mirror of
https://github.com/discourse/discourse.git
synced 2025-02-25 18:55:32 -06:00
cdc8e9de1b
This commit addresses an issue for sites where secure_uploads is turned on after the site has been operating without it for some time. When uploads are linked when they are used inside a post, we were setting the access_control_post_id unconditionally if it was NULL to that post ID and secure_uploads was true. However this causes issues if an upload has been used in a few different places, especially if a post was previously used in a PM and marked secure, so we end up with a case of the upload using a public post for its access control, which causes URLs to not use the /secure-uploads/ path in the post, breaking things like image uploads. We should only set the access_control_post_id if the post is the first time the upload is referenced so it cannot hijack uploads from other places. |
||
|---|---|---|
| .. | ||
| assets | ||
| controllers | ||
| helpers | ||
| jobs | ||
| mailers | ||
| models | ||
| serializers | ||
| services | ||
| views | ||