github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-02 12:45:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Restrict unlisted topic creation (#19259)

Browse Source
This commit is contained in:
Selase Krakani
2022-12-01 10:26:35 +00:00
committed by GitHub
parent 9513e7be6d
commit 0ce38bd7bc
6 changed files with 128 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/topic_creator.rb
View File

@ -24,6 +24,8 @@ class TopicCreator
# this allows us to add errors
valid = topic.valid?
validate_visibility(topic)
category = find_category
if category.present? && guardian.can_tag?(topic)
tags = @opts[:tags].presence || []
@ -46,6 +48,8 @@ class TopicCreator
def create
topic = Topic.new(setup_topic_params)
validate_visibility!(topic)
setup_tags(topic)
if fields = @opts[:custom_fields]
@ -67,6 +71,18 @@ class TopicCreator
private
def validate_visibility(topic)
if !@opts[:skip_validations] && !topic.visible && !guardian.can_create_unlisted_topic?(topic)
topic.errors.add(:base, :unable_to_unlist)
end
end
def validate_visibility!(topic)
validate_visibility(topic)
rollback_from_errors!(topic) if topic.errors.full_messages.present?
end
def create_shared_draft(topic)
return if @opts[:shared_draft].blank? || @opts[:shared_draft] == 'false'
@ -302,5 +318,4 @@ class TopicCreator
user
end
end