github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 20:02:46 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
34,430 Commits 190 Branches 500 Tags 938 MiB
7c494cc631
Commit Graph

96 Commits

Author SHA1 Message Date
Penar Musaraj
03805e5a76
FIX: Ensure lightbox image download has correct content disposition in S3 (#7845) 2019-07-04 11:32:51 -04:00
Gerhard Schlager
fe870a1e54 DEV: Respond with error 400 to uploads requested via XHR 
follow-up to 13f38055
 2019-06-27 11:15:35 +02:00
Gerhard Schlager
13f38055ac SECURITY: XSS in routes 
Co-authored-by: Guo Xiang Tan <tgx_world@hotmail.com>
Co-authored-by: David Taylor <david@taylorhq.com>
 2019-06-26 16:34:15 +02:00
Penar Musaraj
f00275ded3 FEATURE: Support private attachments when using S3 storage (#7677) 
* Support private uploads in S3
* Use localStore for local avatars
* Add job to update private upload ACL on S3
* Test multisite paths
* update ACL for private uploads in migrate_to_s3 task
 2019-06-06 13:27:24 +10:00
Guo Xiang Tan
a3938f98f8 Revert changes to FileStore::S3Store#path_for in f0620e7118. 
There are some places in the code base that assumes the method should
return nil.
 2019-05-29 18:39:07 +08:00
Guo Xiang Tan
f0620e7118 FEATURE: Support [description|attachment](upload://<short-sha>) in MD take 2. 
Previous attempt was missing `post_uploads` records.
 2019-05-29 09:26:32 +08:00
Penar Musaraj
7c9fb95c15 Temporarily revert "FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603)" 
This reverts commit b1d3c678ca.

We need to make sure post_upload records are correctly stored.
 2019-05-28 16:37:01 -04:00
Guo Xiang Tan
b1d3c678ca FEATURE: Support [description|attachment](upload://<short-sha>) in MD. (#7603) 2019-05-28 11:18:21 -04:00
Sam Saffron
7429700389 FIX: ensure we can download maxmind without redis or db config 
This also corrects FileHelper.download so it supports "follow_redirect"
correctly (it used to always follow 1 redirect) and adds a `validate_url`
param that will bypass all uri validation if set to false (default is true)
 2019-05-28 10:28:57 +10:00
Vinoth Kannan
42b10a646d FIX: return 404 only if upload url also not internal. 2019-05-15 02:06:54 +05:30
Sam Saffron
30990006a9 DEV: enable frozen string literal on all files 
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.

Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
 2019-05-13 09:31:32 +08:00
Sam Saffron
1be01f8dd4 DEV: Add support for Rails 6 
Minor fixes to add Rails 6 support to Discourse, we now will boot
with RAILS_MASTER=1, all specs pass

Only one tiny deprecation left

Largest change was the way ActiveModel:Errors changed interface a
bit but there is a simple backwards compat way of working it
 2019-05-02 16:23:25 +10:00
Guo Xiang Tan
58b0e945bd
UX: Lightbox support for image uploader. (#7034) 2019-02-21 10:13:37 +08:00
Robin Ward
6f656f6e7d FIX: Better error handling if a file cannot be sent 
If for some reason `Discourse.store.path_for` returns `nil`, the
forum would throw an error rather than returning 404.

Why would it be `nil`? One cause could be changing the type of
file store and having the `url` field no longer be relative.
 2019-01-29 16:47:25 -05:00
Bianca Nenciu
1a4f592749 FIX: Always allow admins upload selectable avatars. 2018-12-05 21:55:23 +01:00
Guo Xiang Tan
44391ee8ab
FEATURE: Upload Site Settings. (#6573) 2018-11-14 15:03:02 +08:00
Guo Xiang Tan
e1b16e445e Rename FileHelper.is_image? -> FileHelper.is_supported_image?. 2018-09-12 09:22:28 +08:00
Guo Xiang Tan
2b57239389 FIX: Upload's content is the only source of truth for the file type. 2018-08-07 13:15:00 +08:00
Guo Xiang Tan
142571bba0 Remove use of rescue nil. 
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
 2018-04-02 13:52:51 +08:00
Sam
41986cdb2f Refactor requires login logic, reduce duplicate code 
This also corrects the positioning in the chain of the check
and removes misuse of prepend_before_action
 2018-02-01 15:17:59 +11:00
Sam
f2e7b74d88 FIX: don't return 200s when login is required to paths 
When running `ensure_login_required` it should always happen prior to
`check_xhr` cause check xhr will trigger a 200 response
 2018-02-01 12:26:45 +11:00
Régis Hanol
f5e170c6b5 FIX: catch all server-side error when uploading a file 
UX: always show a message to the user whenever an error happens on the server when uploading a file
 2017-12-27 16:33:25 +01:00
Sam
eb428ef54d FEATURE: uploads are processed a faster 
Also cleans up API to always return 422 on upload error. (previously returned 200)

Uploads are processed using new hijack pattern
 2017-11-27 12:43:35 +11:00
Sam
49f97d75b7 FIX: make uploads safe for block that can run later 2017-11-23 17:28:18 +11:00
Sam
a92f61e926 FIX: allow login required sites access to attachements 2017-11-22 10:50:55 +11:00
Guo Xiang Tan
77d4c4d8dc Fix all the errors to get our tests green on Rails 5.1. 2017-09-25 13:48:58 +08:00
Sam
d7a2584c6e FEATURE: image uploads now have short urls 
Shorten all image uploads to use short urls, this is the client
side implementation.
 2017-08-22 16:40:08 -04:00
Régis Hanol
a9c0df0b58 FIX: always try to convert PNG to JPG when pasting an image 2017-06-23 12:13:48 +02:00
Régis Hanol
5d63a7f4a6 FIX: pull hotlinked images even when they have no extension 2017-06-13 13:27:05 +02:00
Régis Hanol
54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Robin Ward
cdbe027c1c Refactor FileHelper to use keyword arguments. 2017-05-24 13:54:26 -04:00
Arpit Jalan
1fd8e426f2 FIX: better uploads error page 2017-05-18 23:29:37 +05:30
Régis Hanol
13e489b4ca replace the upload type whitelist with a sanitizer 2017-05-18 12:13:13 +02:00
Régis Hanol
9641d2413d REFACTOR: upload workflow creation into UploadCreator 
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
 2017-05-11 00:16:57 +02:00
Guo Xiang Tan
e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Régis Hanol
3ce3abef8f FIX: add Content-Disposition and Content-Type headers when downloading attachments 2017-02-20 15:59:01 +01:00
Guo Xiang Tan
18007ed34b FIX: Can't use an internal name here if SiteSetting.convert_pasted_images_to_hq_jpg is false. 2017-02-01 14:51:56 +08:00
Guo Xiang Tan
f6d9745c5f Bye bye byebug. 2017-02-01 14:50:14 +08:00
Guo Xiang Tan
6c8c91dca4 UX: Change default filename for images that have been pasted. 2017-02-01 14:44:41 +08:00
Sam
15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Robin Ward
af83c8dc14 Upload Logos Step 2016-09-22 09:52:19 -04:00
Régis Hanol
6dac9075dc new 'convert_pasted_images_quality' site setting 2016-07-27 19:59:44 +02:00
Régis Hanol
be099bb637 only convert pasted images to HQ jpg when it's at least 5% smaller 2016-07-27 19:55:13 +02:00
Régis Hanol
749b981759 FEATURE: new 'convert_pasted_images_to_hq_jpg' site setting 2016-07-25 23:01:28 +02:00
Régis Hanol
7fca6f502f fix and improve image downsizing algorithm 2016-06-20 12:35:07 +02:00
Régis Hanol
a5d8dfb07e FIX: don't hardcode maximum file size 2016-04-06 22:51:28 +02:00
Régis Hanol
4d981cec53 FIX: don't try to optimize large PNGs (takes too much time) 2016-02-22 12:57:24 +01:00
Jeff Atwood
e1f90d12f1 formally remove IE9 support 2016-01-02 23:49:52 -08:00
Régis Hanol
09bfe49254 FIX: don't automagically downsize uploaded images that are larger than 10MB 
FIX: don't optimize GIFs since ImageOption was disabled for GIFs (too slow)
 2015-11-26 18:16:47 +01:00
Régis Hanol
16f509afb9 FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side 2015-11-12 10:26:45 +01:00