discourse/spec/requests/admin
Vinoth Kannan 7b53e610c1
SECURITY: limit the number of characters in watched word replacements.
The watch words controller creation function, create_or_update_word(), doesn’t validate the size of the replacement parameter, unlike the word parameter, when creating a replace watched word. So anyone with moderator privileges can create watched words with almost unlimited characters.
2024-07-15 19:25:17 +08:00
..
admin_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
api_controller_spec.rb DEV: Add API scopes for post revisions (#26183) 2024-03-14 15:24:54 -06:00
backups_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
badges_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
color_schemes_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
dashboard_controller_spec.rb DEV: Database backed admin notices (#26192) 2024-05-23 09:29:08 +08:00
email_controller_spec.rb FEAT: add cc addresses and post_id to sent email logs (#25014) 2024-01-03 09:27:25 +08:00
email_styles_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
email_templates_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
embeddable_hosts_controller_spec.rb FEATURE: Extend embeddable hosts with Individual tags and author assignments (#26868) 2024-05-16 15:47:01 -04:00
embedding_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
emojis_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
form_templates_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
groups_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
impersonate_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
permalinks_controller_spec.rb FEATURE: Permalinks for users (#25552) 2024-02-05 17:31:31 +01:00
plugins_controller_spec.rb FIX: Don't allow access to plugin page if plugin is not visible (#26431) 2024-04-02 16:26:15 +03:00
reports_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
robots_txt_controller_spec.rb FIX: Show true content of robots.txt after restoring to default (#24980) 2023-12-20 23:00:37 +03:00
screened_emails_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
screened_ip_addresses_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
screened_urls_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
search_logs_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
site_settings_controller_spec.rb DEV: Allow fetching specific site settings and introduce a service for updating site settings (#27481) 2024-06-14 13:07:27 +03:00
site_texts_controller_spec.rb FEATURE: add Untranslated filter to admin text customization (#27555) 2024-06-24 06:24:06 -03:00
staff_action_logs_controller_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
themes_controller_spec.rb DEV: Block accidental serialization of entire AR models (#27668) 2024-07-01 17:08:48 -03:00
user_fields_controller_spec.rb FEATURE: Implement new required options in admin user fields UI (#27079) 2024-05-23 19:18:25 +08:00
users_controller_spec.rb SECURITY: Don't allow suspending staff users via other_user_ids param 2024-07-03 20:49:29 +08:00
versions_controller_spec.rb FEATURE: call hub API to update Discourse discover enrollment. (#25634) 2024-02-23 11:42:28 +05:30
watched_words_controller_spec.rb SECURITY: limit the number of characters in watched word replacements. 2024-07-15 19:25:17 +08:00
web_hooks_controller_spec.rb FEATURE: Add Mechanism to redeliver all failed webhook events (#27609) 2024-07-08 15:43:16 -05:00