mirror of
https://github.com/discourse/discourse.git
synced 2025-01-19 07:32:46 +08:00
Add extra protection in Upload#get_from_url
.
In case the extension goes missing from the URL.
This commit is contained in:
parent
39a2d92417
commit
dffd4fa9e6
|
@ -177,7 +177,7 @@ class Upload < ActiveRecord::Base
|
|||
end
|
||||
|
||||
return if uri&.path.blank?
|
||||
data = uri.path.match(/(\/original\/\dX[\/\.\w]*\/([a-zA-Z0-9]+)[\.\w]+)/)
|
||||
data = uri.path.match(/(\/original\/\dX[\/\.\w]*\/([a-zA-Z0-9]+)[\.\w]*)/)
|
||||
return if data.blank?
|
||||
sha1 = data[2]
|
||||
upload = nil
|
||||
|
|
|
@ -82,9 +82,16 @@ describe Upload do
|
|||
expect(Upload.get_from_url(upload.url)).to eq(upload)
|
||||
end
|
||||
|
||||
describe 'for an extensionless url' do
|
||||
let(:url) { "/uploads/default/original/1X/#{sha1}" }
|
||||
|
||||
it 'should return the right upload' do
|
||||
expect(Upload.get_from_url(upload.url)).to eq(upload)
|
||||
end
|
||||
end
|
||||
|
||||
describe 'for a url without a tree' do
|
||||
let(:url) { "/uploads/default/original/1X/#{sha1}.png" }
|
||||
let(:upload) { Fabricate(:upload, url: url, sha1: sha1) }
|
||||
|
||||
it 'should return the right upload' do
|
||||
expect(Upload.get_from_url(upload.url)).to eq(upload)
|
||||
|
|
Loading…
Reference in New Issue
Block a user