nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/spec/controllers
History
Jonne Haß 0a70e51f74 Add a token the filename for exported user data 
Also redirect to it for download, for Amazon S3
compatibility.

Prior to this patch an attacker could obtain an
users export by guessing the filename with a high
chance of success. Fully authenticating the
download request is a lot harder due to our diverse
deployment scenarios.

This brings the used method in line with the photo
export feature.

Thanks to @tomekr for the report.
2015-04-22 20:19:17 +02:00
..
admin Lock account #5564 2015-02-19 05:45:04 +05:30
jasmine_fixtures Drop Youtube oembed HTTPS hack 2015-03-02 02:34:51 +01:00
admins_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
application_controller_spec.rb Allow nil HTTP user agent 2014-10-09 23:08:33 +13:00
aspect_memberships_controller_spec.rb Port contacts page to backbonejs 2015-01-04 17:13:18 +01:00
aspects_controller_spec.rb Don't use a too large invalid id 2015-02-27 16:58:39 +01:00
blocks_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
comments_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
contacts_controller_spec.rb Merge pull request #5170 from khall/issue_5149a 2014-08-27 18:20:56 +02:00
conversation_visibilities_controller_spec.rb Changes delete conversation button tooltip to 'hide' or 'delete' 2014-12-19 18:26:43 -03:00
conversations_controller_spec.rb Conversations: fix badge count and automatic scrolling 2015-02-10 19:11:20 +01:00
home_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
invitations_controller_spec.rb Reset dynamic configuration after each example in the testsuite 2014-10-04 00:59:03 +02:00
likes_controller_spec.rb Fix a spec for LikesController 2015-02-27 16:36:45 +01:00
messages_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
notifications_controller_spec.rb Fix mobile notifications 2015-03-12 22:45:04 +01:00
participations_controller_spec.rb Fix participations controller spec 2015-02-27 16:27:55 +01:00
passwords_controller_spec.rb Remove layout 'centered_with_header_with_footer' 2015-03-18 21:59:56 +01:00
people_controller_spec.rb Fix photo count in the profile view 2015-03-10 11:38:49 +01:00
photos_controller_spec.rb Fix photo count in the profile view 2015-03-10 11:38:49 +01:00
posts_controller_spec.rb Convert close mentioned account cuke 2014-10-10 03:49:56 +02:00
profiles_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
publics_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
registrations_controller_spec.rb Reset dynamic configuration after each example in the testsuite 2014-10-04 00:59:03 +02:00
report_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
reshares_controller_spec.rb Reshare the absolute root of a post 2014-10-10 03:12:07 +02:00
search_controller_spec.rb Strip search query of leading & trailing whitespace 2014-10-09 23:34:11 +13:00
services_controller_spec.rb Add failing test 2014-12-24 11:49:35 +01:00
sessions_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
share_visibilities_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
statistics_controller_spec.rb Remove layout 'centered_with_header_with_footer' 2015-03-18 21:59:56 +01:00
status_messages_controller_spec.rb Remove unused files, fix syntax in jasmine tests 2015-02-07 21:17:51 +01:00
streams_controller_spec.rb Two tests failing after rspec 2.99 => 3.0.0 2014-08-26 17:10:26 -07:00
tags_controller_spec.rb Convert tag cukes to rspec tests 2014-10-10 03:49:41 +02:00
users_controller_spec.rb Add a token the filename for exported user data 2015-04-22 20:19:17 +02:00