github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-01 01:06:42 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/config
History
Alan Guo Xiang Tan 42d2cb2d4e
SECURITY: Hide PM count for tags by default (#20061) (#20090) 
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-02-01 06:43:58 +08:00
..
cloud/cloud66
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
environments
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
initializers
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
locales
SECURITY: Hide PM count for tags by default (#20061) (#20090)
2023-02-01 06:43:58 +08:00
application.rb
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
boot.rb
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
cdn.yml.sample
database.yml
Revert "DEV: Improve multisite db scripts in dev (#17337)" (#17801)
2022-08-04 16:15:06 -05:00
deploy.rb.sample
dev_defaults.yml
DEV: Fix typos and outdated comments (#16614)
2022-05-04 14:12:18 +08:00
discourse_defaults.conf
FEATURE: Optionally allow a separate s3_asset_cdn_url to be specified (#19284)
2022-12-08 10:36:20 +00:00
discourse.config.sample
discourse.pill.sample
environment.rb
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample
DEV: Remove db_id from sample multisite config.
2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf
FIX: Update nginx config for v1.23 (#19651)
2022-12-30 12:35:26 +00:00
projections.json
DEV: Use .hbr for raw template file extension (#8883)
2020-02-11 13:38:12 -06:00
puma.rb
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
routes.rb
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
sidekiq.yml
site_settings.yml
SECURITY: Hide PM count for tags by default (#20061) (#20090)
2023-02-01 06:43:58 +08:00
spring.rb
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn_launcher
unicorn_upstart.conf
unicorn.conf.rb
DEV: Apply syntax_tree formatting to config/*
2023-01-09 11:13:29 +00:00