Commit Graph

25 Commits

Author SHA1 Message Date
Daniel Waterworth 8cade1e825
SECURITY: Prevent large staff actions causing DoS
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:24:04 +08:00
David Taylor 5a003715d3
DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
Kane York 7bf199b0c4 DEV: Switch to new ExportUserArchive job
We now use the newly created job class from the previous commit.
2020-08-28 11:46:53 -07:00
Dan Ungureanu 3a7ca97c36
FIX: Use include-subcategories filter in report export (#10007)
Some filters were renamed and the conversion of the filter names and arguments
was removed.
2020-06-10 18:57:39 +03:00
Arpit Jalan 49c124a12e fix the build. 2019-12-24 15:56:44 +05:30
Arpit Jalan 2c0574010a FIX: better error message when forum is in read-only mode 2019-12-24 15:49:27 +05:30
Osama Sayegh f14c6d81f4
FEATURE: Watched words improvements (#7899)
This commit contains 3 features:

- FEATURE: Allow downloading watched words
This introduces a button that allows admins to download watched words per action in a `.txt` file.

- FEATURE: Allow clearing watched words in bulk
This adds a "Clear All" button that clears all deleted words per action (e.g. block, flag etc.)

- FEATURE: List all blocked words contained in the post when it's blocked
When a post is rejected because it contains one or more blocked words, the error message now lists all the blocked words contained in the post.

-------

This also changes the format of the file for importing watched words from `.csv` to `.txt` so it becomes inconsistent with the extension of the file when watched words are exported.
2019-07-22 14:59:56 +03:00
Sam Saffron 30990006a9 DEV: enable frozen string literal on all files
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Vinoth Kannan 9281b72308 FEATURE: Log entity export in staff logs 2018-09-19 03:16:45 +05:30
Guo Xiang Tan ad5082d969 Make rubocop happy again. 2018-06-07 13:28:18 +08:00
Arpit Jalan 91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Arpit Jalan 469c6776c6 FIX: exporting admin dashboard reports were broken
http://eileencodes.com/posts/actioncontroller-parameters-now-returns-an-object-instead-of-a-hash/
2017-10-02 19:30:23 +05:30
Guo Xiang Tan 77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Robin Ward 908433a7a0 SECURITY: Validate the `entity` when downloading a CSV 2017-05-19 16:00:51 -04:00
Arpit Jalan 05288144b5 FIX: export user list based on trust level filter 2016-03-07 18:49:31 +05:30
Arpit Jalan eec8436cfe FEATURE: filter admin reports via user group 2016-02-04 11:23:49 +05:30
Neil Lalonde b4a724e80a FEATURE: export dashboard reports to csv file 2015-09-15 16:45:10 -04:00
Arpit Jalan 74141cc475 FIX: send 404 error when unauthorized user tries to download user archive 2015-06-08 11:32:31 +05:30
Sam e5888cf090 PERF: avoid preloading json in cases where it is not needed
(uploads / avatars / non GET requests)
2015-05-20 17:12:16 +10:00
Arpit Jalan c619aed8f9 💄 add username and date-time in exported file name 2015-01-16 01:39:46 +05:30
Arpit Jalan bfe95966b4 better filenames for export 2015-01-02 15:30:50 +05:30
Arpit Jalan 78537aad39 FIX: rate limit user posts export 2014-12-31 00:54:23 +05:30
Arpit Jalan 68e66f3a25 Rename CsvExportLog to UserExport 2014-12-28 22:31:12 +05:30
Arpit Jalan 7c7474aa10 create a new table to maintain csv export log 2014-12-24 16:25:36 +05:30
Arpit Jalan bb152a5b3f FEATURE: download user posts archive 2014-12-24 15:13:48 +05:30