Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/config
History
Daniel Waterworth 8cade1e825
SECURITY: Prevent large staff actions causing DoS 
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
 		2024-03-15 14:24:04 +08:00
..
cloud/cloud66 DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
environments DEV: Make `discourse_narrative_bot` use Rails autoload (#26044) 2024-03-06 11:14:53 +08:00
initializers DEV: Fix connections timeout in system test (#25835) 2024-02-23 16:03:46 +08:00
locales SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
application.rb FEATURE: Add experimental option for strict-dynamic CSP (#25664) 2024-02-16 11:16:54 +00:00
boot.rb PERF: Stop running bootsnap in development mode on all environments (#25737) 2024-02-19 11:33:52 +08:00
cdn.yml.sample
database.yml DEV: Fix checkout time not properly enabled on CI (#25621) 2024-02-09 06:02:42 +08:00
deploy.rb.sample
dev_defaults.yml DEV: Convert `admin-incoming-email` modal to component-based API (#22701) 2023-07-20 16:31:20 -05:00
discourse.config.sample
discourse.pill.sample
discourse_defaults.conf DEV: Increase default SMTP read timeout to 30s (#25763) 2024-02-21 07:13:18 +10:00
environment.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
logrotate.conf
multisite.yml.production-sample
nginx.global.conf
nginx.sample.conf FEATURE: Add support for AVIF images (#21680) 2023-05-24 16:13:36 -03:00
projections.json
puma.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
routes.rb DEV: Single admin plugin page for consistent admin plugin UX (#26024) 2024-03-13 13:15:12 +10:00
sidekiq.yml
site_settings.yml SECURITY: Add rate limits for uploads 2024-03-15 14:24:00 +08:00
spring.rb DEV: Apply syntax_tree formatting to `config/*` 2023-01-09 11:13:29 +00:00
thin.yml.sample
unicorn.conf.rb DEV: Fix various rubocop lints (#24749) 2023-12-06 23:25:00 +01:00
unicorn_launcher
unicorn_upstart.conf