mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 18:30:26 -06:00
FIX: Gravatar uploads being dependent on authorized_extensions.
This commit is contained in:
parent
20bc4a38a5
commit
7bd93eba3e
@ -29,6 +29,7 @@ class Upload < ActiveRecord::Base
|
||||
attr_accessor :for_private_message
|
||||
attr_accessor :for_export
|
||||
attr_accessor :for_site_setting
|
||||
attr_accessor :for_gravatar
|
||||
|
||||
validates_presence_of :filesize
|
||||
validates_presence_of :original_filename
|
||||
|
@ -43,7 +43,8 @@ class UserAvatar < ActiveRecord::Base
|
||||
tempfile,
|
||||
"gravatar#{ext}",
|
||||
origin: gravatar_url,
|
||||
type: "avatar"
|
||||
type: "avatar",
|
||||
for_gravatar: true
|
||||
).create_for(user_id)
|
||||
|
||||
if gravatar_upload_id != upload.id
|
||||
|
@ -124,6 +124,10 @@ class FileHelper
|
||||
(@memoized ||= {})[args] ||= yield
|
||||
end
|
||||
|
||||
def self.supported_gravatar_extensions
|
||||
@@supported_gravatar_images ||= Set.new(%w{jpg jpeg png gif})
|
||||
end
|
||||
|
||||
def self.supported_images
|
||||
@@supported_images ||= Set.new %w{jpg jpeg png gif svg ico}
|
||||
end
|
||||
|
@ -21,6 +21,7 @@ class UploadCreator
|
||||
# - for_private_message (boolean)
|
||||
# - pasted (boolean)
|
||||
# - for_export (boolean)
|
||||
# - for_gravatar (boolean)
|
||||
def initialize(file, filename, opts = {})
|
||||
@file = file
|
||||
@filename = (filename || "").gsub(/[^[:print:]]/, "")
|
||||
@ -116,6 +117,7 @@ class UploadCreator
|
||||
@upload.for_theme = true if @opts[:for_theme]
|
||||
@upload.for_export = true if @opts[:for_export]
|
||||
@upload.for_site_setting = true if @opts[:for_site_setting]
|
||||
@upload.for_gravatar = true if @opts[:for_gravatar]
|
||||
|
||||
return @upload unless @upload.save
|
||||
|
||||
|
@ -26,6 +26,13 @@ class Validators::UploadValidator < ActiveModel::Validator
|
||||
return true
|
||||
end
|
||||
|
||||
if upload.for_gravatar &&
|
||||
FileHelper.supported_gravatar_extensions.include?(extension)
|
||||
|
||||
maximum_image_file_size(upload)
|
||||
return true
|
||||
end
|
||||
|
||||
if is_authorized?(upload, extension)
|
||||
if FileHelper.is_supported_image?(upload.original_filename)
|
||||
authorized_image_extension(upload, extension)
|
||||
|
@ -15,7 +15,7 @@ describe UserAvatar do
|
||||
before do
|
||||
temp.binmode
|
||||
# tiny valid png
|
||||
temp.write(Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw=="))
|
||||
temp.write(Base64.decode64("iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAACklEQVR4nGMAAQAABQABDQottAAAAABJRU5ErkJggg=="))
|
||||
temp.rewind
|
||||
FileHelper.expects(:download).returns(temp)
|
||||
end
|
||||
@ -28,7 +28,6 @@ describe UserAvatar do
|
||||
freeze_time Time.now
|
||||
|
||||
expect { avatar.update_gravatar! }.to change { Upload.count }.by(1)
|
||||
|
||||
expect(avatar.gravatar_upload).to eq(Upload.last)
|
||||
expect(avatar.last_gravatar_download_attempt).to eq(Time.now)
|
||||
expect(user.reload.uploaded_avatar).to eq(nil)
|
||||
@ -36,7 +35,13 @@ describe UserAvatar do
|
||||
expect do
|
||||
avatar.destroy
|
||||
end.to_not change { Upload.count }
|
||||
end
|
||||
|
||||
it "updates gravatars even if uploads have been disabled" do
|
||||
SiteSetting.authorized_extensions = ""
|
||||
|
||||
expect { avatar.update_gravatar! }.to change { Upload.count }.by(1)
|
||||
expect(avatar.gravatar_upload).to eq(Upload.last)
|
||||
end
|
||||
|
||||
describe 'when user has an existing custom upload' do
|
||||
|
Loading…
Reference in New Issue
Block a user