github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-15 05:33:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
e4570ffb78
discourse/lib/site_settings
History
Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories 
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
..
db_provider.rb FIX: site settings loading default values when no db 2019-06-14 14:21:07 +10:00
defaults_provider.rb FEATURE: English locale with international date formats 2019-05-20 13:47:20 +02:00
deprecated_settings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
local_process_provider.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
type_supervisor.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
validations.rb SECURITY: SQL injection with default categories 2019-07-11 13:53:12 -04:00
yaml_loader.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00