Merge pull request #261 from paviliondev/fix_submissions_data_export_content

SECURITY: remove sensitive user content from submissions export

app/controllers/custom_wizard/admin/submissions.rb

@@ -22,7 +22,12 @@ class CustomWizard::AdminSubmissionsController < CustomWizard::AdminController
   end
 
   def download
-    send_data submission_list.submissions.to_json,
+    content = ActiveModel::ArraySerializer.new(
+      submission_list.submissions,
+      each_serializer: CustomWizard::SubmissionSerializer
+    )
+
+    send_data content.to_json,
       filename: "#{Discourse.current_hostname}-wizard-submissions-#{@wizard.name}.json",
       content_type: "application/json",
       disposition: "attachment"

plugin.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 # name: discourse-custom-wizard
 # about: Forms for Discourse. Better onboarding, structured posting, data enrichment, automated actions and much more.
-# version: 2.4.17
+# version: 2.4.18
 # authors: Angus McLeod, Faizaan Gagan, Robert Barrow, Keegan George, Kaitlin Maddever, Juan Marcos Gutierrez Ramos
 # url: https://github.com/paviliondev/discourse-custom-wizard
 # contact_emails: development@pavilion.tech