discourse

mirror of https://github.com/discourse/discourse.git synced 2025-03-06 08:25:21 +08:00

History

Robin Ward f5e0cf63f6 SECURITY: The SSO return_path was an open redirect

This security fix needs SSO to be configured, and the user has to go
through the entire auth process before being redirected to the wrong host so
it is probably lower priority for most installs.

2015-01-22 12:33:07 -05:00

admin

update specs to remove deprecation warnings

2014-11-07 06:05:44 -08:00

application_controller_spec.rb

PERF: reduce storage requirements for incoming links

2014-08-04 11:06:48 +10:00

badges_controller_spec.rb

Mark badge notification as read when the notification is clicked.

2014-06-19 16:56:19 +05:30

categories_controller_spec.rb

FIX: don't mess with fixtures when running the specs

2014-07-14 17:34:23 +02:00

clicks_controller_spec.rb

FIX: Look up a url without the query string if it couldn't be found with it.

2013-12-13 12:56:20 -05:00

composer_messages_controller_spec.rb

New User Education goes through a server side ComposerMessages check. Composer message for users

2013-09-13 12:23:53 -04:00

draft_controller_spec.rb

fix most deprecations in the specs (still some left)

2014-09-25 17:44:48 +02:00

email_controller_spec.rb

fix most deprecations in the specs (still some left)

2014-09-25 17:44:48 +02:00

embed_controller_spec.rb

FIX: If a user is deleted, don't break embedded comments for admins.

2014-06-18 17:39:36 -04:00

groups_controller_spec.rb

Use lower case group names in URLs

2014-02-18 16:43:19 -05:00

invites_controller_spec.rb

Feature: resend invites

2014-10-07 01:43:17 +05:30

list_controller_spec.rb

FIX: Spec failures for feeds related to enabling categories as default

2014-09-11 15:30:41 -04:00

notifications_controller_spec.rb

FEATURE: Mark All as Read button for Notifications page

2014-10-13 06:31:27 -04:00

omniauth_callbacks_controller_spec.rb

Fixed all broken specs

2013-08-26 12:59:17 +10:00

onebox_controller_spec.rb

Fixes regression with video embeds

2013-03-21 20:53:12 -04:00

permalinks_controller_spec.rb

add permalinks route constraint

2014-08-29 11:28:16 -04:00

post_actions_controller_spec.rb

fix most deprecations in the specs (still some left)

2014-09-25 17:44:48 +02:00

posts_controller_spec.rb

FIX: users can see the raw email source of their own posts

2014-11-12 14:49:42 +01:00

robots_txt_controller_spec.rb

Remove the access_password site setting

2013-06-25 15:05:25 -04:00

search_controller_spec.rb

FIX: highlight in yellow, not blue

2014-09-04 15:01:13 +10:00

session_controller_spec.rb

SECURITY: The SSO return_path was an open redirect

2015-01-22 12:33:07 -05:00

static_controller_spec.rb

SECURITY: Don't allow redirects with periods in case you don't control

2014-10-30 11:31:44 -04:00

topics_controller_spec.rb

LOTS of changes to properly handle post/topic revisions

2014-10-27 22:06:43 +01:00

uploads_controller_spec.rb

FEATURE: api support for arbitrary unlinked assets

2014-09-23 16:50:17 +10:00

user_actions_controller_spec.rb

fix most deprecations in the specs (still some left)

2014-09-25 17:44:48 +02:00

user_badges_controller_spec.rb

fix most deprecations in the specs (still some left)

2014-09-25 17:44:48 +02:00

users_controller_spec.rb

update specs to remove deprecation warnings

2014-11-07 06:05:44 -08:00