Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-19 03:05:45 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-data-explorer/app/serializers/discourse_data_explorer
History
Exact
Bannon Tanner 44bac11628
SECURITY: Group report details expose raw Data Explorer SQL to non-admin group members (#40919) 
## Summary

Prevent the exposure of raw Data Explorer SQL to non-admin group members
when viewing report details. The sql attribute is now correctly gated to
administrators within the query details serializer.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1290
- Affected file:
https://github.com/discourse/discourse/blob/main/plugins/discourse-data-explorer/app/serializers/discourse_data_explorer/query_details_serializer.rb

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-16 13:46:19 -05:00
..
query_details_serializer.rb SECURITY: Group report details expose raw Data Explorer SQL to non-admin group members (#40919) 2026-06-16 13:46:19 -05:00
query_group_bookmark_serializer.rb
query_group_serializer.rb
query_serializer.rb UX: Apply new admin plugin show route and UI to Data Explorer (#37910) 2026-02-23 11:38:16 +10:00
small_badge_serializer.rb
small_post_with_excerpt_serializer.rb