IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 18:30:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
8cade1e825
discourse/app
History
Daniel Waterworth 8cade1e825
SECURITY: Prevent large staff actions causing DoS 
This commit operates at three levels of abstraction:

 1. We want to prevent user history rows from being unbounded in size.
    This commit adds rails validations to limit the sizes of columns on
    user_histories,

 2. However, we don't want to prevent certain actions from being
    completed if these columns are too long. In those cases, we truncate
    the values that are given and store the truncated versions,

 3. For endpoints that perform staff actions, we can further control
    what is permitted by explicitly validating the params that are given
    before attempting the action,
2024-03-15 14:24:04 +08:00
..
assets DEV: Support description for properties in objects schema (#26172) 2024-03-15 07:47:42 +08:00
controllers SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
helpers PERF: omit HTML view from sessions by logged on users. (#26170) 2024-03-14 15:48:29 +11:00
jobs DEV: Rename problem check jobs to avoid namespace clashes (#26073) 2024-03-07 12:26:58 +08:00
mailers FIX: Add higher read & open timeouts for group SMTP emails (#24593) 2023-11-28 15:32:59 +10:00
models SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
serializers DEV: Support description for properties in objects schema (#26172) 2024-03-15 07:47:42 +08:00
services SECURITY: Prevent large staff actions causing DoS 2024-03-15 14:24:04 +08:00
views DEV: update theme-qunit to work with strict-dynamic CSP (#26053) 2024-03-06 13:01:23 +00:00