Commit Graph

26 Commits

Author SHA1 Message Date
Ian Christian Myers
b61e10f9ad All parameters for #create in PostsController pass through strong_parameters.
We are now explicitly whitelisting all parameters for Post creation. A nice side-effect is that it cleans up the #create action in PostsController. We can now trust that all parameters entering PostCreator are of a safe scalar type.
2013-06-07 01:29:25 -07:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam
870e59883b secure the links on the topic pages, eliminated deleted topics as well. 2013-06-05 16:10:26 +10:00
Robin Ward
d554a59102 Support for a new site setting: newuser_spam_host_threshold. If a new user posts a link
to the same host enough tiles, they will not be able to post the same link again.

Additionally, the site will flag all their previous posts with links as spam and they will
be instantly hidden via the auto hide workflow.
2013-05-16 12:19:50 -04:00
Neil Lalonde
9828c87525 Topic Auto-Close: admins and mods can set a topic to automatically close after a number of days 2013-05-13 12:53:52 -04:00
Sam
942f168ab6 UI still a tad rough, but we have a first pass of secure categories 2013-05-10 16:47:47 +10:00
Sam
20493106cd fix post trashing 2013-05-07 17:56:56 +10:00
Sam
e9fc272db7 remove acts_as_paranoid, use .trash! , .recover! and .with_deleted as needed
makes upgrading to rails 4 possible
2013-05-07 14:39:01 +10:00
Sam
cef9a74053 route for markdown /md/topic_id/post_number 2013-04-30 16:30:41 +10:00
Sam
f9e33ec6b8 store ip address and current user with incoming links
make links long an readable in share dialog
2013-04-26 16:18:55 +10:00
Sam
37867af1bb track incoming links, amend share link to include user
fix pm styling
2013-04-24 18:05:35 +10:00
Régis Hanol
c5cf8be864 auto replace rules in titles 2013-04-10 11:00:50 +02:00
Sam
2295290383 added best=N option to get N best comment on a post 2013-03-27 22:53:11 -07:00
Sam
fc94d3e551 match the create api with the update api ... so api is more consistent 2013-03-26 23:49:35 -07:00
Sarah Vessels
54c7b1ab63 Use consistent new-style hashes in render calls *twitch* 2013-03-22 14:08:11 -04:00
Sam
62c60540be pull moderator into own column, rename trust levels 2013-03-19 21:06:11 -07:00
Robin Ward
59fc3bfac4 PostDestroyer to replace callbacks for destroying 2013-03-18 17:55:11 -04:00
Gosha Arinich
0c99dea153 introduce Enum 2013-03-01 21:16:36 +03:00
Gosha Arinich
cafc75b238 remove trailing whitespaces ❤️ 2013-02-26 07:31:35 +03:00
Robin Ward
532b1f5450 Can edit category descriptions, they show up in a title attribute 2013-02-22 13:43:47 -05:00
Robin Ward
b9457197c0 First stab at new user education - configurable messages that pop up on a user's first
few posts/topics.
2013-02-14 15:33:51 -05:00
Robin Ward
03a798b202 Can clear flags on deleted posts if you're a moderator 2013-02-08 19:07:29 -05:00
Robin Ward
7c11c3fe0f Can edit deleted posts. 2013-02-08 17:49:15 -05:00
Robin Ward
084a873b91 Give regular users a delete button. If they click it, their post will be revised to
say it was deleted.
2013-02-07 15:14:23 -05:00
Jakub Arnold
61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00