github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-30 08:13:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
62ea382247
discourse/app/services
History
Daniel Waterworth 8cade1e825
SECURITY: Prevent large staff actions causing DoS 
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:24:04 +08:00
..
notifications DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
problem_check DEV: Move non scheduled problem checks to classes (#26122) 2024-03-14 10:55:01 +08:00
spam_rule DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
anonymous_shadow_creator.rb DEV: Change anonymous_posting_min_trust_level to a group-based setting (#24072) 2023-10-25 11:45:10 +10:00
badge_granter.rb DEV: Remove badge_granted_title column from user_profiles (#20476) 2023-03-08 13:37:20 +01:00
base_bookmarkable.rb FIX: Show deleted bookmark reminders in user bookmarks menu (#25905) 2024-02-29 09:03:49 +10:00
category_hashtag_data_source.rb FEATURE: Async load of category and chat hashtags (#25526) 2024-02-12 12:07:14 +02:00
color_scheme_revisor.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
destroy_task.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
email_settings_exception_handler.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
email_settings_validator.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
email_style_updater.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
external_upload_manager.rb DEV: lint against Layout/EmptyLineBetweenDefs (#24914) 2023-12-15 23:46:04 +08:00
group_action_logger.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
group_mentions_updater.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
group_message.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
handle_chunk_upload.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
hashtag_autocomplete_service.rb FEATURE: Async load of category and chat hashtags (#25526) 2024-02-12 12:07:14 +02:00
heat_settings_updater.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
inline_uploads.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
notification_emailer.rb FIX: Avoid sending user emails if @ mentioning a staged user in a topic (#26102) 2024-03-13 11:05:34 +08:00
post_action_notifier.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
post_alerter.rb DEV: Include group_name in push notification payload for group mentions (#26081) 2024-03-07 09:47:21 -06:00
post_bookmarkable.rb FIX: Show deleted bookmark reminders in user bookmarks menu (#25905) 2024-02-29 09:03:49 +10:00
post_owner_changer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
push_notification_pusher.rb DEV: Include group_name in push notification payload for group mentions (#26081) 2024-03-07 09:47:21 -06:00
random_topic_selector.rb DEV: Remove Discourse.redis.delete_prefixed (#22103) 2023-06-16 12:44:35 +10:00
registered_bookmarkable.rb FIX: Show deleted bookmark reminders in user bookmarks menu (#25905) 2024-02-29 09:03:49 +10:00
search_indexer.rb DEV: Async category search for sidebar modal (#25686) 2024-02-20 11:24:30 -06:00
sidebar_section_links_updater.rb FIX: Seed all categories and tags configured as defaults for nav menu (#22793) 2023-07-27 10:52:33 +08:00
sidebar_site_settings_backfiller.rb DEV: Drop distributed mutex fromSidebarSiteSettingsBackfiller#backfill! (#25674) 2024-02-15 06:21:03 +08:00
site_settings_task.rb DEV: Add rake command to help detect dead settings (#23300) 2023-08-29 09:42:52 -06:00
staff_action_logger.rb SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
tag_hashtag_data_source.rb DEV: Remove enable_experimental_hashtag_autocomplete logic (#22820) 2023-08-08 11:18:55 +10:00
theme_settings_migrations_runner.rb DEV: Merge root JS packages (#25857) 2024-02-26 13:45:58 +00:00
themes_install_task.rb FEATURE: Theme settings migrations (#24071) 2023-11-02 08:10:15 +03:00
topic_bookmarkable.rb FIX: Show deleted bookmark reminders in user bookmarks menu (#25905) 2024-02-29 09:03:49 +10:00
topic_status_updater.rb FEATURE: Silence Close Notifications User Setting (#26072) 2024-03-08 15:14:46 -07:00
topic_summarization.rb FEATURE: Prefer topic_embed's cached content when summarizing (#25190) 2024-01-09 14:00:01 -03:00
topic_timestamp_changer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
tracked_topics_updater.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
trust_level_granter.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_action_manager.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_activator.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_anonymizer.rb FIX: Anonymizing a user clears their user status too (#21673) 2023-05-22 13:18:09 +08:00
user_authenticator.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_destroyer.rb FIX: Delete fast typer reviewable when deleting user (#23162) 2023-08-21 18:03:03 +08:00
user_merger.rb DEV: Remove badge_granted_title column from user_profiles (#20476) 2023-03-08 13:37:20 +01:00
user_notification_renderer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_notification_schedule_processor.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_silencer.rb DEV: Enable unless cops 2023-02-21 10:30:48 +01:00
user_stat_count_updater.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
user_updater.rb FEATURE: Silence Close Notifications User Setting (#26072) 2024-03-08 15:14:46 -07:00
username_changer.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
username_checker_service.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
web_hook_emitter.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
wildcard_domain_checker.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
wildcard_url_checker.rb DEV: Apply syntax_tree formatting to app/* 2023-01-09 14:14:59 +00:00
word_watcher.rb FIX: Replace watched words with wildcards (#24279) 2023-11-08 18:51:11 +02:00