Guo Xiang Tan
|
5c2e194d01
|
SECURITY: Users can pick non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
|
2018-12-18 13:38:25 +08:00 |
|
Guo Xiang Tan
|
899caf35ba
|
Revert "SECURITY: User could non-avatar uploads."
This reverts commit 89581fa301.
|
2018-12-18 13:37:31 +08:00 |
|
Guo Xiang Tan
|
89581fa301
|
SECURITY: User could non-avatar uploads.
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
|
2018-12-18 13:35:33 +08:00 |
David Taylor
|
5e09398c5b
|
FIX: Do not serialize user fields unless they are specified for display (#6736)
|
2018-12-07 10:57:28 +00:00 |
|
David Taylor
|
e8f32dd3ba
|
DEV: Fix extremely rare test failure
If this was the first test to run, the Fabricate(:user) would be given
the same ID as the Fabricate.build(:user, id: 1). This works around it.
|
2018-12-06 13:32:56 +00:00 |
Robin Ward
|
a566ed42ae
|
FEATURE: Option to disable user presence and profile
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
|
2018-10-10 17:34:33 -04:00 |
Sam
|
df45e82377
|
SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
|
2018-09-19 22:33:10 -07:00 |