Commit Graph

147 Commits

Author SHA1 Message Date
Sam
69bc8f526a SECURITY: only allow picking of avatars created by self (#6417)
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
2018-12-18 13:57:49 +08:00
Guo Xiang Tan
dffd4fa9e6 Add extra protection in Upload#get_from_url.
In case the extension goes missing from the URL.
2018-09-14 10:49:34 +08:00
Guo Xiang Tan
f31758cc70 FIX: Uploads not being linked correctly to posts.
Regression due to 1f636c445b.
2018-09-11 23:54:07 -07:00
Guo Xiang Tan
04d26c65e2 Refactor Upload.get_from_url to check length of sha1. 2018-09-10 10:10:39 +08:00
Guo Xiang Tan
1f636c445b PERF: Add fast path to find uploads before resorting to LIKE query.
For a normal upload url

Before

```
Warming up --------------------------------------
                       264.000  i/100ms
Calculating -------------------------------------
                          2.754k (± 8.4%) i/s -     13.728k in   5.022066s
```

After

```
Warming up --------------------------------------
                       341.000  i/100ms
Calculating -------------------------------------
                          3.435k (±11.6%) i/s -     17.050k in   5.045676s
```
2018-09-06 14:44:24 +08:00
Sam
e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
Sam
9ab1fb7dfc FEATURE: correctly store width and height on uploads
Previously we used width and height for thumbnails, new code ensures

1. We auto correct width and height
2. We added extra columns for thumbnail_width and height, this is determined
 by actual upload and no longer passed in as a side effect
3. Optimized Image now stores filesize which can be used for analysis, decisions

Also

- fixes Android image manifest as a side effect
- fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 12:59:22 +10:00
Sam
9628c3cf97 FEATURE: automatically correct extension for bad uploads
This fixes with post thumbnails on the fly
2018-08-17 14:00:27 +10:00
Sam
796164b58c FIX: automatically correct bad avatars on access
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
Régis Hanol
de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Régis Hanol
0cd9e2acb9 fix build 2018-08-04 01:56:26 +02:00
Régis Hanol
bf4d98e89d FIX: always store topic links using the upload url 2018-08-04 01:29:32 +02:00
Guo Xiang Tan
875008522d FIX: Discourse.S3BaseUrl did not account for subfolder bucket names. 2018-07-06 15:53:57 +08:00
Guo Xiang Tan
7163bf9323 FIX: Upload.get_from_url not respective subfolder in s3 bucket names. 2018-07-06 11:37:11 +08:00
Maja Komel
6c9190357c fix get from url for external uploads without CDN 2018-06-13 16:21:28 +10:00
Arpit Jalan
290ee312e6 FIX: handle invalid mailto links 2018-05-18 18:02:52 +05:30
Arpit Jalan
539cf32f87 FIX: handle encoded mailto links when looking for upload record 2018-05-17 12:44:53 +05:30
Arpit Jalan
91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Guo Xiang Tan
142571bba0 Remove use of rescue nil.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Guo Xiang Tan
bfe38b2118 FIX: limit wasn't correctly applied to Upload.migrate_to_new_scheme. 2018-03-22 10:56:06 +08:00
Guo Xiang Tan
226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Rafael dos Santos Silva
b9a343afe7 FIX: Allow shared CDN for s3 and assets 2018-01-12 01:08:15 -02:00
Arpit Jalan
daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Sam
4ea87b5ab8 Merge branch 's3_refactor' 2017-10-09 10:27:52 +11:00
Sam
70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Guo Xiang Tan
d67f0b39ae Update annotations. 2017-10-06 11:13:01 +08:00
Sam
f766ea4257 Correct short url decoding for sha1s leading with zero
This was picked up cause we had a flaky test!
2017-08-23 11:08:18 -04:00
Sam
bcf7dc38c2 FEATURE: server side support for upload:// markdown
This allows uploads to be specified using short sha1 hash instead of full
URL

Client side change is pending
2017-08-22 11:46:23 -04:00
Sam
c68999e128 annotate models
WARNING annotators out there, be to run bin/annotate on RAILS_ENV=test on a clean db
2017-08-16 10:38:11 -04:00
Neil Lalonde
5d528f0d15 Merge pull request #4958 from dmacjam/search_posts_by_filetype
FEATURE: Search posts by filetype
2017-07-31 11:55:34 -04:00
Guo Xiang Tan
5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Neil Lalonde
d8c27e3871 Merge branch 'master' into search_posts_by_filetype 2017-07-25 14:41:20 -04:00
Régis Hanol
c7c93e7159 FEATURE: new 'strip image metadata' site setting 2017-07-25 11:48:39 +02:00
Jakub Macina
8c445e9f17 Fix backend code for searching by a filetype as a combination of uploads and topic links. Add rspec test for extracting file extension in upload. 2017-07-06 19:19:31 +02:00
Régis Hanol
54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Robin Ward
cdbe027c1c Refactor FileHelper to use keyword arguments. 2017-05-24 13:54:26 -04:00
Régis Hanol
13e489b4ca replace the upload type whitelist with a sanitizer 2017-05-18 12:13:13 +02:00
Arpit Jalan
8e5b0c79ae FIX: allow images to be uploaded in wizard 2017-05-18 13:53:23 +05:30
Arpit Jalan
8c337ecf82 FIX: allow uploading of category logo and background 2017-05-11 12:48:54 +05:30
Régis Hanol
214939bb87 freeze array constants 2017-05-11 09:08:59 +02:00
Régis Hanol
9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Guo Xiang Tan
2af1b9e93c Add time out when optimizing images. 2017-04-20 15:21:43 +08:00
Guo Xiang Tan
60f1169077 REFACTOR: Reduce repetition in code. 2017-04-18 17:03:49 +08:00
Guo Xiang Tan
e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Régis Hanol
887e9af84f FEATURE: new 'max_image_megapixels' site setting 2017-01-11 23:37:12 +01:00
Régis Hanol
8d48779b5c FIX: don't 💥 with an invalid URI 2016-10-20 12:34:42 +02:00
Guo Xiang Tan
7db33cc512 FIX: Videos and audio files were not associated to the post. 2016-10-18 16:13:39 +08:00
Guo Xiang Tan
e4b75f604c FIX: Make clean up upload script a safer task to run. 2016-09-05 10:06:02 +08:00