Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-11 17:58:17 +08:00
Code Packages Activity Actions
discourse/app/controllers
History
Exact
Penar Musaraj fd3d277d68
UX: Don't include powered_by string in site text overrides (#39660) 
The element's link is hardcoded, allowing overrides causes confusion.
Site admins can still remove this widget entirely or override with
themes/components.
2026-04-30 12:15:34 -04:00
..
admin UX: Don't include powered_by string in site text overrides (#39660) 2026-04-30 12:15:34 -04:00
users DEV: Fix invite-only OAuth signup bypass via non-invite origin routes (#38646) 2026-03-17 09:19:09 -05:00
about_controller.rb
application_controller.rb FEATURE: Add bfcache-compatible cache-control headers option (#38763) 2026-03-23 17:34:45 -03:00
associated_groups_controller.rb
badges_controller.rb FIX: Non-listable and disabled badges exposed via XHR JSON requests (#37869) 2026-02-17 16:17:01 +11:00
bookmarks_controller.rb
bootstrap_controller.rb DEV: Refactor plugin JS handling (#37763) 2026-02-19 12:24:04 +00:00
calendar_subscriptions_controller.rb FEATURE: Add calendar subscription URLs to user preferences (#38598) 2026-03-17 10:28:20 -03:00
categories_controller.rb UX: Add or remove category types with a dropdown (#39477) 2026-04-30 11:38:50 +10:00
clicks_controller.rb
composer_controller.rb SECURITY: Hidden group membership can be inferred via allowed_names and user_reasons 2026-03-19 15:21:28 +00:00
composer_messages_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
dev_mode_controller.rb
directory_columns_controller.rb
directory_items_controller.rb SECURITY: exclude_groups enables private group membership inference without authorization 2026-03-19 15:21:28 +00:00
do_not_disturb_controller.rb
drafts_controller.rb DEV: Expand top_tags, topic.tags, etc, to return an array of tag objects instead of tag names (#36678) 2026-02-02 10:03:02 +08:00
edit_directory_columns_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
email_controller.rb
embed_controller.rb DEV: Gate Reply-count endpoint for non-public embedded topics (#38498) 2026-03-11 07:39:00 -07:00
emojis_controller.rb FEATURE: Locale-specific emoji search aliases (#39089) 2026-04-06 14:08:46 -03:00
exceptions_controller.rb
export_csv_controller.rb SECURITY: Prevent moderators from exporting admin-only reports via CSV 2026-03-31 15:12:45 +01:00
extra_locales_controller.rb
finish_installation_controller.rb
form_templates_controller.rb DEV: Rename experimental_ upcoming change settings (#37589) 2026-02-10 10:34:37 +10:00
forums_controller.rb
groups_controller.rb FIX: Prevent moderator group owners from clearing email domains (#39651) 2026-04-30 15:16:28 +08:00
hashtags_controller.rb
highlight_js_controller.rb
home_page_controller.rb
inline_onebox_controller.rb
invites_controller.rb SECURITY: Gate staged user fields on email verification 2026-03-31 15:12:45 +01:00
list_controller.rb FIX: Respect query params like exclude_tag in RSS feed endpoints (#39130) 2026-04-08 18:14:01 +10:00
metadata_controller.rb DEV: Fix assigned but unused variable Prism warnings (#39436) 2026-04-22 12:42:14 +02:00
nested_topics_controller.rb FEATURE: activity log modal for small actions (#39380) 2026-04-30 10:17:14 -05:00
new_invite_controller.rb
new_topic_controller.rb
notifications_controller.rb
offline_controller.rb
onebox_controller.rb
pageview_controller.rb
permalinks_controller.rb SECURITY: prevent permalink redirects from leaking restricted slugs 2026-01-28 17:11:14 +00:00
post_action_users_controller.rb SECURITY: hide total_rows for restricted post action types 2026-03-19 15:21:28 +00:00
post_actions_controller.rb SECURITY: fix is_warning type coercion bypass in PostActionsController 2026-03-19 15:21:28 +00:00
post_localizations_controller.rb
post_readers_controller.rb SECURITY: Missing post-level authorization allows whisper metadata disclosure 2026-03-31 15:12:45 +01:00
posts_controller.rb FEATURE: Allow editing a post's reply target from the composer (#39471) 2026-04-29 12:23:26 -03:00
presence_controller.rb
published_pages_controller.rb FIX: ensures only staff can check slugs (#37846) 2026-02-16 18:23:46 +01:00
push_notification_controller.rb
qunit_controller.rb DEV: Refactor plugin JS handling (#37763) 2026-02-19 12:24:04 +00:00
reviewable_claimed_topics_controller.rb DEV: Convert ReviewableClaimedTopicsController#destroy response from 403 to 404 (#38339) 2026-03-06 15:39:51 -06:00
reviewable_notes_controller.rb SECURITY: scope reviewable notes to user-visible reviewables 2026-02-26 12:22:54 +00:00
reviewables_controller.rb SECURITY: XSS in review queue via highlightWatchedWords 2026-03-19 15:21:28 +00:00
robots_txt_controller.rb
safe_mode_controller.rb
search_controller.rb FIX: exclude 't' shortcut from min length bypass (#37440) 2026-02-05 06:58:19 +11:00
session_controller.rb FIX: Validate return_url on logout (#38621) 2026-04-30 11:21:41 +08:00
sidebar_sections_controller.rb FIX: raise 404 when sidebar section doesn't exist (#37675) 2026-02-10 15:47:49 +01:00
similar_topics_controller.rb FEATURE: First iteration of nested replies (#38888) 2026-04-16 08:06:44 -05:00
site_controller.rb
sitemap_controller.rb
slugs_controller.rb
static_controller.rb DEV: Move 4 upcoming changes to stable (#39066) 2026-04-07 10:05:49 +10:00
steps_controller.rb
stylesheets_controller.rb DEV: Public color_scheme requests can disclose non-user-selectable theme color definitions and raw SCSS (#38497) 2026-03-11 07:56:27 -07:00
svg_sprite_controller.rb
tag_groups_controller.rb FIX: Failed updates in tag group controller would be logged (#38333) 2026-03-06 17:11:12 -03:00
tag_localizations_controller.rb
tags_controller.rb UX: Show disabled tags with explanations in composer tag search (#39072) 2026-04-14 10:37:27 +02:00
test_requests_controller.rb
theme_javascripts_controller.rb
topic_localizations_controller.rb
topic_view_stats_controller.rb
topics_controller.rb UX: Consolidate bulk tag actions into a single "Manage tags" modal (#39340) 2026-04-30 09:25:17 +08:00
uploads_controller.rb DEV: Silence expected error/debug output in system specs (#39164) 2026-04-13 13:59:41 +02:00
user_actions_controller.rb SECURITY: Enforce Guardian checks in UserActionsController#show 2026-03-19 15:21:28 +00:00
user_api_key_clients_controller.rb FIX: Empty-scopes bypass allows untrusted client registration and downstream scope/redirect policy bypass (#37855) 2026-02-17 12:39:09 +11:00
user_api_keys_controller.rb SECURITY: Validate auth_redirect in UserApiKeysController#new to prevent open redirect phishing 2026-03-19 15:21:28 +00:00
user_avatars_controller.rb PERF: extract shared DiskCacheEviction utility for disk caches (#37842) 2026-02-16 12:24:38 +01:00
user_badges_controller.rb FIX: enforces logged in, in badges actions (#37666) 2026-02-10 12:00:56 +01:00
user_status_controller.rb
users_controller.rb FIX: allow my route for alphanumeric params (#39605) 2026-04-28 16:31:26 +04:00
users_email_controller.rb FIX: enforces login for create in user emails controller (#37770) 2026-02-12 17:10:43 +01:00
webhooks_controller.rb SECURITY: harden webooks endpoints 2026-02-26 12:22:54 +00:00
wizard_controller.rb