zulip/zerver/actions
Anders Kaseorg 20f9293f1f CVE-2022-31017: Fix edit event exposure in protected-history streams.
When editing an old message in a private stream with protected
history, the server would incorrectly send an API event including the
edited message to all of the stream’s current subscribers, including
those who should not have access to the old message. This API event is
ignored by official clients, so it could only be observed by a user
using a modified client or their browser’s developer tools.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-21 13:41:23 -07:00
..
__init__.py
alert_words.py actions: Split out zerver.actions.alert_words. 2022-04-14 17:14:31 -07:00
bots.py typing: Add none-checks for miscellaneous cases. 2022-05-31 09:43:55 -07:00
create_realm.py python: Excise None from pointlessly nullable booleans. 2022-04-27 12:40:14 -07:00
create_user.py users: Always pass delivery_email in user's own object. 2022-05-04 12:52:43 -07:00
custom_profile_fields.py actions: Split out zerver.actions.custom_profile_fields. 2022-04-14 17:14:33 -07:00
default_streams.py types: Better types for API fields. 2022-05-27 14:43:00 -07:00
hotspots.py actions: Split out zerver.actions.hotspots. 2022-04-14 17:14:31 -07:00
invites.py invites: Use expiration time in minutes instead of days. 2022-04-20 13:31:37 -07:00
message_edit.py CVE-2022-31017: Fix edit event exposure in protected-history streams. 2022-06-21 13:41:23 -07:00
message_flags.py message_flags: Short-circuit if no messages changed. 2022-05-12 21:57:55 -07:00
message_send.py message_send: Remove unnecessary user_ids argument. 2022-05-04 14:45:18 -07:00
muted_users.py actions: Split out zerver.actions.muted_users. 2022-04-14 17:14:36 -07:00
presence.py actions: Split out zerver.actions.presence. 2022-04-14 17:14:32 -07:00
reactions.py actions: Split out zerver.actions.reactions. 2022-04-14 17:14:35 -07:00
realm_domains.py actions: Split out zerver.actions.realm_domains. 2022-04-14 17:14:37 -07:00
realm_emoji.py actions: Split out zerver.actions.realm_emoji. 2022-04-14 17:14:31 -07:00
realm_export.py actions: Split out zerver.actions.realm_export. 2022-04-14 17:14:31 -07:00
realm_icon.py actions: Split out zerver.actions.realm_icon. 2022-04-14 17:14:31 -07:00
realm_linkifiers.py typing: Apply trivial fixes to adjust edge cases in typing. 2022-05-30 12:03:51 -07:00
realm_logo.py actions: Split out zerver.actions.realm_logo. 2022-04-14 17:14:31 -07:00
realm_playgrounds.py actions: Split out zerver.actions.realm_playgrounds. 2022-04-14 17:14:30 -07:00
realm_settings.py backend: Add org_type to realm settings updates and events. 2022-04-26 16:29:12 -07:00
streams.py typing: Apply trivial fixes to adjust edge cases in typing. 2022-05-30 12:03:51 -07:00
submessage.py actions: Split out zerver.actions.submessage. 2022-04-14 17:14:30 -07:00
typing.py actions: Split out zerver.actions.typing. 2022-04-14 17:14:30 -07:00
uploads.py do_delete_old_unclaimed_attachments: Consider ArchivedAttachment rows. 2022-06-02 17:32:23 -07:00
user_activity.py actions: Split out zerver.actions.user_activity. 2022-04-14 17:14:32 -07:00
user_groups.py user_groups: Rename subgroups parameter to direct_subgroup_ids. 2022-05-17 14:51:55 -07:00
user_settings.py actions: Split out zerver.actions.user_settings. 2022-04-14 17:14:34 -07:00
user_topics.py actions: Split out zerver.actions.user_topics. 2022-04-14 17:14:32 -07:00
users.py do_delete_user: Clean up acting_user logic. 2022-04-15 15:55:21 -07:00
video_calls.py actions: Split out zerver.actions.video_calls. 2022-04-14 17:14:30 -07:00