github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-02 19:55:12 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
42d2cb2d4e
discourse/config
History
Alan Guo Xiang Tan 42d2cb2d4e
SECURITY: Hide PM count for tags by default (#20061) (#20090) 
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-02-01 06:43:58 +08:00
..
cloud/cloud66 DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
environments DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
initializers DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
locales SECURITY: Hide PM count for tags by default (#20061) (#20090) 2023-02-01 06:43:58 +08:00
application.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
boot.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
cdn.yml.sample
database.yml Revert "DEV: Improve multisite db scripts in dev (#17337)" (#17801) 2022-08-04 16:15:06 -05:00
deploy.rb.sample
dev_defaults.yml DEV: Fix typos and outdated comments (#16614) 2022-05-04 14:12:18 +08:00
discourse_defaults.conf FEATURE: Optionally allow a separate s3_asset_cdn_url to be specified (#19284) 2022-12-08 10:36:20 +00:00
discourse.config.sample
discourse.pill.sample
environment.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample DEV: Remove db_id from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf FIX: Update nginx config for v1.23 (#19651) 2022-12-30 12:35:26 +00:00
projections.json DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
puma.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
routes.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
sidekiq.yml
site_settings.yml SECURITY: Hide PM count for tags by default (#20061) (#20090) 2023-02-01 06:43:58 +08:00
spring.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn_launcher
unicorn_upstart.conf
unicorn.conf.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00