Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/models
History
Alan Guo Xiang Tan 3e331b1725
DEV: Set a bytesize limit for `ThemeSetting#json_value` (#25761) 
Why this change?

Firstly, note that this is not a security commit because this feature is
still in development and should not be used anywhere.

The reason we want to set a limit here is to greatly reduce the
possibility of a DoS attack in the future via `ThemeSetting` where
someone would set an arbituary large json string in
`ThemeSetting#json_value` and causing the server to run out of resources
trying to serialize/deserialize the value.

What does this change do?

Adds an ActiveRecord validation to ensure that the bytesize of the json
string being stored is smaller than or equal to 0.5mb. We believe 0.5mb
is a decent limit for now but we can review the limit in the future if
we believe it is too small.
 		2024-02-21 08:09:37 +08:00
..
about_spec.rb DEV: Ability to collect stats without exposing them via API (#23933) 2023-11-10 00:44:05 +04:00
admin_dashboard_data_spec.rb FEATURE: remove category badge style options, set bullet style as default (#24198) 2023-11-13 10:46:15 -05:00
api_key_scope_spec.rb FIX: Logs api scope not working (#25215) 2024-01-10 19:30:10 -07:00
api_key_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
application_request_spec.rb
associated_group_spec.rb
badge_grouping_spec.rb
badge_spec.rb
badge_type_spec.rb
bookmark_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
category_featured_topic_spec.rb DEV: Convert min_trust_to_create_topic to groups (#24740) 2023-12-13 14:50:13 +11:00
category_group_spec.rb
category_list_spec.rb DEV: Make lazy_load_categories setting use groups (#25282) 2024-01-17 20:26:51 +02:00
category_setting_spec.rb
category_spec.rb DEV: Async category search for sidebar modal (#25686) 2024-02-20 11:24:30 -06:00
category_tag_stat_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
category_user_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
child_theme_spec.rb
color_scheme_color_spec.rb
color_scheme_spec.rb
developer_spec.rb
digest_email_site_setting_spec.rb
directory_item_spec.rb
discourse_connect_spec.rb
do_not_disturb_timing_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
draft_sequence_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
draft_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
email_change_request_spec.rb
email_log_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
email_token_spec.rb
embeddable_host_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
emoji_spec.rb DEV: Fix various spec linting issues (#24672) 2023-12-04 13:45:19 +01:00
form_template_spec.rb
given_daily_like_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
global_setting_spec.rb
group_archived_message_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
group_associated_group_spec.rb
group_history_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
group_request_spec.rb
group_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
group_user_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
incoming_link_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
incoming_links_report_spec.rb FIX: Respect date range in top traffic sources report (#25599) 2024-02-08 11:17:59 -05:00
invite_redeemer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
invite_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
javascript_cache_spec.rb
locale_site_setting_spec.rb
mailing_list_mode_site_setting_spec.rb
notification_spec.rb FEATURE: Site setting to display user avatars in user menu (#24514) 2023-12-07 11:30:44 -06:00
optimized_image_spec.rb
permalink_spec.rb FEATURE: Permalinks for users (#25552) 2024-02-05 17:31:31 +01:00
plugin_store_spec.rb
post_action_spec.rb FEATURE: Add new 'illegal' flag reason (#25498) 2024-02-07 10:12:22 +08:00
post_action_type_spec.rb
post_analyzer_spec.rb
post_detail_spec.rb
post_mover_spec.rb DEV: Convert min_trust_level_to_tag_topics to groups (#25273) 2024-01-26 13:25:03 +08:00
post_reply_key_spec.rb
post_reply_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
post_revision_spec.rb
post_spec.rb DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
post_stripper_spec.rb FIX: user got notified about a mention inside a chat message quote (#24229) 2023-11-08 23:13:25 +04:00
post_timing_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
private_message_topic_tracking_state_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
published_page_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
quoted_post_spec.rb
remote_theme_spec.rb DEV: Refactor `Theme#settings` to return a hash instead of array (#25516) 2024-02-01 10:26:56 +08:00
report_spec.rb DEV: Convert min_trust_to_flag_posts setting to groups (#24864) 2023-12-13 17:18:42 +08:00
reviewable_claimed_topic_spec.rb
reviewable_flagged_post_spec.rb FIX: Allow the flags to be cleaned up (#25085) 2024-01-02 18:32:50 +08:00
reviewable_history_spec.rb DEV: Convert min_trust_to_flag_posts setting to groups (#24864) 2023-12-13 17:18:42 +08:00
reviewable_post_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
reviewable_queued_post_spec.rb DEV: Convert min_trust_level_to_tag_topics to groups (#25273) 2024-01-26 13:25:03 +08:00
reviewable_score_spec.rb DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
reviewable_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
reviewable_user_spec.rb DEV: reviewable_user spec should assert on delete_user_block instead of delete_user (#24692) 2023-12-04 12:44:32 -03:00
s3_region_site_setting_spec.rb
screened_email_spec.rb
screened_ip_address_spec.rb
screened_url_spec.rb
search_log_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
sidebar_section_link_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
sidebar_section_spec.rb FEATURE: Initial admin sidebar navigation (#24789) 2023-12-18 11:48:25 +10:00
sidebar_url_spec.rb
site_setting_spec.rb DEV: Add auto map from TL -> group site settings in DeprecatedSettings (#24959) 2023-12-26 14:39:18 +08:00
site_spec.rb FIX: Preload parent categories for sidebar (#25726) 2024-02-16 16:39:18 +02:00
sitemap_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
skipped_email_log_spec.rb
stylesheet_cache_spec.rb
tag_group_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
tag_spec.rb DEV: Convert min_trust_level_to_tag_topics to groups (#25273) 2024-01-26 13:25:03 +08:00
tag_user_spec.rb DEV: Convert min_trust_level_to_tag_topics to groups (#25273) 2024-01-26 13:25:03 +08:00
theme_field_spec.rb DEV: Centralise logic for validating a theme setting value (#25764) 2024-02-21 08:08:26 +08:00
theme_modifier_set_spec.rb
theme_setting_spec.rb DEV: Set a bytesize limit for `ThemeSetting#json_value` (#25761) 2024-02-21 08:09:37 +08:00
theme_settings_migration_spec.rb FEATURE: Theme settings migrations (#24071) 2023-11-02 08:10:15 +03:00
theme_spec.rb FIX: Update themes javascript cache after running themes migrations (#25562) 2024-02-05 14:35:11 +08:00
theme_svg_sprite_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
top_menu_item_spec.rb
top_topic_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_allowed_user_spec.rb
topic_converter_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_embed_spec.rb DEV: Convert min_trust_level_to_tag_topics to groups (#25273) 2024-01-26 13:25:03 +08:00
topic_featured_users_spec.rb
topic_group_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_hot_scores_spec.rb FIX: hot not adding recently bumped topics (#25619) 2024-02-09 07:45:47 +11:00
topic_invite_spec.rb
topic_link_click_spec.rb DEV: Convert min_trust_to_post_links to groups (#25298) 2024-01-18 14:08:40 +08:00
topic_link_spec.rb FEATURE: support silent internal links (#25472) 2024-01-30 17:03:58 +11:00
topic_list_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_participant_groups_summary_spec.rb
topic_participants_summary_spec.rb
topic_posters_summary_spec.rb
topic_spec.rb FIX: quoted private topic url respects subfolder install (#25643) 2024-02-13 13:20:24 +08:00
topic_tag_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_thumbnail_spec.rb
topic_timer_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
topic_tracking_state_spec.rb DEV: Convert min_trust_level_to_tag_topics to groups (#25273) 2024-01-26 13:25:03 +08:00
topic_user_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
topic_view_item_spec.rb
translation_override_spec.rb
trust_level3_requirements_spec.rb DEV: Remove full group refreshes from tests (#25414) 2024-01-25 14:28:26 +08:00
trust_level_and_staff_setting_spec.rb
trust_level_setting_spec.rb DEV: Skip flaky specs (#25111) 2024-01-03 12:32:26 +01:00
unsubscribe_key_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
upload_reference_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
upload_spec.rb FIX: Change max_image_megapixels logic (#25625) 2024-02-12 09:56:43 +10:00
user_action_spec.rb DEV: Add a plugin modifier for user_action_stream_builder (#25691) 2024-02-16 10:24:39 +10:00
user_api_key_spec.rb
user_archived_message_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_associated_group_spec.rb
user_auth_token_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_avatar_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_badge_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_bookmark_list_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_email_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_export_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_field_spec.rb
user_history_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_notification_schedule_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_option_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_profile_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_profile_view_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_search_spec.rb DEV: Move min_trust_to_post_embedded_media to group setting (#25238) 2024-01-25 09:50:59 +10:00
user_second_factor_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_security_key_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_spec.rb DEV: add site setting to disable watched word checking in user fields (#25411) 2024-01-29 12:44:32 -05:00
user_stat_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_status_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
user_summary_spec.rb
user_visit_spec.rb DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
username_validator_spec.rb
watched_word_spec.rb
web_crawler_request_spec.rb
web_hook_event_spec.rb
web_hook_spec.rb DEV: Convert min_trust_to_create_topic to groups (#24740) 2023-12-13 14:50:13 +11:00