Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-04-29 02:42:45 +08:00
Code Packages Activity Actions
discourse/app/controllers
History
Exact
David Battersby 26caa831de
FIX: allow my route for alphanumeric params (#39605) 
Allows the special `/my/` route to work with alphanumeric params for
things like tags or group names.

Internal ref - /t/182633
2026-04-28 16:31:26 +04:00
..
admin FEATURE: Add problem checks page to admin panel and allow ignoring problem checks (#39103) 2026-04-23 08:28:33 +08:00
users DEV: Fix invite-only OAuth signup bypass via non-invite origin routes (#38646) 2026-03-17 09:19:09 -05:00
about_controller.rb DEV: Revert guardian changes (#24742) 2023-12-06 16:37:32 +10:00
application_controller.rb FEATURE: Add bfcache-compatible cache-control headers option (#38763) 2026-03-23 17:34:45 -03:00
associated_groups_controller.rb
badges_controller.rb FIX: Non-listable and disabled badges exposed via XHR JSON requests (#37869) 2026-02-17 16:17:01 +11:00
bookmarks_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
bootstrap_controller.rb DEV: Refactor plugin JS handling (#37763) 2026-02-19 12:24:04 +00:00
calendar_subscriptions_controller.rb FEATURE: Add calendar subscription URLs to user preferences (#38598) 2026-03-17 10:28:20 -03:00
categories_controller.rb FEATURE: First iteration of nested replies (#38888) 2026-04-16 08:06:44 -05:00
clicks_controller.rb
composer_controller.rb SECURITY: Hidden group membership can be inferred via allowed_names and user_reasons 2026-03-19 15:21:28 +00:00
composer_messages_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
dev_mode_controller.rb DEV: Add /dev-mode endpoint for MiniProfiler auth cookie (#37027) 2026-01-12 10:01:20 +08:00
directory_columns_controller.rb
directory_items_controller.rb SECURITY: exclude_groups enables private group membership inference without authorization 2026-03-19 15:21:28 +00:00
do_not_disturb_controller.rb
drafts_controller.rb DEV: Expand top_tags, topic.tags, etc, to return an array of tag objects instead of tag names (#36678) 2026-02-02 10:03:02 +08:00
edit_directory_columns_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
email_controller.rb FEATURE: implement RFC 8058 for email unsubscribe (#33392) 2025-07-01 11:01:13 +10:00
embed_controller.rb DEV: Gate Reply-count endpoint for non-public embedded topics (#38498) 2026-03-11 07:39:00 -07:00
emojis_controller.rb FEATURE: Locale-specific emoji search aliases (#39089) 2026-04-06 14:08:46 -03:00
exceptions_controller.rb
export_csv_controller.rb SECURITY: Prevent moderators from exporting admin-only reports via CSV 2026-03-31 15:12:45 +01:00
extra_locales_controller.rb DEV: Refactor locale bundle loading (#37114) 2026-01-16 11:45:14 +00:00
finish_installation_controller.rb FIX: Redirect to wizard when setting up new instance using Discourse ID (#36993) 2026-01-07 10:19:17 -05:00
form_templates_controller.rb DEV: Rename experimental_ upcoming change settings (#37589) 2026-02-10 10:34:37 +10:00
forums_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
groups_controller.rb PERF: Add Users to Group Improvements Pt. 2 (#38901) 2026-04-06 09:31:50 -05:00
hashtags_controller.rb FEATURE: Async load of category and chat hashtags (#25526) 2024-02-12 12:07:14 +02:00
highlight_js_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
home_page_controller.rb DEV: Show login-required splash in root route (take 2) (#32629) 2025-05-14 11:25:43 -04:00
inline_onebox_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
invites_controller.rb SECURITY: Gate staged user fields on email verification 2026-03-31 15:12:45 +01:00
list_controller.rb FIX: Respect query params like exclude_tag in RSS feed endpoints (#39130) 2026-04-08 18:14:01 +10:00
metadata_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
nested_topics_controller.rb FEATURE: First iteration of nested replies (#38888) 2026-04-16 08:06:44 -05:00
new_invite_controller.rb FEATURE: Add invite link to the sidebar (#29448) 2024-10-30 05:31:14 +03:00
new_topic_controller.rb
notifications_controller.rb FIX: Hide badge notifications for disabled badges or when badges are disabled (#36987) 2026-01-07 15:28:43 +08:00
offline_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
onebox_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
pageview_controller.rb FEATURE: User fields required for existing users - Part 2 (#27172) 2024-06-25 19:32:18 +08:00
permalinks_controller.rb SECURITY: prevent permalink redirects from leaking restricted slugs 2026-01-28 17:11:14 +00:00
post_action_users_controller.rb SECURITY: hide total_rows for restricted post action types 2026-03-19 15:21:28 +00:00
post_actions_controller.rb SECURITY: fix is_warning type coercion bypass in PostActionsController 2026-03-19 15:21:28 +00:00
post_localizations_controller.rb FIX: Also check if user can see post or topic prior to letting them localize it (#36749) 2025-12-18 02:12:58 +08:00
post_readers_controller.rb SECURITY: Missing post-level authorization allows whisper metadata disclosure 2026-03-31 15:12:45 +01:00
posts_controller.rb FEATURE: Make can_permanently_delete visible with strong safeguards (#39179) 2026-04-16 09:01:35 +02:00
presence_controller.rb FIX: improve "read only" modes (#33521) 2025-07-10 09:08:00 +02:00
published_pages_controller.rb FIX: ensures only staff can check slugs (#37846) 2026-02-16 18:23:46 +01:00
push_notification_controller.rb
qunit_controller.rb DEV: Refactor plugin JS handling (#37763) 2026-02-19 12:24:04 +00:00
reviewable_claimed_topics_controller.rb DEV: Convert ReviewableClaimedTopicsController#destroy response from 403 to 404 (#38339) 2026-03-06 15:39:51 -06:00
reviewable_notes_controller.rb SECURITY: scope reviewable notes to user-visible reviewables 2026-02-26 12:22:54 +00:00
reviewables_controller.rb SECURITY: XSS in review queue via highlightWatchedWords 2026-03-19 15:21:28 +00:00
robots_txt_controller.rb DEV: Update link to comment in robots.txt as 'allow' is allowed (#33227) 2025-06-18 13:30:26 +08:00
safe_mode_controller.rb FIX: Set X-Robots-Tag header to prevent indexing of /safe-mode (#32329) 2025-04-16 16:51:32 +10:00
search_controller.rb FIX: exclude 't' shortcut from min length bypass (#37440) 2026-02-05 06:58:19 +11:00
session_controller.rb FIX: clear push subscriptions on DiscourseConnect single-logout (#39353) 2026-04-17 16:16:39 -03:00
sidebar_sections_controller.rb FIX: raise 404 when sidebar section doesn't exist (#37675) 2026-02-10 15:47:49 +01:00
similar_topics_controller.rb FEATURE: First iteration of nested replies (#38888) 2026-04-16 08:06:44 -05:00
site_controller.rb SECURITY: Preload data only when rendering application layout 2025-02-04 13:32:30 -03:00
sitemap_controller.rb
slugs_controller.rb
static_controller.rb DEV: Move 4 upcoming changes to stable (#39066) 2026-04-07 10:05:49 +10:00
steps_controller.rb UX: One step wizard (#36082) 2025-11-25 13:35:32 -05:00
stylesheets_controller.rb DEV: Public color_scheme requests can disclose non-user-selectable theme color definitions and raw SCSS (#38497) 2026-03-11 07:56:27 -07:00
svg_sprite_controller.rb DEV: Update rubocop-discourse to 3.13 and autofix issues (#35073) 2025-10-06 16:11:01 +02:00
tag_groups_controller.rb FIX: Failed updates in tag group controller would be logged (#38333) 2026-03-06 17:11:12 -03:00
tag_localizations_controller.rb FEATURE: Introduce tag localizations with API, without UI yet (#36754) 2025-12-18 18:25:58 +08:00
tags_controller.rb UX: Show disabled tags with explanations in composer tag search (#39072) 2026-04-14 10:37:27 +02:00
test_requests_controller.rb DEV: Add a user agent to all HTTP requests that Discourse makes. (#31555) 2025-03-03 16:32:25 +11:00
theme_javascripts_controller.rb DEV: Manually fix Rails/UnusedRenderContent offenses (#34418) 2025-08-22 11:42:12 +02:00
topic_localizations_controller.rb UX: Use inline title editor instead of composer when editing translation (#36847) 2025-12-24 00:56:36 +08:00
topic_view_stats_controller.rb FEATURE: topic_view_stats table with daily fidelity (#27197) 2024-05-27 15:25:32 +10:00
topics_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
uploads_controller.rb DEV: Silence expected error/debug output in system specs (#39164) 2026-04-13 13:59:41 +02:00
user_actions_controller.rb SECURITY: Enforce Guardian checks in UserActionsController#show 2026-03-19 15:21:28 +00:00
user_api_key_clients_controller.rb FIX: Empty-scopes bypass allows untrusted client registration and downstream scope/redirect policy bypass (#37855) 2026-02-17 12:39:09 +11:00
user_api_keys_controller.rb SECURITY: Validate auth_redirect in UserApiKeysController#new to prevent open redirect phishing 2026-03-19 15:21:28 +00:00
user_avatars_controller.rb PERF: extract shared DiskCacheEviction utility for disk caches (#37842) 2026-02-16 12:24:38 +01:00
user_badges_controller.rb FIX: enforces logged in, in badges actions (#37666) 2026-02-10 12:00:56 +01:00
user_status_controller.rb
users_controller.rb FIX: allow my route for alphanumeric params (#39605) 2026-04-28 16:31:26 +04:00
users_email_controller.rb FIX: enforces login for create in user emails controller (#37770) 2026-02-12 17:10:43 +01:00
webhooks_controller.rb SECURITY: harden webooks endpoints 2026-02-26 12:22:54 +00:00
wizard_controller.rb