discourse/spec/requests
Vinoth Kannan 7b53e610c1
SECURITY: limit the number of characters in watched word replacements.
The watch words controller creation function, create_or_update_word(), doesn’t validate the size of the replacement parameter, unlike the word parameter, when creating a replace watched word. So anyone with moderator privileges can create watched words with almost unlimited characters.
2024-07-15 19:25:17 +08:00
..
admin SECURITY: limit the number of characters in watched word replacements. 2024-07-15 19:25:17 +08:00
api Revert "FEATURE: custom flag can require additional message (#27706)" (#27906) 2024-07-15 09:45:57 +10:00
examples SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
about_controller_spec.rb FIX: crawler view with unicode usernames (#27051) 2024-05-16 17:11:24 +02:00
application_controller_spec.rb FEATURE: Use group based setting for unsafe-none COOP (#27783) 2024-07-09 11:25:49 -05:00
associate_accounts_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
badges_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
bookmarks_controller_spec.rb FEATURE: Add bulk action to bookmark (#26856) 2024-05-22 12:50:21 -03:00
categories_controller_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
clicks_controller_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
composer_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
composer_messages_controller_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
csp_reports_controller_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
directory_items_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
do_not_disturb_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
drafts_controller_spec.rb FIX: Load categories with user activity and drafts (#26553) 2024-04-10 17:35:42 +03:00
edit_directory_columns_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
email_controller_spec.rb FEATURE: remove category badge style options, set bullet style as default (#24198) 2023-11-13 10:46:15 -05:00
embed_controller_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
exceptions_controller_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
export_csv_controller_spec.rb SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
extra_locales_controller_spec.rb DEV: Upgrade the MessageFormat library (JS) 2024-07-10 09:51:25 +02:00
finish_installation_controller_spec.rb DEV: Improve error message when test fails (#25067) 2023-12-29 12:44:41 +08:00
form_templates_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
forums_controller_spec.rb DEV: Correct forums_controller success spec (#24690) 2023-12-04 14:26:29 +00:00
groups_controller_spec.rb FIX: invalid user locale when accepting group membership 2024-06-27 19:22:55 +02:00
hashtags_controller_spec.rb DEV: Fix flaky test (#25935) 2024-02-28 20:32:14 +02:00
highlightjs_controller_spec.rb FIX: Ensure app-cdn CORS is not overridden by cors_origin setting (#24661) 2023-12-01 12:57:11 +00:00
inline_onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
invites_controller_spec.rb SECURITY: Limit invites params length 2024-03-15 14:24:07 +08:00
list_controller_spec.rb FIX: Render a 404 error on a bad redirect in list controller 2024-06-28 10:42:10 +02:00
metadata_controller_spec.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
noscript_escape_spec.rb SECURITY: Properly escape user content within <noscript> 2024-01-30 09:10:09 -07:00
notifications_controller_spec.rb DEV: Allow user api key scope for notifications#totals (#26205) 2024-03-15 16:06:32 -04:00
offline_controller_spec.rb Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
omniauth_callbacks_controller_spec.rb FIX: increase secure session for OAuth expiration time (#27674) 2024-07-02 11:43:59 +10:00
onebox_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
permalinks_controller_spec.rb FIX: Don’t raise an error on permalinks with external URL 2024-06-28 10:09:37 +02:00
post_action_users_controller_spec.rb DEV: Add post_action_users_list modifier for PostActionUsersController (#25740) 2024-02-20 09:48:09 +10:00
post_actions_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
post_readers_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
posts_controller_spec.rb FIX: Allow error handling for formats besides JSON (#27811) 2024-07-11 11:59:00 -03:00
presence_controller_spec.rb FIX: Updating presence status in readonly mode should fail gracefully (#24333) 2023-11-10 14:27:43 -06:00
published_pages_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
push_notification_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
qunit_controller_spec.rb DEV: Stop building test assets in production under Embroider (#23388) 2023-09-11 09:12:37 +01:00
reviewable_claimed_topics_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
reviewables_controller_spec.rb FIX: Rejection email sent even if reject reason too long (#27529) 2024-06-19 11:07:23 +10:00
robots_txt_controller_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
safe_mode_controller_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
search_controller_spec.rb FIX: Load categories with search topic results (#25700) 2024-02-21 17:29:47 +02:00
session_controller_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
sidebar_sections_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
similar_topics_controller_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
site_controller_spec.rb DEV: Refactor discover setting reporting (#26706) 2024-04-23 09:52:01 -04:00
sitemap_controller_spec.rb DEV: Remove unnecessary rails_helper requiring (#26364) 2024-03-26 11:32:01 +01:00
slugs_controller_spec.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
static_controller_spec.rb FIX: StaticController#enter should not redirect to invalid paths (#27913) 2024-07-15 14:39:37 +08:00
steps_controller_spec.rb DEV: Apply syntax_tree formatting to spec/* 2023-01-09 11:49:28 +00:00
stylesheets_controller_spec.rb DEV: Fix test incorrectly removing stylesheet cache of other processes (#25103) 2024-01-03 13:15:35 +08:00
svg_sprite_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
tag_groups_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
tags_controller_spec.rb FIX: muted tags breaking hot page when filtered to tags (#25824) 2024-02-23 17:11:39 +11:00
theme_javascripts_controller_spec.rb DEV: Compile theme migrations javascript files when running theme qunit (#25219) 2024-01-16 09:50:44 +08:00
topic_view_stats_controller_spec.rb FEATURE: topic_view_stats table with daily fidelity (#27197) 2024-05-27 15:25:32 +10:00
topics_controller_spec.rb FIX: deleted topic author in crawler view (#27788) 2024-07-09 10:44:03 +02:00
uploads_controller_multisite_spec.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
uploads_controller_spec.rb SECURITY: Add rate limits for uploads 2024-03-15 14:24:00 +08:00
user_actions_controller_spec.rb FIX: Load categories with user activity and drafts (#26553) 2024-04-10 17:35:42 +03:00
user_api_keys_controller_spec.rb DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
user_avatars_controller_spec.rb FEATURE: reduce avatar sizes to 6 from 20 (#21319) 2023-06-01 10:00:01 +10:00
user_badges_controller_spec.rb DEV: Incorrect setup for test (#24736) 2023-12-06 09:26:45 +08:00
user_status_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
users_controller_spec.rb FIX: Don't require fields required on sign-up when updating fields (#27888) 2024-07-15 09:56:20 +10:00
users_email_controller_spec.rb DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404) 2024-01-30 10:32:42 +00:00
webhooks_controller_spec.rb FEATURE: Add Mailpace webhook (#21981) 2023-06-08 20:06:20 +03:00
wizard_controller_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00