Discource-C/discourse
1
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-06 03:18:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
Robin Ward 1d38040579 SECURITY: SQL injection with default categories 
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:41:51 -04:00
..
components
Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
2019-07-10 11:38:51 -03:00
fabricators
DEV: Class that converts MD with old attachment links to new MD.
2019-06-04 15:54:25 +08:00
fixtures
FIX: Use correct locale when translating without cache
2019-06-05 14:19:56 +02:00
helpers
FIX: ensures emoji helper is working with custom emojis (#7843)
2019-07-03 09:23:40 +02:00
import_export
DEV: Prefabrication (test optimization) (#7414)
2019-05-07 13:12:20 +10:00
integration
DEV: change testing cache clearing so it is more deliberate
2019-06-03 10:21:38 +10:00
integrity
PERF: Use Oj for serializing JSON. (#7820)
2019-06-28 12:16:00 +10:00
jobs
Correct typo in spec name
2019-07-04 11:37:37 +02:00
lib
SECURITY: SQL injection with default categories
2019-07-11 13:41:51 -04:00
mailers
SECURITY: Strip HTML from invite emails
2019-07-05 14:57:11 -04:00
models
SECURITY: SQL injection with default categories
2019-07-11 13:41:51 -04:00
multisite
FIX: multisite upload urls must have either db name or the word 'short-url'.
2019-06-25 01:19:58 +05:30
requests
Revert "FEATURE: admin/user exports are compressed using the zip format (#7784)"
2019-07-10 11:38:51 -03:00
serializers
FIX: Broken spec
2019-06-10 11:50:48 -04:00
services
FEATURE: Add "Group owners" to posting options for groups
2019-07-08 17:14:11 -04:00
support
FIX: don't bump topics when hidden tags are added or removed
2019-05-06 14:52:18 -04:00
tasks
FEATURE: option to skip posts with ignored missing uploads
2019-05-09 05:11:15 +05:30
views/omniauth_callbacks
DEV: use #frozen_string_literal: true on all spec
2019-04-30 10:27:42 +10:00
rails_helper.rb
DEV: security restriction in dev mode broke tests
2019-06-03 11:33:56 +10:00