Daniel Waterworth e9a8c059ec SECURITY: Prevent large staff actions causing DoS ... This commit operates at three levels of abstraction: 1. We want to prevent user history rows from being unbounded in size. This commit adds rails validations to limit the sizes of columns on user_histories, 2. However, we don't want to prevent certain actions from being completed if these columns are too long. In those cases, we truncate the values that are given and store the truncated versions, 3. For endpoints that perform staff actions, we can further control what is permitted by explicitly validating the params that are given before attempting the action,		2024-03-15 14:37:15 +08:00
..
admin_controller.rb	FIX: Show admin plugin route sub-links in sidebar (#24982)	2023-12-21 11:37:20 +10:00
api_controller.rb	DEV: update syntax tree to latest (#24623)	2023-11-29 16:38:07 +11:00
backups_controller.rb	SECURITY: Rate limit the creation of backups	2023-03-16 16:09:22 +01:00
badges_controller.rb	UX: Easily toggle badges in admin badge list (#20225)	2023-02-09 11:36:27 -08:00
color_schemes_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
dashboard_controller.rb	DEV: lint against Layout/EmptyLineBetweenDefs (#24914)	2023-12-15 23:46:04 +08:00
email_controller.rb	FEAT: add cc addresses and post_id to sent email logs (#25014)	2024-01-03 09:27:25 +08:00
email_styles_controller.rb	FEATURE: customization of html emails (#7934)	2019-07-30 15:05:08 -04:00
email_templates_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
embeddable_hosts_controller.rb	FEATURE: Update topic/comment embedding parameters (#20181)	2023-02-28 14:31:59 +02:00
embedding_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
emojis_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
form_templates_controller.rb	DEV: Show form templates in the composer (#21190)	2023-05-29 14:47:18 -07:00
groups_controller.rb	DEV: Fix random typos (#22345)	2023-06-29 12:23:28 +02:00
impersonate_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
permalinks_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
plugins_controller.rb	FIX: Show admin plugin route sub-links in sidebar (#24982)	2023-12-21 11:37:20 +10:00
reports_controller.rb	SECURITY: Impose a upper bound on limit params in various controllers	2023-07-28 12:53:46 +01:00
robots_txt_controller.rb	FIX: Show true content of robots.txt after restoring to default (#24980)	2023-12-20 23:00:37 +03:00
screened_emails_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
screened_ip_addresses_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
screened_urls_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
search_logs_controller.rb	DEV: Apply syntax_tree formatting to app/*	2023-01-09 14:14:59 +00:00
site_settings_controller.rb	FIX: Ensure file size restriction types are ints (#24947)	2023-12-18 09:22:50 -07:00
site_texts_controller.rb	DEV: Fix various rubocop lints (#24749)	2023-12-06 23:25:00 +01:00
staff_action_logs_controller.rb	SECURITY: Impose a upper bound on limit params in various controllers	2023-07-28 12:53:46 +01:00
staff_controller.rb	Refactor admin base controller (#18453)	2022-10-31 12:02:26 +00:00
themes_controller.rb	DEV: Add skip_migrations param when importing remote theme (#25218)	2024-01-11 14:04:02 +08:00
user_fields_controller.rb	DEV: Add extension points to Admin User Fields (#25021)	2023-12-28 08:24:24 -07:00
users_controller.rb	SECURITY: Prevent large staff actions causing DoS	2024-03-15 14:37:15 +08:00
versions_controller.rb	Refactor admin base controller (#18453)	2022-10-31 12:02:26 +00:00
watched_words_controller.rb	DEV: Refactor watched words (#24163)	2023-11-01 16:41:10 +02:00
web_hooks_controller.rb	FEATURE: granular webhooks (#23070)	2023-10-09 03:35:31 +00:00