This reverts commits 5ce956c9bb and
14c51bd0ec, which broke the compose box
in channels with "only general chat" set.
(cherry picked from commit 52ba675a26)
This commit removes left padding for the stream privacy
and disabled icon in dropdown widgets. There is already
a padding in grid container and we are fine with removing
the 2px padding to avoid maintaining more pixel values.
(cherry picked from commit 60074db0ed)
The alignment of icon and text of the disabled option in
dropdown widget was somewhow broken due to an extra span
element present which broke the grid layout used for
rendering the icon and text properly.
This also makes the layout consistent with other options
shown with icon.
This was due to e643d7e6fd which resulted in space
between icon and text. We could have fix that by using
"~" character to remove whitespace in handlebar templates
but making the layout consistent felt a better choice.
(cherry picked from commit 46f338f54f)
When there are only unread DMs and it is collapsed, the all rows
collapsed not is not shown.
This occurred since we didn't check for that.
(cherry picked from commit d1cedb7f1d)
Slack attachment urls with white spaces,
e.g. `https://example.com/some file.png`,
were rejected by `check_url`. We want to call `requote_url` to deal with
any url-quoting jankiness that may be present in the exported data.
(cherry picked from commit e65fb2d051)
1. `call` is a block type we've observed in the wild in a Slack export,
despite not being documented in
https://docs.slack.dev/reference/block-kit/blocks/
2. We already have the logic for converting `condition` block type below
in the function, but it was erroneously missing from the list of valid
types.
(cherry picked from commit d484fd95d8)
Non-color values are not permitted inside light-dark(). This commit
fixes that for --color-invalid-input-box-shadow.
(cherry picked from commit 7bce6361b3)
Emails to missed-message email addressees which are marked
"auto-replied" are clearly auto-replies, and will not contribute
usefully to the conversation. We also ignore "auto-generated" emails
to missed-message addresses, as they must actually be auto-replies
which are misclassifying themselves, as missed-message addresses are
not meant to be targets for any auto-generated emails.
We accept auto-generated and auto-replied emails to stream incoming
email addresses, as auto-generated emails to those are clearly useful,
and auto-replied emails are unexpected enough to allow (given that
Zulip does not produce outgoing emails From: stream email addresses).
(cherry picked from commit 3538455ca8)
There is no need for 'select_related("usergroup_ptr")' in queries
for NamedUserGroup table because Django always does a join against
base UserGroup table.
(cherry picked from commit de5a78344a)
For get and filter queries of NamedUserGroup, realm_for_sharding
field is used instead of realm field, as directly using
realm_for_sharding field on NamedUserGroup makes the query faster
than using realm present on the base UserGroup table.
(cherry picked from commit 764f4aa2e0)
Anonymous groups were being created for stream permission
settings when calling the subscriptions endpoint without
any streams data or when calling it only for subscribing
users to streams and not for creating any new streams.
This commit makes sure that no such unused anonymous groups
are created.
(cherry picked from commit d4d7a8fe2a)
This prevents a development-mode-only directory traversal attack,
where the Django development server could be made to respond to
requests for `/user_avatars/../../../../../../etc/passwd`.
The production server is not affected by this vulnerability, as
nginx's configuration sets `PATH_INFO` to `$document_uri`, which is
normalized[^1] -- that is, by the time uwsgi and Django see it, the path
has been percent-decoded once, and all `../` path components have been
applied[^2].
Close this by explicitly normalizing the paths before comparing; the
`LOCAL_UPLOADS_DIR` side is unlikely to require normalization as well,
but is also normalized for consistency. The failure here is left as
an assertion failure, and not a JsonableError, because it only affects
the development server.
[^1]: https://nginx.org/en/docs/http/ngx_http_core_module.html#var_uri
[^2]: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
(cherry picked from commit 9815db9811)
The user associated to a pull request is always its creator, however,
when closing a pull request, this can be the wrong actor. The paylod
contains the actor in the `sender` value, use this instead.
(cherry picked from commit 5ed5fa3315)
Prior to feature level 281, the only users who had permissions to
permanently delete any message in the organization were organization
administrators.
Currently, various realm and channel permission settings, which use
the user group model, determine if a user is able to permanently
delete a specific message.
Updates the main description of the endpoint to note these settings
and removes the note that the endpoint is limited to organization
administrators.
(cherry picked from commit b7815d9e2a)
Updates templates/zerver/meta_tags.html to add a rel-canonical
link if REL_CANONICAL_LINK is in the template context dict.
We add REL_CANONICAL_LINK to the documentation context for the
help center, API and integrations documentation pages in all
cases.
For policies documentation pages, we add REL_CANONICAL_LINK to
the context only when settings.CORPORATE_ENABLED is true, so
that self-hosted servers' policies documentation do not have a
rel-canonical link set.
This commit updates the label for can_set_topics_policy_group
to specify that the user must be a channel administrator in
order to change the topics policy for a channel.
We did that before but it was removed in d8261d4b96.
(cherry picked from commit 31f8dcba6c)
This commit updates the label for can_set_topics_policy_group
setting to be more clear by mentioning that it is used to
configure who can set the per-channel "general chat" configuration.
We also add a link to "/help/require-topics" with the label.
(cherry picked from commit d8261d4b96)
If all channels in a folder are muted, then this margin is present
in "Standard view", without there being any folder present.
Fixed by only applying margin if the folder has any header or rows
that are not hidden by filters.
This is an alternative fix to #35962 which was reverted in #36123.
(cherry picked from commit f2a11c5858)
On visiting 'https://chat.zulip.org/?show_try_zulip_modal',
a 'try zulip' modal is displayed to spectators.
Previously, the modal flashed briefly and disappeared.
Reason:
Earlier, in 'ui_init.js' we called 'show_try_zulip_modal'
followed by a network call - which on success called
'initialize_everything'.
'hashchange.initialize' (in 'initialize_everything') closes
any active modal.
So, the race between 'show_try_zulip_modal' & 'hashchange.initialize'
was resulting in this flash.
Fix:
We call 'show_try_zulip_modal' only after 'initialize_everything'
completes - there's no point to try to display modal when the
loading screen is still visible to users.
(cherry picked from commit 03897c42e1)
If one of the filters is focused or if we cannot determine the
current focus location, any rerender call will scroll user to
top.
Fixed by only scrolling to top when navigating from other views
and when we don't have a cached scroll position.
Tested by calling `complete_rerender` at 1s intervals.
(cherry picked from commit e3371cfb72)
GitLab has both integrations and webhooks, and our documentation
should direct users to the webhooks set up for integrating with
Zulip.
Adds a link to GitLab's create a webhook documentation as well.
(cherry picked from commit 0af56bb80b)
This helps to prevent an edge case where clicking the
new-topic button, `[+]`, in the left sidebar when the
topic box was already empty caused an unexpected flash
of the *general chat* topic.
(cherry picked from commit 14c51bd0ec)
