IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FEATURE: Secure uploads in PMs only (#23398)

Browse Source 
This adds a new secure_uploads_pm_only site setting. When secure_uploads
is true with this setting, only uploads created in PMs will be marked
secure; no uploads in secure categories will be marked as secure, and
the login_required site setting has no bearing on upload security
either.

This is meant to be a stopgap solution to prevent secure uploads
in a single place (private messages) for sensitive admin data exports.
Ideally we would want a more comprehensive way of saying that certain
upload types get secured which is a hybrid/mixed mode secure uploads,
but for now this will do the trick.
This commit is contained in:
Martin Brennan
2023-09-06 09:39:09 +10:00
committed by GitHub
parent de9b567c19
commit c532f6eb3d
14 changed files with 283 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/upload_security.rb
View File

@@ -163,7 +163,7 @@ class UploadSecurity
#### START PRIVATE CHECKS ####
def login_required_check
SiteSetting.login_required?
SiteSetting.login_required? && !SiteSetting.secure_uploads_pm_only?
end
# Whether the upload should remain secure or not after posting depends on its context,