Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-19 05:59:26 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-rewind/app/services/discourse_rewind/action
History
Exact
Penar Musaraj c3177d729e
SECURITY: BestTopics report includes unlisted topics (#41000) 
## Summary

This is a minor security issue, DiscourseRewind::Action::BestTopics
filters deleted/private/read-restricted topics, but doesn't filter by
`visible=true`.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1174
- HackerOne report: https://hackerone.com/reports/3748532

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-17 17:27:13 -04:00
..
activity_calendar.rb
ai_usage.rb
assignments.rb
base_report.rb UX: Rewind feedback and fixes 1 (#36555) 2025-12-09 10:04:38 -03:00
best_posts.rb FIX: Hidden post excerpts can appear in public BestPosts rewinds (#40146) 2026-05-19 11:06:19 +10:00
best_topics.rb SECURITY: BestTopics report includes unlisted topics (#41000) 2026-06-17 17:27:13 -04:00
chat_usage.rb SECURITY: private category channels are not included (#36716) 2025-12-16 11:07:40 +01:00
favorite_gifs.rb
fbff.rb FIX: Exclude muted and ignored users from FBFF calculation (#36610) 2025-12-11 11:11:16 +10:00
invites.rb
most_viewed_categories.rb FIX: More Rewind visibility fixes (#36713) 2025-12-16 18:16:29 +10:00
most_viewed_tags.rb DEV: Move canonical tag routes to /tag/slug/id keeping /tag/name support (#37055) 2026-02-11 10:21:19 +08:00
new_user_interactions.rb
reactions.rb
reading_time.rb
time_of_day_activity.rb
top_words.rb UX: Handle frequent stemmer words in Rewind (#36584) 2025-12-10 15:20:30 +10:00
writing_analysis.rb FIX: Do not count deleted posts or topics in Rewind score calculation (#37434) 2026-02-02 17:00:49 +10:00