January 27, 2016, 8:44 am
@rockylhotka wrote:
I suppose this might not be a "bug", but it is a serious issue.
Last night I started playing with the REST API, making calls against a non-public forum. I found that once I had the API key from Discourse I needed a username to make any call - which makes sense since the forum is private.
But I found that I can use any username from any user and it works. So once someone has the API key they can impersonate any user in the forum? No need to authenticate that user's credentials - all you need to know is their username.
Is this not a major gaping security hole?
Posts: 12
Participants: 4
Read full topic
↧
↧
January 27, 2016, 9:23 am
@rpglover64 wrote:
As an example, consider this editable sheet:
Although there's an href attribute in the source, there does not appear to be any way to click on the link.
Posts: 1
Participants: 1
Read full topic
↧
January 27, 2016, 9:32 am
@M_c_Tau wrote:
Hi guys!
I got failed during upgrading process from the admin. And then I tried to rebuild again, but I face constant problem:
Layer already being pulled by another client. Waiting.
Someone please help me ![:frowning:]( ":frowning:")
Posts: 10
Participants: 5
Read full topic
↧
January 27, 2016, 9:58 am
@pfaffman wrote:
Or that's what I think I want to do. (Not quite sure if this is #support --- add some CSS, or a #feature)
Briefly, I want to see the username next to the avatar on the search page.
Use case:
I'm using Discourse as a learning environment instead of a Learning Management System like Moodle, Blackboard, or Canvas.
I would like to add username after the avatar on (at least) the search page.
To see whether a student has completed an assignment, I do a search for a certain tag in a category and order by likes. This is almost enough for me to "grade" their work from this search page. (The search is something like this plus a tag.)
What I really need on the search page is:
- username
- whether I liked it
Right now I have to mouseover the avatar to get the username and hope that if it got likes one of them was mine.
For the second part, a longer-term solution is a plugin that adds a "You got it right" (sort of like discourse-solved, except the checkbox goes on the first post rather than the replies).
(Looks like tags got turned off? I was going to add an lms tag.)
Posts: 1
Participants: 1
Read full topic
↧
January 27, 2016, 10:53 am
@Alankrit_Choudh wrote:
upgrading via /admin/upgrade
Upgrading Discourse tagging plugging plugin
got this bug
Purging temp files
rake aborted!
I18n::InvalidLocaleData: can not load translations from /var/www/discourse/plugins/discourse-tagging/config/locales/server.de.yml: #
(in /var/www/discourse/app/assets/javascripts/locales/de.js.erb)
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/i18n-0.7.0/lib/i18n/backend/base.rb:184:in `rescue in load_yml'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/i18n-0.7.0/lib/i18n/backend/base.rb:181:in `load_yml'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/i18n-0.7.0/lib/i18n/backend/base.rb:165:in `load_file'
/var/www/discourse/lib/i18n/backend/discourse_i18n.rb:25:in `block in load_translations'
/var/www/discourse/lib/i18n/backend/discourse_i18n.rb:25:in `each'
/var/www/discourse/lib/i18n/backend/discourse_i18n.rb:25:in `load_translations'
/var/www/discourse/lib/freedom_patches/translate_accelerator.rb:44:in `block in load_locale'
/var/www/discourse/lib/freedom_patches/translate_accelerator.rb:35:in `synchronize'
/var/www/discourse/lib/freedom_patches/translate_accelerator.rb:35:in `load_locale'
/var/www/discourse/lib/freedom_patches/translate_accelerator.rb:132:in `translate'
/var/www/discourse/lib/js_locale_helper.rb:121:in `moment_format_function'
/var/www/discourse/lib/js_locale_helper.rb:114:in `moment_formats'
/var/www/discourse/lib/js_locale_helper.rb:105:in `output_locale'
/var/www/discourse/app/assets/javascripts/locales/de.js.erb:3:in `block in singleton class'
/var/www/discourse/app/assets/javascripts/locales/de.js.erb:-5:in `instance_eval'
/var/www/discourse/app/assets/javascripts/locales/de.js.erb:-5:in `singleton class'
/var/www/discourse/app/assets/javascripts/locales/de.js.erb:-7:in `__tilt_47380357070460'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/tilt-1.4.1/lib/tilt/template.rb:170:in `call'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/tilt-1.4.1/lib/tilt/template.rb:170:in `evaluate'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/tilt-1.4.1/lib/tilt/template.rb:103:in `render'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/context.rb:197:in `block in evaluate'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/context.rb:194:in `each'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/context.rb:194:in `evaluate'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/processed_asset.rb:12:in `initialize'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:374:in `new'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:374:in `block in build_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:395:in `circular_call_protection'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:373:in `build_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/index.rb:94:in `block in build_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/caching.rb:58:in `cache_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/index.rb:93:in `build_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:287:in `find_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/index.rb:61:in `find_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/bundled_asset.rb:16:in `initialize'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:377:in `new'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:377:in `build_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/index.rb:94:in `block in build_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/caching.rb:58:in `cache_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/index.rb:93:in `build_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/base.rb:287:in `find_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/index.rb:61:in `find_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/manifest.rb:211:in `block in find_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/manifest.rb:257:in `benchmark'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/manifest.rb:210:in `find_asset'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/manifest.rb:119:in `block in compile'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/manifest.rb:118:in `each'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/sprockets/manifest.rb:118:in `compile'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-rails-2.0.1/lib/sprockets/rails/task.rb:60:in `block (3 levels) in define'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-2.11.0/lib/rake/sprocketstask.rb:146:in `with_logger'
/var/www/discourse/vendor/bundle/ruby/2.0.0/gems/sprockets-rails-2.0.1/lib/sprockets/rails/task.rb:59:in `block (2 levels) in define'
Tasks: TOP => assets:precompile
(See full trace by running task with --trace)
Posts: 3
Participants: 2
Read full topic
↧
↧
January 27, 2016, 2:20 pm
@gsch wrote:
In order to test a plugin, I would like to generate a database with a large amount of content in it. Is there currently a built-in way to achieve this that works?
I found this old thread that asks this exact question, but there is little information in that thread. I went ahead and followed along some of the links and tried several solutions.
There are instructions for running profiler_db_generator.rb here, but it is over 2 years old and broken. When I run RAILS_ENV=profile bundle exec rake db:create the build fails due to encoding discrepancies:
PG::InvalidParameterValue: ERROR: encoding "UTF8" does not match locale "en_US"
DETAIL: The chosen LC_CTYPE setting requires encoding "LATIN1".
Note that this error occurs on a freshly installed vagrant vm image, even with $ locale giving en_US.UTF-8 for every value (which does not match the database templates).
I've spent the last two days trying to resolve a similar encoding issue with no luck. So far I seem to be at a dead end.
Also, noticing that the profiler environment is intended for benchmarking, would it be simple to use the profiler database for development?
Posts: 3
Participants: 3
Read full topic
↧
January 27, 2016, 2:52 pm
@DeanMarkTaylor wrote:
Members of the moderation team on one of my Discourse instances would like to...
... reply as "Moderators" or "Committee" to clearly indicate that it is the reply is position / view of the group as whole.
Whilst there could be a specific username setup for that purpose, I don't like the ideas of multiple people having and sharing a separate username and password.
These users are not "admins" so "impersonation" is not reasonable.
I know we have private group inboxes now...
... is it possible to reply publicly as a group?
Posts: 11
Participants: 4
Read full topic
↧
January 27, 2016, 7:01 pm
@dandv wrote:
Avatars increase the perception of trust on online platforms and make for a more personal community (1, 2, 3. I would love it after users sign up, Discourse encouraged them to upload a profile photo.
Here's how collaboration software Podio does it during the onboarding process:
Posts: 2
Participants: 2
Read full topic
↧
January 27, 2016, 8:08 pm
@zh99998 wrote:
从 Using Discourse as a SSO provider 继续讨论:
I'm using discourse as a SSO provider. it works well for login.
but when I'm trying to logout, I can't any way to clean discourse session.
when I click login again, I can't change account, just logged in as previous user.
Posts: 2
Participants: 2
Read full topic
↧
↧
January 27, 2016, 8:32 pm
@tobiaseigen wrote:
We are starting to look at groups in our community, and can see that many of our users will be in 10+ groups. That each one has an archive directly under it will make for a very long, pontentially cluttered page. Suggest only showing the group archive once you have clicked on a group's inbox, and maybe add a bit of vertical space between the first group and the personal message archive to differentiate them.
Comment from a member:
re: the archives, maybe we can put in a request for either of your solutions (i like having them only show when you click on a group inbox, that's a good idea)!...it really clutters up the interface once you have more than a couple inboxes....and if we make good on our workstream=groups system, some people are going to have a lot of inboxes....
Posts: 2
Participants: 2
Read full topic
↧
January 27, 2016, 8:41 pm
@tobiaseigen wrote:
Some feedback from a member:
thanks, tobias. wow, i feel dumb, for some reason it was very hard for me to find that new messages button, and I looked for a long time. i think discourse trained me to always look to the right. you would think they would keep the ux consistent and put it where +new post button usually is! i wonder if others may have that problem. we'll have to point it out when training folks.
The NEW MESSAGE button has, I think, recently moved from the right side to the left side the message menu. I guess we are saving some vertical space by doing this but at least one member had some trouble finding it.
Personally I'm not too bothered by this change and just look for the blue buttons which are always the main action to take on the page - that'll be what we point out when we train new members. But it might not be a bad idea to move it to the right side so it is more similar to the NEW POST button elsewhere on the site.
Posts: 2
Participants: 2
Read full topic
↧
January 27, 2016, 9:54 pm
@jhosein wrote:
I'm a little confused on what kind of DO plan I need. For now, I want the lowest tier possible. It appears to me that the self install page and the DO 1 click install have some contradictory requirements.
On the self install page:
"The official release of Discourse 1.0, with 1 GB RAM minimum support"
On the one click install DO page:
![]()
The lowest it'll let me go is the 2GB plan at $20/mo.
Can I install the latest version of Discourse myself with the 1GB plan at $10/mo or is that just not the case anymore?
Posts: 8
Participants: 4
Read full topic
↧
January 27, 2016, 10:37 pm
↧
↧
January 28, 2016, 12:09 am
@erlend_sh wrote:
Discourse is a large open source project buzzing with activity, so a lot of cool things happen over the course of a year. Let’s look back at 2015 and pick out some highlights. Our Most Popular Topic of 2015 The most viewed topic of the year was The State of JavaScript on Android in 2015 is…
This topic is for comments on the original blog entry at: http://blog.discourse.org/2016/01/a-year-in-discourse-recap-of-2015/
Posts: 3
Participants: 2
Read full topic
↧
January 28, 2016, 1:56 am
@meglio wrote:
We used to fix errors and improve formatting for a big portion of what is getting posted in our forum.
However, we started to receive complains: people don't like when their grammar is fixed. So we stopped fixing formatting and grammar issues for now and would like to change the tactics:
- Fix errors in messages not earlier than in 1 month after they are created.
- Do not leave any traces.
It would be good to have a tickbox shown to admins/mods "Don't record this edit". In our case, it only makes people angry and disappointed. Some of them are 55+ years old and they feel not so nice when a young person corrects their speech. Yet we believe a better formatting and grammar makes the forum a bit more good-looking and clean in the eyes of newcomers and people who care.
Posts: 1
Participants: 1
Read full topic
↧
January 28, 2016, 2:41 am
@Romanr wrote:
How to add some kind of Badge next to the person's name to visitors can see that person has authority in the forum?
I have a forum for a product where we have product Developers, Testers, product Founder.
Just want to have "Developer" or "creator" "Tester" written next to the person's name in their posts or replies. So visitors can easily see that the parson has authority and their answer can be trusted.
- Badges do not seem not appear next to the name. Also badges seem to be geared towards being issued automatically.
- Groups problem #1: Group name next to person's name is written in light-gray text color. Which makes it look very unimportant. Definitely does not make visitor see that the person posting has authority.
- Groups problem #2: Let's say we have product founder. So there should be "Founder" group just for that one person? Shouldn't it be like a role or badge for this?
Even looking at meta.discourse forum it's not easy to understand when the person has authority or some random visitor posting. And when there's grey text next to the person's name sometime it looks like a group, sometimes it's like group but you can't see that group, it's something else?
What is the best practice for this?
Posts: 3
Participants: 3
Read full topic
↧
January 28, 2016, 4:46 am
@wil93 wrote:
Hi, I think there is a bug with the editor/renderer when putting markdown code between two fenced code blocks. I tried the following code on try.commonmark.org and it gives correct output, but here it is:
int main() {
return 0;
}
Paragraph
# header
* list
* of
* things
Another paragraph
int main() {
return 0;
}
Paragraph
header
Another paragraph
For reference, this is what I see in the preview dialog:
Posts: 3
Participants: 3
Read full topic
↧
↧
January 28, 2016, 5:02 am
@Crowdalra wrote:
This is what it looks like. It seems to happen when a vast majority of images are above or at 500X500.
Posts: 2
Participants: 2
Read full topic
↧
January 28, 2016, 6:09 am
@jesselperry wrote:
I got duplicate Meta digest emails this morning. One at 2:47am and 8:47am. I know these aren't duplicates because of my email provider (FastMail & MailRoute), because they both have slightly different content. So they were both generated from Discourse.
Posts: 9
Participants: 4
Read full topic
↧
January 28, 2016, 10:12 am
↧
