github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-05 10:03:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
4bf306f0e3
discourse/spec/fabricators
History
Alan Guo Xiang Tan 65820e8ac1
SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18770) 
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
2022-10-27 11:48:00 +08:00
..
allowed_pm_users.rb FEATURE: Allow List for PMs (#10270) 2020-07-20 15:23:49 -06:00
api_key_fabricator.rb
associated_group_fabricator.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
badge_fabricator.rb
bookmark_fabricator.rb DEV: Ignore reminder_type for bookmarks (#14349) 2021-09-16 09:56:54 +10:00
category_fabricator.rb
category_group_fabricator.rb
color_scheme_color_fabricator.rb
color_scheme_fabricator.rb
dimissed_topic_user.rb FEATURE: New way to dismiss new topics (#11927) 2021-02-04 11:27:34 +11:00
do_not_disturb_fabricator.rb FEATURE: Do not disturb (#11484) 2020-12-18 09:03:51 -06:00
email_change_request_fabricator.rb
email_log_fabricator.rb
email_token_fabricator.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
embeddable_host_fabricator.rb
external_upload_stub_fabricator.rb DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
flag_fabricator.rb
group_fabricator.rb DEV: Add SMTP group ID to EmailLog (#13381) 2021-06-15 11:29:46 +10:00
group_history_fabricator.rb
group_request_fabricator.rb
group_user_fabricator.rb
ignored_user_fabricator.rb DEV: Cleanup ignored user logic (#11107) 2020-11-03 12:38:54 +00:00
incoming_email_fabricator.rb FIX: Change default for IncomingEmail#created_via to 0 (unknown) and make NOT NULL (#11782) 2021-01-21 12:59:50 +10:00
incoming_link_fabricator.rb
invite_fabricator.rb
invited_user_fabricator.rb FEATURE: multiple use invite links (#9813) 2020-06-09 20:49:32 +05:30
like_fabricator.rb
muted_user.rb
notification_fabricator.rb
optimized_image_fabricator.rb DEV: Fix OptimizedImage specs 2020-07-06 21:51:56 +02:00
permalink_fabricator.rb
post_action_fabricator.rb
post_custom_field_fabricator.rb
post_detail_fabricator.rb
post_fabricator.rb UX: display correct replies count in embedded comments view. (#14175) 2021-08-30 10:37:53 +05:30
post_reply_key_fabricator.rb
post_revision_fabricator.rb
published_page_fabricator.rb FEATURE: allows published pages to be public (#10053) 2020-06-17 12:42:20 +02:00
reviewable_claimed_topic_fabricator.rb
reviewable_fabricator.rb FEATURE: Notify responders of post removal (#15049) 2021-11-24 09:28:20 -06:00
reviewable_score_fabricator.rb FEATURE: Notify responders of post removal (#15049) 2021-11-24 09:28:20 -06:00
screened_email_fabricator.rb
screened_ip_address_fabricator.rb
screened_url_fabricator.rb
search_log_fabricator.rb
shared_draft_fabricator.rb
single_sign_on_record_fabricator.rb
skipped_email_log_fabricator.rb
tag_fabricator.rb
tag_group_fabricator.rb
tag_group_permission_fabricator.rb SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
theme_fabricator.rb
theme_field_fabricator.rb FIX: add theme field errors (#12880) 2021-04-28 15:00:37 -07:00
topic_allowed_group_fabricator.rb
topic_allowed_user_fabricator.rb
topic_embed_fabricator.rb
topic_fabricator.rb DEV: Add include_pms option to TopicQuery (#10647) 2020-09-14 12:07:35 +01:00
topic_tag_fabricator.rb
topic_timer_fabricator.rb
topic_user_fabricator.rb
upload_fabricator.rb FEATURE: Use path from existing URL of uploads and optimized images (#13177) 2021-05-27 17:42:25 +02:00
user_action_fabricator.rb
user_api_key_fabricator.rb DEV: Introduce plugin API to contribute user api key scopes 2020-10-19 10:40:55 +01:00
user_avatar_fabricator.rb
user_badge_fabricator.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18770) 2022-10-27 11:48:00 +08:00
user_email_fabricator.rb
user_fabricator.rb FEATURE: Disallow putting urls in the title for TL-0 users (#13947) 2021-08-05 13:38:39 +04:00
user_field_fabricator.rb
user_field_option_fabricator.rb.rb FIX: Validate value of custom dropdown user fields - dropdowns and multiple selects (#13890) 2021-07-30 13:50:47 -04:00
user_option_fabricator.rb
user_profile_fabricator.rb
user_second_factor_fabricator.rb
user_security_key_fabricator.rb
watched_word_fabricator.rb
web_crawler_request_fabricator.rb
web_hook_fabricator.rb FEATURE: add support for like webhooks (#12917) 2021-04-30 17:08:38 -07:00