Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/fabricators
History
Alan Guo Xiang Tan 101ec21bc9
SECURITY: Restrict display of topic titles associated with user badges (#18768) 
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
 		2022-10-27 11:26:14 +08:00
..
allowed_pm_users.rb
api_key_fabricator.rb
associated_group_fabricator.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
badge_fabricator.rb
bookmark_fabricator.rb FEATURE: Promote polymorphic bookmarks to default and migrate (#16729) 2022-05-23 10:07:15 +10:00
category_fabricator.rb DEV: Fix `fabricator` deprecations (#17658) 2022-07-26 01:47:09 +02:00
category_group_fabricator.rb
color_scheme_color_fabricator.rb
color_scheme_fabricator.rb
dimissed_topic_user.rb
do_not_disturb_fabricator.rb
email_change_request_fabricator.rb
email_log_fabricator.rb
email_token_fabricator.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
embeddable_host_fabricator.rb
external_upload_stub_fabricator.rb DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
flag_fabricator.rb
group_fabricator.rb DEV: Add SMTP group ID to EmailLog (#13381) 2021-06-15 11:29:46 +10:00
group_history_fabricator.rb
group_request_fabricator.rb
group_user_fabricator.rb
ignored_user_fabricator.rb
incoming_email_fabricator.rb DEV: Correctly tag heredocs (#16061) 2022-02-28 20:50:55 +01:00
incoming_link_fabricator.rb
invite_fabricator.rb
invited_user_fabricator.rb
like_fabricator.rb
muted_user.rb
notification_fabricator.rb
optimized_image_fabricator.rb
permalink_fabricator.rb
post_action_fabricator.rb
post_custom_field_fabricator.rb
post_detail_fabricator.rb
post_fabricator.rb DEV: Add group messages and group_message_summary notifications in the messages tab in the user menu (#18390) 2022-09-30 08:44:04 +03:00
post_reply_key_fabricator.rb
post_revision_fabricator.rb
published_page_fabricator.rb
reviewable_claimed_topic_fabricator.rb
reviewable_fabricator.rb FEATURE: Notify responders of post removal (#15049) 2021-11-24 09:28:20 -06:00
reviewable_score_fabricator.rb FEATURE: Notify responders of post removal (#15049) 2021-11-24 09:28:20 -06:00
screened_email_fabricator.rb
screened_ip_address_fabricator.rb
screened_url_fabricator.rb
search_log_fabricator.rb
shared_draft_fabricator.rb
sidebar_section_link_fabricator.rb FEATURE: Decouple category/tag presence in sidebar from notifi level (#17273) 2022-06-30 14:54:20 +08:00
single_sign_on_record_fabricator.rb
skipped_email_log_fabricator.rb
tag_fabricator.rb
tag_group_fabricator.rb
tag_group_permission_fabricator.rb SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:26:56 +08:00
theme_fabricator.rb
theme_field_fabricator.rb
topic_allowed_group_fabricator.rb
topic_allowed_user_fabricator.rb
topic_embed_fabricator.rb
topic_fabricator.rb FIX: Update user stat counts when post/topic visibility changes. (#15883) 2022-02-11 09:00:58 +08:00
topic_tag_fabricator.rb
topic_timer_fabricator.rb
topic_user_fabricator.rb FIX: Issues with incorrect unread and private message topic tracking state (#16474) 2022-04-19 11:37:01 +10:00
upload_fabricator.rb UX: Use dominant color as image loading placeholder (#18248) 2022-09-20 10:28:17 +01:00
user_action_fabricator.rb DEV: Remove PostAction/UserAction bookmark refs (#16681) 2022-05-10 10:42:18 +10:00
user_api_key_fabricator.rb
user_avatar_fabricator.rb
user_badge_fabricator.rb SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
user_email_fabricator.rb
user_fabricator.rb DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
user_field_fabricator.rb
user_field_option_fabricator.rb.rb FIX: Validate value of custom dropdown user fields - dropdowns and multiple selects (#13890) 2021-07-30 13:50:47 -04:00
user_history_fabricator.rb FIX: respect user timezone in emails about silencing and suspending (#16918) 2022-05-27 13:58:54 +04:00
user_option_fabricator.rb
user_profile_fabricator.rb
user_second_factor_fabricator.rb
user_security_key_fabricator.rb
user_status_fabricator.rb FEATURE: user status (#16875) 2022-05-27 13:15:14 +04:00
watched_word_fabricator.rb
web_crawler_request_fabricator.rb
web_hook_fabricator.rb FEATURE: adds the user_promoted event to webhooks (#15996) 2022-02-22 10:57:18 +01:00