e219588142
DEV: Prefabrication (test optimization) ( #7414 )
...
* Introduced fab!, a helper that creates database state for a group
It's almost identical to let_it_be, except:
1. It creates a new object for each test by default,
2. You can disable it using PREFABRICATION=0
2019-05-07 13:12:20 +10:00
4ea21fa2d0
DEV: use #frozen_string_literal: true on all spec
...
This change both speeds up specs (less strings to allocate) and helps catch
cases where methods in Discourse are mutating inputs.
Overall we will be migrating everything to use #frozen_string_literal: true
it will take a while, but this is the first and safest move in this direction
2019-04-30 10:27:42 +10:00
5c2e194d01
SECURITY: Users can pick non-avatar uploads.
...
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:38:25 +08:00
899caf35ba
Revert "SECURITY: User could non-avatar uploads."
...
This reverts commit 89581fa301f8a649a4b94ccf25c4dce6423bc0f8.
2018-12-18 13:37:31 +08:00
89581fa301
SECURITY: User could non-avatar uploads.
...
https://meta.discourse.org/t/bug-report-idor-on-avatar-pick-function-discussions-udacity-com/103564
2018-12-18 13:35:33 +08:00
5e09398c5b
FIX: Do not serialize user fields unless they are specified for display ( #6736 )
2018-12-07 10:57:28 +00:00
e8f32dd3ba
DEV: Fix extremely rare test failure
...
If this was the first test to run, the Fabricate(:user) would be given
the same ID as the Fabricate.build(:user, id: 1). This works around it.
2018-12-06 13:32:56 +00:00
a566ed42ae
FEATURE: Option to disable user presence and profile
...
This allows users who are privacy conscious to disable the presence
features of the forum as well as their public profile.
2018-10-10 17:34:33 -04:00
df45e82377
SECURITY: only allow picking of avatars created by self ( #6417 )
...
* SECURITY: only allow picking of avatars created by self
Also adds origin tracking to all uploads including de-duplicated uploads
2018-09-19 22:33:10 -07:00
