github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: unlisted *only* means not listed in topic lists

Browse Source 
Remove security by obscurity feature that tries for exact slug match

If you need to hide a topic from users either move to a secure category
or convert to a PM
This commit is contained in:
Sam
2017-08-22 17:53:45 -04:00
parent 224796a7d4
commit 8dfb1be4d1
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/controllers/topics_controller.rb
View File

@ -67,7 +67,7 @@ class TopicsController < ApplicationController
# up that particular number
if params[:id] && params[:id] =~ /^\d+[^\d\\]+$/
topic = Topic.find_by(slug: params[:id].downcase)
return redirect_to_correct_topic(topic, opts[:post_number]) if topic && topic.visible
return redirect_to_correct_topic(topic, opts[:post_number]) if topic
end
if opts[:print]
@ -84,7 +84,7 @@ class TopicsController < ApplicationController
rescue Discourse::NotFound
if params[:id]
topic = Topic.find_by(slug: params[:id].downcase)
return redirect_to_correct_topic(topic, opts[:post_number]) if topic && topic.visible
return redirect_to_correct_topic(topic, opts[:post_number]) if topic
end
raise Discourse::NotFound
end
@ -96,10 +96,6 @@ class TopicsController < ApplicationController
discourse_expires_in 1.minute
if !@topic_view.topic.visible && @topic_view.topic.slug != params[:slug] && !request.format.json?
raise Discourse::NotFound
end
if slugs_do_not_match || (!request.format.json? && params[:slug].nil?)
redirect_to_correct_topic(@topic_view.topic, opts[:post_number])
return