github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-12 23:13:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5c91d9a629
discourse/app/controllers
History
Gerhard Schlager 5c91d9a629
SECURITY: Remove auto approval when redeeming an invite (#16976) 
This security fix affects sites which have `SiteSetting.must_approve_users`
enabled. There are intentional and unintentional cases where invited
users can be auto approved and are deemed to have skipped the staff approval process.
Instead of trying to reason about when auto-approval should happen, we have decided that
enabling the `must_approve_users` setting going forward will just mean that all new users
must be explicitly approved by a staff user in the review queue. The only case where users are auto
approved is when the `auto_approve_email_domains` site setting is used.

Co-authored-by: Alan Guo Xiang Tan <gxtan1990@gmail.com>
2022-06-02 16:11:04 +02:00
..
admin DEV: Fix typo for email encoded (#15577) 2022-01-14 09:33:15 +10:00
users FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
about_controller.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
application_controller.rb FIX: Don't redirect XHR/JSON requests when login is required (#15093) 2021-12-02 15:12:25 +00:00
associated_groups_controller.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
badges_controller.rb UX: Add image uploader widget for uploading badge images (#12377) 2021-03-17 08:55:23 +03:00
bookmarks_controller.rb FEATURE: Topic-level bookmarks (#14353) 2021-09-21 08:45:47 +10:00
bootstrap_controller.rb DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
categories_controller.rb SECURITY: Category group permissions leaked to normal users. 2022-04-08 11:04:59 +02:00
clicks_controller.rb
composer_messages_controller.rb
csp_reports_controller.rb DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337) 2020-04-02 11:16:38 -04:00
directory_columns_controller.rb DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
directory_items_controller.rb FIX: Include user_field_ids in pagination URL for directory items (#13569) 2021-06-29 14:43:38 -05:00
do_not_disturb_controller.rb DEV: Replace 'processed' column on notifications with new table (#11864) 2021-01-27 10:29:24 -06:00
drafts_controller.rb DEV: do not return no_result_help from the server (#15220) 2021-12-08 21:46:54 +04:00
edit_directory_columns_controller.rb FIX: Always serialize the correct attributes for DirectoryItems (#13510) 2021-06-23 14:55:17 -05:00
email_controller.rb FIX: set mailing_list_mode to false when unsubscribing from all (#10354) 2020-08-03 16:59:54 +10:00
embed_controller.rb UX: display correct replies count in embedded comments view. (#14175) 2021-08-30 10:37:53 +05:30
exceptions_controller.rb
export_csv_controller.rb DEV: Switch to new ExportUserArchive job 2020-08-28 11:46:53 -07:00
extra_locales_controller.rb Replace base_uri with base_path (#10879) 2020-10-09 12:51:24 +01:00
finish_installation_controller.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
forums_controller.rb DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00
groups_controller.rb FEATURE: Scheduled group email credential problem check (#15396) 2022-01-04 10:14:33 +10:00
hashtags_controller.rb DEV: Merge category and tag hashtags code paths (#10216) 2020-07-13 19:13:17 +03:00
highlight_js_controller.rb DEV: apply allow origin response header for CDN requests. (#11893) 2021-01-29 07:44:49 +05:30
inline_onebox_controller.rb
invites_controller.rb FIX: Mark invites flash messages as HTML safe. (#15539) 2022-01-18 09:38:31 -03:00
list_controller.rb PERF: Revert all inboxes from messages route. (#14445) 2021-09-28 11:58:04 +08:00
metadata_controller.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
notifications_controller.rb REFACTOR: Improve support for consolidating notifications. (#14904) 2021-11-30 13:36:14 -03:00
offline_controller.rb
onebox_controller.rb DEV: Add more debugging context to onebox generation 2020-10-22 12:50:22 +08:00
permalinks_controller.rb
post_action_users_controller.rb FEATURE: Allow category group moderators to delete topics (#11069) 2020-11-05 12:18:26 -05:00
post_actions_controller.rb FEATURE: Admins can flag posts so they can review them later. (#12311) 2021-03-11 08:21:24 -03:00
post_readers_controller.rb
posts_controller.rb FEATURE: Export topics to markdown (#15615) 2022-01-17 18:05:14 -03:00
presence_controller.rb UX: Make PresenceChannel changes more responsive (#14733) 2021-10-26 21:15:20 +01:00
published_pages_controller.rb FIX: Do not enable published page if secure media enabled (#11131) 2020-11-06 10:33:19 +10:00
push_notification_controller.rb
qunit_controller.rb DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
reviewable_claimed_topics_controller.rb FEATURE: Allow group moderators to close/archive topics 2020-07-14 12:36:19 -04:00
reviewables_controller.rb FEATURE: Show stale reviewable to other clients (#13114) 2021-05-26 09:47:35 +10:00
robots_txt_controller.rb FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131) 2021-11-30 12:55:25 +03:00
safe_mode_controller.rb
search_controller.rb FIX: global setting needs to be coerced to float (#11162) 2020-11-09 16:46:52 +11:00
session_controller.rb SECURITY: Remove auto approval when redeeming an invite (#16976) 2022-06-02 16:11:04 +02:00
similar_topics_controller.rb PERF: Avoid parsing Post#cooked with Nokogiri for every search. 2020-07-24 10:43:09 +08:00
site_controller.rb DEV: Include login_required attribute in basic info endpoint (#14064) 2021-08-17 14:05:51 -04:00
static_controller.rb FIX: SiteSetting.title was being polluted in StaticController (#15385) 2021-12-21 20:51:18 +01:00
steps_controller.rb
stylesheets_controller.rb DEV: Fix stylesheet manager flaky spec (#13846) 2021-07-26 14:22:54 +10:00
svg_sprite_controller.rb FIX: Use absolute URL when redirecting SVG sprite path. 2021-06-30 11:25:05 +08:00
tag_groups_controller.rb FIX: Allow finding non-lowercase tag groups (#12787) 2021-04-21 19:15:53 +02:00
tags_controller.rb FEATURE: ability to add description to tags (#15125) 2021-12-01 09:18:56 +11:00
theme_javascripts_controller.rb FEATURE: Allow theme tests to be run in production (take 2) (#12845) 2021-04-28 23:12:08 +03:00
topics_controller.rb FEATURE: Add setting to disable notifications for topic tags edits (#14794) 2021-11-02 13:53:21 -04:00
uploads_controller.rb DEV: Extract shared external upload routes into controller helper (#14984) 2021-11-18 09:17:23 +10:00
user_actions_controller.rb DEV: do not return no_result_help from the server (#15220) 2021-12-08 21:46:54 +04:00
user_api_keys_controller.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
user_avatars_controller.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
user_badges_controller.rb FIX: simplify and improve choosing favorite badges (#13743) 2021-07-16 11:13:00 +08:00
users_controller.rb FEATURE: Show warning if user won't be mentioned (#15339) 2022-01-11 09:16:20 +02:00
users_email_controller.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
webhooks_controller.rb FIX: Add random suffix to outbound Message-ID for email (#15179) 2021-12-06 10:34:39 +10:00
wizard_controller.rb