Commit Graph

10 Commits

Author SHA1 Message Date
Neil Lalonde
c61462662b Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 16:59:20 -04:00
riking
eb90315dfd Strip whitespace from site settings 2014-04-08 01:59:48 -07:00
Neil Lalonde
74f1c553e3 FIX: 1868 Security: Dangerous Send 2014-01-27 13:05:51 -05:00
Régis Hanol
8d73b7f94d BUGFIX: hide sensitive site settings 2014-01-06 13:03:53 +01:00
Neil Lalonde
1d030666d8 Log site setting changes and show in admin 2013-08-19 16:58:38 -04:00
Neil Lalonde
82b5f57e40 Make it possible to set a site setting to empty string 2013-06-11 14:31:38 -04:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam
a2cca2540e some minimal site settings diags
fix issue where days_visited was totally out of sync
2013-04-05 17:47:54 +11:00
Jakub Arnold
61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward
21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00