IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity
e29fef9e99
discourse/app/models
History
Martin Brennan ab3bda6cd0
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 
Basically, say you had already downloaded a certain image from a certain URL
using pull_hotlinked_images and the onebox. The upload would be stored
by its sha as an upload record. Whenever you linked to the same URL again
in a post (e.g. in our case an og:image on review.discourse) we would
would reuse the original upload record because of the sha1.

However when you turned on secure media this could cause problems as
the first post that uses that upload after secure media is enabled
will set the access control post for the upload to the new post.
Then if the post is deleted every single onebox/link to that same image
URL will fail forever with 403 as the secure-media-uploads URL fails
if the access control post has been deleted.

To fix this when cooking posts and pulling hotlinked images, we only
allow using an original upload by URL if its access control post
matches the current post, and if the original_sha1 is filled in,
meaning it was uploaded AFTER secure media was enabled. otherwise
we just redownload the media again to be safe, as the URL will always
be new then.
2020-01-29 10:11:38 +10:00
..
concerns DEV: increase the length of backup codes 2020-01-21 15:32:06 +11:00
reports FIX: Correct ordering for post_edits report, and remove query limit 2019-08-13 16:53:16 +01:00
about.rb PERF: speed up about page render time and limit category mods (#8112) 2019-10-03 21:48:56 +03:00
admin_dashboard_data.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
admin_dashboard_general_data.rb FIX: Allow dashboard to load even when git version cannot be found 2019-08-28 12:37:42 +01:00
admin_dashboard_index_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
anonymous_user.rb FEATURE: introduce dedicated storage and DB constraints for anon users 2019-05-29 14:26:24 +10:00
api_key.rb FEATURE: Hash API keys in the database (#8438) 2019-12-12 11:45:00 +00:00
application_request.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
auto_track_duration_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
backup_draft_post.rb FEATURE: experimental hidden setting for draft backups 2019-10-17 16:58:21 +11:00
backup_draft_topic.rb FEATURE: experimental hidden setting for draft backups 2019-10-17 16:58:21 +11:00
backup_file.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
backup_location_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
backup_metadata.rb FEATURE: Drop "backup" schema 7 days after restore 2020-01-16 17:48:47 +01:00
badge_grouping.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
badge_type.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
badge.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
bookmark.rb Improving bookmarks part 1 (#8466) 2019-12-11 14:04:02 +10:00
category_and_topic_lists.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_custom_field.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_featured_topic.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
category_group.rb PERF: Add index on group to category_groups (#8231) 2019-10-23 10:30:43 +01:00
category_list.rb FEATURE: support to mute all categories by default. (#8295) 2019-11-08 08:28:11 +05:30
category_page_style.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_tag_group.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_tag_stat.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_tag.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_user.rb DEV: Update annotations 2019-11-19 10:21:06 +00:00
category.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
child_theme.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
color_scheme_color.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
color_scheme.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
custom_emoji.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
developer.rb DEV: Update annotations 2019-11-29 15:49:08 +00:00
digest_email_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
directory_item.rb FIX: user directory should not include unapproved users 2019-09-11 15:18:17 -04:00
discourse_single_sign_on.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
discourse_version_check.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
draft_sequence.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
draft.rb FIX: under rare conditions saving a new draft could error temporarily 2020-01-02 11:38:14 +11:00
email_change_request.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_level_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_log.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_style.rb FIX: backwards compatibility for uncompiled email style css 2019-10-23 19:22:33 -04:00
email_token.rb FIX: reload the user record instead of fetching via email 2019-05-13 15:16:53 +05:30
embeddable_host.rb FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) 2019-12-12 12:49:21 +10:00
embedding.rb DEV: Remove RSS feed polling in favor of plugin (#8233) 2019-11-12 09:49:02 -06:00
emoji_set_site_setting.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
emoji.rb FEATURE: do not replace ↔ with an emoji 2019-08-30 15:06:23 +10:00
github_user_info.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
given_daily_like.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
global_setting.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
group_archived_message.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_custom_field.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_history.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_mention.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_request.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_user.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
group.rb FIX: group membership leak 2020-01-15 11:21:58 +01:00
ignored_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
incoming_domain.rb FIX: make frozen string mutable in incoming_domain 2019-05-14 17:44:53 +02:00
incoming_email.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
incoming_link.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
incoming_links_report.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
incoming_referer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
invite_redeemer.rb FIX: Use updated_at date to denote expired invites (#8521) 2019-12-17 10:13:49 -05:00
invite.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
invited_group.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
javascript_cache.rb FEATURE: Multi-file javascript support for themes (#7526) 2019-06-03 10:41:00 +01:00
like_notification_frequency_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
locale_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
mailing_list_mode_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
muted_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
new_topic_duration_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
notification_level_when_replying_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
notification.rb Fix the build - take 3. 2019-12-05 20:35:39 +05:30
oauth2_user_info.rb FIX: allow storage of non unique rows in oauth2_user_infos 2019-10-25 11:57:34 +11:00
onceoff_log.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
optimized_image.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
permalink.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plugin_store_row.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plugin_store.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_action_type.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
post_analyzer.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_custom_field.rb DEV: Update annotations 2019-05-13 15:24:24 +01:00
post_detail.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_mover.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
post_reply_key.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_reply.rb Merge pull request #8736 from gschlager/rename_reply_id_column 2020-01-17 17:24:49 +01:00
post_revision.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_stat.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_timing.rb FIX: Decrement posts read count when destroying post timings (#8172) 2019-10-08 15:39:23 -03:00
post_upload.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post.rb FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) 2020-01-24 11:59:30 +10:00
previous_replies_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
push_subscription.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
quoted_post.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
remote_theme.rb DEV: correct a few Ruby 2.7 deprecations 2019-11-28 13:13:29 +11:00
remove_muted_tags_from_latest_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
report.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
reviewable_claimed_topic.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post.rb FIX: Only agree with the first post when using the 'Delete post + replies and agree' option 2020-01-06 13:38:23 -03:00
reviewable_history.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable_priority_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_queued_post.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_score.rb FIX: Reload the ReviewableScore types when extending flags (#8740) 2020-01-17 11:59:38 -03:00
reviewable_sensitivity_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_user.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable.rb FIX: Stop logging errors in postgres on reviewable conflict 2020-01-09 12:04:17 -05:00
s3_region_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
screened_email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
screened_ip_address.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
screened_url.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
search_log.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
shared_draft.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
single_sign_on_record.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
site_setting.rb DEV: Remove SiteSetting.default_categories_selected (#8138) 2019-10-04 15:57:17 +10:00
site.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
skipped_email_log.rb FIX: Don't send notification email when user isn't allowed to see topic 2019-07-01 14:03:03 +02:00
slug_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheet_cache.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag_group_membership.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag_group_permission.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag_group.rb FEATURE: add support for tag group search 2019-06-27 17:53:26 +10:00
tag_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag_user.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
tag.rb FIX: Use new tag routes (#8683) 2020-01-21 19:23:08 +02:00
theme_field.rb DEV: Display a warning when themes hard-code optimized image links (#8304) 2019-11-12 14:30:19 +00:00
theme_setting.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_override.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme.rb DEV: remove uneeded distinct from relation 2019-12-09 14:24:38 +11:00
top_lists.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
top_menu_item.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
top_topic.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
topic_allowed_group.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_allowed_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_converter.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
topic_custom_field.rb annotate models 2019-05-29 14:26:24 +10:00
topic_embed.rb DEV: use Discourse.cache over Rails.cache 2019-11-27 12:36:19 +11:00
topic_featured_users.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_group.rb Changed CONFLICT to SQL for multiline strings 2019-12-13 11:51:40 -05:00
topic_invite.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_link_click.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
topic_link.rb FIX: inbound link when the only slug available (#8457) 2019-12-04 17:13:20 +11:00
topic_list.rb FEATURE: Dismiss new per category (#8330) 2019-11-14 11:16:13 +11:00
topic_notifier.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_participants_summary.rb FIX: Include 5 participants in topic summary 2019-11-15 15:11:09 -05:00
topic_poster.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_posters_summary.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
topic_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_tag.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_timer.rb DEV: Use enum instead of id for topic timer query 2019-11-19 10:10:14 -07:00
topic_tracking_state.rb FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
topic_user.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
topic_view_item.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
topic.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
translation_override.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
trust_level3_requirements.rb FEATURE: allow TL3 promotions for overturned penalties 2019-12-20 15:25:21 -08:00
trust_level_and_staff_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
trust_level_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
unsubscribe_key.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
upload.rb FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 2020-01-29 10:11:38 +10:00
user_action.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
user_api_key.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
user_archived_message.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_associated_account.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_auth_token_log.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_auth_token.rb FEATURE: Limit the number of active sessions for a user (#8411) 2019-11-27 12:39:31 +00:00
user_avatar.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_badge.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_badges.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_custom_field.rb DEV: Add missing indexes to user_profiles (#8691) 2020-01-09 17:08:55 +01:00
user_email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_export.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field_option.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_field.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_history.rb FIX: Mark secure media upload insecure automatically if used for theme component (#8413) 2019-11-28 07:32:17 +10:00
user_open_id.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_option.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
user_profile_view.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
user_profile.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
user_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_search.rb SECURITY: Check permissions when autocompleting mentions 2019-10-28 11:01:47 +00:00
user_second_factor.rb SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
user_security_key.rb DEV: annotate models 2019-10-17 16:58:22 +11:00
user_stat.rb DEV: Add missing indexes to user_profiles (#8691) 2020-01-09 17:08:55 +01:00
user_summary.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_upload.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_visit.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_warning.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
username_validator.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
watched_word.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
web_crawler_request.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook_event_type.rb FEATURE: Add a webhook for user notifications 2019-08-15 14:47:25 -04:00
web_hook_event.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
web_hook.rb DEV: Remove code deprecated by the new Reviewable API (#8023) 2019-08-26 10:33:26 -03:00