FIX: do not store incoming links on avatars or uploads

This commit is contained in:
Sam 2014-07-25 15:10:06 +10:00
parent 95d13bf68a
commit 40af9ce612
4 changed files with 8 additions and 3 deletions

View File

@ -62,7 +62,7 @@ class StaticController < ApplicationController
)
end
skip_before_filter :verify_authenticity_token, only: [:cdn_asset]
skip_before_filter :store_incoming_links, :verify_authenticity_token, only: [:cdn_asset]
def cdn_asset
path = File.expand_path(Rails.root + "public/assets/" + params[:path])

View File

@ -1,6 +1,6 @@
class UploadsController < ApplicationController
before_filter :ensure_logged_in, except: [:show]
skip_before_filter :check_xhr, only: [:show]
skip_before_filter :store_incoming_links, :check_xhr, only: [:show]
def create
file = params[:file] || params[:files].first

View File

@ -3,7 +3,7 @@ require_dependency 'letter_avatar'
class UserAvatarsController < ApplicationController
DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")
skip_before_filter :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]
skip_before_filter :store_incoming_links, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]
def refresh_gravatar
user = User.find_by(username_lower: params[:username].downcase)

View File

@ -0,0 +1,5 @@
class RemoveInvalidIncomingLinks < ActiveRecord::Migration
def change
execute "DELETE FROM incoming_links WHERE url ILIKE '%avatar%.png'"
end
end