osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
42d2cb2d4e
osr-discourse-src/app/assets/javascripts
History
Alan Guo Xiang Tan 42d2cb2d4e
SECURITY: Hide PM count for tags by default (#20061) (#20090) 
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information.

With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled.
2023-02-01 06:43:58 +08:00
..
admin SECURITY: Convert send_digest to a post request (#19746) 2023-01-05 06:57:12 +08:00
bootstrap-json FIX: Preload user sidebar attrs when ?enable_sidebar=1 (#19843) 2023-01-25 13:48:49 +02:00
confirm-new-email DEV: Update linting setup and fix issues (#17345) 2022-07-06 10:37:54 +02:00
dialog-holder DEV: Update json5, remove an unused lockfile (#19732) 2023-01-04 23:15:49 +01:00
discourse SECURITY: Hide PM count for tags by default (#20061) (#20090) 2023-02-01 06:43:58 +08:00
discourse-common Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
discourse-ensure-deprecation-order DEV: Silence 3.x deprecations 2022-07-19 10:00:59 +01:00
discourse-hbr Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
discourse-plugins Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
discourse-widget-hbs Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
docs DEV: enforces eslint’s curly rule to the codebase (#10720) 2020-09-22 16:28:28 +02:00
ember-addons DEV: Remove ember-addons (#9559) 2020-04-28 10:14:49 -04:00
ember-cli-progress-ci DEV: Add progress output in CI during ember-cli build (#17977) 2022-08-17 22:39:52 +01:00
locales FEATURE: Add Croatian language (#17130) 2022-06-18 00:18:22 +02:00
pretty-text Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
select-kit Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
truth-helpers Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
wizard Build(deps): Bump @babel/core in /app/assets/javascripts (#19723) 2023-01-04 22:50:20 +01:00
.licensee.json DEV: Have licensee check xmldom license (#18840) 2022-11-02 11:51:11 -04:00
.npmrc DEV: Prevent npm usage (#13945) 2021-08-04 22:04:58 +02:00
discourse-js-processor.js DEV: Introduce minification and source maps for Theme JS (#18646) 2022-10-18 18:20:10 +01:00
handlebars-shim.js FIX: It seems sometimes shims are evaluated by older JS engines (#11813) 2021-01-22 10:41:01 -05:00
package.json DEV: Make dialog-holder a monorepo package (#19051) 2022-11-16 16:43:45 +01:00
polyfills.js DEV: Add polyfill for String.prototype.replaceAll (#16301) 2022-03-28 17:18:56 +01:00
service-worker.js.erb FEATURE: Replyable chat push notifications (#18973) 2022-11-11 12:30:21 -03:00
yarn.lock Build(deps): Bump jsdom from 20.0.3 to 21.0.0 in /app/assets/javascripts (#19786) 2023-01-08 23:41:14 +01:00