mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 18:12:46 +08:00
3c5fb871c0
There is an edge case where the following occurs: 1. The user sets a bookmark reminder on a post/topic 2. The post/topic is changed to a PM before or after the reminder fires, and the notification remains unread by the user 3. The user opens their bookmark reminder notification list and they can still see the notification even though they cannot access the topic anymore There is a very low chance for information leaking here, since the only thing that could be exposed is the topic title if it changes to something sensitive. This commit filters the bookmark unread notifications by using the bookmarkable can_see? methods and also prevents sending reminder notifications for bookmarks the user can no longer see. |
||
|---|---|---|
| .. | ||
| fabricators | ||
| fixtures | ||
| helpers | ||
| import_export | ||
| initializers | ||
| integration | ||
| integrity | ||
| jobs | ||
| lib | ||
| mailers | ||
| migrations | ||
| models | ||
| multisite | ||
| requests | ||
| script/import_scripts | ||
| serializers | ||
| services | ||
| support | ||
| system | ||
| tasks | ||
| views | ||
| rails_helper.rb | ||
| regenerate_swagger_docs | ||
| swagger_helper.rb | ||