github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-21 04:10:22 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/lib/site_settings
History
Robin Ward 1d38040579 SECURITY: SQL injection with default categories 
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
..
db_provider.rb
FIX: site settings loading default values when no db
2019-06-14 14:21:07 +10:00
defaults_provider.rb
FEATURE: English locale with international date formats
2019-05-20 13:47:20 +02:00
deprecated_settings.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
local_process_provider.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
type_supervisor.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
validations.rb
SECURITY: SQL injection with default categories
2019-07-11 13:41:51 -04:00
yaml_loader.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00