osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
21c11c2bb2
osr-discourse-src/lib/site_settings
History
Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories 
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
..
db_provider.rb FIX: site settings loading default values when no db 2019-06-14 14:21:07 +10:00
defaults_provider.rb FEATURE: English locale with international date formats 2019-05-20 13:47:20 +02:00
deprecated_settings.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
local_process_provider.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
type_supervisor.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
validations.rb SECURITY: SQL injection with default categories 2019-07-11 13:53:12 -04:00
yaml_loader.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00