discourse/app
Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
..
assets SECURITY: XSS with title selector on preferences page 2019-07-09 17:35:26 -04:00
controllers DEV: Respond with error 400 to uploads requested via XHR 2019-06-27 11:30:05 +02:00
helpers replace subfolder on cdn url conversion between general cdn and s3 (#7764) 2019-06-17 11:51:17 -07:00
jobs FIX: Don't send notification email when user isn't allowed to see topic 2019-07-02 09:05:36 +10:00
mailers SECURITY: Strip HTML from invite emails 2019-07-05 14:58:46 -04:00
models SECURITY: SQL injection with default categories 2019-07-11 13:53:12 -04:00
serializers FIX: In reply to would sometimes have a broken link 2019-06-10 11:33:10 -04:00
services FIX: iterate when clearing watched words cache 2019-07-04 08:59:01 -07:00
views SECURITY: Add confirmation screen when logging in via email link 2019-06-17 18:20:48 +01:00