IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Mark secure media upload insecure automatically if used for theme component (#8413)

Browse Source 
When uploading a file to a theme component, and that file is existing and has already been marked as secure, we now automatically mark the file as secure: false, change the ACL, and log the action as the user (also rebake the posts for the upload)
This commit is contained in:
Martin Brennan
2019-11-28 07:32:17 +10:00
committed by GitHub
parent d12f2580de
commit e7c7a05097
9 changed files with 87 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/upload.rb
View File

@@ -230,9 +230,9 @@ class Upload < ActiveRecord::Base
self.posts.where("cooked LIKE '%/_optimized/%'").find_each(&:rebake!)
end
def update_secure_status
def update_secure_status(secure_override_value: nil)
return false if self.for_theme || self.for_site_setting
mark_secure = should_be_secure?
mark_secure = secure_override_value.nil? ? should_be_secure? : secure_override_value
self.update_column("secure", mark_secure)
Discourse.store.update_upload_ACL(self) if Discourse.store.external?