mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 10:42:45 +08:00
cdc8e9de1b
This commit addresses an issue for sites where secure_uploads is turned on after the site has been operating without it for some time. When uploads are linked when they are used inside a post, we were setting the access_control_post_id unconditionally if it was NULL to that post ID and secure_uploads was true. However this causes issues if an upload has been used in a few different places, especially if a post was previously used in a PM and marked secure, so we end up with a case of the upload using a public post for its access control, which causes URLs to not use the /secure-uploads/ path in the post, breaking things like image uploads. We should only set the access_control_post_id if the post is the first time the upload is referenced so it cannot hijack uploads from other places. |
||
|---|---|---|
| .. | ||
| fabricators | ||
| fixtures | ||
| generator | ||
| helpers | ||
| import_export | ||
| initializers | ||
| integration | ||
| integrity | ||
| jobs | ||
| lib | ||
| mailers | ||
| migrations | ||
| models | ||
| multisite | ||
| requests | ||
| script/import_scripts | ||
| serializers | ||
| services | ||
| support | ||
| system | ||
| tasks | ||
| views | ||
| rails_helper.rb | ||
| regenerate_swagger_docs | ||
| swagger_helper.rb | ||