osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
be519d2aec
osr-discourse-src/app
History
Alan Guo Xiang Tan 0f7b9878ff SECURITY: Category group permissions leaked to normal users. 
After this commit, category group permissions can only be seen by users
that are allowed to manage a category. In the past, we inadvertently
included a category's group permissions settings in `CategoriesController#show`
and `CategoriesController#find_by_slug` endpoints for normal users when
those settings are only a concern to users that can manage a category.
2022-04-08 13:46:20 +08:00
..
assets SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
controllers SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
helpers FIX: include crawler content on old mobile browsers (#16387) 2022-04-06 11:09:12 +01:00
jobs FIX: Do not attempt to pull_hotlinked_image for raw_html 2022-04-05 16:39:38 +08:00
mailers FEATURE: Allow sending group SMTP emails with from alias (#15687) 2022-02-07 13:52:01 +10:00
models FIX: Prevent duplicates in API scope allowed URLs 2022-04-07 02:09:11 +03:00
serializers SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
services FIX: Exclude automatic anchors from search index (#16396) 2022-04-06 16:06:45 -04:00
views UX: Make header/footer HTML consistent for crawler and noscript 2022-04-07 15:27:06 +01:00