nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/spec
History
Jonne Haß 0a70e51f74 Add a token the filename for exported user data 
Also redirect to it for download, for Amazon S3
compatibility.

Prior to this patch an attacker could obtain an
users export by guessing the filename with a high
chance of success. Fully authenticating the
download request is a lot harder due to our diverse
deployment scenarios.

This brings the used method in line with the photo
export feature.

Thanks to @tomekr for the report.
2015-04-22 20:19:17 +02:00
..
controllers Add a token the filename for exported user data 2015-04-22 20:19:17 +02:00
fixtures Strip EXIF data as user preference 2015-01-18 10:28:28 -03:00
helpers Add year to notifications page 2015-02-16 18:02:50 +01:00
integration Port tags page to Bootstrap 2014-08-28 18:02:02 +02:00
javascripts add mumble protocol to linkify 2015-04-21 21:16:55 +02:00
lib Strip markdown from the heading of a post. Impact notifications, email subjects, SPV <title>, the Atom feed... 2015-03-04 19:30:00 +01:00
mailers Exports user photos as zip file 2015-03-03 19:45:57 -03:00
models bump rspec-rails 2015-03-25 02:33:56 +01:00
presenters Refactor User.total_users into a scope 2015-02-27 16:30:51 +01:00
shared_behaviors Strip Unicode format characters prior post processing 2015-02-17 23:29:05 +01:00
support bump rspec-rails 2015-03-25 02:33:56 +01:00
workers Rescue correct constant in Workers::ReceiveLocalBatch 2015-04-01 04:01:40 +02:00
factories.rb Ignore embedded photos if invalid 2014-09-06 04:52:18 +02:00
helper_methods.rb add specs for chromeframe 2012-09-30 17:04:50 +01:00
locale_spec.rb On reshare insert the reshare built from the response 2015-03-23 23:02:23 +01:00
misc_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
spec-doc.rb This fixes issue #2298. 2011-11-02 23:51:12 -04:00
spec_helper.rb bump rspec-rails 2015-03-25 02:33:56 +01:00