discourse

mirror of https://github.com/discourse/discourse.git synced 2024-12-15 07:03:39 +08:00

History

Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists.	2019-07-11 13:53:12 -04:00
..
validations_spec.rb	SECURITY: SQL injection with default categories	2019-07-11 13:53:12 -04:00

Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories

This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.

2019-07-11 13:53:12 -04:00

validations_spec.rb

SECURITY: SQL injection with default categories

2019-07-11 13:53:12 -04:00