Alan Guo Xiang Tan 5878535606

FIX: Searching for svg sprite icons connecting to default database (#21605) ...

What is the problem?

In `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search`, the controller actions
was using the `RailsMultisite::ConnectionManagement.with_hostname` API
but `params[:hostname]` was always `nil` because the routes does not
have a `:hostname` param component and the client does not ever pass the
`:hostname` param when making the request. When `RailsMultisite::ConnectionManagement.with_hostname` is
used with a `nil` argument, it ends up connecting to the default
multisite database. Usually this would be bad because we're allowing a
site in a multisite setup to connect to another site but thankfully no
private data is being leaked here.

What is the fix?

Since `SvgSpriteController#search` and `SvgSpriteController#icon_picker_search` are login required route,
there is no need for us to switch database connections. The fix here is
to simply remove the use of `RailsMultisite::ConnectionManagement.with_hostname`.

2023-05-17 14:25:06 +08:00

..

assets

FIX: Clear topic list cache after archiving a PM (#21602)

2023-05-17 14:23:23 +10:00

controllers

FIX: Searching for svg sprite icons connecting to default database (#21605)

2023-05-17 14:25:06 +08:00

helpers

UX: Improve login required page (#20847)

2023-03-28 07:09:44 -05:00

jobs

FEATURE: Add new notification for admin problems (#21287)

2023-05-03 19:35:22 +03:00

mailers

FIX: Likes received count in digest email (#21458)

2023-05-09 19:19:26 +02:00

models

DEV: Set limit for Invite#custom_message

2023-05-15 09:55:28 +02:00

serializers

FEATURE: Show user cards for inactive users (#21387)

2023-05-15 21:45:26 +03:00

services

FIX: Handle all UTF-8 characters (#21344)

2023-05-15 12:45:04 +03:00

views

FIX: Likes received count in digest email (#21458)

2023-05-09 19:19:26 +02:00