FIX: Inline secure images with duplicated names (#13926)

Inlining secure images with the same name was not possible because they
were indexed by filename. If an email contained two files with the same
name, only the first image was used for both of them. The other file
was still attached to the email.
This commit is contained in:
Bianca Nenciu 2021-08-03 18:58:34 +03:00 committed by GitHub
parent 413de9361f
commit 52520638ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 15 deletions

View File

@ -27,6 +27,7 @@ module Email
def initialize(message, email_type, user = nil)
@message = message
@message_attachments_index = {}
@email_type = email_type
@user = user
end
@ -240,7 +241,7 @@ module Email
# Embeds any of the secure images that have been attached inline,
# removing the redaction notice.
if SiteSetting.secure_media_allow_embed_images_in_emails
style.inline_secure_images(@message.attachments)
style.inline_secure_images(@message.attachments, @message_attachments_index)
end
@message.html_part.body = style.to_s
@ -328,6 +329,7 @@ module Email
Discourse.store.download(attached_upload).path
end
@message_attachments_index[original_upload.sha1] = @message.attachments.size
@message.attachments[original_upload.original_filename] = File.read(path)
email_size += File.size(path)
rescue => e

View File

@ -253,7 +253,7 @@ module Email
@@plugin_callbacks.each { |block| block.call(@fragment, @opts) }
end
def inline_secure_images(attachments)
def inline_secure_images(attachments, attachments_index)
stripped_media = @fragment.css('[data-stripped-secure-media]')
upload_shas = {}
stripped_media.each do |div|
@ -269,10 +269,8 @@ module Email
upload = uploads.find { |upl| upl.sha1 == upload_shas[div['data-stripped-secure-media']] }
next if !upload
original_filename = upload.original_filename
if attachments[original_filename]
url = attachments[original_filename].url
if attachments[attachments_index[upload.sha1]]
url = attachments[attachments_index[upload.sha1]].url
onebox_type = div['data-onebox-type']
style = if onebox_type

View File

@ -498,6 +498,21 @@ describe Email::Sender do
SiteSetting.secure_media_allow_embed_images_in_emails = true
end
it "can inline images with duplicate names" do
@secure_image_2 = UploadCreator.new(file_from_fixtures("logo-dev.png", "images"), "logo.png").create_for(Discourse.system_user.id)
@secure_image_2.update_secure_status(override: true)
@secure_image_2.update(access_control_post_id: reply.id)
Jobs::PullHotlinkedImages.any_instance.expects(:execute)
reply.update(raw: "#{UploadMarkdown.new(@secure_image).image_markdown}\n#{UploadMarkdown.new(@secure_image_2).image_markdown}")
reply.rebake!
Email::Sender.new(message, :valid_type).send
expect(message.attachments.size).to eq(2)
expect(message.to_s.scan(/cid:[\w\-@.]+/).length).to eq(2)
expect(message.to_s.scan(/cid:[\w\-@.]+/).uniq.length).to eq(2)
end
it "does not attach images that are not marked as secure" do
Email::Sender.new(message, :valid_type).send
expect(message.attachments.length).to eq(4)

View File

@ -252,8 +252,9 @@ describe Email::Styles do
SiteSetting.secure_media = true
end
let(:attachments) { { 'testimage.png' => stub(url: 'cid:email/test.png') } }
fab!(:upload) { Fabricate(:upload, original_filename: 'testimage.png', secure: true, sha1: '123456') }
let(:attachments) { [stub(url: 'cid:email/test.png')] }
let(:attachments_index) { { upload.sha1 => 0 } }
let(:html) { "<a href=\"#{Discourse.base_url}\/secure-media-uploads/original/1X/123456.png\"><img src=\"/secure-media-uploads/original/1X/123456.png\" width=\"20\" height=\"30\"></a>" }
def strip_and_inline
@ -265,7 +266,7 @@ describe Email::Styles do
# pass in the attachments to match uploads based on sha + original filename
styler = Email::Styles.new(html)
styler.inline_secure_images(attachments)
styler.inline_secure_images(attachments, attachments_index)
@frag = Nokogiri::HTML5.fragment(styler.to_s)
end
@ -302,12 +303,8 @@ describe Email::Styles do
end
let(:siteicon) { Fabricate(:upload, original_filename: "siteicon.ico") }
let(:attachments) do
{
'testimage.png' => stub(url: 'cid:email/test.png'),
'siteicon.ico' => stub(url: 'cid:email/test2.ico')
}
end
let(:attachments) { [stub(url: 'cid:email/test.png'), stub(url: 'cid:email/test2.ico')] }
let(:attachments_index) { { upload.sha1 => 0, siteicon.sha1 => 1 } }
let(:html) do
<<~HTML
<aside class="onebox allowlistedgeneric">