mirror of
https://github.com/discourse/discourse.git
synced 2025-03-26 18:25:47 +08:00
cdc8e9de1b
This commit addresses an issue for sites where secure_uploads is turned on after the site has been operating without it for some time. When uploads are linked when they are used inside a post, we were setting the access_control_post_id unconditionally if it was NULL to that post ID and secure_uploads was true. However this causes issues if an upload has been used in a few different places, especially if a post was previously used in a PM and marked secure, so we end up with a case of the upload using a public post for its access control, which causes URLs to not use the /secure-uploads/ path in the post, breaking things like image uploads. We should only set the access_control_post_id if the post is the first time the upload is referenced so it cannot hijack uploads from other places.