray(data.tags) &&
+			!_.isEqual(data.tags, topicData.tags.map(tag => tag.value));
 
-		if (data.tags.length) {
+		if (tagsupdated) {
 			const canTag = await privileges.categories.can('topics:tag', topicData.cid, data.uid);
 			if (!canTag) {
 				throw new Error('[[error:no-privileges]]');
 			}
+			await topics.validateTags(data.tags, topicData.cid, data.uid, tid);
 		}
-		await topics.validateTags(data.tags, topicData.cid, data.uid, tid);
 
 		const results = await plugins.hooks.fire('filter:topic.edit', {
 			req: data.req,
@@ -140,7 +148,9 @@ module.exports = function (Posts) {
 			data: data,
 		});
 		await db.setObject(`topic:${tid}`, results.topic);
-		await topics.updateTopicTags(tid, data.tags);
+		if (tagsupdated) {
+			await topics.updateTopicTags(tid, data.tags);
+		}
 		const tags = await topics.getTopicTagsObjects(tid);
 
 		if (rescheduling(data, topicData)) {
@@ -149,7 +159,7 @@ module.exports = function (Posts) {
 
 		newTopicData.tags = data.tags;
 		newTopicData.oldTitle = topicData.title;
-		const renamed = translator.escape(validator.escape(String(title))) !== topicData.title;
+		const renamed = title && translator.escape(validator.escape(String(title))) !== topicData.title;
 		plugins.hooks.fire('action:topic.edit', { topic: newTopicData, uid: data.uid });
 		return {
 			tid: tid,
@@ -160,8 +170,10 @@ module.exports = function (Posts) {
 			slug: newTopicData.slug || topicData.slug,
 			isMainPost: true,
 			renamed: renamed,
-			rescheduled: rescheduling(data, topicData),
+			tagsupdated: tagsupdated,
 			tags: tags,
+			oldTags: topicData.tags,
+			rescheduled: rescheduling(data, topicData),
 		};
 	}
 

src/posts/summary.js

@@ -76,9 +76,15 @@ module.exports = function (Posts) {
 	}
 
 	async function getTopicAndCategories(tids) {
-		const topicsData = await topics.getTopicsFields(tids, ['uid', 'tid', 'title', 'cid', 'slug', 'deleted', 'scheduled', 'postcount', 'mainPid', 'teaserPid']);
+		const topicsData = await topics.getTopicsFields(tids, [
+			'uid', 'tid', 'title', 'cid', 'tags', 'slug',
+			'deleted', 'scheduled', 'postcount', 'mainPid', 'teaserPid',
+		]);
 		const cids = _.uniq(topicsData.map(topic => topic && topic.cid));
-		const categoriesData = await categories.getCategoriesFields(cids, ['cid', 'name', 'icon', 'slug', 'parentCid', 'bgColor', 'color', 'backgroundImage', 'imageClass']);
+		const categoriesData = await categories.getCategoriesFields(cids, [
+			'cid', 'name', 'icon', 'slug', 'parentCid',
+			'bgColor', 'color', 'backgroundImage', 'imageClass',
+		]);
 		return { topics: topicsData, categories: categoriesData };
 	}
 

src/utils.js

@@ -1,3 +1,17 @@
 'use strict';
 
+const crypto = require('crypto');
+
 module.exports = require('../public/src/utils');
+
+module.exports.generateUUID = function () {
+	// from https://github.com/tracker1/node-uuid4/blob/master/index.js
+	let rnd = crypto.randomBytes(16);
+	/* eslint-disable no-bitwise */
+	rnd[6] = (rnd[6] & 0x0f) | 0x40;
+	rnd[8] = (rnd[8] & 0x3f) | 0x80;
+	/* eslint-enable no-bitwise */
+	rnd = rnd.toString('hex').match(/(.{8})(.{4})(.{4})(.{4})(.{12})/);
+	rnd.shift();
+	return rnd.join('-');
+};

src/views/admin/settings/advanced.tpl

@@ -73,6 +73,15 @@
 				</label>
 			</div>
 			<p class="help-block">[[admin/settings/advanced:headers.coep-help]]</p>
+			<div class="form-group">
+				<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.coop]]</label>
+				<select class="form-control" id="cross-origin-opener-policy" data-field="cross-origin-opener-policy">
+					<option value="same-origin">same-origin</option>
+					<option value="same-origin-allow-popups">same-origin-allow-popups</option>
+					<option value="unsafe-none">unsafe-none</option>
+				</select>
+			</div>
+
 			<div class="form-group">
 				<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.corp]]</label>
 				<select class="form-control" id="cross-origin-resource-policy" data-field="cross-origin-resource-policy">

src/webserver.js

@@ -193,7 +193,7 @@ function setupHelmet(app) {
 	if (meta.config['cross-origin-embedder-policy']) {
 		app.use(helmet.crossOriginEmbedderPolicy());
 	}
-	app.use(helmet.crossOriginOpenerPolicy());
+	app.use(helmet.crossOriginOpenerPolicy({ policy: meta.config['cross-origin-opener-policy'] }));
 	app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] }));
 	app.use(helmet.dnsPrefetchControl());
 	app.use(helmet.expectCt());

test/api.js

@@ -191,8 +191,11 @@ describe('API', async () => {
 		const socketAdmin = require('../src/socket.io/admin');
 		// export data for admin user
 		await socketUser.exportProfile({ uid: adminUid }, { uid: adminUid });
+		await wait(2000);
 		await socketUser.exportPosts({ uid: adminUid }, { uid: adminUid });
+		await wait(2000);
 		await socketUser.exportUploads({ uid: adminUid }, { uid: adminUid });
+		await wait(2000);
 		await socketAdmin.user.exportUsersCSV({ uid: adminUid }, {});
 		// wait for export child process to complete
 		await wait(5000);

test/posts.js

@@ -425,6 +425,7 @@ describe('Post\'s', () => {
 				cid: cid,
 				title: 'topic to edit',
 				content: 'A post to edit',
+				tags: ['nodebb'],
 			}, (err, data) => {
 				assert.ifError(err);
 				pid = data.postData.pid;