Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-01 04:07:14 +08:00
Code Packages Activity Actions
discourse/spec/fixtures/csv
History
Exact
Natalie Tay 47728575f8
FIX: Allowlist CSV columns in bulk invite upload (#38231) 
The `upload_csv` endpoint accepted user-controlled CSV headers without
validation, allowing arbitrary keys into the invite hashes passed to the
BulkInvite job.

Restrict accepted columns to the ones already handled in BulkInvite (
basically, `email`, `groups`, `topic_id`, `locale`) plus valid UserField
names.
2026-03-09 16:06:09 +08:00
..
discourse.csv
discourse_headers.csv
invite_malicious_headers.csv FIX: Allowlist CSV columns in bulk invite upload (#38231) 2026-03-09 16:06:09 +08:00
invite_valid_and_invalid_headers.csv FIX: Allowlist CSV columns in bulk invite upload (#38231) 2026-03-09 16:06:09 +08:00
invites_with_locales.csv
s3_inventory.csv FIX: S3Inventory#backfill_etags_and_list_missing need to unescape key (#30787) 2025-01-15 14:52:49 +08:00
tags.csv
tags_invalid.csv
user_emails.csv
usernames.csv
usernames_with_nil_values.csv
words.csv
words_case_sensitive.csv
words_tag.csv