CodeCow/chatwoot
1
0
Fork 0
mirror of https://github.com/chatwoot/chatwoot.git synced 2026-06-13 21:01:16 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
ce5b7e310e
chatwoot/spec/controllers/api
History
Pranav 2adc040a8f
fix: Validate blob before attaching it to a record (#13115) 
Previously, attachments relied only on blob_id, which made it possible
to attach blobs across accounts by enumerating IDs. We now require both
blob_id and blob_key, add cross-account validation to prevent blob
reuse, and centralize the logic in a shared BlobOwnershipValidation
concern.

It also fixes a frontend bug where mixed-type action params (number +
string) were incorrectly dropped, causing attachment uploads to fail.
2025-12-19 19:02:21 -08:00
..
v1 fix: Validate blob before attaching it to a record (#13115) 2025-12-19 19:02:21 -08:00
v2 fix: Timezone offset reports broken by DST transition (#12747) 2025-10-28 19:26:04 +05:30
base_controller_spec.rb chore: Enforce custom role permissions on conversation access (#12583) 2025-10-22 20:23:37 -07:00