Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
Loïc Guitaut e871865a61 FIX: Sanitize parameters provided to user actions 
Currently, providing things like `filter[%24acunetix]=1` to
`UserActionsController#index` will throw an exception because instead of
getting a string as expected, we get a hash instead.

This patch simply uses `#permit` from strong parameters properly: first
we apply it on the whole parameters, this way it filters the keys we’re
interested in. By doing this, if the value is a hash for example, the
whole key/value pair will be ignored completely.
 		2022-02-23 15:46:40 +01:00
..
fabricators FEATURE: adds the user_promoted event to webhooks (#15996) 2022-02-22 10:57:18 +01:00
fixtures FEATURE: Onebox for news.ycombinator.com (#15781) 2022-02-03 13:39:21 -03:00
helpers DEV: add native lazy loading for emojis (#15830) 2022-02-09 12:18:59 +01:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration DEV: Improve handling of invalid requests (#15841) 2022-02-07 13:16:57 +00:00
integrity DEV: adds initial support for custom blocks using code fencing (#15743) 2022-02-09 11:23:44 +01:00
jobs FEATURE: New plugin API to check if upload is used (#15545) 2022-02-16 09:00:30 +02:00
lib FIX: Don't warn on empty .discourse-compatibility (#16032) 2022-02-23 09:44:37 +01:00
mailers DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
models PERF: perform all cached counting in background (#15991) 2022-02-22 16:45:25 +00:00
multisite FEATURE: Apply rate limits per user instead of IP for trusted users (#14706) 2021-11-17 23:27:30 +03:00
requests FIX: Sanitize parameters provided to user actions 2022-02-23 15:46:40 +01:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers FEATURE: Add external_id to topics (#15825) 2022-02-08 20:55:32 -07:00
services DEV: Improve ArgumenError raised in PostOwnerChanger. (#15907) 2022-02-16 12:52:20 +11:00
support FEATURE: Centralized 2FA page (#15377) 2022-02-17 12:12:59 +03:00
tasks DEV: Clean up old bookmark code (#15455) 2022-01-05 10:02:02 +10:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb PERF: perform all cached counting in background (#15991) 2022-02-22 16:45:25 +00:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00