Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-01 20:33:14 +08:00
Code Packages Activity Actions
discourse/spec/fabricators/watched_word_group_fabricator.rb
Vinoth Kannan 7b53e610c1
SECURITY: limit the number of characters in watched word replacements. 
The watch words controller creation function, create_or_update_word(), doesn’t validate the size of the replacement parameter, unlike the word parameter, when creating a replace watched word. So anyone with moderator privileges can create watched words with almost unlimited characters.
2024-07-15 19:25:17 +08:00

6 lines
160 B
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
Fabricator(:watched_word_group) do
action WatchedWord.actions[:block]
watched_words { [Fabricate.build(:watched_word)] }
end
View git blame Copy permalink