discourse

History

Daniel Waterworth 8cade1e825 SECURITY: Prevent large staff actions causing DoS This commit operates at three levels of abstraction: 1. We want to prevent user history rows from being unbounded in size. This commit adds rails validations to limit the sizes of columns on user_histories, 2. However, we don't want to prevent certain actions from being completed if these columns are too long. In those cases, we truncate the values that are given and store the truncated versions, 3. For endpoints that perform staff actions, we can further control what is permitted by explicitly validating the params that are given before attempting the action,		2024-03-15 14:24:04 +08:00
..
admin_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
api_controller_spec.rb	DEV: Add API scopes for post revisions (#26183 )	2024-03-14 15:24:54 -06:00
backups_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
badges_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
color_schemes_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
dashboard_controller_spec.rb	FEATURE: call hub API to update Discourse discover enrollment. (#25634 )	2024-02-23 11:42:28 +05:30
email_controller_spec.rb	FEAT: add cc addresses and post_id to sent email logs (#25014 )	2024-01-03 09:27:25 +08:00
email_styles_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
email_templates_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
embeddable_hosts_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
embedding_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
emojis_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
form_templates_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
groups_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
impersonate_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
permalinks_controller_spec.rb	FEATURE: Permalinks for users (#25552 )	2024-02-05 17:31:31 +01:00
plugins_controller_spec.rb	DEV: Single admin plugin page for consistent admin plugin UX (#26024 )	2024-03-13 13:15:12 +10:00
reports_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
robots_txt_controller_spec.rb	FIX: Show true content of robots.txt after restoring to default (#24980 )	2023-12-20 23:00:37 +03:00
screened_emails_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
screened_ip_addresses_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
screened_urls_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
search_logs_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
site_settings_controller_spec.rb	FIX: Ensure file size restriction types are ints (#24947 )	2023-12-18 09:22:50 -07:00
site_texts_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
staff_action_logs_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
themes_controller_spec.rb	DEV: Allow typed objects theme settings to be saved via settings editor (#26100 )	2024-03-11 08:42:12 +08:00
user_fields_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
users_controller_spec.rb	SECURITY: Prevent large staff actions causing DoS	2024-03-15 14:24:04 +08:00
versions_controller_spec.rb	FEATURE: call hub API to update Discourse discover enrollment. (#25634 )	2024-02-23 11:42:28 +05:30
watched_words_controller_spec.rb	DEV: Allow fab! without block (#24314 )	2023-11-09 16:47:59 -06:00
web_hooks_controller_spec.rb	FIX: Remove duplicate spec example (#24846 )	2023-12-12 13:48:23 +01:00