osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
6192189fd2
osr-discourse-src/lib
History
Osama Sayegh 70fa67a9e1
FIX: Don't leak unhashed user API keys to redis (#14682) 
User API keys (not the same thing as admin API keys) are currently
leaked to redis when rate limits are applied to them since redis is the
backend for rate limits in Discourse and the API keys are included in
the redis keys that are used to track usage of user API keys in the last
24 hours.

This commit stops the leak by using a SHA-256 representation of the user
API key instead of the key itself to form the redis key.

We don't need to manually delete the existing redis keys that contain
unhashed user API keys because they're not long-lived and will be
automatically deleted within 48 hours after this commit is deployed to
your Discourse instance.
2021-10-21 19:43:26 +03:00
..
auth FIX: Don't leak unhashed user API keys to redis (#14682) 2021-10-21 19:43:26 +03:00
autospec DEV: Move chrome binary check into a shared lib (#13451) 2021-06-21 13:28:48 +10:00
backup_restore FEATURE: Attach backup log as upload (#13849) 2021-08-03 20:06:50 +03:00
common_passwords
compression
content_security_policy FIX: Set CSP base-uri to self (#13654) 2021-07-07 09:43:48 -04:00
demon DEV: IMAP debugging improvements (#11784) 2021-01-21 11:37:47 +10:00
discourse_dev DEV: only use the records that are auto populated by the task. (#14360) 2021-09-17 09:47:32 +05:30
email FIX: Remove List-Post email header (#14554) 2021-10-11 20:57:42 +03:00
emoji DEV: replaces huge generated emoji list by a simpler regex (#11053) 2021-04-22 08:43:06 +02:00
faker DEV: move discourse_dev gem to the core. (#13360) 2021-06-14 20:34:44 +05:30
file_store DEV: Remove warnings on console (#14608) 2021-10-14 23:17:47 +02:00
freedom_patches FIX: Ensure id sequences are not reset during db:migrate (#14184) 2021-08-30 12:31:22 +01:00
generators/rails DEV: removes plugin generator (#14101) 2021-08-20 11:29:06 +02:00
guardian FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
highlight_js
i18n DEV: Update i18n:check rake task to detect invalid Markdown links (#13728) 2021-07-14 13:26:12 +02:00
imap FEATURE: Improve group email settings UI (#13083) 2021-05-28 09:28:18 +10:00
import
import_export
javascripts DEV: Allow transformed values to be used in all widget hbs statements (#13331) 2021-06-08 16:46:07 +01:00
middleware FIX: Strip discourse-logged-in header during force_anonymous! (#14533) 2021-10-07 12:31:42 +01:00
migration DEV: Promote old post-deploy migrations to pre-deploy migrations (#13477) 2021-06-22 16:02:24 +01:00
onebox Update replit onebox to accept .com 2021-10-19 16:37:33 -04:00
plugin DEV: Mark discourse-category-experts official (#14655) 2021-10-19 19:04:54 -07:00
pretty_text DEV: replaces huge generated emoji list by a simpler regex (#11053) 2021-04-22 08:43:06 +02:00
rate_limiter FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
reviewable DEV: APIs for plugin to add custom reviewable confirm modal (#12246) 2021-03-02 10:28:27 -06:00
scheduler
search FIX: remove superfluous spaces from CJK blurbs (#12629) 2021-04-12 12:46:42 +10:00
seed_data FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
sidekiq
site_settings DEV: Remove HTML setting type and sanitization logic. (#14440) 2021-10-04 15:40:35 -03:00
stylesheet FIX: Order outputted theme stylesheets (#14133) 2021-08-25 09:37:07 +08:00
svg_sprite UX: Revamp quick search (#14499) 2021-10-06 11:42:52 -04:00
tasks FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
theme_store FIX: Remove whitespace from theme git versions (#12857) 2021-04-27 17:45:54 +01:00
topic_query FIX: Exclude PMs that user sent to themselves. (#14496) 2021-10-04 11:55:35 +08:00
turbo_tests DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
validators FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
webauthn
wizard FEATURE: Enable auto dark mode on new instances (#14208) 2021-09-02 14:55:38 -04:00
admin_confirmation.rb
admin_constraint.rb
admin_user_index_query.rb
age_words.rb
archetype.rb
auth.rb DEV: remove instagram login site settings and auth classes. (#11073) 2020-10-30 09:09:56 +05:30
backup_restore.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
badge_posts_view_manager.rb
badge_queries.rb FIX: Don't grant sharing badges to users who don't exist (#13851) 2021-07-27 16:32:59 +10:00
base62.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
bookmark_manager.rb FEATURE: Topic-level bookmarks (#14353) 2021-09-21 08:45:47 +10:00
bookmark_query.rb FEATURE: Go to last unread for topic-level bookmark links (#14396) 2021-09-21 13:49:56 +10:00
bookmark_reminder_notification_handler.rb DEV: Ignore reminder_type for bookmarks (#14349) 2021-09-16 09:56:54 +10:00
browser_detection.rb
cache.rb FIX: ensures defined expired_in is passed from write to write_entry (#11622) 2021-01-04 10:34:44 +01:00
canonical_url.rb
category_badge.rb
chrome_installed_checker.rb DEV: Move chrome binary check into a shared lib (#13451) 2021-06-21 13:28:48 +10:00
comment_migration.rb
composer_messages_finder.rb FEATURE: Make allow_uploaded_avatars accept TL (#14091) 2021-08-24 10:46:28 +03:00
configurable_urls.rb Replace base_uri with base_path (#10879) 2020-10-09 12:51:24 +01:00
content_buffer.rb
content_security_policy.rb PERF: Eager load Theme associations in Stylesheet Manager. 2021-06-21 11:06:58 +08:00
cooked_post_processor.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
crawler_detection.rb FEATURE: Implement browser update in crawler view (#12448) 2021-03-22 19:41:42 +02:00
csrf_token_verifier.rb
current_user.rb
custom_renderer.rb
custom_setting_providers.rb
db_helper.rb DEV: Upgrade Rails to 6.1.3.1 (#12688) 2021-04-21 12:36:32 +03:00
directory_helper.rb
discourse_cookie_store.rb
discourse_dev.rb DEV: move discourse_dev gem to the core. (#13360) 2021-06-14 20:34:44 +05:30
discourse_diff.rb Escape values of HTML attributes 2021-08-10 10:25:15 -04:00
discourse_event.rb DEV: Plugin API to add directory columns (#13440) 2021-06-22 13:00:04 -05:00
discourse_hub.rb
discourse_ip_info.rb
discourse_js_processor.rb DEV: Add support for class properties in babel (#13189) 2021-05-27 16:13:14 -04:00
discourse_logstash_logger.rb
discourse_plugin_registry.rb DEV: Move settings to linkify to the serializer code. (#14553) 2021-10-07 12:41:57 -03:00
discourse_redis.rb DEV: Pass kwargs to the redis gem when calling methods/commands that we don't wrap (#14530) 2021-10-06 17:42:04 +03:00
discourse_tagging.rb FIX: Show required tags to staff by default and override limit (#13242) 2021-06-02 12:43:34 -04:00
discourse_updates.rb FIX: Fall back to hardcoded version when period check disabled (#12784) 2021-04-21 12:40:27 -04:00
discourse.rb FEATURE: add Unseen view (#13977) 2021-08-10 18:30:34 +04:00
disk_space.rb
distributed_cache.rb PERF: Defer setting of distributed cache in more spots. 2021-06-04 09:13:18 +08:00
distributed_memoizer.rb
distributed_mutex.rb
edit_rate_limiter.rb FEATURE: Increase daily edit limits proportionally to trust level (#13090) 2021-05-19 13:57:21 +04:00
email_backup_token.rb
email_cook.rb PERF: Avoid lookbehinds when replacing links in imported emails (#11931) 2021-02-02 17:34:00 +01:00
email_updater.rb FEATURE: add maximum limit for secondary emails (#12599) 2021-04-05 20:31:42 +05:30
email.rb FIX: Replace use of regular expression (#12838) 2021-04-27 08:48:51 +03:00
encodings.rb
enum_site_setting.rb
enum.rb
excerpt_parser.rb DEV: Remove dead code 2021-05-31 10:22:50 +08:00
feed_element_installer.rb
feed_item_accessor.rb
file_helper.rb DEV: Remove warnings on console (#14608) 2021-10-14 23:17:47 +02:00
filter_best_posts.rb
final_destination.rb FIX: Follow the canonical URL when importing a remote topic. (#14489) 2021-10-01 12:48:21 -03:00
flag_query.rb
flag_settings.rb
gaps.rb
global_path.rb
guardian.rb FIX: Allow staff to view pending/expired invites of other users (#14602) 2021-10-14 15:57:01 +01:00
has_errors.rb
hijack.rb DEV: Add more debugging context to onebox generation 2020-10-22 12:50:22 +08:00
homepage_constraint.rb
html_prettify.rb
html_to_markdown.rb FIX: Hoisting linebreaks shouldn't fail for HTML5 elements (#14364) 2021-09-17 10:41:34 +02:00
http_language_parser.rb
image_sizer.rb
import_export.rb
inline_oneboxer.rb FEATURE: check blocked_onebox_domains setting for inline oneboxes (#11944) 2021-02-03 21:45:22 +05:30
introduction_updater.rb
ip_addr.rb
js_locale_helper.rb DEV: move discourse_dev gem to the core. (#13360) 2021-06-14 20:34:44 +05:30
json_error.rb
letter_avatar.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
markdown_linker.rb
mem_info.rb
message_bus_diags.rb
method_profiler.rb DEV: Add output_sql_to_stderr! to MethodProfiler (#12445) 2021-03-19 17:48:30 +10:00
mini_sql_multisite_connection.rb DEV: upgrade mini_sql (#12465) 2021-03-24 08:48:04 +11:00
mobile_detection.rb
new_post_manager.rb SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00
new_post_result.rb
notification_levels.rb
onebox.rb DEV: Absorb onebox gem into core (#12979) 2021-05-26 15:11:35 +05:30
oneboxer.rb FEATURE: Onebox can match engines based on the content_type (#13876) 2021-07-30 13:36:30 -04:00
onpdiff.rb
pbkdf2.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
permalink_constraint.rb
pinned_check.rb
plain_text_to_markdown.rb
plugin_gem.rb FIX: ensure plugin's gems are in the gem path (#12727) 2021-04-16 10:21:39 +02:00
plugin_initialization_guard.rb
post_action_creator.rb FIX: Category group moderators can read flagged post meta_topics (#14014) 2021-08-11 18:11:22 -04:00
post_action_destroyer.rb FIX: Unlike own posts on ownership transfer (#10446) 2020-08-19 09:21:02 -06:00
post_action_result.rb
post_creator.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
post_destroyer.rb FEATURE: Allow admins to permanently delete posts and topics (#14406) 2021-10-13 12:53:23 +03:00
post_jobs_enqueuer.rb FIX: Do not send emails to mailing_list_mode subscribers for PMs (#14159) 2021-08-26 15:16:35 +10:00
post_locker.rb
post_merger.rb FEATURE: TL4 & category moderators can merge posts (#12843) 2021-04-27 18:24:27 +02:00
post_revisor.rb FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970) 2021-08-06 20:07:42 +04:00
presence_channel.rb DEV: Update discourse-presence plugin to use new PresenceChannel system (#14519) 2021-10-21 12:42:46 +01:00
pretty_text.rb FIX: Do not check for duplicate links in Onebox (#13345) 2021-06-18 18:55:24 +03:00
promotion.rb FIX: check if BasicBadge is enabled for TL1 welcome message (#13983) 2021-08-11 08:39:25 +10:00
quote_comparer.rb
rake_helpers.rb
rate_limiter.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
read_only_header.rb
retrieve_title.rb FIX: increase chunk size to fetch title tag correctly (#14144) 2021-09-03 13:15:58 +05:30
route_format.rb
route_matcher.rb REFACTOR: Introduce RouteMatcher class 2020-10-19 10:40:55 +01:00
rtl.rb
s3_helper.rb FIX: Make sure S3 object headers are preserved on copy (#14302) 2021-09-10 12:59:51 +10:00
s3_inventory.rb FIX: increase inventory lag for s3 to 2 days (#11606) 2020-12-30 16:05:42 +11:00
score_calculator.rb
screening_model.rb
search.rb UX: Revamp quick search (#14499) 2021-10-06 11:42:52 -04:00
secure_session.rb
shrink_uploaded_image.rb DEV: Improve script/downsize_uploads.rb (#13508) 2021-06-24 00:09:40 +02:00
single_sign_on_provider.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
single_sign_on.rb FIX: log proper error message when SSO nonce verification fails (#14077) 2021-08-18 18:44:12 +05:30
site_icon_manager.rb PERF: Defer setting of distributed cache in more spots. 2021-06-04 09:13:18 +08:00
site_setting_extension.rb DEV: Remove HTML setting type and sanitization logic. (#14440) 2021-10-04 15:40:35 -03:00
slug.rb FIX: Make category slugs lowercase (#11277) 2021-01-12 17:28:33 +02:00
socket_server.rb
spam_handler.rb
sql_builder.rb
staff_constraint.rb
staff_message_format.rb
suggested_topics_builder.rb
system_message.rb DEV: Add option to send system message to groups (#12256) 2021-03-02 18:51:50 +01:00
temporary_db.rb DEV: Add annotate rake tasks, and enforce via GitHub actions 2021-07-06 10:11:06 +01:00
temporary_redis.rb DEV: Introduce TemporaryRedis and unset DISCOURSE_* env vars in the themes:isolated_test rake task (#13401) 2021-06-23 07:38:43 +03:00
text_cleaner.rb FEATURE: Correctly convert topic title to uppercase and lowercase for Turkish default locale (#13115) 2021-05-24 18:13:30 +10:00
text_sentinel.rb DEV: Correct typos and spelling mistakes (#12812) 2021-05-21 11:43:47 +10:00
theme_javascript_compiler.rb FEATURE: Allow theme tests to be run in production (take 2) (#12845) 2021-04-28 23:12:08 +03:00
theme_modifier_helper.rb Code review comments. 2021-06-21 11:06:58 +08:00
theme_settings_manager.rb DEV: use upload id to save in theme setting instead of URL. (#14341) 2021-09-16 07:58:53 +05:30
theme_settings_parser.rb DEV: support json_schema in theme settings (#12294) 2021-03-10 20:15:04 -05:00
theme_translation_manager.rb
theme_translation_parser.rb
timeline_lookup.rb FIX: ensures timeline_lookup includes last tuple (#11829) 2021-01-25 11:30:59 +01:00
topic_creator.rb FEATURE: Disallow putting urls in the title for TL-0 users (#13947) 2021-08-05 13:38:39 +04:00
topic_list_responder.rb
topic_publisher.rb
topic_query_params.rb FIX: Build correct topic list filter (#11473) 2020-12-11 14:20:48 +02:00
topic_query.rb PERF: Use a subquery when excluding a tag from topic query. (#14577) 2021-10-13 09:20:56 +11:00
topic_retriever.rb FEATURE: Fallback to system users when creating new TopicEmbed (#12386) 2021-03-15 11:58:53 -03:00
topic_subtype.rb
topic_upload_security_manager.rb DEV: Add security_last_changed_at and security_last_changed_reason to uploads (#11860) 2021-01-29 09:03:44 +10:00
topic_view.rb DEV: Centralize logic for applying order to filtered posts. (#14634) 2021-10-19 10:37:46 +08:00
topics_bulk_action.rb FIX: Don't publish PM archive events to acting user. (#14291) 2021-09-10 09:20:50 +08:00
trust_level.rb FIX: Don't store translated trust level names in anonymous cache (#13224) 2021-06-01 22:11:48 +02:00
turbo_tests.rb
twitter_api.rb DEV: Update rubocop-discourse from 2.3.2 to 2.4.0 (#11079) 2020-10-30 15:04:29 +01:00
unicorn_logstash_patch.rb
unread.rb FEATURE: Add last visit indication to topic view page. (#13471) 2021-07-05 14:17:31 +08:00
upload_creator.rb FEATURE: Humanize file size error messages (#14398) 2021-09-22 07:59:45 +10:00
upload_fixer.rb
upload_markdown.rb
upload_recovery.rb FIX: Support Ruby 3 keyword arguments 2021-10-05 11:25:00 -04:00
upload_security.rb FIX: Do not mark badge image uploads as secure (#13193) 2021-05-28 12:35:52 +10:00
url_helper.rb FEATURE: revert disallowing putting URLs in titles for TL0 users (#13970) 2021-08-06 20:07:42 +04:00
user_lookup.rb REVERT "FIX: do not show private group flair on user avatars" (#13991) 2021-08-10 17:25:11 +05:30
user_name_suggester.rb FEATURE: stop using email as source for username and name suggestions for Single Sign On (#14541) 2021-10-12 17:25:54 +04:00
version.rb Version bump to v2.8.0.beta7 (#14667) 2021-10-20 17:29:41 -04:00
webauthn.rb
wizard.rb
zeitwerk_config.rb FIX: Better and more secure validation of periods for TopicQuery 2021-07-23 14:24:44 -04:00