github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-02 02:23:40 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
e9a8c059ec
discourse/config
History
Daniel Waterworth e9a8c059ec
SECURITY: Prevent large staff actions causing DoS 
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:37:15 +08:00
..
cloud/cloud66 DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
environments DEV: Create unlogged tables by default in the test environment (#25451) 2024-01-29 09:57:58 +08:00
initializers DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404) 2024-01-30 10:32:42 +00:00
locales SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:37:15 +08:00
application.rb DEV: Remove dependence on dartsass-sprockets (#23665) 2023-09-26 16:25:07 +01:00
boot.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
cdn.yml.sample
database.yml DEV: Remove db_timeout setting (#22912) 2023-08-01 14:17:43 -05:00
deploy.rb.sample
dev_defaults.yml DEV: Convert admin-incoming-email modal to component-based API (#22701) 2023-07-20 16:31:20 -05:00
discourse_defaults.conf FIX: clear db_backup_port default value 2024-01-22 11:39:15 -05:00
discourse.config.sample
discourse.pill.sample
environment.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample
nginx.global.conf
nginx.sample.conf FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
projections.json
puma.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
routes.rb DEV: Update confirm-email flows to use central 2fa and ember rendering (#25404) 2024-01-30 10:32:42 +00:00
sidekiq.yml
site_settings.yml FEATURE: site setting to include post in penalty messages (#26026) 2024-03-04 18:35:35 -08:00
spring.rb DEV: Apply syntax_tree formatting to config/* 2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn_launcher
unicorn_upstart.conf
unicorn.conf.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00