Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-18 23:39:11 +08:00
Code Packages Activity Actions
discourse/spec/integration
History
Exact
Mark VanLandingham 5e6d53d3bb
FIX: Gate MessageBus groups when closing topic (#40913) 
## Summary

Current main still publishes topic timer reload events on /topic/<id>
without any MessageBus audience restriction. A focused request spec
against the real /message-bus/poll endpoint showed an anonymous client,
who cannot see a restricted-category topic, can subscribe from the
pre-timer message id and receive the timer-generated {reload_topic:
true} event. The payload is small, but it confirms the reported
restricted-topic existence/channel activity leak. Nearby code
demonstrates other topic MessageBus publishes are expected to merge
Topic#secure_audience_publish_messages, which the timer jobs do not do.
Patch-triage searches for the report id, GHSA terms, MessageBus/topic
timer/secure_audience/CloseTopic/OpenTopic keywords, and related
restricted-topic live-notification leaks did not find an exact
duplicate; inspected similar patches were different root
causes/components.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1156


Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-15 15:27:07 -05:00
..
activerecord_preventing_writes_spec.rb DEV: Drop discourse-plugin and x-handlebars inline scripts (#38856) 2026-03-25 10:49:23 +00:00
api_keys_spec.rb
auto_reject_reviewable_users_spec.rb
blocked_hotlinked_media_spec.rb
category_tag_spec.rb FIX: Ensure consistent admin bypasses for tag restrictions in bulk actions (#37928) 2026-05-12 21:00:46 +02:00
content_security_policy_spec.rb DEV: Refactor worker and WASM loading for media-optimization-worker (#40793) 2026-06-12 09:18:32 +01:00
discord_omniauth_spec.rb DEV: add shortcut fab!(:variable, :fabricator) to specs (#33577) 2025-07-11 11:16:34 -03:00
discourse_cookie_store_spec.rb Revert "DEV: Debug cookie overflows" (#35120) 2025-10-02 09:55:47 +02:00
email_outbound_spec.rb
email_style_spec.rb DEV: Automatically detect and revert translation overrides in specs (#40003) 2026-05-13 22:09:23 +02:00
facebook_omniauth_spec.rb DEV: Update omniauth-facebook from 9.0.0 to 10.0.0 (#39657) 2026-04-30 16:59:25 +02:00
flags_spec.rb
github_omniauth_spec.rb FIX: Reject DiscourseConnect SSO payloads when secret is blank (#40830) 2026-06-12 15:17:16 +03:00
group_spec.rb
invalid_request_spec.rb FIX: Correctly rescue failed embed_mode parsing (#40298) 2026-05-26 15:29:48 +01:00
invite_only_registration_spec.rb DEV: Change hide_email_address_taken default to true (#30293) 2024-12-17 10:46:04 +08:00
message_bus_spec.rb DEV: Support 'cors origins' site setting for message-bus (#33066) 2025-06-04 14:22:15 +01:00
multisite_cookies_spec.rb
multisite_spec.rb
rate_limiting_spec.rb
remote_theme_color_schemes_spec.rb FEATURE: add modifier to restrict theme color schemes (#38796) 2026-03-26 09:03:11 -04:00
request_tracker_spec.rb
same_ip_spammers_spec.rb
secure_uploads_spec.rb DEV: Refactor test-specific setting overrides into rails_helper.rb (#35594) 2025-10-27 10:14:56 +00:00
sendmail_spec.rb FIX: Update sendmail config for Mail gem >=2.9.0 compatibility (#39688) 2026-05-01 15:57:17 -05:00
smtp_spec.rb FIX: do not use public IP address space for tests 2025-12-16 09:35:01 -05:00
spam_rules_spec.rb DEV: add shortcut fab!(:variable, :fabricator) to specs (#33577) 2025-07-11 11:16:34 -03:00
tag_counts_spec.rb DEV: add shortcut fab!(:variable, :fabricator) to specs (#33577) 2025-07-11 11:16:34 -03:00
topic_auto_close_spec.rb
topic_thumbnail_spec.rb
topic_timer_message_bus_spec.rb FIX: Gate MessageBus groups when closing topic (#40913) 2026-06-15 15:27:07 -05:00
twitter_omniauth_spec.rb FIX: Reject DiscourseConnect SSO payloads when secret is blank (#40830) 2026-06-12 15:17:16 +03:00
watched_words_spec.rb FIX: When testing multiple flagged words, ensure test matches expected word order. (#31758) 2025-03-12 09:45:44 +11:00