github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-03-23 00:45:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: make uploads safe for block that can run later

Browse Source
This commit is contained in:
Sam 2017-11-23 17:28:18 +11:00
parent 2b8d4508e5
commit 49f97d75b7
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/controllers/uploads_controller.rb
View File

@ -6,6 +6,9 @@ class UploadsController < ApplicationController
skip_before_action :preload_json, :check_xhr, :redirect_to_login_if_required, only: [:show]
def create
# capture current user for block later on
me = current_user
# 50 characters ought to be enough for the upload type
type = params.require(:type).parameterize(separator: "_")[0..50]
@ -19,12 +22,12 @@ class UploadsController < ApplicationController
for_private_message = params[:for_private_message] == "true"
if params[:synchronous] && (current_user.staff? || is_api?)
data = create_upload(file, url, type, for_private_message, pasted)
data = create_upload(current_user, file, url, type, for_private_message, pasted)
render json: serialize_upload(data)
else
Scheduler::Defer.later("Create Upload") do
begin
data = create_upload(file, url, type, for_private_message, pasted)
data = create_upload(me, file, url, type, for_private_message, pasted)
ensure
MessageBus.publish("/uploads/#{type}", serialize_upload(data), client_ids: [params[:client_id]])
end
@ -80,7 +83,7 @@ class UploadsController < ApplicationController
raise Discourse::NotFound
end
def create_upload(file, url, type, for_private_message, pasted)
def create_upload(current_user, file, url, type, for_private_message, pasted)
if file.nil?
if url.present? && is_api?
maximum_upload_size = [SiteSetting.max_image_size_kb, SiteSetting.max_attachment_size_kb].max.kilobytes