github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 04:01:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: moderator shouldn't be able to import a theme via API (#18418)

Browse Source 
* SECURITY: moderator shouldn't be able to import a theme via API.
* DEV: apply `AdminConstraint` for all the "themes" routes.

Co-authored-by: Vinoth Kannan <svkn.87@gmail.com>
This commit is contained in:
Jarek Radosz
2022-09-29 20:00:20 +02:00
committed by GitHub
parent ba139b8c23
commit ae1e536e83
3 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/admin/themes_controller.rb
View File

@ -5,6 +5,7 @@ require 'base64'
class Admin::ThemesController < Admin::AdminController
skip_before_action :check_xhr, only: [:show, :preview, :export]
before_action :ensure_admin
def preview
theme = Theme.find_by(id: params[:id])