FIX: Consider webp a supported image format for upload (#9015)

* Also fixes an issue where if webp was a downloaded hotlinked image and then secure + sent in an email, it was not being redacted because webp was not a supported media format in FileHelper * Webp originally removed as an image format in https://github.com/discourse/discourse/pull/6377 and there was a spec to make sure a .bin webp file did not get renamed from its type to webp. However we want to support webp images now to make sure they are properly redacted if secure media is on, so change the example in the spec to use tiff, another banned format, instead
2020-02-21 13:08:02 +10:00 · 2020-02-21 13:08:02 +10:00 · 3af2670bd5
parent 6a2bde4d48
commit 3af2670bd5
5 changed files with 7 additions and 7 deletions
--- a/app/assets/javascripts/discourse/lib/uploads.js.es6
+++ b/app/assets/javascripts/discourse/lib/uploads.js.es6
@ -194,7 +194,7 @@ export function authorizesOneOrMoreImageExtensions(staff) {
 }

 export function isImage(path) {
-  return /\.(png|jpe?g|gif|svg|ico)$/i.test(path);
+  return /\.(png|webp|jpe?g|gif|svg|ico)$/i.test(path);
 }

 export function isVideo(path) {
--- a/lib/file_helper.rb
+++ b/lib/file_helper.rb
@ -133,7 +133,7 @@ class FileHelper
  end

  def self.supported_images
-    @@supported_images ||= Set.new %w{jpg jpeg png gif svg ico}
+    @@supported_images ||= Set.new %w{jpg jpeg png gif svg ico webp}
  end

  def self.supported_audio
--- a/spec/fixtures/images/tiff_as.bin
+++ b/spec/fixtures/images/tiff_as.bin
--- a/spec/lib/upload_creator_spec.rb
+++ b/spec/lib/upload_creator_spec.rb
@ -79,12 +79,12 @@ RSpec.describe UploadCreator do
        expect(upload.original_filename).to eq('png_as.png')
      end

-      describe 'for webp format' do
+      describe 'for tiff format' do
        before do
-          SiteSetting.authorized_extensions = '.webp|.bin'
+          SiteSetting.authorized_extensions = '.tiff|.bin'
        end

-        let(:filename) { "webp_as.bin" }
+        let(:filename) { "tiff_as.bin" }
        let(:file) { file_from_fixtures(filename) }

        it 'should not correct the coerce filename' do
@ -96,7 +96,7 @@ RSpec.describe UploadCreator do

          expect(upload.extension).to eq('bin')
          expect(File.extname(upload.url)).to eq('.bin')
-          expect(upload.original_filename).to eq('webp_as.bin')
+          expect(upload.original_filename).to eq('tiff_as.bin')
        end
      end
    end
--- a/test/javascripts/lib/uploads-test.js.es6
+++ b/test/javascripts/lib/uploads-test.js.es6
@ -123,7 +123,7 @@ QUnit.test("allows valid uploads to go through", assert => {
 });

 QUnit.test("isImage", assert => {
-  ["png", "jpg", "jpeg", "gif", "ico"].forEach(extension => {
+  ["png", "webp", "jpg", "jpeg", "gif", "ico"].forEach(extension => {
    var image = "image." + extension;
    assert.ok(isImage(image), image + " is recognized as an image");
    assert.ok(