4ea21fa2d0
DEV: use #frozen_string_literal: true on all spec
...
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.
Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
5c2e194d01
SECURITY: Users can pick non-avatar uploads.
...
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:38:25 +08:00
899caf35ba
Revert "SECURITY: User could non-avatar uploads."
...
This reverts commit 89581fa301
2018-12-18 13:37:31 +08:00
89581fa301
SECURITY: User could non-avatar uploads.
...
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:35:33 +08:00
5e09398c5b
FIX: Do not serialize user fields unless they are specified for display ( #6736 )
2018-12-07 10:57:28 +00:00
e8f32dd3ba
DEV: Fix extremely rare test failure
...
If this was the first test to run, the Fabricate(:user) would be given
the same ID as the Fabricate.build(:user, id: 1). This works around it.
2018-12-06 13:32:56 +00:00
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
828bfd9d27
Add specs for c74c933996.
2018-04-17 10:08:39 +08:00
Sam Saffron
Guo Xiang Tan
David Taylor
Robin Ward