Commit Graph

164 Commits

Author SHA1 Message Date
Jakub Macina
8c445e9f17 Fix backend code for searching by a filetype as a combination of uploads and topic links. Add rspec test for extracting file extension in upload. 2017-07-06 19:19:31 +02:00
Régis Hanol
54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Robin Ward
cdbe027c1c Refactor FileHelper to use keyword arguments. 2017-05-24 13:54:26 -04:00
Régis Hanol
13e489b4ca replace the upload type whitelist with a sanitizer 2017-05-18 12:13:13 +02:00
Arpit Jalan
8e5b0c79ae FIX: allow images to be uploaded in wizard 2017-05-18 13:53:23 +05:30
Arpit Jalan
8c337ecf82 FIX: allow uploading of category logo and background 2017-05-11 12:48:54 +05:30
Régis Hanol
214939bb87 freeze array constants 2017-05-11 09:08:59 +02:00
Régis Hanol
9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam
bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Guo Xiang Tan
2af1b9e93c Add time out when optimizing images. 2017-04-20 15:21:43 +08:00
Guo Xiang Tan
60f1169077 REFACTOR: Reduce repetition in code. 2017-04-18 17:03:49 +08:00
Guo Xiang Tan
e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Guo Xiang Tan
1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Régis Hanol
887e9af84f FEATURE: new 'max_image_megapixels' site setting 2017-01-11 23:37:12 +01:00
Régis Hanol
8d48779b5c FIX: don't 💥 with an invalid URI 2016-10-20 12:34:42 +02:00
Guo Xiang Tan
7db33cc512 FIX: Videos and audio files were not associated to the post. 2016-10-18 16:13:39 +08:00
Guo Xiang Tan
e4b75f604c FIX: Make clean up upload script a safer task to run. 2016-09-05 10:06:02 +08:00
Guo Xiang Tan
1a4a0d7e89 FIX: Don't fail silently. 2016-09-02 11:59:03 +08:00
Guo Xiang Tan
692ecff3eb Revert "FIX: Don't fail silently."
This reverts commit baa6af93a2.
2016-09-02 11:58:56 +08:00
Guo Xiang Tan
baa6af93a2 FIX: Don't fail silently. 2016-09-02 11:53:53 +08:00
Guo Xiang Tan
efd7cbd887 Remove limit default.
Having the limit makes it harder to migrate all `Upload`/`OptimizedImage`
since the count has to be figured out and passed to the method.
2016-09-02 10:55:11 +08:00
Régis Hanol
5169bcdb6e FIX: httpshttps ultra secure URLs 2016-06-30 16:55:01 +02:00
Régis Hanol
5e2545a578 FEATURE: improve support for (whitelisted) SVGs as images 2016-06-20 10:22:13 +02:00
Régis Hanol
32d253d484 remove 'crop_tall_images' site setting but keep the behavior 2016-05-23 16:42:19 +02:00
Régis Hanol
667dd54a23 FEATURE: new 'crop_tall_images' site setting 2016-05-23 16:18:30 +02:00
Guo Xiang Tan
0634834009 Some fixes related to optimized images (#4233)
* FIX: No need to manually include relation.

* FIX: OR instead of chaining relation.
2016-05-20 09:12:25 +02:00
Régis Hanol
df14926e42 SECURITY: check magic bytes before using ImageMagick tools 2016-05-03 21:54:07 +02:00
Régis Hanol
be5a54d67d FEATURE: new 'allow_all_attachments_for_group_messages' site setting 2016-02-29 22:39:24 +01:00
Sam
32c681c96b annotate models 2016-02-23 10:33:53 +11:00
Régis Hanol
4d981cec53 FIX: don't try to optimize large PNGs (takes too much time) 2016-02-22 12:57:24 +01:00
Régis Hanol
a9099f9e23 SECURITY: ensure we never accept fake images 2015-12-21 16:08:14 +01:00
Régis Hanol
09bfe49254 FIX: don't automagically downsize uploaded images that are larger than 10MB
FIX: don't optimize GIFs since ImageOption was disabled for GIFs (too slow)
2015-11-26 18:16:47 +01:00
Régis Hanol
fb62a7c0c3 FIX: only downsize user card & profile backgrounds 2015-09-24 21:04:06 +02:00
Régis Hanol
a3831a7003 FIX: uploading an animated user card/profile background was converted to a still image 2015-09-20 22:01:03 +02:00
Régis Hanol
93f9dcfcec FIX: don't overwrite custom uploaded avatar when selecting gravatar
FIX: remove unecessary serialized fields
2015-09-11 15:10:56 +02:00
Sam
cd8d82aa31 correct file size and add note about impending breakage of image_optim 2015-09-10 14:37:46 +10:00
Régis Hanol
d456460d33 FIX: don't butcher GIFs
Use 'gifsicle' instead of 'convert' to resize & optimize GIFs

FIX: don't even try to fix GIFs orientation
FIX: use 'allow_animated_thumbnails' site setting for user profile backgrounds & user cards
2015-07-22 17:10:42 +02:00
Régis Hanol
b0802abae2 FIX: crop & optimize user background profile/card images 2015-07-15 17:15:43 +02:00
Gerhard Schlager
2e8838a0cd FIX: Disable validation during thumbnail creation 2015-06-27 01:26:16 +02:00
Régis Hanol
bc9fd2c46d don't silence these errors 2015-06-12 20:11:23 +02:00
Régis Hanol
189cb3ff12 FEATURE: move migrate_to_new_scheme into a background job
- new hidden site setting 'migrate_to_new_scheme' (defaults to false)
- new rake tasks to toggle migration to new scheme
- FIX: migrate_to_new_scheme also works with CDN
- PERF: improve perf of the DbHelper.remap method
- REFACTOR: UrlHelper is now a class
2015-06-12 12:07:57 +02:00
Régis Hanol
64e73e98fb FIX: allow the cooked_post_processor to download external uploads 2015-06-01 20:08:41 +02:00
Régis Hanol
61d85206ee FIX: optimize uploaded images using lossy but very fast compression 2015-05-29 15:57:24 +02:00
Régis Hanol
e101396ea1 FEATURE: add support for device pixel ratio = 3 2015-05-28 01:48:07 +02:00
Régis Hanol
033c2e7140 FIX: respect the allow_animated_avatars site setting 2015-05-26 12:22:02 +02:00
Régis Hanol
a797f7c664 FIX: properly handle images when using 's3_cdn_url' 2015-05-26 11:47:33 +02:00
Régis Hanol
6ae9bcab56 add DistributedMutex around uploads/optimized_images creation 2015-05-12 16:45:33 +02:00
Régis Hanol
0e5c9b2590 small upload code refactor 2015-02-03 18:44:18 +01:00
Jeff Atwood
e45b3c15c3 Revert "FIX: auto orientation code causing grey images to appear blackish"
This reverts commit f680374820.
2015-02-02 01:27:52 -08:00
Sam
f680374820 FIX: auto orientation code causing grey images to appear blackish 2015-01-31 18:05:50 +11:00
Régis Hanol
cd2c9edb46 FIX: 🐛 upload on IE9 wasn't working :'(
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Sam
6bed4e1bf0 add allowed_ips to api_keys
update annotations
2014-11-20 14:53:15 +11:00
Régis Hanol
bf666f8553 FEATURE: allow animated thumbnails 2014-11-13 23:30:34 +01:00
Régis Hanol
bdb78ce76a FEATURE: consider SVG as an image when authorized 2014-11-03 19:54:10 +01:00
Sam
414c6d191f FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 15:19:25 +10:00
Régis Hanol
c7330ed73f BUGFIX: errors when post-processing 'data images' 2014-07-18 17:54:18 +02:00
Régis Hanol
a52c80e2a8 FEATURE: automatic image orientation fix 2014-07-09 23:59:57 +02:00
Sam
b1d5f4440b Annotate models 2014-05-28 12:30:57 +10:00
Louis Rose
1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Régis Hanol
9cd8476453 REFACTOR: use an options hash instead of multiple nil-able parameters 2014-04-15 17:17:10 +02:00
Régis Hanol
542d54e6bf BUGFIX: uploads to S3 2014-04-15 13:04:14 +02:00
Sam
862a6696c0 Correct annotations
allow longer usernames (up to 60)
2014-04-15 15:53:48 +10:00
Régis Hanol
2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Régis Hanol
6373de550f update annotations 2014-04-08 17:35:44 +02:00
Sam
2db3cfb16b annotate models 2013-12-05 17:40:35 +11:00
Régis Hanol
37fd7ab574 pull hotlinked images 2013-11-05 19:07:29 +01:00
Sam
5bf26ec34e large refactor, ship a few columns from the user table into user_stats 2013-10-07 15:04:59 +11:00
Régis Hanol
cd4cda5b4c allow users to specify thumbnail size 2013-09-27 10:57:31 +02:00
Régis Hanol
c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Régis Hanol
ed9417fa3b enable thumbnailing on S3
- added url to optimized image model
- refactored s3_store & local_store
2013-07-31 23:26:34 +02:00
Régis Hanol
be9217d4c8 add server-side filesize check on uploads 2013-07-24 00:54:41 +02:00
Robin Ward
ed745c3fdd Merge pull request #1222 from ZogStriP/fix-s3-related-issues
Fix s3 related issues
2013-07-22 07:30:41 -07:00
Régis Hanol
649ab85740 FIX: thumbnailing wasn't working with CDN enabled 2013-07-22 00:37:23 +02:00
Régis Hanol
33977252c9 rollback to previous s3 syntax (ie. subdomains) 2013-07-20 11:30:36 +02:00
Régis Hanol
8406a4230c FIX: click tracking on attachments wasn't working 2013-07-19 01:27:09 +02:00
Régis Hanol
5c27dd175a make sure we handle both s3 url formats 2013-07-17 00:32:09 +02:00
Régis Hanol
7ae2fe304d renamed s3 to s3_store 2013-07-17 00:27:52 +02:00
Régis Hanol
6f2ce93ab2 FIX: create an upload when FastImage throws an exception
FastImage might throw an exception when it isn't able to recognize a
file as being an image (ie. happens when users changes the extension
manually)

Also improved upload specs a lot
2013-07-13 23:42:19 +02:00
Régis Hanol
27ab5f471c support arbitrary attachments 2013-07-10 22:59:53 +02:00
Régis Hanol
ac7253a938 refactor CookedPostProcessor & specs 2013-07-08 01:39:08 +02:00
Régis Hanol
6251935b1e removed auto_link_images_wider_than setting 2013-07-06 22:19:16 +02:00
Robin Ward
1c18490141 Revert "cheat to fix duplicate key on thumbnails"
This reverts commit 0c702522c4.
2013-07-05 16:09:43 -04:00
Sam
0c702522c4 cheat to fix duplicate key on thumbnails 2013-07-05 15:01:31 +10:00
Régis Hanol
6723ba6014 Add a list of for file uploads 2013-07-01 02:19:03 +02:00
Régis Hanol
08aa23f0ca FIX: lightbox wasn't working when using s3 upload 2013-06-22 13:38:42 +02:00
Régis Hanol
8a751e6e44 make sure we also delete optimized images 2013-06-21 09:34:02 +02:00
Régis Hanol
4a17d6dca6 added a rake task to clean orphan uploaded files 2013-06-19 21:51:41 +02:00
Régis Hanol
ae3543872c renamed the sha column to the proper sha1 2013-06-17 22:16:14 +02:00
Régis Hanol
454636abf1 annotate models 2013-06-17 02:49:34 +02:00
Régis Hanol
510bac4b27 refactored a bit & tested thumbnails creation 2013-06-17 02:49:34 +02:00
Régis Hanol
cc9e0ec80a create thumbnails when needed 2013-06-17 02:49:34 +02:00
Régis Hanol
5de03814fb created optimized_image model 2013-06-17 02:49:34 +02:00
Régis Hanol
2c3f757951 moved has_been_uploaded and uploaded_regex to the Upload model 2013-06-17 02:49:34 +02:00
Régis Hanol
8a98310cf9 make sure we only do the work once 2013-06-17 02:49:34 +02:00
Régis Hanol
6c4554b941 identifies all uploads with the SHA1 hash of the file content 2013-06-17 02:49:33 +02:00
Régis Hanol
6ea91b4416 remove useless upload topic direct association 2013-06-17 02:49:33 +02:00
Régis Hanol
037f62928b add proper post_uploads reverse index 2013-06-13 23:44:24 +02:00
Régis Hanol
770c1faeb1 added a reverse index of user uploads + rake task 2013-06-13 01:43:50 +02:00
Régis Hanol
8a2d635e62 removed imgur support 2013-06-11 21:51:41 +02:00
Ian Christian Myers
0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00