github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-26 00:43:39 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
73deb31e3e
discourse/db/post_migrate
History
Alan Guo Xiang Tan f122f24b35
SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 
Currently, `Tag#topic_count` is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user has not excess to. We classify this as a minor leak in sensitive information.

The following changes are introduced in this commit:

1. Introduce `Tag#public_topic_count` which only count topics which have been tagged with a given tag in public categories.
2. Rename `Tag#topic_count` to `Tag#staff_topic_count` which counts the same way as `Tag#topic_count`. In other words, it counts all topics tagged with a given tag regardless of the category the topic is in. The rename is also done so that we indicate that this column contains sensitive information. 
3. Change all previous spots which relied on `Topic#topic_count` to rely on `Tag.topic_column_count(guardian)` which will return the right "topic count" column to use based on the current scope. 
4. Introduce `SiteSetting.include_secure_categories_in_tag_counts` site setting to allow site administrators to always display the tag topics count using `Tag#staff_topic_count` instead.
2023-01-20 09:50:24 +08:00
..
20220202223955_migrate_selectable_avatars_enabled.rb FEATURE: upload an avatar option for uploading avatars with selectable avatars (#15878) 2022-02-24 12:57:39 -08:00
20220214224506_reset_custom_emoji_post_bakes_version_secure_fix.rb DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
20220215015538_drop_user_stat_count_constraints.rb DEV: Drop user_stats count column constraints (#15949) 2022-02-16 12:49:11 +11:00
20220220234155_conform_bounce_error_code.rb DEV: Fix SMTP bounce regexp (#16019) 2022-02-22 08:54:01 +10:00
20220302171443_rebake_old_avatar_service_urls.rb DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
20220309132720_copy_post_uploads_to_upload_references_for_sync.rb FEATURE: Create upload_references table (#16146) 2022-06-09 09:24:30 +10:00
20220325064954_make_some_bookmark_columns_nullable.rb DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
20220401140745_drop_category_required_tag_group_columns.rb DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
20220429164301_delete_hotlinked_image_custom_fields.rb DEV: Drop old hotlinked image data from post_custom_fields (#16594) 2022-05-12 15:34:35 +01:00
20220512011531_backfill_polymorphic_bookmarks.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
20220617151846_rename_default_categories_regular_setting.rb UX: Change wording for 'regular' categories to 'normal' (#17134) 2022-06-20 06:49:33 +03:00
20220621164914_drop_flair_url_from_groups.rb DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
20220825005115_backfill_outbound_message_id.rb FEATURE: Overhaul email threading (#17996) 2022-09-26 09:14:24 +10:00
20221026035440_security_log_out_invite_redemption_invited_users.rb DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
20221108032233_drop_old_bookmark_columns_v2.rb DEV: Apply syntax_tree formatting to db/* 2023-01-09 11:59:41 +00:00
20221212234948_drop_topic_allowed_users_backup_nov_2022.rb DEV: Delete tmp table from migration for invites (#19431) 2022-12-13 10:17:25 +10:00
20230113002617_reindex_invalid_indexes.rb FIX: Add migration to reindex invalid indexes (#19858) 2023-01-13 11:04:26 +08:00
20230119024157_remove_topic_count_from_tags.rb SECURITY: Default tags to show count of topics in unrestricted categories (#19916) 2023-01-20 09:50:24 +08:00