github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-02 19:45:21 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
42d2cb2d4e
discourse/spec
History
Alan Guo Xiang Tan 42d2cb2d4e
SECURITY: Hide PM count for tags by default (#20061) (#20090) 
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-02-01 06:43:58 +08:00
..
fabricators DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
fixtures DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
helpers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
import_export DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
initializers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
integration FIX: Query UploadReference in UploadSecurity for existing uploads (#19917) 2023-01-25 13:48:49 +02:00
integrity FIX: Fix incorrect hashtag setting migration (#19857) 2023-01-25 13:48:49 +02:00
jobs DEV: Fix threading error when running jobs immediately in system tests (#19811) 2023-01-10 13:41:25 +08:00
lib FIX: Ensure anon-cached values are never returned for API requests (stable) (#20022) 2023-01-30 14:42:51 +00:00
mailers DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
models SECURITY: Remove bypass for base_url 2023-01-25 13:53:22 +02:00
multisite DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
requests SECURITY: Hide PM count for tags by default (#20061) (#20090) 2023-02-01 06:43:58 +08:00
script/import_scripts DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
serializers SECURITY: Default tags to show count of topics in unrestricted categories (#19929) 2023-01-20 11:59:37 +08:00
services FIX: Do not add empty use/svg tags in ExcerptParser (#19969) 2023-01-25 13:48:49 +02:00
support SECURITY: Default tags to show count of topics in unrestricted categories (#19929) 2023-01-20 11:59:37 +08:00
system FIX: Preload user sidebar attrs when ?enable_sidebar=1 (#19843) 2023-01-25 13:48:49 +02:00
tasks DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
views DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
rails_helper.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00