github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 12:23:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5dbe3b7b55
discourse/lib
History
Bianca Nenciu 5dbe3b7b55
SECURITY: Add limits for themes and theme assets 
This commit adds limits to themes and theme components on the:

- file size of about.json and .discourse-compatibility
- file size of theme assets
- number of files in a theme
2023-09-12 15:35:50 -03:00
..
action_dispatch/session
auth
autospec
backup_restore FEATURE: allow S3 ACLs to be disabled (#21769) 2023-06-06 15:47:40 +10:00
common_passwords
compression
content_security_policy SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
demon
discourse_dev DEV: Convert admin-incoming-email modal to component-based API (#22701) 2023-07-20 16:31:20 -05:00
email FEATURE: Add hooks for email poller plugins (#21384) 2023-06-26 13:16:03 +08:00
email_controller_helper
emoji
faker
file_store DEV: allow using CDN URL for all s3 uploads (#20755) 2023-07-12 12:06:49 +08:00
final_destination DEV: Handle SSL errors in push notification pusher (#22771) 2023-07-25 15:01:02 +08:00
freedom_patches DEV: Update TranslateAccelerator missing translation string (#22158) 2023-06-16 15:28:03 +01:00
generators/rails
guardian FEATURE: Implement SiteSetting to Allow Anonymous Likes (#22131) 2023-07-21 21:21:07 +08:00
i18n
imap
import
import_export
javascripts DEV: Remove vendored copy of messageformat (#21658) 2023-05-19 10:59:04 +01:00
middleware SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
migration
onebox FIX: Update "Embed Motoko" Onebox URLs (#22198) 2023-07-26 09:41:01 +08:00
plugin DEV: Remove deprecated arguments to Plugin::Instande#add_api_parameter_route (#22736) 2023-07-21 12:22:33 +08:00
pretty_text FIX: Hashtag error in PrettyText when processing email (#22680) 2023-07-19 10:52:18 +10:00
rate_limiter
reviewable
scheduler SECURITY: Don't allow a particular site to monopolize the defer queue 2023-07-28 12:53:51 +01:00
search
second_factor
seed_data FIX: Update sidebar to be navigation menu (#22101) 2023-06-15 09:31:28 +10:00
sidekiq
site_settings FEATURE: Add new site setting type for tag-group lists (#21993) 2023-06-09 11:02:55 -04:00
stylesheet FEATURE: Serve RTL versions of admin and plugins CSS bundles for RTL locales (#21876) 2023-06-01 05:27:11 +03:00
summarization FEATURE: Inline topic summary. Cached version accessible to everyone. (#22551) 2023-07-12 11:21:51 -03:00
tasks DEV: Introduce version_bump rake tasks (#22817) 2023-07-31 16:05:13 +01:00
theme_store SECURITY: Add limits for themes and theme assets 2023-09-12 15:35:50 -03:00
topic_query FEATURE: new watched_precedence_over_muted setting (#22252) 2023-06-27 14:49:34 +10:00
turbo_tests DEV: Add process pid to bin/turbo_tests --format documentation output (#22429) 2023-07-05 11:47:35 +08:00
validators FEATURE: Custom content summarization strategies. (#21813) 2023-06-13 14:21:46 -03:00
webauthn SECURITY: Limit name field length of TOTP authenticators and security keys 2023-09-12 15:35:42 -03:00
wizard
admin_confirmation.rb
admin_constraint.rb
admin_user_index_query.rb DEV: Remove deprecated ascending param from AdminUserIndexQuery (#22741) 2023-07-24 09:37:18 +08:00
age_words.rb DEV: Move distance_of_time_in_words/time_ago_in_words (#21745) 2023-05-25 14:53:59 +02:00
archetype.rb
auth.rb
backup_restore.rb
badge_posts_view_manager.rb
badge_queries.rb
base62.rb
bookmark_manager.rb
bookmark_query.rb SECURITY: Impose a upper bound on limit params in various controllers 2023-07-28 12:53:46 +01:00
bookmark_reminder_notification_handler.rb
browser_detection.rb
cache.rb
canonical_url.rb
category_badge.rb
chrome_installed_checker.rb
color_math.rb
comment_migration.rb
common_passwords.rb
composer_messages_finder.rb DEV: Ensure don't feed the trolls feature considers active flags only (#22774) 2023-07-25 15:12:22 +08:00
configurable_urls.rb PERF: Cache ToS and Privacy Policy paths (#21860) 2023-06-07 21:31:20 +03:00
content_buffer.rb
content_security_policy.rb SECURITY: Don't reuse CSP nonce between anonymous requests 2023-07-28 12:53:44 +01:00
cooked_post_processor.rb DEV: Skip srcset for onebox thumbnails (#22621) 2023-07-19 12:21:34 -06:00
cooked_processor_mixin.rb
crawler_detection.rb
csrf_token_verifier.rb
current_user.rb
custom_renderer.rb
db_helper.rb
directory_helper.rb
discourse_connect_base.rb
discourse_connect_provider.rb
discourse_dev.rb
discourse_diff.rb
discourse_event.rb DEV: Remove warning for discontinued site_setting_saved event (#22735) 2023-07-21 12:22:18 +08:00
discourse_hub.rb
discourse_ip_info.rb
discourse_js_processor.rb
discourse_logstash_logger.rb
discourse_plugin_registry.rb FEATURE: Add hooks for email poller plugins (#21384) 2023-06-26 13:16:03 +08:00
discourse_redis.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
discourse_sourcemapping_url_processor.rb
discourse_tagging.rb FIX: delete synonym tags if other synonyms are already exist. (#21885) 2023-06-02 19:47:29 +05:30
discourse_updates.rb
discourse.rb SECURITY: Add limits for themes and theme assets 2023-09-12 15:35:50 -03:00
disk_space.rb
distributed_cache.rb PERF: Cache each theme field value once (#23192) 2023-09-12 15:35:45 -03:00
distributed_memoizer.rb
distributed_mutex.rb
edit_rate_limiter.rb
email_backup_token.rb
email_cook.rb
email_updater.rb
email.rb
ember_cli.rb PERF: Improve workbox loading strategy (#22019) 2023-06-09 11:14:11 +01:00
encodings.rb
enum_site_setting.rb
enum.rb
excerpt_parser.rb DEV: Update code comment wording (#22861) 2023-07-28 11:47:22 -06:00
external_upload_helpers.rb
feed_element_installer.rb
feed_item_accessor.rb
file_helper.rb FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
filter_best_posts.rb
final_destination.rb DEV: Gracefully handle user avatar download SSRF errors (#21523) 2023-05-12 15:32:02 +08:00
flag_query.rb
flag_settings.rb
gaps.rb
git_repo.rb FEATURE: display commit hash for each plugin on /admin/plugins page. (#22176) 2023-06-26 10:09:57 +05:30
git_url.rb
global_path.rb
group_email_credentials_check.rb
group_lookup.rb FEATURE: display PM participant group names in the topics list. (#21677) 2023-05-31 19:32:06 +05:30
guardian.rb FEATURE: Implement SiteSetting to Allow Anonymous Likes (#22131) 2023-07-21 21:21:07 +08:00
has_errors.rb
highlight_js.rb
hijack.rb SECURITY: Don't allow a particular site to monopolize the defer queue 2023-07-28 12:53:51 +01:00
homepage_constraint.rb
html_prettify.rb
html_to_markdown.rb
http_language_parser.rb
image_sizer.rb
import_export.rb
inline_oneboxer.rb
job_time_spacer.rb
js_locale_helper.rb DEV: Remove vendored copy of messageformat (#21658) 2023-05-19 10:59:04 +01:00
json_error.rb
letter_avatar.rb
markdown_linker.rb
mem_info.rb
message_bus_diags.rb
method_profiler.rb
mini_sql_multisite_connection.rb
mobile_detection.rb
new_post_manager.rb FIX: Keep ReviewableQueuedPosts even with user delete reviewable actions (#22501) 2023-07-18 11:50:31 +00:00
new_post_result.rb
notification_levels.rb
onebox.rb
oneboxer.rb FIX: Do not follow redirects for twitter oneboxes (#22362) 2023-06-30 11:30:03 +01:00
onpdiff.rb
password_hasher.rb
pbkdf2.rb
permalink_constraint.rb
pinned_check.rb
plain_text_to_markdown.rb
plugin_gem.rb FEATURE: Try to load plugin gems platform variants (#21643) 2023-06-26 15:11:35 -03:00
plugin.rb
post_action_creator.rb
post_action_destroyer.rb
post_action_result.rb
post_creator.rb
post_destroyer.rb DEV: Remove redundant line of code (#22734) 2023-07-21 11:50:07 +08:00
post_jobs_enqueuer.rb
post_locker.rb
post_merger.rb
post_revisor.rb DEV: PostRevisor helper methods to track topic title and raw revisions (#21918) 2023-06-05 18:02:46 +00:00
presence_channel.rb FIX: Ensure PresenceChannel does not raise error during readonly (#22899) 2023-08-01 09:34:57 +01:00
pretty_text.rb DEV: Move avatar-utils into dedicated discourse-common module (#22517) 2023-07-12 09:06:16 +01:00
promotion.rb
quote_comparer.rb
quote_rewriter.rb DEV: Update display name in new quote format - Part 2 (#22104) 2023-06-26 11:01:59 +08:00
rake_helpers.rb
rate_limiter.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
read_only_mixin.rb
redis_snapshot.rb
require_dependency_backward_compatibility.rb
retrieve_title.rb DEV: Gracefully handle user avatar download SSRF errors (#21523) 2023-05-12 15:32:02 +08:00
route_format.rb
route_matcher.rb
rtl.rb
s3_cors_rulesets.rb
s3_helper.rb FEATURE: allow S3 ACLs to be disabled (#21769) 2023-06-06 15:47:40 +10:00
s3_inventory.rb
score_calculator.rb
screening_model.rb
search.rb DEV: Added modifier hooks to allow plugins to tweak how categories and groups are fetched (#21837) 2023-05-30 18:41:50 -03:00
secure_session.rb
shrink_uploaded_image.rb
sidekiq_logster_reporter.rb
site_icon_manager.rb DEV: Move Bookmark modal/component to use d-modal (#22532) 2023-07-17 10:14:17 +10:00
site_setting_extension.rb DEV: Avoid leaking new site setting states in test environment (#21713) 2023-05-25 07:53:57 +08:00
slug.rb
socket_server.rb
spam_handler.rb
staff_constraint.rb
staff_message_format.rb
suggested_topics_builder.rb
svg_sprite.rb SECURITY: Reduce maximum size of SVG sprite cache to prevent DoS 2023-09-12 15:35:45 -03:00
system_message.rb FIX: Send TL2 promotion message to correct user (#21978) 2023-06-07 22:51:24 +03:00
temporary_db.rb
temporary_redis.rb
text_cleaner.rb
text_sentinel.rb
theme_javascript_compiler.rb DEV: move raw handlebars to /raw-templates/ (#22574) 2023-07-13 12:57:45 -05:00
theme_modifier_helper.rb
theme_settings_manager.rb
theme_settings_parser.rb
theme_store.rb SECURITY: Add limits for themes and theme assets 2023-09-12 15:35:50 -03:00
theme_translation_manager.rb
theme_translation_parser.rb
timeline_lookup.rb
tiny_japanese_segmenter.rb
topic_creator.rb FIX: Miscellaneous tagging errors (#21490) 2023-05-15 17:19:41 -03:00
topic_list_responder.rb
topic_publisher.rb
topic_query_params.rb UX: Various improvements to welcome topic CTA (#21010) 2023-05-12 17:09:40 +03:00
topic_query.rb PERF: Improve performance of queries when loading a topic list (#22949) (#22950) 2023-08-03 11:51:32 +08:00
topic_retriever.rb
topic_subtype.rb
topic_upload_security_manager.rb
topic_view.rb FIX: Missing pending queued posts from topic view (#22838) 2023-07-28 16:16:23 +00:00
topics_bulk_action.rb FIX: Dismissing unread posts did not publish changes to other clients (#22584) 2023-07-13 18:05:56 +08:00
topics_filter.rb DEV: Add order:title filter to experimental /filter route (#22293) 2023-06-28 06:21:56 +08:00
trust_level.rb
turbo_tests.rb DEV: Restore the documentation format in system tests (#21471) 2023-05-12 11:13:52 +02:00
twitter_api.rb FIX: Minor Twitter onebox improvements (#22387) 2023-07-03 19:53:12 -03:00
unicorn_logstash_patch.rb
unread.rb
upload_creator.rb DEV: Remove old deprecation warnings where constants already removed (#22140) 2023-06-16 11:26:26 +08:00
upload_fixer.rb
upload_markdown.rb
upload_recovery.rb FEATURE: allow S3 ACLs to be disabled (#21769) 2023-06-06 15:47:40 +10:00
upload_security.rb
url_helper.rb
user_comm_screener.rb DEV: Refactor DM channel creation into new service pattern (#22144) 2023-07-03 10:18:37 +10:00
user_lookup.rb
user_name_suggester.rb
vary_header.rb
version.rb SECURITY: Add limits for themes and theme assets 2023-09-12 15:35:50 -03:00
webauthn.rb
wizard.rb
work_queue.rb SECURITY: Don't allow a particular site to monopolize the defer queue 2023-07-28 12:53:51 +01:00