IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 09:26:54 -06:00
Code Issues Packages Projects Releases Wiki Activity
5e4c0e2caa
discourse/app/services
History
Roman Rizzi 5e4c0e2caa
FEATURE: Treat site settings as plain text and add a new HTML type. (#12618) 
To add an extra layer of security, we sanitize settings before shipping them to the client. We don't sanitize those that have the "html" type.

The CookedPostProcessor already uses Loofah for sanitization, so I chose to also use it for this. I added it to our gemfile since we installed it as a transitive dependency.
2021-04-07 12:51:19 -03:00
..
spam_rule FIX: use allowlist and blocklist terminology (#10209) 2020-07-27 10:23:54 +10:00
anonymous_shadow_creator.rb FIX: ensures shadow has last_posted_at before comparing to site setting (#10374) 2020-08-05 13:20:51 +02:00
badge_granter.rb FIX: Check for user presence before granting badge (#11745) 2021-01-18 15:12:38 -05:00
color_scheme_revisor.rb FEATURE: User selectable color schemes (#10544) 2020-08-28 10:36:52 -04:00
destroy_task.rb FIX: do not send rejection emails to auto-deleted reviewable users (#12160) 2021-02-22 18:37:47 +05:30
dismiss_topics.rb FIX: remove unnecessary OR from dismiss service (#12117) 2021-02-18 14:55:58 +11:00
email_style_updater.rb FEATURE: support SCSS in custom email style 2019-10-23 15:42:37 -04:00
group_action_logger.rb FEATURE - Moderators can create and manage groups (#10432) 2020-08-19 10:41:40 -04:00
group_mentions_updater.rb FIX: Mentions updater should work regardless of .notify 2020-02-18 16:02:26 -05:00
group_message.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
handle_chunk_upload.rb
heat_settings_updater.rb
inline_uploads.rb FEATURE: Parse images in email signatures (#10137) 2020-07-08 15:50:30 +10:00
notification_consolidator.rb DEV: handle all notification consolidations in new 'NotificationConsolidator' class. 2019-12-05 14:36:06 +05:30
notification_emailer.rb DEV: Replace 'processed' column on notifications with new table (#11864) 2021-01-27 10:29:24 -06:00
post_action_notifier.rb FIX: ensures we don't attempt to concat an empty list (#10600) 2020-09-04 19:08:07 +02:00
post_alerter.rb FIX: Prevent UniqueViolation exceptions when syncing group mentions (#12543) 2021-03-29 12:43:24 -05:00
post_owner_changer.rb FIX: Unlike own posts on ownership transfer (#10446) 2020-08-19 09:21:02 -06:00
push_notification_pusher.rb FIX: Delete invalid web push subscriptions (#12447) 2021-03-19 14:24:03 +01:00
random_topic_selector.rb FIX: Use Discourse.system_user when we need a placeholder admin (#9781) 2020-06-24 15:51:30 +10:00
search_indexer.rb FIX: Make HTML scrubber work with deep HTML (#12619) 2021-04-07 17:02:00 +10:00
site_settings_task.rb FEATURE: Treat site settings as plain text and add a new HTML type. (#12618) 2021-04-07 12:51:19 -03:00
staff_action_logger.rb UX: Add image uploader widget for uploading badge images (#12377) 2021-03-17 08:55:23 +03:00
themes_install_task.rb FIX: rake themes:install error if theme cannot be updated (#12605) 2021-04-05 14:52:50 -07:00
topic_status_updater.rb FIX: Auto close topic from category settings based on topic created_at (#12082) 2021-02-17 07:51:39 +10:00
topic_timestamp_changer.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
tracked_topics_updater.rb
trust_level_granter.rb
user_action_manager.rb
user_activator.rb FEATURE: Allow using invites when DiscourseConnect SSO is enabled (#12419) 2021-03-19 10:20:10 +10:00
user_anonymizer.rb FIX: Destroy associated user api keys when making a user anonymous. (#11760) 2021-01-25 11:07:22 -03:00
user_authenticator.rb FEATURE: Allow invites redemption with Omniauth providers. 2021-03-09 09:27:18 +08:00
user_destroyer.rb FIX: log warning when context is missing when a user is destroyed (#12182) 2021-02-23 16:47:54 +05:30
user_merger.rb FEATURE: Treat site settings as plain text and add a new HTML type. (#12618) 2021-04-07 12:51:19 -03:00
user_notification_renderer.rb FIX: during concurrent emails generation renderer should not be reused 2019-10-10 08:50:48 +11:00
user_notification_schedule_processor.rb FEATURE: Create notification schedule to automatically set do not disturb time (#11665) 2021-01-20 10:31:52 -06:00
user_silencer.rb FIX: Skip sending PM email for user silence (#12240) 2021-03-02 09:18:09 +10:00
user_updater.rb FEATURE: Rename 'Discourse SSO' to DiscourseConnect (#11978) 2021-02-08 10:04:33 +00:00
username_changer.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
username_checker_service.rb
wildcard_domain_checker.rb SECURITY: vulnerability in WildcardUrlChecker 2019-12-13 09:29:09 -05:00
wildcard_url_checker.rb FIX: Allow any protocol in wildcard url checker (#8651) 2020-01-02 16:03:13 +00:00
word_watcher.rb FEATURE: Autotag watched words (#12244) 2021-03-03 10:53:38 +02:00