osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
fe8bd92f71
osr-discourse-src/spec
History
Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories 
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
..
components Merge diffs from master 2019-06-17 20:07:19 -04:00
fabricators DEV: Class that converts MD with old attachment links to new MD. 2019-06-04 15:54:25 +08:00
fixtures FIX: Use correct locale when translating without cache 2019-06-05 14:19:56 +02:00
helpers replace subfolder on cdn url conversion between general cdn and s3 (#7764) 2019-06-17 11:51:17 -07:00
import_export DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
integration DEV: change testing cache clearing so it is more deliberate 2019-06-03 10:21:38 +10:00
integrity DEV: introduces coding style spec (#7615) 2019-05-27 23:38:17 +02:00
jobs FIX: Don't send notification email when user isn't allowed to see topic 2019-07-02 09:05:36 +10:00
lib SECURITY: SQL injection with default categories 2019-07-11 13:53:12 -04:00
mailers SECURITY: Strip HTML from invite emails 2019-07-05 14:58:46 -04:00
models SECURITY: SQL injection with default categories 2019-07-11 13:53:12 -04:00
multisite FEATURE: Support private attachments when using S3 storage (#7677) 2019-06-06 13:27:24 +10:00
requests SECURITY: Add confirmation screen when logging in via email link 2019-06-17 18:20:48 +01:00
serializers FIX: Broken spec 2019-06-10 11:50:48 -04:00
services DEV: Fix edge case for InlineUploads. 2019-06-14 13:48:03 +08:00
support FIX: don't bump topics when hidden tags are added or removed 2019-05-06 14:52:18 -04:00
tasks FEATURE: option to skip posts with ignored missing uploads 2019-05-09 05:11:15 +05:30
views/omniauth_callbacks DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
rails_helper.rb DEV: security restriction in dev mode broke tests 2019-06-03 11:33:56 +10:00