Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Do not show latest/top topics on 404 for login_required sites

This commit is contained in:
David Taylor 2017-08-13 19:02:44 +03:00
parent 9e475860e0
commit 37300d6777
1 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
app/views/exceptions/not_found.html.erb
View File

@ -2,28 +2,30 @@
<h1 class="page-not-found"><%= t 'page_not_found.title' %></h1>
<div class="row page-not-found-topics">
<div class="span8 popular-topics">
<h2 class="popular-topics-title"><%= t 'page_not_found.popular_topics' %></h2>
<% @top_viewed.each do |t| %>
<div class='not-found-topic'>
<%= link_to t.title, t.relative_url %><%= category_badge(t.category) %>
</div>
<% end %>
<br/>
<a href="<%= path "/top" %>" class="btn"><%= t 'page_not_found.see_more' %>&hellip;</a>
<% unless SiteSetting.login_required? && current_user.nil? %>
<div class="row page-not-found-topics">
<div class="span8 popular-topics">
<h2 class="popular-topics-title"><%= t 'page_not_found.popular_topics' %></h2>
<% @top_viewed.each do |t| %>
<div class='not-found-topic'>
<%= link_to t.title, t.relative_url %><%= category_badge(t.category) %>
</div>
<% end %>
<br/>
<a href="<%= path "/top" %>" class="btn"><%= t 'page_not_found.see_more' %>&hellip;</a>
</div>
<div class="span8 recent-topics">
<h2 class="recent-topics-title"><%= t 'page_not_found.recent_topics' %></h2>
<% @recent.each do |t| %>
<div class='not-found-topic'>
<%= link_to t.title, t.relative_url %><%= category_badge(t.category) %>
</div>
<% end %>
<br/>
<a href="<%= path "/latest" %>" class="btn"><%= t 'page_not_found.see_more' %>&hellip;</a>
</div>
</div>
<div class="span8 recent-topics">
<h2 class="recent-topics-title"><%= t 'page_not_found.recent_topics' %></h2>
<% @recent.each do |t| %>
<div class='not-found-topic'>
<%= link_to t.title, t.relative_url %><%= category_badge(t.category) %>
</div>
<% end %>
<br/>
<a href="<%= path "/latest" %>" class="btn"><%= t 'page_not_found.see_more' %>&hellip;</a>
</div>
</div>
<% end %>
<%- unless @hide_google %>
<div class="row">