osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
adf5e1ca97
osr-discourse-src/spec
History
Alan Guo Xiang Tan adf5e1ca97
SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18769) 
Before this commit, we did not have guardian checks in place to determine if a
topic's title associated with a user badge should be displayed or not.
This means that the topic title of topics with restricted access
could be leaked to anon and users without access if certain conditions
are met. While we will not specify the conditions required, we have internally
assessed that the odds of meeting such conditions are low.

With this commit, we will now apply a guardian check to ensure that the
current user is able to see a topic before the topic's title is included
in the serialized object of a `UserBadge`.
2022-10-27 11:47:53 +08:00
..
fabricators SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18769) 2022-10-27 11:47:53 +08:00
fixtures FEATURE: Add support for case-sensitive Watched Words (#17445) 2022-08-02 10:06:03 +02:00
helpers DEV: output sitelinks search tag on homepage only (#16157) 2022-09-23 15:05:53 +08:00
import_export DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
initializers Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
integration DEV: Use AR enums in reviewables related code 2022-09-22 14:44:27 +02:00
integrity DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
jobs DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
lib DEV: Introduce TopicGuardian#can_see_topic_ids method (#18692) (#18766) 2022-10-27 07:46:38 +08:00
mailers DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
models DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
multisite DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
requests SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18769) 2022-10-27 11:47:53 +08:00
script/import_scripts DEV: Use proper wording for contexts in specs 2022-08-04 11:05:02 +02:00
serializers SECURITY: Restrict display of topic titles associated with user badges (#18768) (#18769) 2022-10-27 11:47:53 +08:00
services FEATURE: Introduce personal_message_enabled_groups setting (#18042) 2022-09-26 13:58:40 +10:00
support DEV: Introduce TopicGuardian#can_see_topic_ids method (#18692) (#18766) 2022-10-27 07:46:38 +08:00
system DEV: Minimal first pass of rails system test setup (#16311) 2022-09-28 11:48:16 +10:00
tasks DEV: Rename secure_media to secure_uploads (#18376) 2022-09-29 09:24:33 +10:00
views Add RSpec 4 compatibility (#17652) 2022-07-28 10:27:38 +08:00
rails_helper.rb DEV: Minimal first pass of rails system test setup (#16311) 2022-09-28 11:48:16 +10:00
regenerate_swagger_docs DEV: Add API docs for uploads and API doc watcher (#15387) 2021-12-23 08:40:15 +10:00
swagger_helper.rb DEV: Fix openapi definition logo URL (#17038) 2022-06-08 13:10:20 +01:00