osr-discourse-src

Archived

This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.

History

Robin Ward 8c890fa64a SECURITY: SQL injection with default categories This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists.	2019-07-11 13:52:59 -04:00
..
validations_spec.rb	SECURITY: SQL injection with default categories	2019-07-11 13:52:59 -04:00

Robin Ward 8c890fa64a SECURITY: SQL injection with default categories

This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.

2019-07-11 13:52:59 -04:00

validations_spec.rb

SECURITY: SQL injection with default categories

2019-07-11 13:52:59 -04:00