IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 18:30:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
79ce7085c2
discourse/app/controllers
History
Robin Ward 79ce7085c2 SECURITY: Ensure the invite JSON API matches the UX 
Anonymous users could query the invite json and see counts and
summaries which is not allowed in the UX of Discourse.

This commit has those endpoints return a 403 unless the user is
allowed to invite.
2020-03-05 09:23:21 -05:00
..
admin Remove invite_admin route. 2020-03-05 06:45:08 +05:30
users SECURITY: 2FA with U2F / TOTP 2020-01-15 11:27:12 +01:00
about_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
application_controller.rb FEATURE: unconditionally skip indexing on search controller 2020-02-28 09:21:31 +11:00
badges_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
bookmarks_controller.rb FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954) 2020-02-13 16:26:02 +10:00
categories_controller.rb UX: Introduce automatic 'categories topics' setting (#8804) 2020-01-29 20:30:48 +02:00
category_hashtags_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
clicks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
composer_messages_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
csp_reports_controller.rb allow CSP reports to be sent when header isn't set by Discourse (#6594) 2018-11-14 16:23:29 -05:00
directory_items_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
draft_controller.rb FIX: Confirm draft_key is present on GET 2020-02-14 11:06:12 -05:00
drafts_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
email_controller.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
embed_controller.rb FEATURE: Create New Topic button on embed with params (#8280) 2019-11-01 14:19:10 -05:00
exceptions_controller.rb FEATURE: Add site setting to show more detailed 404 errors. (#8014) 2019-10-08 14:15:08 +03:00
export_csv_controller.rb fix the build. 2019-12-24 15:56:44 +05:30
extra_locales_controller.rb FIX: Better error handling for invalid locale bundle versions 2019-11-11 22:30:32 +01:00
finish_installation_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
forums_controller.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
groups_controller.rb FIX: groups pagination was broken 2020-01-16 23:57:34 +01:00
highlight_js_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
inline_onebox_controller.rb FIX: Make inline oneboxes work with secured topics in secured contexts (#8895) 2020-02-12 12:11:28 +02:00
invites_controller.rb FEATURE: Add timezone to core user_options (#8380) 2019-11-25 10:49:27 +10:00
list_controller.rb FIX: Make category slug validation less strict (#8915) 2020-02-11 17:01:12 +02:00
metadata_controller.rb FEATURE: Ensure we always fill the short_name in the web manifest 2020-02-04 14:16:00 -03:00
notifications_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
offline_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
onebox_controller.rb FIX: Cache failed onebox URL request server-side (#8421) 2019-11-28 07:48:29 +10:00
permalinks_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_action_users_controller.rb UX: pluralize "likes/read this" 2019-12-13 22:18:28 +01:00
post_actions_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_readers_controller.rb DEV: '= true' is not necessary 2019-12-03 11:32:45 -03:00
posts_controller.rb FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954) 2020-02-13 16:26:02 +10:00
push_notification_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
qunit_controller.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable_claimed_topics_controller.rb FIX: Make reviewable claiming work with deleted topics (#9040) 2020-02-25 15:49:23 +02:00
reviewables_controller.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
robots_txt_controller.rb FEATURE: Allow customization of robots.txt (#7884) 2019-07-15 20:47:44 +03:00
safe_mode_controller.rb FEATURE: Always disable customizations on the /safe-mode route (#9052) 2020-02-28 10:53:11 +00:00
search_controller.rb FEATURE: unconditionally skip indexing on search controller 2020-02-28 09:21:31 +11:00
session_controller.rb FIX: Handle SSO Provider Parse exception 2020-02-12 16:08:04 -07:00
similar_topics_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
site_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
static_controller.rb FEATURE: add short site description on login page title 2019-10-14 11:40:09 +05:30
steps_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheets_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
svg_sprite_controller.rb UX: introduces icon-picker component for badges (#8844) 2020-02-05 00:41:10 +01:00
tag_groups_controller.rb DEV: Tag group improvements (#8252) 2019-10-30 16:57:13 +01:00
tags_controller.rb FIX: Make category slug validation less strict (#8915) 2020-02-11 17:01:12 +02:00
theme_javascripts_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
themes_controller.rb Fix string literal when switching theme in dev env 2019-05-13 10:25:51 -04:00
topics_controller.rb FEATURE: Improving bookmarks part 2 -- Topic Bookmarking (#8954) 2020-02-13 16:26:02 +10:00
uploads_controller.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
user_actions_controller.rb FEATURE: Quick access panels in user menu (#8073) 2019-09-09 11:03:57 -04:00
user_api_keys_controller.rb SECURITY: Correct permission check when revoking user API keys 2019-12-17 10:56:16 +00:00
user_avatars_controller.rb FIX: Return blank avatar when downloading an avatar is not possible due to file size 2019-10-22 12:05:36 -03:00
user_badges_controller.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
users_controller.rb SECURITY: Ensure the invite JSON API matches the UX 2020-03-05 09:23:21 -05:00
users_email_controller.rb FIX: When admin changes another user's email auto-confirm the change (#9001) 2020-02-20 09:52:21 +10:00
webhooks_controller.rb DEV: Apply rubocop (#8926) 2020-02-11 16:21:03 +00:00
wizard_controller.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00