github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 01:47:22 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
cd02ea07fc
discourse/spec
History
Alan Guo Xiang Tan 0f7b9878ff SECURITY: Category group permissions leaked to normal users. 
After this commit, category group permissions can only be seen by users
that are allowed to manage a category. In the past, we inadvertently
included a category's group permissions settings in `CategoriesController#show`
and `CategoriesController#find_by_slug` endpoints for normal users when
those settings are only a concern to users that can manage a category.
2022-04-08 13:46:20 +08:00
..
fabricators FEATURE: Polymorphic bookmarks pt. 1 (CRUD) (#16308) 2022-03-30 12:43:11 +10:00
fixtures FIX: Support new layout on Amazon product pages (#16091) 2022-03-04 18:31:53 -05:00
helpers FIX: include crawler content on old mobile browsers (#16387) 2022-04-06 11:09:12 +01:00
import_export DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
initializers DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
integration FEATURE: Allow multiple required tag groups for a category (#16381) 2022-04-06 14:08:06 +01:00
integrity DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
jobs FIX: Do not attempt to pull_hotlinked_image for raw_html 2022-04-05 16:39:38 +08:00
lib FEATURE: allow for local theme js assets (#16374) 2022-04-07 07:58:10 +10:00
mailers DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
models FEATURE: allow for local theme js assets (#16374) 2022-04-07 07:58:10 +10:00
multisite DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
requests SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
script/import_scripts DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
serializers SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
services FIX: Exclude automatic anchors from search index (#16396) 2022-04-06 16:06:45 -04:00
support PERF: Fix n+1 for categories + featured topics (#16188) 2022-03-14 22:23:39 +00:00
tasks DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00
views FEATURE: add nofollow to RSS alternate link in topics and categories (#16013) 2022-03-09 16:34:02 +11:00
rails_helper.rb PERF: perform all cached counting in background (#15991) 2022-02-22 16:45:25 +00:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Automatically require 'rails_helper' in all specs (#16077) 2022-03-01 17:50:50 +00:00