github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-22 08:12:01 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/app/controllers
History
Loïc Guitaut e871865a61 FIX: Sanitize parameters provided to user actions 
Currently, providing things like `filter[%24acunetix]=1` to
`UserActionsController#index` will throw an exception because instead of
getting a string as expected, we get a hash instead.

This patch simply uses `#permit` from strong parameters properly: first
we apply it on the whole parameters, this way it filters the keys we’re
interested in. By doing this, if the value is a hash for example, the
whole key/value pair will be ignored completely.
2022-02-23 15:46:40 +01:00
..
admin
FEATURE: Centralized 2FA page (#15377)
2022-02-17 12:12:59 +03:00
users
FEATURE: Experimental support for group membership via google auth (#14835)
2021-12-09 12:30:27 +00:00
about_controller.rb
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
2020-05-23 00:56:13 -04:00
application_controller.rb
FEATURE: Centralized 2FA page (#15377)
2022-02-17 12:12:59 +03:00
associated_groups_controller.rb
FEATURE: Experimental support for group membership via google auth (#14835)
2021-12-09 12:30:27 +00:00
badges_controller.rb
UX: Add image uploader widget for uploading badge images (#12377)
2021-03-17 08:55:23 +03:00
bookmarks_controller.rb
FEATURE: Topic-level bookmarks (#14353)
2021-09-21 08:45:47 +10:00
bootstrap_controller.rb
DEV: Support for running theme test with Ember CLI (third attempt)
2022-01-13 16:02:07 -05:00
categories_controller.rb
FEATURE: mute subcategory when parent category is muted (#15966)
2022-02-17 00:42:02 +01:00
clicks_controller.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
composer_messages_controller.rb
DEV: Upgrading Discourse to Zeitwerk (#8098)
2019-10-02 14:01:53 +10:00
csp_reports_controller.rb
DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337)
2020-04-02 11:16:38 -04:00
directory_columns_controller.rb
DEV: Plugin API to add directory columns (#13440)
2021-06-22 13:00:04 -05:00
directory_items_controller.rb
FIX: unable to filter user directory when sorted by user field. (#15951)
2022-02-16 07:57:35 +05:30
do_not_disturb_controller.rb
DEV: Replace 'processed' column on notifications with new table (#11864)
2021-01-27 10:29:24 -06:00
drafts_controller.rb
DEV: do not return no_result_help from the server (#15220)
2021-12-08 21:46:54 +04:00
edit_directory_columns_controller.rb
FIX: Always serialize the correct attributes for DirectoryItems (#13510)
2021-06-23 14:55:17 -05:00
email_controller.rb
FIX: set mailing_list_mode to false when unsubscribing from all (#10354)
2020-08-03 16:59:54 +10:00
embed_controller.rb
UX: display correct replies count in embedded comments view. (#14175)
2021-08-30 10:37:53 +05:30
exceptions_controller.rb
FEATURE: Add site setting to show more detailed 404 errors. (#8014)
2019-10-08 14:15:08 +03:00
export_csv_controller.rb
DEV: Switch to new ExportUserArchive job
2020-08-28 11:46:53 -07:00
extra_locales_controller.rb
Replace base_uri with base_path (#10879)
2020-10-09 12:51:24 +01:00
finish_installation_controller.rb
DEV: Hash tokens stored from email_tokens (#14493)
2021-11-25 09:34:39 +02:00
forums_controller.rb
DEV: Avoid $ globals (#15453)
2022-01-08 23:39:46 +01:00
groups_controller.rb
FIX: Sort group owners and members together (#15708)
2022-02-09 11:43:58 +02:00
hashtags_controller.rb
DEV: Merge category and tag hashtags code paths (#10216)
2020-07-13 19:13:17 +03:00
highlight_js_controller.rb
DEV: apply allow origin response header for CDN requests. (#11893)
2021-01-29 07:44:49 +05:30
inline_onebox_controller.rb
FIX: Make inline oneboxes work with secured topics in secured contexts (#8895)
2020-02-12 12:11:28 +02:00
invites_controller.rb
FEATURE: Show error if invite to topic is invalid (#15959)
2022-02-16 18:35:02 +02:00
list_controller.rb
PERF: Revert all inboxes from messages route. (#14445)
2021-09-28 11:58:04 +08:00
metadata_controller.rb
FIX: Remove svg icons from webmanifest shortcuts (#15765)
2022-02-01 15:26:58 -03:00
notifications_controller.rb
REFACTOR: Improve support for consolidating notifications. (#14904)
2021-11-30 13:36:14 -03:00
offline_controller.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
onebox_controller.rb
DEV: Add more debugging context to onebox generation
2020-10-22 12:50:22 +08:00
permalinks_controller.rb
FIX: Check for permalinks before showing the 404 page
2020-03-23 16:31:07 -07:00
post_action_users_controller.rb
FEATURE: Allow category group moderators to delete topics (#11069)
2020-11-05 12:18:26 -05:00
post_actions_controller.rb
FEATURE: Admins can flag posts so they can review them later. (#12311)
2021-03-11 08:21:24 -03:00
post_readers_controller.rb
DEV: '= true' is not necessary
2019-12-03 11:32:45 -03:00
posts_controller.rb
FIX: Clear drafts only when post is created by real user (#15720)
2022-02-09 10:37:38 +02:00
presence_controller.rb
UX: Make PresenceChannel changes more responsive (#14733)
2021-10-26 21:15:20 +01:00
published_pages_controller.rb
FIX: Do not enable published page if secure media enabled (#11131)
2020-11-06 10:33:19 +10:00
push_notification_controller.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
qunit_controller.rb
DEV: Make Ember CLI assets the default in production (#15861)
2022-02-08 10:03:53 +00:00
reviewable_claimed_topics_controller.rb
FEATURE: Allow group moderators to close/archive topics
2020-07-14 12:36:19 -04:00
reviewables_controller.rb
FEATURE: Show stale reviewable to other clients (#13114)
2021-05-26 09:47:35 +10:00
robots_txt_controller.rb
FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131)
2021-11-30 12:55:25 +03:00
safe_mode_controller.rb
FEATURE: Always disable customizations on the /safe-mode route (#9052)
2020-02-28 10:53:11 +00:00
search_controller.rb
FIX: global setting needs to be coerced to float (#11162)
2020-11-09 16:46:52 +11:00
session_controller.rb
DEV: pull email address validation out to a new EmailAddressValidator
2022-02-17 21:49:22 -05:00
similar_topics_controller.rb
PERF: Avoid parsing Post#cooked with Nokogiri for every search.
2020-07-24 10:43:09 +08:00
site_controller.rb
DEV: Include login_required attribute in basic info endpoint (#14064)
2021-08-17 14:05:51 -04:00
static_controller.rb
DEV: Correct service-worker sourceMappingURL (#15916)
2022-02-14 12:47:56 +00:00
steps_controller.rb
DEV: Upgrading Discourse to Zeitwerk (#8098)
2019-10-02 14:01:53 +10:00
stylesheets_controller.rb
DEV: Fix stylesheet manager flaky spec (#13846)
2021-07-26 14:22:54 +10:00
svg_sprite_controller.rb
FIX: Use absolute URL when redirecting SVG sprite path.
2021-06-30 11:25:05 +08:00
tag_groups_controller.rb
FIX: Allow finding non-lowercase tag groups (#12787)
2021-04-21 19:15:53 +02:00
tags_controller.rb
FEATURE: ability to add description to tags (#15125)
2021-12-01 09:18:56 +11:00
theme_javascripts_controller.rb
FEATURE: Allow theme tests to be run in production (take 2) (#12845)
2021-04-28 23:12:08 +03:00
topics_controller.rb
FIX: Don't advance draft sequence when editing topic title (#16002)
2022-02-23 10:39:54 +03:00
uploads_controller.rb
DEV: Extract shared external upload routes into controller helper (#14984)
2021-11-18 09:17:23 +10:00
user_actions_controller.rb
FIX: Sanitize parameters provided to user actions
2022-02-23 15:46:40 +01:00
user_api_keys_controller.rb
FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978)
2021-02-08 10:04:33 +00:00
user_avatars_controller.rb
DEV: Fix methods removed in Ruby 3.2 (#15459)
2022-01-05 18:45:08 +01:00
user_badges_controller.rb
FIX: simplify and improve choosing favorite badges (#13743)
2021-07-16 11:13:00 +08:00
users_controller.rb
DEV: pull email address validation out to a new EmailAddressValidator
2022-02-17 21:49:22 -05:00
users_email_controller.rb
DEV: Hash tokens stored from email_tokens (#14493)
2021-11-25 09:34:39 +02:00
webhooks_controller.rb
DEV: Add bounce_error_code to EmailLog (#15948)
2022-02-15 14:17:26 +10:00
wizard_controller.rb
DEV: Upgrading Discourse to Zeitwerk (#8098)
2019-10-02 14:01:53 +10:00