fe8bd92f71
This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists. |
||
|---|---|---|
| .. | ||
| backup_restore | ||
| content_security_policy | ||
| i18n | ||
| seed_data | ||
| site_settings | ||
| browser_detection_spec.rb | ||
| content_security_policy_spec.rb | ||
| db_helper_spec.rb | ||
| encodings_spec.rb | ||
| introduction_updater_spec.rb | ||
| mini_sql_multisite_connection_spec.rb | ||
| search_spec.rb | ||
| theme_javascript_compiler_spec.rb | ||
| upload_creator_spec.rb | ||
| upload_recovery_spec.rb | ||