Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-18 18:18:48 +08:00
Code Packages Activity Actions
discourse/app/controllers
History
Exact
Osama Sayegh 0a95cfcf2f
SECURITY: Authorization bypass in post revision endpoints via array id (#41014) 
Resolve the post before looking up its revisions so the access checks
always apply to the correct post.
2026-06-18 09:54:56 +03:00
..
admin FEATURE: Log in with a one-time email code (#40804) 2026-06-17 12:34:48 -07:00
users FEATURE: Prompt anonymous users to sign up after engagement clicks (#40256) 2026-05-26 09:30:38 +02:00
about_controller.rb
anonymous_actions_controller.rb FEATURE: Prompt anonymous users to sign up after engagement clicks (#40256) 2026-05-26 09:30:38 +02:00
application_controller.rb DEV: Rename EmberCli to EmberAssets (#40938) 2026-06-16 12:56:56 +02:00
associated_groups_controller.rb
badges_controller.rb FIX: Non-listable and disabled badges exposed via XHR JSON requests (#37869) 2026-02-17 16:17:01 +11:00
bookmarks_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
calendar_subscriptions_controller.rb FEATURE: Add calendar subscription URLs to user preferences (#38598) 2026-03-17 10:28:20 -03:00
categories_controller.rb FIX: Moderators can enable plugins when enable_category_type_setup SiteSetting is enabled (#40349) 2026-06-17 08:37:14 -05:00
clicks_controller.rb
composer_controller.rb FIX: Suppress composer mention warning for AI bot users (#39986) 2026-05-13 18:44:14 +02:00
composer_messages_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
dev_mode_controller.rb DEV: Add /dev-mode endpoint for MiniProfiler auth cookie (#37027) 2026-01-12 10:01:20 +08:00
directory_columns_controller.rb
directory_items_controller.rb PERF: Cache user directory responses for anon users (#40946) 2026-06-16 18:16:11 +01:00
do_not_disturb_controller.rb
drafts_controller.rb FIX: Drafts/reviewables API returned 404 when acting on own resource (#39449) 2026-05-26 09:29:20 +02:00
edit_directory_columns_controller.rb DEV: Enable Style/RedundantParentheses rubocop rule (#40095) 2026-05-19 15:48:09 +02:00
email_controller.rb FEATURE: implement RFC 8058 for email unsubscribe (#33392) 2025-07-01 11:01:13 +10:00
embed_controller.rb FIX: Add visibility check to Embed info (#40896) 2026-06-15 10:20:56 -05:00
emojis_controller.rb FEATURE: Locale-specific emoji search aliases (#39089) 2026-04-06 14:08:46 -03:00
exceptions_controller.rb
export_csv_controller.rb DEV: Enable Style/RedundantParentheses rubocop rule (#40095) 2026-05-19 15:48:09 +02:00
extra_locales_controller.rb DEV: Refactor locale bundle loading (#37114) 2026-01-16 11:45:14 +00:00
finish_installation_controller.rb DEV: Enable Style/RedundantBegin rubocop rule (#40096) 2026-05-19 18:44:54 +02:00
form_templates_controller.rb SECURITY: Scope form template endpoints to accessible categories 2026-05-19 00:26:04 +01:00
forums_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
groups_controller.rb FIX: Make group public_admission behaviour consistent (#40706) 2026-06-10 09:36:48 +01:00
hashtags_controller.rb
highlight_js_controller.rb
home_page_controller.rb DEV: Show login-required splash in root route (take 2) (#32629) 2025-05-14 11:25:43 -04:00
inline_onebox_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
invites_controller.rb FEATURE: Prompt anonymous users to sign up after engagement clicks (#40256) 2026-05-26 09:30:38 +02:00
list_controller.rb FIX: Filtered RSS feeds advertise the wrong self URL (#40252) 2026-05-25 18:21:16 -03:00
metadata_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
nested_topics_controller.rb DEV: route nested view through topic route (#40820) 2026-06-15 11:42:20 -05:00
new_invite_controller.rb
new_topic_controller.rb
notifications_controller.rb FIX: Hide badge notifications for disabled badges or when badges are disabled (#36987) 2026-01-07 15:28:43 +08:00
offline_controller.rb
onebox_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
permalinks_controller.rb SECURITY: prevent permalink redirects from leaking restricted slugs 2026-01-28 17:11:14 +00:00
post_action_users_controller.rb UX: Ignored users reactions/likes should not show up (#39672) 2026-05-11 15:32:29 -03:00
post_actions_controller.rb SECURITY: fix is_warning type coercion bypass in PostActionsController 2026-03-19 15:21:28 +00:00
post_localizations_controller.rb FIX: Also check if user can see post or topic prior to letting them localize it (#36749) 2025-12-18 02:12:58 +08:00
post_readers_controller.rb SECURITY: Missing post-level authorization allows whisper metadata disclosure 2026-03-31 15:12:45 +01:00
posts_controller.rb SECURITY: Authorization bypass in post revision endpoints via array id (#41014) 2026-06-18 09:54:56 +03:00
presence_controller.rb FIX: improve "read only" modes (#33521) 2025-07-10 09:08:00 +02:00
published_pages_controller.rb FIX: ensures only staff can check slugs (#37846) 2026-02-16 18:23:46 +01:00
push_notification_controller.rb
qunit_controller.rb DEV: Rename EmberCli to EmberAssets (#40938) 2026-06-16 12:56:56 +02:00
reviewable_claimed_topics_controller.rb DEV: Convert ReviewableClaimedTopicsController#destroy response from 403 to 404 (#38339) 2026-03-06 15:39:51 -06:00
reviewable_notes_controller.rb SECURITY: scope reviewable notes to user-visible reviewables 2026-02-26 12:22:54 +00:00
reviewables_controller.rb FIX: Drafts/reviewables API returned 404 when acting on own resource (#39449) 2026-05-26 09:29:20 +02:00
robots_txt_controller.rb DEV: Replace JS build system with Rolldown (#35963) 2026-05-29 11:11:55 +01:00
safe_mode_controller.rb
search_controller.rb FIX: exclude 't' shortcut from min length bypass (#37440) 2026-02-05 06:58:19 +11:00
session_controller.rb FEATURE: Log in with a one-time email code (#40804) 2026-06-17 12:34:48 -07:00
sidebar_sections_controller.rb FIX: raise 404 when sidebar section doesn't exist (#37675) 2026-02-10 15:47:49 +01:00
similar_topics_controller.rb FEATURE: First iteration of nested replies (#38888) 2026-04-16 08:06:44 -05:00
site_controller.rb
sitemap_controller.rb
slugs_controller.rb
static_controller.rb DEV: Move 4 upcoming changes to stable (#39066) 2026-04-07 10:05:49 +10:00
steps_controller.rb UX: One step wizard (#36082) 2025-11-25 13:35:32 -05:00
stylesheets_controller.rb DEV: Enable Style/RedundantBegin rubocop rule (#40096) 2026-05-19 18:44:54 +02:00
svg_sprite_controller.rb DEV: Enable Style/RedundantParentheses rubocop rule (#40095) 2026-05-19 15:48:09 +02:00
tag_groups_controller.rb FIX: Failed updates in tag group controller would be logged (#38333) 2026-03-06 17:11:12 -03:00
tag_localizations_controller.rb FEATURE: Introduce tag localizations with API, without UI yet (#36754) 2025-12-18 18:25:58 +08:00
tags_controller.rb FIX: Make tag search consistently honour category access (#39399) 2026-05-22 18:48:15 +02:00
test_requests_controller.rb
theme_javascripts_controller.rb DEV: Enable Rails/FilePath rubocop rule (#40097) 2026-05-19 19:07:54 +02:00
topic_localizations_controller.rb UX: Use inline title editor instead of composer when editing translation (#36847) 2025-12-24 00:56:36 +08:00
topic_view_stats_controller.rb
topics_controller.rb FIX: Drop flash-based referer fallback in topics#show (#40901) 2026-06-15 18:10:39 +01:00
uploads_controller.rb DEV: Enable Style/RedundantBegin rubocop rule (#40096) 2026-05-19 18:44:54 +02:00
user_actions_controller.rb SECURITY: Enforce Guardian checks in UserActionsController#show 2026-03-19 15:21:28 +00:00
user_api_key_clients_controller.rb FIX: Empty-scopes bypass allows untrusted client registration and downstream scope/redirect policy bypass (#37855) 2026-02-17 12:39:09 +11:00
user_api_keys_controller.rb FIX: Only allow OTPs to be generated from a browser session (#40964) 2026-06-17 18:07:32 +03:00
user_avatars_controller.rb DEV: Enable Style/RedundantBegin rubocop rule (#40096) 2026-05-19 18:44:54 +02:00
user_badges_controller.rb FIX: Wire up wrench post-menu actions in nested replies (#40138) 2026-05-19 13:13:39 -03:00
user_status_controller.rb
users_controller.rb DEV: CSRF Token Not Invalidated After Password Reset (#40998) 2026-06-17 16:07:30 -04:00
users_email_controller.rb FIX: enforces login for create in user emails controller (#37770) 2026-02-12 17:10:43 +01:00
webhooks_controller.rb DEV: Enable Style/RedundantParentheses rubocop rule (#40095) 2026-05-19 15:48:09 +02:00
wizard_controller.rb