github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-22 12:56:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
65820e8ac1
discourse/spec/requests
History
Alan Guo Xiang Tan 65820e8ac1
SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18770) 
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
2022-10-27 11:48:00 +08:00
..
admin SECURITY: moderator shouldn't be able to import a theme via API (stable) (#18420) 2022-09-29 20:13:34 +02:00
api DEV: Add chat_group_mention notification type (#15616) 2022-01-18 08:26:27 -06:00
about_controller_spec.rb FIX: Correct user profile URLs in /about crawler view 2020-07-14 16:09:27 +01:00
application_controller_spec.rb SECURITY: banner-info (#17071) (#17073) 2022-06-13 11:47:44 -06:00
associate_accounts_controller_spec.rb DEV: Improve robustness of associate_accounts_controller 2021-08-10 15:07:40 +01:00
badges_controller_spec.rb
bookmarks_controller_spec.rb FEATURE: Topic-level bookmarks (#14353) 2021-09-21 08:45:47 +10:00
bootstrap_controller_spec.rb SECURITY: Remove ember-cli specific response from application routes (#15155) 2021-12-01 16:10:40 +00:00
categories_controller_spec.rb SECURITY: Category group permissions leaked to normal users. 2022-04-08 11:04:59 +02:00
clicks_controller_spec.rb
composer_messages_controller_spec.rb
csp_reports_controller_spec.rb
directory_columns_controller_spec.rb DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
directory_items_controller_spec.rb FIX: Include user_field_ids in pagination URL for directory items (#13569) 2021-06-29 14:43:38 -05:00
do_not_disturb_controller_spec.rb DEV: Replace 'processed' column on notifications with new table (#11864) 2021-01-27 10:29:24 -06:00
drafts_controller_spec.rb FEATURE: Cook drafts excerpt in user activity (#14315) 2021-09-14 15:18:01 +03:00
email_controller_spec.rb FIX: Show Uncategorized when unsubscribing (#13832) 2021-07-26 12:19:30 +10:00
embed_controller_spec.rb UX: display correct replies count in embedded comments view. (#14175) 2021-08-30 10:37:53 +05:30
exceptions_controller_spec.rb
export_csv_controller_spec.rb DEV: Switch to new ExportUserArchive job 2020-08-28 11:46:53 -07:00
extra_locales_controller_spec.rb FIX: Translation overrides from fallback locale didn't work on client 2021-12-17 14:03:35 +01:00
finish_installation_controller_spec.rb
forums_controller_spec.rb DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00
groups_controller_spec.rb PERF: Make tests faster by prefabricating more things (#15392) 2021-12-22 11:09:43 -06:00
hashtags_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
inline_onebox_controller_spec.rb
invites_controller_spec.rb SECURITY: Validate email constraints when trying to redeem an invite (#17182) 2022-06-21 13:25:10 -05:00
list_controller_spec.rb PERF: Make tests faster by prefabricating more things (#15370) 2021-12-20 12:59:10 -06:00
metadata_controller_spec.rb PERF: cache all metadata for 60 seconds 2020-07-01 12:58:02 +10:00
notifications_controller_spec.rb FIX: Typo in NotificationsController#index not caught by tests. 2020-07-22 09:22:26 +08:00
offline_controller_spec.rb
omniauth_callbacks_controller_spec.rb FIX: Ensure that login does not fail for users with invite records (#15647) 2022-01-20 10:54:38 +00:00
onebox_controller_spec.rb FEATURE: Onebox local categories (#11311) 2020-11-25 10:53:05 +11:00
permalinks_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
post_action_users_controller_spec.rb DEV: Cleanup ignored user logic (#11107) 2020-11-03 12:38:54 +00:00
post_actions_controller_spec.rb PERF: Speed up the tests by pre-fabricating more things (#15318) 2021-12-15 11:41:14 -06:00
post_readers_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
posts_controller_spec.rb FEATURE: Export topics to markdown (#15615) 2022-01-17 18:05:14 -03:00
presence_controller_spec.rb DEV: Various behind-the-scenes improvements to PresenceChannel (#14518) 2021-10-07 15:50:14 +01:00
published_pages_controller_spec.rb FIX: Do not enable published page if secure media enabled (#11131) 2020-11-06 10:33:19 +10:00
push_notification_controller_spec.rb
qunit_controller_spec.rb DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
reviewable_claimed_topics_controller_spec.rb
reviewables_controller_spec.rb FEATURE: Blocking is optional when deleting a user from the review queue. (#13375) 2021-06-15 12:35:45 -03:00
robots_txt_controller_spec.rb FEATURE: Replace Crawl-delay directive with proper rate limiting (#15131) 2021-11-30 12:55:25 +03:00
safe_mode_controller_spec.rb Code review comments. 2021-06-21 11:06:58 +08:00
search_controller_spec.rb FEATURE: Log only topic/post search queries in search log (#14994) 2021-11-18 09:21:12 +08:00
session_controller_spec.rb SECURITY: Remove auto approval when redeeming an invite (#16976) 2022-06-02 16:11:04 +02:00
similar_topics_controller_spec.rb FIX: reindex_search job should work on model with no search data (#11819) 2021-01-25 11:23:36 +01:00
site_controller_spec.rb DEV: Include login_required attribute in basic info endpoint (#14064) 2021-08-17 14:05:51 -04:00
static_controller_spec.rb FIX: SiteSetting.title was being polluted in StaticController (#15385) 2021-12-21 20:51:18 +01:00
steps_controller_spec.rb
stylesheets_controller_spec.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
svg_sprite_controller_spec.rb FIX: Use absolute URL when redirecting SVG sprite path. 2021-06-30 11:25:05 +08:00
tag_groups_controller_spec.rb DEV: Improve tag groups test (#12848) 2021-04-27 14:05:45 +03:00
tags_controller_spec.rb FEATURE: New and Unread messages for user personal messages. (#13603) 2021-08-02 12:41:41 +08:00
theme_javascripts_controller_spec.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
topics_controller_spec.rb DEV: Fix a flaky spec (#15529) 2022-01-11 01:51:57 +01:00
uploads_controller_multisite_spec.rb DEV: Isolate multisite specs (#13634) 2021-07-07 18:57:42 +02:00
uploads_controller_spec.rb DEV: Extract shared external upload routes into controller helper (#14984) 2021-11-18 09:17:23 +10:00
user_actions_controller_spec.rb DEV: do not return no_result_help from the server (#15220) 2021-12-08 21:46:54 +04:00
user_api_keys_controller_spec.rb DEV: Move UserApiKey scopes to dedicated table (#10704) 2020-09-29 10:57:48 +01:00
user_avatars_controller_spec.rb DEV: Remove the remaining Travis code (#13255) 2021-06-02 20:29:47 +02:00
user_badges_controller_spec.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18770) 2022-10-27 11:48:00 +08:00
users_controller_spec.rb SECURITY: Prevent abuse of the update_activation_email route (stable) 2022-07-27 23:09:09 +03:00
users_email_controller_spec.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
webhooks_controller_spec.rb
wizard_controller_spec.rb