github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 19:43:44 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
c95fe585db
discourse/spec
History
Vinoth Kannan a747724cb6
SECURITY: limit the number of characters in watched word replacements. 
The watch words controller creation function, create_or_update_word(), doesn’t validate the size of the replacement parameter, unlike the word parameter, when creating a replace watched word. So anyone with moderator privileges can create watched words with almost unlimited characters.
2024-07-15 19:26:06 +08:00
..
fabricators DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
fixtures DEV: Improve site setting rename generator (#25354) 2024-01-25 10:45:46 +10:00
generator DEV: Improve site setting rename generator (#25354) 2024-01-25 10:45:46 +10:00
helpers FEATURE: Add support for custom site name in Open Graph metadata (#25373) 2024-01-22 13:57:52 -04:00
import_export DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
initializers DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
integration DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
integrity Enable Embroider/Webpack code spliting for Wizard (#24919) 2023-12-20 13:15:06 +00:00
jobs FIX: export csv file failed message (#25443) 2024-01-26 11:16:02 -07:00
lib SECURITY: Fix Stored-dom XSS via Facebook Oneboxes 2024-07-03 20:12:18 +08:00
mailers DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
migrations DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
models SECURITY: limit the number of characters in watched word replacements. 2024-07-15 19:26:06 +08:00
multisite
requests Backport changes from PR #27811 (#27874) 2024-07-11 22:16:15 -03:00
script/import_scripts DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
serializers SECURITY: Update reviewable user serializer payload 2024-07-03 20:12:14 +08:00
services SECURITY: Don't allow suspending staff users via other_user_ids param 2024-07-03 20:12:25 +08:00
support DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
system FIX: Improve handling of 'PublicExceptions' when bootstrap_error_pages enabled (#26737) 2024-04-24 10:32:51 +01:00
tasks DEV: Add file_size_restriction site setting type (#24704) 2023-12-13 16:22:48 -07:00
views FIX: Use subfolder-safe url for category in html view (#24595) 2023-11-28 19:08:14 +08:00
rails_helper.rb DEV: Add early support for aarch64 dev env 2024-01-30 15:50:44 +01:00
regenerate_swagger_docs
swagger_helper.rb DEV: Bump rswag-specs from 2.11.0 to 2.13.0 (#24654) 2023-12-07 08:16:47 +08:00