discourse/app/controllers
Loïc Guitaut e871865a61 FIX: Sanitize parameters provided to user actions
Currently, providing things like `filter[%24acunetix]=1` to
`UserActionsController#index` will throw an exception because instead of
getting a string as expected, we get a hash instead.

This patch simply uses `#permit` from strong parameters properly: first
we apply it on the whole parameters, this way it filters the keys we’re
interested in. By doing this, if the value is a hash for example, the
whole key/value pair will be ignored completely.
2022-02-23 15:46:40 +01:00
..
admin FEATURE: Centralized 2FA page (#15377) 2022-02-17 12:12:59 +03:00
users FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
about_controller.rb Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse"" 2020-05-23 00:56:13 -04:00
application_controller.rb FEATURE: Centralized 2FA page (#15377) 2022-02-17 12:12:59 +03:00
associated_groups_controller.rb FEATURE: Experimental support for group membership via google auth (#14835) 2021-12-09 12:30:27 +00:00
badges_controller.rb UX: Add image uploader widget for uploading badge images (#12377) 2021-03-17 08:55:23 +03:00
bookmarks_controller.rb FEATURE: Topic-level bookmarks (#14353) 2021-09-21 08:45:47 +10:00
bootstrap_controller.rb DEV: Support for running theme test with Ember CLI (third attempt) 2022-01-13 16:02:07 -05:00
categories_controller.rb FEATURE: mute subcategory when parent category is muted (#15966) 2022-02-17 00:42:02 +01:00
clicks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
csp_reports_controller.rb DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337) 2020-04-02 11:16:38 -04:00
directory_columns_controller.rb DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
directory_items_controller.rb FIX: unable to filter user directory when sorted by user field. (#15951) 2022-02-16 07:57:35 +05:30
do_not_disturb_controller.rb DEV: Replace 'processed' column on notifications with new table (#11864) 2021-01-27 10:29:24 -06:00
drafts_controller.rb DEV: do not return no_result_help from the server (#15220) 2021-12-08 21:46:54 +04:00
edit_directory_columns_controller.rb FIX: Always serialize the correct attributes for DirectoryItems (#13510) 2021-06-23 14:55:17 -05:00
email_controller.rb FIX: set mailing_list_mode to false when unsubscribing from all (#10354) 2020-08-03 16:59:54 +10:00
embed_controller.rb UX: display correct replies count in embedded comments view. (#14175) 2021-08-30 10:37:53 +05:30
exceptions_controller.rb FEATURE: Add site setting to show more detailed 404 errors. (#8014) 2019-10-08 14:15:08 +03:00
export_csv_controller.rb DEV: Switch to new ExportUserArchive job 2020-08-28 11:46:53 -07:00
extra_locales_controller.rb Replace `base_uri` with `base_path` (#10879) 2020-10-09 12:51:24 +01:00
finish_installation_controller.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
forums_controller.rb DEV: Avoid `$` globals (#15453) 2022-01-08 23:39:46 +01:00
groups_controller.rb FIX: Sort group owners and members together (#15708) 2022-02-09 11:43:58 +02:00
hashtags_controller.rb DEV: Merge category and tag hashtags code paths (#10216) 2020-07-13 19:13:17 +03:00
highlight_js_controller.rb DEV: apply allow origin response header for CDN requests. (#11893) 2021-01-29 07:44:49 +05:30
inline_onebox_controller.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
invites_controller.rb FEATURE: Show error if invite to topic is invalid (#15959) 2022-02-16 18:35:02 +02:00
list_controller.rb PERF: Revert all inboxes from messages route. (#14445) 2021-09-28 11:58:04 +08:00
metadata_controller.rb FIX: Remove svg icons from webmanifest shortcuts (#15765) 2022-02-01 15:26:58 -03:00
notifications_controller.rb REFACTOR: Improve support for consolidating notifications. (#14904) 2021-11-30 13:36:14 -03:00
offline_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
onebox_controller.rb DEV: Add more debugging context to onebox generation 2020-10-22 12:50:22 +08:00
permalinks_controller.rb FIX: Check for permalinks before showing the 404 page 2020-03-23 16:31:07 -07:00
post_action_users_controller.rb FEATURE: Allow category group moderators to delete topics (#11069) 2020-11-05 12:18:26 -05:00
post_actions_controller.rb FEATURE: Admins can flag posts so they can review them later. (#12311) 2021-03-11 08:21:24 -03:00
post_readers_controller.rb DEV: '= true' is not necessary 2019-12-03 11:32:45 -03:00
posts_controller.rb FIX: Clear drafts only when post is created by real user (#15720) 2022-02-09 10:37:38 +02:00
presence_controller.rb UX: Make PresenceChannel changes more responsive (#14733) 2021-10-26 21:15:20 +01:00
published_pages_controller.rb FIX: Do not enable published page if secure media enabled (#11131) 2020-11-06 10:33:19 +10:00
push_notification_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
qunit_controller.rb DEV: Make Ember CLI assets the default in production (#15861) 2022-02-08 10:03:53 +00:00
reviewable_claimed_topics_controller.rb FEATURE: Allow group moderators to close/archive topics 2020-07-14 12:36:19 -04:00
reviewables_controller.rb FEATURE: Show stale reviewable to other clients (#13114) 2021-05-26 09:47:35 +10:00
robots_txt_controller.rb FEATURE: Replace `Crawl-delay` directive with proper rate limiting (#15131) 2021-11-30 12:55:25 +03:00
safe_mode_controller.rb FEATURE: Always disable customizations on the `/safe-mode` route (#9052) 2020-02-28 10:53:11 +00:00
search_controller.rb FIX: global setting needs to be coerced to float (#11162) 2020-11-09 16:46:52 +11:00
session_controller.rb DEV: pull email address validation out to a new EmailAddressValidator 2022-02-17 21:49:22 -05:00
similar_topics_controller.rb PERF: Avoid parsing `Post#cooked` with Nokogiri for every search. 2020-07-24 10:43:09 +08:00
site_controller.rb DEV: Include `login_required` attribute in basic info endpoint (#14064) 2021-08-17 14:05:51 -04:00
static_controller.rb DEV: Correct service-worker sourceMappingURL (#15916) 2022-02-14 12:47:56 +00:00
steps_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheets_controller.rb DEV: Fix stylesheet manager flaky spec (#13846) 2021-07-26 14:22:54 +10:00
svg_sprite_controller.rb FIX: Use absolute URL when redirecting SVG sprite path. 2021-06-30 11:25:05 +08:00
tag_groups_controller.rb FIX: Allow finding non-lowercase tag groups (#12787) 2021-04-21 19:15:53 +02:00
tags_controller.rb FEATURE: ability to add description to tags (#15125) 2021-12-01 09:18:56 +11:00
theme_javascripts_controller.rb FEATURE: Allow theme tests to be run in production (take 2) (#12845) 2021-04-28 23:12:08 +03:00
topics_controller.rb FIX: Don't advance draft sequence when editing topic title (#16002) 2022-02-23 10:39:54 +03:00
uploads_controller.rb DEV: Extract shared external upload routes into controller helper (#14984) 2021-11-18 09:17:23 +10:00
user_actions_controller.rb FIX: Sanitize parameters provided to user actions 2022-02-23 15:46:40 +01:00
user_api_keys_controller.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
user_avatars_controller.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
user_badges_controller.rb FIX: simplify and improve choosing favorite badges (#13743) 2021-07-16 11:13:00 +08:00
users_controller.rb DEV: pull email address validation out to a new EmailAddressValidator 2022-02-17 21:49:22 -05:00
users_email_controller.rb DEV: Hash tokens stored from email_tokens (#14493) 2021-11-25 09:34:39 +02:00
webhooks_controller.rb DEV: Add bounce_error_code to EmailLog (#15948) 2022-02-15 14:17:26 +10:00
wizard_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00