github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 23:13:40 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
7b6b55d53e
discourse/app
History
Vinoth Kannan a747724cb6
SECURITY: limit the number of characters in watched word replacements. 
The watch words controller creation function, create_or_update_word(), doesn’t validate the size of the replacement parameter, unlike the word parameter, when creating a replace watched word. So anyone with moderator privileges can create watched words with almost unlimited characters.
2024-07-15 19:26:06 +08:00
..
assets FIX: Don't unnecessarily scrub query params from homepage (stable) (#26960) 2024-05-09 23:12:43 +01:00
controllers SECURITY: Don't allow suspending staff users via other_user_ids param 2024-07-03 20:12:25 +08:00
helpers SECURITY: Properly escape user content within <noscript> 2024-01-30 09:10:09 -07:00
jobs PERF: only allow one reviewable notification at a time (#26331) 2024-03-22 15:00:33 -07:00
mailers FIX: Add higher read & open timeouts for group SMTP emails (#24593) 2023-11-28 15:32:59 +10:00
models SECURITY: limit the number of characters in watched word replacements. 2024-07-15 19:26:06 +08:00
serializers SECURITY: Update reviewable user serializer payload 2024-07-03 20:12:14 +08:00
services SECURITY: Don't allow suspending staff users via other_user_ids param 2024-07-03 20:12:25 +08:00
views SECURITY: Properly escape user content within <noscript> 2024-01-30 09:10:09 -07:00