FIX: Invalid URLs could raise exceptions when calling UrlHelper.rails_route_from_url (#10782)

Upload.secure_media_url? raised an exceptions when the URL was invalid, which was a issue in some situations where secure media URLs must be removed. For example, sending digests used PrettyText.strip_secure_media, which used Upload.secure_media_url? to replace secure media with placeholders. If the URL was invalid, then an exception would be raised and left unhandled. Now instead in UrlHelper.rails_route_from_url we return nil if there is something wrong with the URL. Co-authored-by: Bianca Nenciu <nenciu.bianca@gmail.com>
2025-02-25 18:55:32 -06:00 · 2020-09-30 15:20:00 +10:00
parent a0bbc346cb
commit 39b2fb8649
4 changed files with 18 additions and 0 deletions
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@@ -167,6 +167,7 @@ class Upload < ActiveRecord::Base
    # we do not want to exclude topic links that for whatever reason
    # have secure-media-uploads in the URL e.g. /t/secure-media-uploads-are-cool/223452
    route = UrlHelper.rails_route_from_url(url)
+    return false if route.blank?
    route[:action] == "show_secure" && route[:controller] == "uploads" && FileHelper.is_supported_media?(url)
  rescue ActionController::RoutingError
    false