mirror of
https://github.com/discourse/discourse.git
synced 2024-12-15 14:53:43 +08:00
fe8bd92f71
This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists. |
||
---|---|---|
.. | ||
db_provider.rb | ||
defaults_provider.rb | ||
deprecated_settings.rb | ||
local_process_provider.rb | ||
type_supervisor.rb | ||
validations.rb | ||
yaml_loader.rb |