discourse/spec/lib
Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
..
backup_restore FEATURE: Support private attachments when using S3 storage (#7677) 2019-06-06 13:27:24 +10:00
content_security_policy FEATURE: allow plugins and themes to extend the default CSP (#6704) 2018-11-30 09:51:45 -05:00
i18n FIX: English locale must not fall back to any other locale 2019-06-07 21:53:01 +02:00
seed_data DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
site_settings SECURITY: SQL injection with default categories 2019-07-11 13:53:12 -04:00
browser_detection_spec.rb DEV: Add spec for BrowserDetection and Chromebook. 2019-05-30 16:31:28 +03:00
content_security_policy_spec.rb FEATURE: Calculate CSP based on active themes (#6976) 2019-02-11 12:32:04 +00:00
db_helper_spec.rb SPEC: ensure never remap readonly columns 2019-05-09 18:01:35 +02:00
encodings_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
introduction_updater_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
mini_sql_multisite_connection_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
search_spec.rb FIX: Update mapping between locales and Postgres dictionaries. (#7606) 2019-05-27 16:52:09 +03:00
theme_javascript_compiler_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
upload_creator_spec.rb FEATURE: Support private attachments when using S3 storage (#7677) 2019-06-06 13:27:24 +10:00
upload_recovery_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00