discourse/app
Vinoth Kannan 7b53e610c1
SECURITY: limit the number of characters in watched word replacements.
The watch words controller creation function, create_or_update_word(), doesn’t validate the size of the replacement parameter, unlike the word parameter, when creating a replace watched word. So anyone with moderator privileges can create watched words with almost unlimited characters.
2024-07-15 19:25:17 +08:00
..
assets DEV: Add slug parameter to hashtag-decorator (#27917) 2024-07-15 17:22:02 +08:00
controllers FIX: StaticController#enter should not redirect to invalid paths (#27913) 2024-07-15 14:39:37 +08:00
helpers DEV: update base url links to respect subfolder installs (#27740) 2024-07-09 12:42:38 +04:00
jobs FEATURE: Add Mechanism to redeliver all failed webhook events (#27609) 2024-07-08 15:43:16 -05:00
mailers FIX: correctly compute the window for email summaries 2024-05-27 22:33:51 +02:00
models SECURITY: limit the number of characters in watched word replacements. 2024-07-15 19:25:17 +08:00
serializers Revert "FEATURE: custom flag can require additional message (#27706)" (#27906) 2024-07-15 09:45:57 +10:00
services FIX: Fix broken out of date themes admin notice (#27916) 2024-07-15 16:12:44 +08:00
views FIX: Exclude reply count on posts due to required Comment nesting (#27892) 2024-07-15 09:40:47 +08:00