Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
Alan Guo Xiang Tan 101ec21bc9
SECURITY: Restrict display of topic titles associated with user badges (#18768) 
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
 		2022-10-27 11:26:14 +08:00
..
fabricators SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
fixtures A11Y: Set role=presentation if alt attr is missing (#18546) 2022-10-12 14:07:37 +03:00
helpers FIX: Add theme-color `<meta>` tag when a dark scheme is selected (#18747) 2022-10-26 07:18:05 +03:00
import_export DEV: Add a rake task to export/import translation overrides (#18487) 2022-10-05 15:22:16 -04:00
initializers Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
integration DEV: Remove usages of enable_personal_messages (#18437) 2022-10-05 10:50:20 +10:00
integrity DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
jobs FEATURE: Add dark mode option for category logos (#18460) 2022-10-07 11:00:44 -04:00
lib DEV: Introduce TopicGuardian#can_see_topic_ids method (#18692) 2022-10-27 06:13:21 +08:00
mailers DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
models DEV: Sidebar default tags and categories are determined at user creation (#18620) 2022-10-27 06:38:50 +08:00
multisite DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
requests SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
script/import_scripts DEV: Remove remaining hardcoded ids (#18735) 2022-10-25 15:29:09 +08:00
serializers SECURITY: Restrict display of topic titles associated with user badges (#18768) 2022-10-27 11:26:14 +08:00
services DEV: Sidebar default tags and categories are determined at user creation (#18620) 2022-10-27 06:38:50 +08:00
support DEV: Introduce TopicGuardian#can_see_topic_ids method (#18692) 2022-10-27 06:13:21 +08:00
system DEV: Minimal first pass of rails system test setup (#16311) 2022-09-28 11:48:16 +10:00
tasks DEV: Fix flaky uploads:disable_secure_uploads spec (#18719) 2022-10-25 09:01:15 +10:00
views Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
rails_helper.rb FEATURE: Generic hashtag autocomplete part 1 (#18592) 2022-10-19 14:03:57 +10:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Update rubocop (#18754) 2022-10-26 09:05:15 +08:00