ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/app/helpers
History
Brian Palmer 0fa7d2d773 pull user information from server in conversation user_id links 
This normalizes the way that we generate recipient tokens, and prevents
spoofing of the user information by injecting false data in the url.

fixes #6481

test plan:
  * Click a link to message a user, they should still show up in the
    conversation recipient list as before.
  * Try to spoof the user_id in the url, or add a false user_name
    parameter, you should only see a recipient if the user_id is
    messageable, and the user_name is now ignored.
  * Add a user to a conversation with somebody they normally couldn't
    message. Then as that user, click the "new message" link on the
    person they couldn't message, they should be able to message that
    user.

Change-Id: I5af5787c4ae737cd6eeb8d14793370c97bda5b27
Reviewed-on: https://gerrit.instructure.com/7366
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
 		2011-12-08 12:47:13 -07:00
..
account_authorization_configs_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
account_notifications_helper.rb account-level notifications 2011-02-16 21:34:05 -07:00
accounts_helper.rb break SIS error/count reports into partials, fixes #3889 2011-02-23 14:54:27 -07:00
announcements_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
application_helper.rb pull user information from server in conversation user_id links 2011-12-08 12:47:13 -07:00
assessment_questions_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
assignment_groups_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
assignments_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
calendars_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
collaborations_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
communication_channels_helper.rb pre-fill the correct unique_id when confirming cc's refs #5833 2011-11-09 14:58:29 -07:00
conferences_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
content_imports_helper.rb add assessment importing to common cartridge importer 2011-09-23 13:28:03 -06:00
context_modules_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
conversations_helper.rb conversation loading speedup 2011-10-04 09:54:23 -06:00
courses_helper.rb conditional tooltips for grading progress. fixes #5791 2011-10-19 10:30:38 -06:00
discussion_entries_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
discussion_topics_helper.rb don't show discussion responses in stream when not allowed 2011-11-04 12:27:27 -06:00
eportfolio_categories_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
eportfolio_entries_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
eportfolios_helper.rb various i18n fixes/deduplication 2011-07-06 17:29:33 -06:00
errors_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
external_content_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
external_tools_helper.rb basic lti support 2011-03-23 16:58:11 -06:00
facebook_helper.rb update facebook integration to oauth 2 2011-05-10 16:18:23 -06:00
folders_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
getting_started_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
gradebook_uploads_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
gradebooks_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
grading_standards_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
groups_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
info_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
outcome_groups_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
outcomes_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
page_comments_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
page_views_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
processors_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
pseudonym_sessions_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
question_banks_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
quiz_groups_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
quiz_questions_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
quiz_submissions_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
quizzes_helper.rb simplifying and correcting the stats library 2011-11-29 13:22:59 -07:00
role_overrides_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
rubric_assessments_controller_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
rubric_associations_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
rubrics_controller_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
search_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
sections_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
session_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
short_messages_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
sub_accounts_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
submissions_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
tags_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
terms_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
tokens_helper.rb oauth 2 requests via access tokens 2011-06-02 09:15:11 -06:00
topics_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
upload_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
user_notes_helper.rb i18n user_notes 2011-06-22 09:42:41 -06:00
users_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
wiki_page_comments_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
wiki_page_revisions_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
wiki_pages_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00
zip_file_imports_helper.rb Initial commit. 2011-01-31 18:57:29 -07:00