f31f0b70f8
Currently `Topic#pm_topic_count` is a count of all personal messages tagged for a given tag. As a result, any user with access to PM tags can poll a sensitive tag to determine if a new personal message has been created using that tag even if the user does not have access to the personal message. We classify this as a minor leak in sensitive information. With this commit, `Topic#pm_topic_count` is hidden from users by default unless the `display_personal_messages_tag_counts` site setting is enabled. |
||
|---|---|---|
| .. | ||
| badge-test.js | ||
| bookmark-test.js | ||
| category-test.js | ||
| composer-test.js | ||
| email-log-test.js | ||
| group-test.js | ||
| invite-test.js | ||
| nav-item-test.js | ||
| pending-post-test.js | ||
| post-stream-test.js | ||
| post-test.js | ||
| private-message-topic-tracking-state-test.js | ||
| report-test.js | ||
| rest-model-test.js | ||
| result-set-test.js | ||
| session-test.js | ||
| site-test.js | ||
| staff-action-log-test.js | ||
| tag-test.js | ||
| theme-test.js | ||
| topic-details-test.js | ||
| topic-test.js | ||
| topic-tracking-state-test.js | ||
| user-action-test.js | ||
| user-badge-test.js | ||
| user-drafts-test.js | ||
| user-stream-test.js | ||
| user-test.js | ||
| wizard-field-test.js | ||