github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-02 11:23:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
2c45b949ea
discourse/spec/lib
History
Martin Brennan 2c45b949ea SECURITY: Filter unread bookmark reminders the user cannot see 
There is an edge case where the following occurs:

1. The user sets a bookmark reminder on a post/topic
2. The post/topic is changed to a PM before or after the reminder
   fires, and the notification remains unread by the user
3. The user opens their bookmark reminder notification list
   and they can still see the notification even though they cannot
   access the topic anymore

There is a very low chance for information leaking here, since
the only thing that could be exposed is the topic title if it
changes to something sensitive.

This commit filters the bookmark unread notifications by using
the bookmarkable can_see? methods and also prevents sending
reminder notifications for bookmarks the user can no longer see.
2023-11-09 13:47:24 +11:00
..
auth DEV: Fix random typos (#22804) 2023-07-26 12:45:35 +02:00
backup_restore DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
common_passwords DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
compression DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
concern DEV: stop leaking data into tables during test (#21403) 2023-05-06 07:15:33 +10:00
content_security_policy DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
email DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
file_store FEATURE: allow S3 ACLs to be disabled (#21769) 2023-06-06 15:47:40 +10:00
final_destination DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
freedom_patches DEV: Update TranslateAccelerator missing translation string (#22158) 2023-06-16 15:28:03 +01:00
guardian FEATURE: Separated 'trusted users can edit others' setting for trust level 3 & 4 (#21493) 2023-07-07 10:48:14 -05:00
highlight_js DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
i18n DEV: Update I18n to 1.13.0 (#21685) 2023-05-24 08:59:37 +08:00
imap DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
import DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
middleware SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
migration DEV: Allow DROP NOT NULL in pre-deploy migrations (#20775) 2023-03-22 14:43:32 +00:00
onebox SECURITY: Onebox templates' HTML injections (stable). 2023-11-09 13:47:23 +11:00
plugin DEV: Add Custom emoji sanitization (#22697) 2023-07-19 14:09:26 -05:00
pretty_text FIX: Hashtag error in PrettyText when processing email (#22680) 2023-07-19 10:52:18 +10:00
rate_limiter DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
scheduler DEV: Prevent defer stats exception when thread aborted (#19863) 2023-01-16 09:08:44 +11:00
second_factor DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
seed_data DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
site_settings DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
stylesheet DEV: Eliminate flakiness in specs that depend on plugins from fixtures (#21912) 2023-06-05 08:06:00 +08:00
summarization FEATURE: Inline topic summary. Cached version accessible to everyone. (#22551) 2023-07-12 11:21:51 -03:00
svg_sprite SECURITY: Reduce maximum size of SVG sprite cache to prevent DoS 2023-09-12 15:35:45 -03:00
theme_store DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_query FEATURE: Only list watching group messages in messages notifications panel (#20630) 2023-03-13 08:09:38 +08:00
validators DEV: Add some description to help with understanding flakey test failures (#22772) 2023-07-25 15:14:08 +08:00
webauthn DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
wizard DEV: Replace #pluck_first freedom patch with AR #pick in core (#19893) 2023-02-13 12:39:45 +08:00
admin_confirmation_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
admin_user_index_query_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
archetype_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
bookmark_manager_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
bookmark_query_spec.rb SECURITY: Filter unread bookmark reminders the user cannot see 2023-11-09 13:47:24 +11:00
bookmark_reminder_notification_handler_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
browser_detection_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
cache_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
category_badge_spec.rb FIX: do not escape slash for category text description (#20460) 2023-02-27 12:48:48 +11:00
category_guardian_spec.rb FIX: Don't autojoin users when they have ready-only permissions (#20213) 2023-05-10 08:45:13 -03:00
color_math_spec.rb UX: Calculate missing hover/selected colors from existing colors (#20105) 2023-02-01 09:55:21 +00:00
composer_messages_finder_spec.rb DEV: Ensure don't feed the trolls feature considers active flags only (#22774) 2023-07-25 15:12:22 +08:00
content_buffer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
content_security_policy_spec.rb SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
cooked_post_processor_spec.rb DEV: Skip srcset for onebox thumbnails (#22621) 2023-07-19 12:21:34 -06:00
crawler_detection_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
current_user_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
db_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
directory_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_diff_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_event_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_hub_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_js_processor_spec.rb FIX: Ensure skip-module JS is transpiled correctly (#21224) 2023-04-24 17:39:02 +01:00
discourse_plugin_registry_spec.rb FEATURE: Add hooks for email poller plugins (#21384) 2023-06-26 13:16:03 +08:00
discourse_redis_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_sourcemapping_url_processor_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
discourse_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
discourse_tagging_spec.rb FIX: delete synonym tags if other synonyms are already exist. (#21885) 2023-06-02 19:47:29 +05:30
discourse_updates_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
distributed_cache_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
distributed_memoizer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
distributed_mutex_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
email_cook_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
email_updater_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
ember_cli_spec.rb DEV: Add test for EmberCli#ember_version (#18140) 2022-08-30 20:33:08 +01:00
encodings_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
enum_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
excerpt_parser_spec.rb FIX: Internal oneboxes with github links (#22829) 2023-07-28 09:07:53 -06:00
feed_element_installer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
feed_item_accessor_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
file_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
filter_best_posts_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
final_destination_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
flag_settings_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
gaps_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
git_repo_spec.rb FEATURE: display commit hash for each plugin on /admin/plugins page. (#22176) 2023-06-26 10:09:57 +05:30
git_url_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
global_path_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
group_email_credentials_check_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
group_lookup_spec.rb FEATURE: display PM participant group names in the topics list. (#21677) 2023-05-31 19:32:06 +05:30
guardian_spec.rb FEATURE: Implement SiteSetting to Allow Anonymous Likes (#22131) 2023-07-21 21:21:07 +08:00
has_errors_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
hijack_spec.rb SECURITY: Don't allow a particular site to monopolize the defer queue 2023-07-28 12:53:51 +01:00
html_prettify_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
html_to_markdown_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
image_sizer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
inline_oneboxer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
js_locale_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
json_error_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
letter_avatar_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
message_id_service_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
method_profiler_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
mini_sql_multisite_connection_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
mobile_detection_spec.rb Drop support for iOS < 15.7 (#19847) 2023-01-16 17:28:59 +00:00
new_post_manager_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
new_post_result_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
onebox_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
oneboxer_spec.rb FIX: Use Twitter API v2 for oneboxes and restore OpenGraph fallback (#22187) 2023-06-22 14:39:02 -03:00
onpdiff_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
password_hasher_spec.rb FEATURE: Persist password hashing algorithm/params in database (#20980) 2023-04-11 10:16:28 +01:00
pbkdf2_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
pinned_check_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
plain_text_to_markdown_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_action_creator_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
post_action_destroyer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_creator_spec.rb SECURITY: Prevent arbitrary topic custom fields from being set 2023-10-16 10:51:28 -04:00
post_destroyer_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
post_jobs_enqueuer_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
post_locker_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_merger_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
post_revisor_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
presence_channel_spec.rb FIX: Ensure PresenceChannel does not raise error during readonly (#22899) 2023-08-01 09:34:57 +01:00
pretty_text_spec.rb FIX: Add aria-label attribute to cooked hashtags (#22182) 2023-06-20 15:47:17 +10:00
promotion_spec.rb FIX: Do not validate email in TL promotion (#20892) 2023-03-30 13:52:10 +10:00
quote_comparer_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
quote_rewriter_spec.rb DEV: Update display name in new quote format - Part 2 (#22104) 2023-06-26 11:01:59 +08:00
rate_limiter_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
retrieve_title_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
rtl_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_cors_rulesets_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_helper_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_inventory_multisite_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
s3_inventory_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
score_calculator_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
scss_checker_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
search_spec.rb FEATURE: allow searching for oldest topics (#21715) 2023-05-24 18:26:36 +10:00
secure_session_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
shrink_uploaded_image_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
sidebar_section_links_updater_spec.rb FIX: Seed all categories and tags configured as defaults for nav menu (#22793) 2023-07-27 10:52:33 +08:00
site_icon_manager_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
site_setting_extension_multisite_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
site_setting_extension_spec.rb DEV: Add auto _map extension for simple/compact list SiteSettings (#20888) 2023-03-30 14:08:19 +10:00
slug_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
spam_handler_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
suggested_topics_builder_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
system_message_spec.rb FIX: Send TL2 promotion message to correct user (#21978) 2023-06-07 22:51:24 +03:00
text_cleaner_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
text_sentinel_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
theme_flag_modifier_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
theme_javascript_compiler_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
theme_settings_manager_spec.rb FIX: Use the default value correctly for theme settings of type uploads (#20541) 2023-03-06 11:41:47 +03:00
theme_settings_parser_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
timeline_lookup_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
tiny_japanese_segmenter_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_creator_spec.rb SECURITY: Prevent arbitrary topic custom fields from being set 2023-10-16 10:51:28 -04:00
topic_publisher_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
topic_query_spec.rb FEATURE: allow user to override watched_precedence_over_muted setting (#22340) 2023-07-04 15:08:29 +10:00
topic_retriever_spec.rb FEATURE: Update topic/comment embedding parameters (#20181) 2023-02-28 14:31:59 +02:00
topic_upload_security_manager_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
topic_view_spec.rb DEV: add topic_query_suggested_options modifier (#20893) 2023-03-31 09:03:15 +11:00
topics_bulk_action_spec.rb SECURITY: Prevent dismissal of topics that user can't see (#22086) 2023-06-13 11:08:55 -06:00
topics_filter_spec.rb DEV: Add order:title filter to experimental /filter route (#22293) 2023-06-28 06:21:56 +08:00
trashable_spec.rb DEV: Added .only_deleted scope in the Trashable module (#20196) 2023-02-07 15:28:59 -03:00
truncate_logs_formatter_spec.rb SECURITY: Add a default limit as to when logs should be truncated 2023-10-16 10:51:31 -04:00
trust_level_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
twitter_api_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
unread_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
upload_creator_spec.rb DEV: allow using CDN URL for all s3 uploads (#20755) 2023-07-12 12:06:49 +08:00
upload_markdown_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
upload_recovery_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
upload_security_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
url_helper_spec.rb SECURITY: Limit URL length for theme remote (#20787) 2023-03-23 12:01:04 +00:00
user_comm_screener_spec.rb DEV: Update the rubocop-discourse gem 2023-06-26 11:41:52 +02:00
user_lookup_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
user_name_suggester_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
version_spec.rb SECURITY: Add limits for themes and theme assets 2023-09-12 15:35:50 -03:00
work_queue_spec.rb SECURITY: Don't allow a particular site to monopolize the defer queue 2023-07-28 12:53:51 +01:00