discourse/app/controllers
Alan Guo Xiang Tan f31f0b70f8
SECURITY: Hide PM count for tags by default (#20061)
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-01-31 12:08:23 +08:00
..
admin DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
users DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
about_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
application_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
associated_groups_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
badges_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
bookmarks_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
bootstrap_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
categories_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
clicks_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
composer_controller.rb DEV: Remove elder from codebase and also update 'regular' to 'member' (#20065) 2023-01-31 01:41:25 +08:00
composer_messages_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
csp_reports_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
directory_columns_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
directory_items_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
do_not_disturb_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
drafts_controller.rb SECURITY: Limit the length of drafts (#19989) 2023-01-25 13:50:21 +02:00
edit_directory_columns_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
email_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
embed_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
exceptions_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
export_csv_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
extra_locales_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
finish_installation_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
forums_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
groups_controller.rb FEATURE: Allow group owners promote more owners (#19768) 2023-01-11 16:43:18 +08:00
hashtags_controller.rb FEATURE: Allow showing hashtag autocomplete results without term (#19219) 2022-12-08 13:47:59 +10:00
highlight_js_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
inline_onebox_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
invites_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
list_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
metadata_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
new_topic_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
notifications_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
offline_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
onebox_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
permalinks_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
post_action_users_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
post_actions_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
post_readers_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
posts_controller.rb FEATURE: Allow admins to permanently delete revisions (#19913) 2023-01-19 15:09:01 -06:00
presence_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
published_pages_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
push_notification_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
qunit_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
reviewable_claimed_topics_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
reviewables_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
robots_txt_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
safe_mode_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
search_controller.rb FEATURE: rate limit anon searches per second (#19708) 2023-01-27 10:05:27 -08:00
session_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
similar_topics_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
site_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
sitemap_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
slugs_controller.rb FEATURE: Allow changing slug on create channel (#19928) 2023-01-23 14:48:33 +10:00
static_controller.rb DEV: Allow accessing sourcemaps on `/brotli_asset` path (#19894) 2023-01-17 12:49:42 +00:00
steps_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
stylesheets_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
svg_sprite_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
tag_groups_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
tags_controller.rb SECURITY: Hide PM count for tags by default (#20061) 2023-01-31 12:08:23 +08:00
theme_javascripts_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
topics_controller.rb FIX: Ensure soft-deleted topics can be deleted (#19802) 2023-01-27 16:15:33 +02:00
uploads_controller.rb DEV: Fix random typos (#19973) 2023-01-24 15:41:01 +01:00
user_actions_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
user_api_keys_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
user_avatars_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
user_badges_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
user_status_controller.rb FEATURE: User Status API (#19149) 2022-11-24 19:16:28 +04:00
users_controller.rb DEV: Prefer \A and \z over ^ and $ in regexes (#19936) 2023-01-20 12:52:49 -06:00
users_email_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00
webhooks_controller.rb FEATURE: Verify email webhook signatures (#19690) 2023-01-16 19:16:17 +02:00
wizard_controller.rb DEV: Apply syntax_tree formatting to `app/*` 2023-01-09 14:14:59 +00:00