github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: XSS issue on Admin users list

Browse Source
This commit is contained in:
Robin Ward
2016-08-05 12:01:16 -04:00
parent 429f27ec96
commit 3d62e5dd98
8 changed files with 75 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
test/javascripts/helpers/create-pretender.js.es6
View File

@ -149,9 +149,19 @@ export default function() {
if (data.password === 'correct') {
return response({username: 'eviltrout'});
}
if (data.password === 'not-activated') {
return response({ error: "not active",
reason: "not_activated",
sent_to_email: '<small>eviltrout@example.com</small>',
current_email: '<small>current@example.com</small>' });
}
return response(400, {error: 'invalid login'});
});
this.post('/users/action/send_activation_email', success);
this.get('/users/hp.json', function() {
return response({"value":"32faff1b1ef1ac3","challenge":"61a3de0ccf086fb9604b76e884d75801"});
});
@ -242,6 +252,13 @@ export default function() {
const siteText = {id: 'site.test', value: 'Test McTest'};
const overridden = {id: 'site.overridden', value: 'Overridden', overridden: true };
this.get('/admin/users/list/active.json', () => {
return response(200, [
{id: 1, username: 'eviltrout', email: '<small>eviltrout@example.com</small>'}
]);
});
this.get('/admin/customize/site_texts', request => {
if (request.queryParams.overridden) {