Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec
History
Martin Brennan e8efdd60d4
FIX: Tweak upload security emoji check (#8981) 
Further on from my earlier PR #8973 also reject upload as secure if its origin URL contains images/emoji. We still check Emoji.all first to try and be canonical.

This may be a little heavy handed (e.g. if an external URL followed this same path it would be a false positive), but there are a lot of emoji aliases where the actual Emoji url is something, but you can have another image that should not be secure that that thing is an alias for. For example slight_smile.png does not show up in Emoji.all BUT slightly_smiling_face does, and it aliases slight_smile e.g. /images/emoji/twitter/slight_smile.png?v=9 and /images/emoji/twitter/slightly_smiling_face.png?v=9 are equivalent.
 		2020-02-17 15:11:15 +10:00
..
components FIX: tag topic counts wrong after adding synonyms 2020-02-14 12:15:29 -05:00
fabricators FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954) 2020-02-13 16:26:02 +10:00
fixtures FEATURE: Add small action post to indicate forwarded email 2020-02-12 16:23:17 +01:00
helpers DEV: Add DEBUG_PRELOADED_APP_DATA to log pre-loaded JSON in development (#8873) 2020-02-06 13:14:33 +10:00
import_export FIX: Import sub-sub-categories (#8810) 2020-01-30 18:46:33 +02:00
integration UX: Include public groups in mentionable groups set (#8516) 2019-12-12 13:13:40 +02:00
integrity DEV: Update markdown-it from 8.4.1 to 10.0.0 (#8164) 2019-10-08 13:00:22 +02:00
jobs FEATURE: Send suspect users to the review queue (#8811) 2020-01-29 15:38:27 -03:00
lib DEV: Upgrade Ember to version 3.12.2 (#8753) 2020-02-05 14:51:00 +01:00
mailers Fix test another way 2020-02-11 17:07:18 -05:00
models FIX: Tweak upload security emoji check (#8981) 2020-02-17 15:11:15 +10:00
multisite FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547) 2019-12-18 11:21:57 +05:30
requests FIX: If a group is unmentionable, don't render it as mentionable 2020-02-14 12:29:56 -05:00
serializers FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954) 2020-02-13 16:26:02 +10:00
services FIX: when unread reply notification exists don't create new (#8921) 2020-02-14 16:41:42 +11:00
support FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 2020-01-29 10:11:38 +10:00
tasks FIX: Improvements and fixes for update_upload_acl rake task (#8980) 2020-02-17 14:21:43 +10:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00