discourse

mirror of https://github.com/discourse/discourse.git synced 2024-11-26 08:43:39 +08:00

History

Daniel Waterworth e9a8c059ec SECURITY: Prevent large staff actions causing DoS This commit operates at three levels of abstraction: 1. We want to prevent user history rows from being unbounded in size. This commit adds rails validations to limit the sizes of columns on user_histories, 2. However, we don't want to prevent certain actions from being completed if these columns are too long. In those cases, we truncate the values that are given and store the truncated versions, 3. For endpoints that perform staff actions, we can further control what is permitted by explicitly validating the params that are given before attempting the action,		2024-03-15 14:37:15 +08:00
..
admin_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
api_controller_spec.rb	FIX: Logs api scope not working (#25215 )	2024-01-10 19:30:10 -07:00
backups_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
badges_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
color_schemes_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
dashboard_controller_spec.rb	UX: add gift emoji styling for new features (#24523 )	2023-11-27 09:32:28 +11:00
email_controller_spec.rb	FEAT: add cc addresses and post_id to sent email logs (#25014 )	2024-01-03 09:27:25 +08:00
email_styles_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
email_templates_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
embeddable_hosts_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
embedding_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
emojis_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
form_templates_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
groups_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
impersonate_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
permalinks_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
plugins_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
reports_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
robots_txt_controller_spec.rb	FIX: Show true content of robots.txt after restoring to default (#24980 )	2023-12-20 23:00:37 +03:00
screened_emails_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
screened_ip_addresses_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
screened_urls_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
search_logs_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
site_settings_controller_spec.rb	FIX: Ensure file size restriction types are ints (#24947 )	2023-12-18 09:22:50 -07:00
site_texts_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
staff_action_logs_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
themes_controller_spec.rb	DEV: Add `skip_migrations` param when importing remote theme (#25218 )	2024-01-11 14:04:02 +08:00
user_fields_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
users_controller_spec.rb	SECURITY: Prevent large staff actions causing DoS	2024-03-15 14:37:15 +08:00
versions_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
watched_words_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
web_hooks_controller_spec.rb	FIX: Remove duplicate spec example (#24846 )	2023-12-12 13:48:23 +01:00