mirror of
https://github.com/discourse/discourse.git
synced 2024-11-26 17:53:44 +08:00
FIX: do not store incoming links on avatars or uploads
This commit is contained in:
parent
95d13bf68a
commit
40af9ce612
|
@ -62,7 +62,7 @@ class StaticController < ApplicationController
|
|||
)
|
||||
end
|
||||
|
||||
skip_before_filter :verify_authenticity_token, only: [:cdn_asset]
|
||||
skip_before_filter :store_incoming_links, :verify_authenticity_token, only: [:cdn_asset]
|
||||
def cdn_asset
|
||||
path = File.expand_path(Rails.root + "public/assets/" + params[:path])
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
class UploadsController < ApplicationController
|
||||
before_filter :ensure_logged_in, except: [:show]
|
||||
skip_before_filter :check_xhr, only: [:show]
|
||||
skip_before_filter :store_incoming_links, :check_xhr, only: [:show]
|
||||
|
||||
def create
|
||||
file = params[:file] || params[:files].first
|
||||
|
|
|
@ -3,7 +3,7 @@ require_dependency 'letter_avatar'
|
|||
class UserAvatarsController < ApplicationController
|
||||
DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")
|
||||
|
||||
skip_before_filter :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]
|
||||
skip_before_filter :store_incoming_links, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]
|
||||
|
||||
def refresh_gravatar
|
||||
user = User.find_by(username_lower: params[:username].downcase)
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
class RemoveInvalidIncomingLinks < ActiveRecord::Migration
|
||||
def change
|
||||
execute "DELETE FROM incoming_links WHERE url ILIKE '%avatar%.png'"
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue
Block a user