Imre Farkas
|
038d530565
|
Remove ability to revoke active session
Session ID is used as a parameter for the revoke session endpoint but it
should never be included in the HTML as an attacker could obtain it via
XSS.
|
2019-02-27 11:45:27 +01:00 |
|
Imre Farkas
|
44c4aad983
|
Filter active sessions belonging to an admin impersonating the user
|
2019-02-27 11:44:58 +01:00 |
|
gfyoung
|
be42c05054
|
Enable more frozen string in app/controllers/
Enables frozen string for the following:
* app/controllers/dashboard/**/*.rb
* app/controllers/explore/**/*.rb
* app/controllers/google_api/**/*.rb
* app/controllers/groups/**/*.rb
* app/controllers/import/**/*.rb
* app/controllers/instance_statistics/**/*.rb
* app/controllers/ldap/**/*.rb
* app/controllers/oauth/**/*.rb
* app/controllers/profiles/**/*.rb
Partially addresses #47424.
|
2018-09-23 12:48:02 -07:00 |
|
Lin Jen-Shin
|
4ee08b77bc
|
Updates from rubocop -a
|
2018-07-09 21:13:08 +08:00 |
|
Alexis Reigel ( 🌴 may 2nd - may 9th 🌴 )
|
9b33e3d36f
|
Display and revoke active sessions
|
2018-05-02 08:08:16 +00:00 |
|