2019-05-02 18:17:27 -04:00
|
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
2013-07-06 13:10:53 -04:00
|
|
|
|
# Post processing that we can do after a post has already been cooked.
|
2013-07-07 19:39:08 -04:00
|
|
|
|
# For example, inserting the onebox content, or image sizes/thumbnails.
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
|
|
|
|
|
class CookedPostProcessor
|
2021-11-22 14:32:12 -05:00
|
|
|
|
include CookedProcessorMixin
|
|
|
|
|
|
|
2019-03-31 22:14:29 -04:00
|
|
|
|
LIGHTBOX_WRAPPER_CSS_CLASS = "lightbox-wrapper"
|
2021-05-27 15:00:38 -04:00
|
|
|
|
GIF_SOURCES_REGEXP = /(giphy|tenor)\.com\//
|
2018-11-27 03:00:31 -05:00
|
|
|
|
|
2017-11-12 19:19:06 -05:00
|
|
|
|
attr_reader :cooking_options, :doc
|
2016-08-12 15:28:54 -04:00
|
|
|
|
|
2013-02-05 14:16:51 -05:00
|
|
|
|
def initialize(post, opts = {})
|
|
|
|
|
|
@dirty = false
|
|
|
|
|
|
@opts = opts
|
|
|
|
|
|
@post = post
|
2021-11-22 14:32:12 -05:00
|
|
|
|
@model = post
|
2013-12-06 05:16:13 -05:00
|
|
|
|
@previous_cooked = (@post.cooked || "").dup
|
2015-09-29 12:51:26 -04:00
|
|
|
|
# NOTE: we re-cook the post here in order to prevent timing issues with edits
|
|
|
|
|
|
# cf. https://meta.discourse.org/t/edit-of-rebaked-post-doesnt-show-in-html-only-in-raw/33815/6
|
2015-12-03 15:01:18 -05:00
|
|
|
|
@cooking_options = post.cooking_options || opts[:cooking_options] || {}
|
2018-11-26 01:23:56 -05:00
|
|
|
|
@cooking_options[:topic_id] = post.topic_id
|
2015-12-03 15:01:18 -05:00
|
|
|
|
@cooking_options = @cooking_options.symbolize_keys
|
2022-09-28 19:24:33 -04:00
|
|
|
|
@with_secure_uploads = @post.with_secure_uploads?
|
2021-11-22 14:32:12 -05:00
|
|
|
|
@category_id = @post&.topic&.category_id
|
2016-04-12 14:09:59 -04:00
|
|
|
|
|
2020-01-28 19:37:04 -05:00
|
|
|
|
cooked = post.cook(post.raw, @cooking_options)
|
2021-02-24 10:14:43 -05:00
|
|
|
|
@doc = Loofah.fragment(cooked)
|
2019-09-10 06:59:48 -04:00
|
|
|
|
@has_oneboxes = post.post_analyzer.found_oneboxes?
|
2013-02-19 01:57:14 -05:00
|
|
|
|
@size_cache = {}
|
2018-12-14 17:44:38 -05:00
|
|
|
|
|
2022-09-20 05:28:17 -04:00
|
|
|
|
@disable_dominant_color = !!opts[:disable_dominant_color]
|
2019-10-22 13:11:04 -04:00
|
|
|
|
@omit_nofollow = post.omit_nofollow?
|
2013-02-05 14:16:51 -05:00
|
|
|
|
end
|
|
|
|
|
|
|
2020-04-20 21:48:19 -04:00
|
|
|
|
def post_process(new_post: false)
|
2019-08-04 21:57:35 -04:00
|
|
|
|
DistributedMutex.synchronize("post_process_#{@post.id}", validity: 10.minutes) do
|
2017-10-16 23:17:00 -04:00
|
|
|
|
DiscourseEvent.trigger(:before_post_process_cooked, @doc, @post)
|
2019-05-15 11:49:29 -04:00
|
|
|
|
remove_full_quote_on_direct_reply if new_post
|
2015-08-13 23:05:13 -04:00
|
|
|
|
post_process_oneboxes
|
2017-11-16 09:45:07 -05:00
|
|
|
|
post_process_images
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 10:23:04 -04:00
|
|
|
|
add_blocked_hotlinked_media_placeholders
|
2018-03-13 13:07:51 -04:00
|
|
|
|
post_process_quotes
|
2015-08-13 23:05:13 -04:00
|
|
|
|
optimize_urls
|
2019-04-22 22:45:41 -04:00
|
|
|
|
remove_user_ids
|
2017-10-23 12:15:51 -04:00
|
|
|
|
update_post_image
|
2017-10-23 13:09:38 -04:00
|
|
|
|
enforce_nofollow
|
2016-04-07 12:27:26 -04:00
|
|
|
|
grant_badges
|
2018-09-06 02:08:03 -04:00
|
|
|
|
@post.link_post_uploads(fragments: @doc)
|
2017-06-23 14:35:10 -04:00
|
|
|
|
DiscourseEvent.trigger(:post_process_cooked, @doc, @post)
|
|
|
|
|
|
nil
|
2016-04-05 15:12:02 -04:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2016-04-06 12:02:18 -04:00
|
|
|
|
def has_emoji?
|
|
|
|
|
|
(@doc.css("img.emoji") - @doc.css(".quote img")).size > 0
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2016-04-07 12:27:26 -04:00
|
|
|
|
def grant_badges
|
2020-03-11 08:03:20 -04:00
|
|
|
|
return if @post.user.blank? || !Guardian.new.can_see?(@post)
|
2016-04-05 16:13:10 -04:00
|
|
|
|
|
2016-04-13 16:38:24 -04:00
|
|
|
|
BadgeGranter.grant(Badge.find(Badge::FirstEmoji), @post.user, post_id: @post.id) if has_emoji?
|
|
|
|
|
|
BadgeGranter.grant(Badge.find(Badge::FirstOnebox), @post.user, post_id: @post.id) if @has_oneboxes
|
2016-08-10 13:24:01 -04:00
|
|
|
|
BadgeGranter.grant(Badge.find(Badge::FirstReplyByEmail), @post.user, post_id: @post.id) if @post.is_reply_by_email?
|
2013-02-05 14:16:51 -05:00
|
|
|
|
end
|
|
|
|
|
|
|
2018-03-13 13:07:51 -04:00
|
|
|
|
def post_process_quotes
|
|
|
|
|
|
@doc.css("aside.quote").each do |q|
|
|
|
|
|
|
post_number = q['data-post']
|
|
|
|
|
|
topic_id = q['data-topic']
|
|
|
|
|
|
if topic_id && post_number
|
|
|
|
|
|
comparer = QuoteComparer.new(
|
|
|
|
|
|
topic_id.to_i,
|
|
|
|
|
|
post_number.to_i,
|
|
|
|
|
|
q.css('blockquote').text
|
|
|
|
|
|
)
|
|
|
|
|
|
|
2022-05-12 11:07:43 -04:00
|
|
|
|
q['class'] = ((q['class'] || '') + " quote-post-not-found").strip if comparer.missing?
|
|
|
|
|
|
q['class'] = ((q['class'] || '') + " quote-modified").strip if comparer.modified?
|
2018-03-13 13:07:51 -04:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2019-05-15 11:49:29 -04:00
|
|
|
|
def remove_full_quote_on_direct_reply
|
|
|
|
|
|
return if !SiteSetting.remove_full_quote
|
|
|
|
|
|
return if @post.post_number == 1
|
2019-12-20 03:24:34 -05:00
|
|
|
|
return if @doc.xpath("aside[contains(@class, 'quote')]").size != 1
|
2018-12-07 07:07:11 -05:00
|
|
|
|
|
2019-05-15 11:49:29 -04:00
|
|
|
|
previous = Post
|
|
|
|
|
|
.where("post_number < ? AND topic_id = ? AND post_type = ? AND NOT hidden", @post.post_number, @post.topic_id, Post.types[:regular])
|
|
|
|
|
|
.order("post_number DESC")
|
|
|
|
|
|
.limit(1)
|
|
|
|
|
|
.pluck(:cooked)
|
|
|
|
|
|
.first
|
2018-12-07 07:07:11 -05:00
|
|
|
|
|
2019-05-15 11:49:29 -04:00
|
|
|
|
return if previous.blank?
|
2018-12-07 07:07:11 -05:00
|
|
|
|
|
2020-05-04 23:46:57 -04:00
|
|
|
|
previous_text = Nokogiri::HTML5::fragment(previous).text.strip
|
2019-05-17 08:17:29 -04:00
|
|
|
|
quoted_text = @doc.css("aside.quote:first-child blockquote").first&.text&.strip || ""
|
|
|
|
|
|
|
|
|
|
|
|
return if previous_text.gsub(/(\s){2,}/, '\1') != quoted_text.gsub(/(\s){2,}/, '\1')
|
2019-05-15 11:49:29 -04:00
|
|
|
|
|
2019-12-20 03:24:34 -05:00
|
|
|
|
quote_regexp = /\A\s*\[quote.+\[\/quote\]/im
|
2019-05-15 11:49:29 -04:00
|
|
|
|
quoteless_raw = @post.raw.sub(quote_regexp, "").strip
|
|
|
|
|
|
|
|
|
|
|
|
return if @post.raw.strip == quoteless_raw
|
2018-12-07 07:07:11 -05:00
|
|
|
|
|
|
|
|
|
|
PostRevisor.new(@post).revise!(
|
|
|
|
|
|
Discourse.system_user,
|
|
|
|
|
|
{
|
2019-05-15 11:49:29 -04:00
|
|
|
|
raw: quoteless_raw,
|
2018-12-07 07:07:11 -05:00
|
|
|
|
edit_reason: I18n.t(:removed_direct_reply_full_quotes)
|
|
|
|
|
|
},
|
2018-12-12 09:42:53 -05:00
|
|
|
|
skip_validations: true,
|
|
|
|
|
|
bypass_bump: true
|
2018-12-07 07:07:11 -05:00
|
|
|
|
)
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2013-07-07 19:39:08 -04:00
|
|
|
|
def extract_images
|
2017-11-16 09:45:07 -05:00
|
|
|
|
# all images with a src attribute
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 10:23:04 -04:00
|
|
|
|
@doc.css("img[src], img[#{PrettyText::BLOCKED_HOTLINKED_SRC_ATTR}]") -
|
2017-11-16 09:45:07 -05:00
|
|
|
|
# minus data images
|
2014-07-18 11:54:18 -04:00
|
|
|
|
@doc.css("img[src^='data']") -
|
2017-11-16 09:45:07 -05:00
|
|
|
|
# minus emojis
|
2019-12-09 08:39:25 -05:00
|
|
|
|
@doc.css("img.emoji")
|
2013-07-07 19:39:08 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
2016-10-31 05:41:33 -04:00
|
|
|
|
def extract_images_for_post
|
2017-11-16 09:45:07 -05:00
|
|
|
|
# all images with a src attribute
|
2015-10-15 05:00:47 -04:00
|
|
|
|
@doc.css("img[src]") -
|
2017-11-16 09:45:07 -05:00
|
|
|
|
# minus emojis
|
2015-10-15 05:00:47 -04:00
|
|
|
|
@doc.css("img.emoji") -
|
2017-11-16 09:45:07 -05:00
|
|
|
|
# minus images inside quotes
|
2020-02-06 11:19:40 -05:00
|
|
|
|
@doc.css(".quote img") -
|
|
|
|
|
|
# minus onebox site icons
|
2020-05-14 13:01:43 -04:00
|
|
|
|
@doc.css("img.site-icon") -
|
|
|
|
|
|
# minus onebox avatars
|
|
|
|
|
|
@doc.css("img.onebox-avatar") -
|
2021-02-22 05:40:40 -05:00
|
|
|
|
@doc.css("img.onebox-avatar-inline") -
|
2021-02-11 12:50:42 -05:00
|
|
|
|
# minus github onebox profile images
|
|
|
|
|
|
@doc.css(".onebox.githubfolder img")
|
2015-10-15 05:00:47 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
2013-11-05 13:04:47 -05:00
|
|
|
|
def convert_to_link!(img)
|
2020-03-26 10:40:00 -04:00
|
|
|
|
w, h = img["width"].to_i, img["height"].to_i
|
|
|
|
|
|
user_width, user_height = (w > 0 && h > 0 && [w, h]) ||
|
|
|
|
|
|
get_size_from_attributes(img) ||
|
|
|
|
|
|
get_size_from_image_sizes(img["src"], @opts[:image_sizes])
|
|
|
|
|
|
|
|
|
|
|
|
limit_size!(img)
|
|
|
|
|
|
|
2013-02-19 01:57:14 -05:00
|
|
|
|
src = img["src"]
|
2018-06-18 05:10:23 -04:00
|
|
|
|
return if src.blank? || is_a_hyperlink?(img) || is_svg?(img)
|
2013-02-19 01:57:14 -05:00
|
|
|
|
|
2017-10-18 17:54:36 -04:00
|
|
|
|
original_width, original_height = (get_size(src) || [0, 0]).map(&:to_i)
|
|
|
|
|
|
if original_width == 0 || original_height == 0
|
2015-08-12 10:10:42 -04:00
|
|
|
|
Rails.logger.info "Can't reach '#{src}' to get its dimension."
|
2015-08-07 13:31:15 -04:00
|
|
|
|
return
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2021-04-22 11:28:35 -04:00
|
|
|
|
upload = Upload.get_from_url(src)
|
|
|
|
|
|
|
2021-05-27 15:00:38 -04:00
|
|
|
|
if (upload.present? && upload.animated?) || src.match?(GIF_SOURCES_REGEXP)
|
2021-04-22 11:28:35 -04:00
|
|
|
|
img.add_class("animated")
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2017-10-18 17:54:36 -04:00
|
|
|
|
return if original_width <= SiteSetting.max_image_width && original_height <= SiteSetting.max_image_height
|
2013-07-07 19:39:08 -04:00
|
|
|
|
|
2020-03-26 10:40:00 -04:00
|
|
|
|
user_width, user_height = [original_width, original_height] if user_width.to_i <= 0 && user_height.to_i <= 0
|
|
|
|
|
|
width, height = user_width, user_height
|
|
|
|
|
|
|
|
|
|
|
|
crop = SiteSetting.min_ratio_to_crop > 0 && width.to_f / height.to_f < SiteSetting.min_ratio_to_crop
|
2018-06-05 11:13:00 -04:00
|
|
|
|
|
|
|
|
|
|
if crop
|
2020-03-26 10:40:00 -04:00
|
|
|
|
width, height = ImageSizer.crop(width, height)
|
|
|
|
|
|
img["width"], img["height"] = width, height
|
|
|
|
|
|
else
|
|
|
|
|
|
width, height = ImageSizer.resize(width, height)
|
2016-05-23 10:18:30 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
2020-01-28 19:11:38 -05:00
|
|
|
|
if upload.present?
|
2018-12-14 16:50:28 -05:00
|
|
|
|
upload.create_thumbnail!(width, height, crop: crop)
|
2018-10-02 23:44:53 -04:00
|
|
|
|
|
|
|
|
|
|
each_responsive_ratio do |ratio|
|
|
|
|
|
|
resized_w = (width * ratio).to_i
|
|
|
|
|
|
resized_h = (height * ratio).to_i
|
|
|
|
|
|
|
|
|
|
|
|
if upload.width && resized_w <= upload.width
|
2018-12-14 16:50:28 -05:00
|
|
|
|
upload.create_thumbnail!(resized_w, resized_h, crop: crop)
|
2018-10-02 23:44:53 -04:00
|
|
|
|
end
|
|
|
|
|
|
end
|
2018-12-14 17:44:38 -05:00
|
|
|
|
|
2021-05-20 15:19:44 -04:00
|
|
|
|
return if upload.animated?
|
|
|
|
|
|
|
|
|
|
|
|
if img.ancestors('.onebox, .onebox-body, .quote').blank? && !img.classes.include?("onebox")
|
|
|
|
|
|
add_lightbox!(img, original_width, original_height, upload, cropped: crop)
|
|
|
|
|
|
end
|
2019-12-09 08:39:25 -05:00
|
|
|
|
|
2020-01-28 19:11:38 -05:00
|
|
|
|
optimize_image!(img, upload, cropped: crop)
|
|
|
|
|
|
end
|
2013-07-07 19:39:08 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
2018-10-02 23:44:53 -04:00
|
|
|
|
def each_responsive_ratio
|
|
|
|
|
|
SiteSetting
|
|
|
|
|
|
.responsive_post_image_sizes
|
|
|
|
|
|
.split('|')
|
|
|
|
|
|
.map(&:to_f)
|
|
|
|
|
|
.sort
|
|
|
|
|
|
.each { |r| yield r if r > 1 }
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2019-11-29 08:18:42 -05:00
|
|
|
|
def optimize_image!(img, upload, cropped: false)
|
|
|
|
|
|
w, h = img["width"].to_i, img["height"].to_i
|
|
|
|
|
|
|
2022-09-20 05:28:17 -04:00
|
|
|
|
# note: optimize_urls cooks the src further after this
|
2021-05-20 15:19:44 -04:00
|
|
|
|
thumbnail = upload.thumbnail(w, h)
|
2019-11-29 08:18:42 -05:00
|
|
|
|
if thumbnail && thumbnail.filesize.to_i < upload.filesize
|
|
|
|
|
|
img["src"] = thumbnail.url
|
|
|
|
|
|
|
|
|
|
|
|
srcset = +""
|
|
|
|
|
|
|
|
|
|
|
|
each_responsive_ratio do |ratio|
|
|
|
|
|
|
resized_w = (w * ratio).to_i
|
|
|
|
|
|
resized_h = (h * ratio).to_i
|
|
|
|
|
|
|
|
|
|
|
|
if !cropped && upload.width && resized_w > upload.width
|
2022-09-28 19:24:33 -04:00
|
|
|
|
cooked_url = UrlHelper.cook_url(upload.url, secure: @post.with_secure_uploads?)
|
2019-11-29 08:18:42 -05:00
|
|
|
|
srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0$/, "")}x"
|
|
|
|
|
|
elsif t = upload.thumbnail(resized_w, resized_h)
|
2022-09-28 19:24:33 -04:00
|
|
|
|
cooked_url = UrlHelper.cook_url(t.url, secure: @post.with_secure_uploads?)
|
2019-11-29 08:18:42 -05:00
|
|
|
|
srcset << ", #{cooked_url} #{ratio.to_s.sub(/\.0$/, "")}x"
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-09-28 19:24:33 -04:00
|
|
|
|
img["srcset"] = "#{UrlHelper.cook_url(img["src"], secure: @post.with_secure_uploads?)}#{srcset}" if srcset.present?
|
2019-11-29 08:18:42 -05:00
|
|
|
|
end
|
|
|
|
|
|
else
|
|
|
|
|
|
img["src"] = upload.url
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-09-20 05:28:17 -04:00
|
|
|
|
if !@disable_dominant_color && (color = upload.dominant_color(calculate_if_missing: true).presence)
|
|
|
|
|
|
img["data-dominant-color"] = color
|
2019-11-29 08:18:42 -05:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2018-10-25 10:08:10 -04:00
|
|
|
|
def add_lightbox!(img, original_width, original_height, upload, cropped: false)
|
2013-06-25 20:44:20 -04:00
|
|
|
|
# first, create a div to hold our lightbox
|
2019-03-31 22:14:29 -04:00
|
|
|
|
lightbox = create_node("div", LIGHTBOX_WRAPPER_CSS_CLASS)
|
2013-07-07 19:39:08 -04:00
|
|
|
|
img.add_next_sibling(lightbox)
|
|
|
|
|
|
lightbox.add_child(img)
|
|
|
|
|
|
|
2013-06-25 20:44:20 -04:00
|
|
|
|
# then, the link to our larger image
|
2022-09-28 19:24:33 -04:00
|
|
|
|
src = UrlHelper.cook_url(img["src"], secure: @post.with_secure_uploads?)
|
2019-12-04 18:13:09 -05:00
|
|
|
|
a = create_link_node("lightbox", src)
|
2013-02-19 01:57:14 -05:00
|
|
|
|
img.add_next_sibling(a)
|
2014-10-15 13:20:04 -04:00
|
|
|
|
|
2019-07-04 11:32:51 -04:00
|
|
|
|
if upload
|
2014-10-15 13:20:04 -04:00
|
|
|
|
a["data-download-href"] = Discourse.store.download_url(upload)
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2013-02-19 01:57:14 -05:00
|
|
|
|
a.add_child(img)
|
2013-07-07 19:39:08 -04:00
|
|
|
|
|
2013-06-25 20:44:20 -04:00
|
|
|
|
# then, some overlay informations
|
2017-11-15 05:30:47 -05:00
|
|
|
|
meta = create_node("div", "meta")
|
2013-07-07 19:39:08 -04:00
|
|
|
|
img.add_next_sibling(meta)
|
2013-06-21 12:29:40 -04:00
|
|
|
|
|
2013-11-05 13:04:47 -05:00
|
|
|
|
filename = get_filename(upload, img["src"])
|
2019-05-02 18:17:27 -04:00
|
|
|
|
informations = +"#{original_width}×#{original_height}"
|
2019-02-20 21:13:37 -05:00
|
|
|
|
informations << " #{upload.human_filesize}" if upload
|
2013-06-21 12:29:40 -04:00
|
|
|
|
|
2019-11-03 18:15:14 -05:00
|
|
|
|
a["title"] = CGI.escapeHTML(img["title"] || img["alt"] || filename)
|
2013-11-29 14:03:39 -05:00
|
|
|
|
|
2019-03-22 11:52:06 -04:00
|
|
|
|
meta.add_child create_icon_node("far-image")
|
2016-08-10 23:27:12 -04:00
|
|
|
|
meta.add_child create_span_node("filename", a["title"])
|
2013-06-25 20:44:20 -04:00
|
|
|
|
meta.add_child create_span_node("informations", informations)
|
2019-03-22 11:52:06 -04:00
|
|
|
|
meta.add_child create_icon_node("discourse-expand")
|
2013-06-21 12:29:40 -04:00
|
|
|
|
end
|
2013-02-19 01:57:14 -05:00
|
|
|
|
|
2013-06-26 15:53:31 -04:00
|
|
|
|
def get_filename(upload, src)
|
|
|
|
|
|
return File.basename(src) unless upload
|
2013-07-03 18:39:23 -04:00
|
|
|
|
return upload.original_filename unless upload.original_filename =~ /^blob(\.png)?$/i
|
2019-11-14 15:10:51 -05:00
|
|
|
|
I18n.t("upload.pasted_image_filename")
|
2013-06-26 15:53:31 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
2016-10-31 05:41:33 -04:00
|
|
|
|
def update_post_image
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 04:07:50 -04:00
|
|
|
|
upload = nil
|
2021-02-11 10:44:41 -05:00
|
|
|
|
images = extract_images_for_post
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 04:07:50 -04:00
|
|
|
|
|
2021-02-11 10:44:41 -05:00
|
|
|
|
@post.each_upload_url(fragments: images.css("[data-thumbnail]")) do |src, path, sha1|
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 04:07:50 -04:00
|
|
|
|
upload = Upload.find_by(sha1: sha1)
|
|
|
|
|
|
break if upload
|
2020-02-06 11:19:40 -05:00
|
|
|
|
end
|
2017-06-09 07:16:50 -04:00
|
|
|
|
|
2021-02-11 10:44:41 -05:00
|
|
|
|
if upload.nil? # No specified thumbnail. Use any image:
|
|
|
|
|
|
@post.each_upload_url(fragments: images.css(":not([data-thumbnail])")) do |src, path, sha1|
|
|
|
|
|
|
upload = Upload.find_by(sha1: sha1)
|
|
|
|
|
|
break if upload
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
FEATURE: Include optimized thumbnails for topics (#9215)
This introduces new APIs for obtaining optimized thumbnails for topics. There are a few building blocks required for this:
- Introduces new `image_upload_id` columns on the `posts` and `topics` table. This replaces the old `image_url` column, which means that thumbnails are now restricted to uploads. Hotlinked thumbnails are no longer possible. In normal use (with pull_hotlinked_images enabled), this has no noticeable impact
- A migration attempts to match existing urls to upload records. If a match cannot be found then the posts will be queued for rebake
- Optimized thumbnails are generated during post_process_cooked. If thumbnails are missing when serializing a topic list, then a sidekiq job is queued
- Topic lists and topics now include a `thumbnails` key, which includes all the available images:
```
"thumbnails": [
{
"max_width": null,
"max_height": null,
"url": "//example.com/original-image.png",
"width": 1380,
"height": 1840
},
{
"max_width": 1024,
"max_height": 1024,
"url": "//example.com/optimized-image.png",
"width": 768,
"height": 1024
}
]
```
- Themes can request additional thumbnail sizes by using a modifier in their `about.json` file:
```
"modifiers": {
"topic_thumbnail_sizes": [
[200, 200],
[800, 800]
],
...
```
Remember that these are generated asynchronously, so your theme should include logic to fallback to other available thumbnails if your requested size has not yet been generated
- Two new raw plugin outlets are introduced, to improve the customisability of the topic list. `topic-list-before-columns` and `topic-list-before-link`
2020-05-05 04:07:50 -04:00
|
|
|
|
if upload.present?
|
|
|
|
|
|
@post.update_column(:image_upload_id, upload.id) # post
|
|
|
|
|
|
if @post.is_first_post? # topic
|
|
|
|
|
|
@post.topic.update_column(:image_upload_id, upload.id)
|
|
|
|
|
|
extra_sizes = ThemeModifierHelper.new(theme_ids: Theme.user_selectable.pluck(:id)).topic_thumbnail_sizes
|
|
|
|
|
|
@post.topic.generate_thumbnails!(extra_sizes: extra_sizes)
|
|
|
|
|
|
end
|
|
|
|
|
|
else
|
|
|
|
|
|
@post.update_column(:image_upload_id, nil) if @post.image_upload_id
|
|
|
|
|
|
@post.topic.update_column(:image_upload_id, nil) if @post.topic.image_upload_id && @post.is_first_post?
|
|
|
|
|
|
nil
|
2013-07-07 19:39:08 -04:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2013-11-05 13:04:47 -05:00
|
|
|
|
def optimize_urls
|
2014-10-15 13:20:04 -04:00
|
|
|
|
%w{href data-download-href}.each do |selector|
|
|
|
|
|
|
@doc.css("a[#{selector}]").each do |a|
|
2018-08-14 06:23:32 -04:00
|
|
|
|
a[selector] = UrlHelper.cook_url(a[selector].to_s)
|
2014-10-15 13:20:04 -04:00
|
|
|
|
end
|
2013-11-05 13:04:47 -05:00
|
|
|
|
end
|
|
|
|
|
|
|
2022-09-20 05:28:17 -04:00
|
|
|
|
%w{src}.each do |selector|
|
2019-02-20 13:24:38 -05:00
|
|
|
|
@doc.css("img[#{selector}]").each do |img|
|
2022-02-13 22:02:42 -05:00
|
|
|
|
custom_emoji = img["class"]&.include?("emoji-custom") && Emoji.custom?(img["title"])
|
|
|
|
|
|
img[selector] = UrlHelper.cook_url(
|
2022-09-28 19:24:33 -04:00
|
|
|
|
img[selector].to_s, secure: @post.with_secure_uploads? && !custom_emoji
|
2022-02-13 22:02:42 -05:00
|
|
|
|
)
|
2019-02-20 13:24:38 -05:00
|
|
|
|
end
|
2013-11-05 13:04:47 -05:00
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
|
end
|
2017-10-23 13:09:38 -04:00
|
|
|
|
|
2019-04-22 22:45:41 -04:00
|
|
|
|
def remove_user_ids
|
|
|
|
|
|
@doc.css("a[href]").each do |a|
|
2019-04-25 03:06:31 -04:00
|
|
|
|
uri = begin
|
|
|
|
|
|
URI(a["href"])
|
|
|
|
|
|
rescue URI::Error
|
|
|
|
|
|
next
|
|
|
|
|
|
end
|
2019-04-22 22:45:41 -04:00
|
|
|
|
next if uri.hostname != Discourse.current_hostname
|
|
|
|
|
|
|
|
|
|
|
|
query = Rack::Utils.parse_nested_query(uri.query)
|
|
|
|
|
|
next if !query.delete("u")
|
|
|
|
|
|
|
|
|
|
|
|
uri.query = query.map { |k, v| "#{k}=#{v}" }.join("&").presence
|
|
|
|
|
|
a["href"] = uri.to_s
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2017-10-23 12:15:51 -04:00
|
|
|
|
def enforce_nofollow
|
2020-09-10 11:59:51 -04:00
|
|
|
|
add_nofollow = !@omit_nofollow && SiteSetting.add_rel_nofollow_to_user_content
|
|
|
|
|
|
PrettyText.add_rel_attributes_to_user_content(@doc, add_nofollow)
|
2017-10-23 12:15:51 -04:00
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
|
|
2018-06-18 05:10:23 -04:00
|
|
|
|
private
|
|
|
|
|
|
|
2019-05-26 23:28:37 -04:00
|
|
|
|
def post_process_images
|
|
|
|
|
|
extract_images.each do |img|
|
2022-05-13 09:11:45 -04:00
|
|
|
|
still_an_image = process_hotlinked_image(img)
|
|
|
|
|
|
convert_to_link!(img) if still_an_image
|
2019-05-26 23:28:37 -04:00
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-05-13 09:11:45 -04:00
|
|
|
|
def process_hotlinked_image(img)
|
|
|
|
|
|
@hotlinked_map ||= @post.post_hotlinked_media.preload(:upload).map { |r| [r.url, r] }.to_h
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 10:23:04 -04:00
|
|
|
|
normalized_src = PostHotlinkedMedia.normalize_src(img["src"] || img[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR])
|
2022-05-13 09:11:45 -04:00
|
|
|
|
info = @hotlinked_map[normalized_src]
|
|
|
|
|
|
|
|
|
|
|
|
still_an_image = true
|
|
|
|
|
|
|
|
|
|
|
|
if info&.too_large?
|
2022-08-11 12:09:48 -04:00
|
|
|
|
if img.ancestors('.onebox, .onebox-body').blank?
|
|
|
|
|
|
add_large_image_placeholder!(img)
|
|
|
|
|
|
else
|
|
|
|
|
|
img.remove
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-05-13 09:11:45 -04:00
|
|
|
|
still_an_image = false
|
|
|
|
|
|
elsif info&.download_failed?
|
2022-08-11 12:09:48 -04:00
|
|
|
|
if img.ancestors('.onebox, .onebox-body').blank?
|
|
|
|
|
|
add_broken_image_placeholder!(img)
|
|
|
|
|
|
else
|
|
|
|
|
|
img.remove
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2022-05-13 09:11:45 -04:00
|
|
|
|
still_an_image = false
|
|
|
|
|
|
elsif info&.downloaded? && upload = info&.upload
|
2022-09-28 19:24:33 -04:00
|
|
|
|
img["src"] = UrlHelper.cook_url(upload.url, secure: @with_secure_uploads)
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 10:23:04 -04:00
|
|
|
|
img.delete(PrettyText::BLOCKED_HOTLINKED_SRC_ATTR)
|
2022-05-13 09:11:45 -04:00
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
still_an_image
|
|
|
|
|
|
end
|
|
|
|
|
|
|
FEATURE: Allow hotlinked media to be blocked (#16940)
This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`.
`download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later.
This implementation is purely server-side, and does not impact the composer preview.
Technically, there are two stages to this feature:
1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute
2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 10:23:04 -04:00
|
|
|
|
def add_blocked_hotlinked_media_placeholders
|
|
|
|
|
|
@doc.css([
|
|
|
|
|
|
"[#{PrettyText::BLOCKED_HOTLINKED_SRC_ATTR}]",
|
|
|
|
|
|
"[#{PrettyText::BLOCKED_HOTLINKED_SRCSET_ATTR}]",
|
|
|
|
|
|
].join(',')).each do |el|
|
|
|
|
|
|
src = el[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR] ||
|
|
|
|
|
|
el[PrettyText::BLOCKED_HOTLINKED_SRCSET_ATTR]&.split(',')&.first&.split(' ')&.first
|
|
|
|
|
|
|
|
|
|
|
|
if el.name == "img"
|
|
|
|
|
|
add_blocked_hotlinked_image_placeholder!(el)
|
|
|
|
|
|
next
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
if ["video", "audio"].include?(el.parent.name)
|
|
|
|
|
|
el = el.parent
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
if el.parent.classes.include?("video-container")
|
|
|
|
|
|
el = el.parent
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
add_blocked_hotlinked_media_placeholder!(el, src)
|
|
|
|
|
|
end
|
|
|
|
|
|
end
|
|
|
|
|
|
|
2018-06-18 05:10:23 -04:00
|
|
|
|
def is_svg?(img)
|
2018-06-19 22:47:14 -04:00
|
|
|
|
path =
|
|
|
|
|
|
begin
|
|
|
|
|
|
URI(img["src"]).path
|
2018-08-14 06:23:32 -04:00
|
|
|
|
rescue URI::Error
|
2018-06-19 22:47:14 -04:00
|
|
|
|
nil
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
File.extname(path) == '.svg' if path
|
2018-06-18 05:10:23 -04:00
|
|
|
|
end
|
2013-02-05 14:16:51 -05:00
|
|
|
|
end
|
