Commit Graph

8 Commits

Author SHA1 Message Date
Neil Lalonde 74f1c553e3 FIX: 1868 Security: Dangerous Send 2014-01-27 13:05:51 -05:00
Régis Hanol 8d73b7f94d BUGFIX: hide sensitive site settings 2014-01-06 13:03:53 +01:00
Neil Lalonde 1d030666d8 Log site setting changes and show in admin 2013-08-19 16:58:38 -04:00
Neil Lalonde 82b5f57e40 Make it possible to set a site setting to empty string 2013-06-11 14:31:38 -04:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Sam a2cca2540e some minimal site settings diags
fix issue where days_visited was totally out of sync
2013-04-05 17:47:54 +11:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00