From 78626d2832d54c867e9d8c20e3e0c68fa5f2137e Mon Sep 17 00:00:00 2001 From: David Taylor Date: Fri, 19 Jun 2020 12:45:06 +0100 Subject: [PATCH] FIX: Do not attempt to pull_hotlinked on emoji images when CDN enabled --- app/jobs/regular/pull_hotlinked_images.rb | 2 +- spec/jobs/pull_hotlinked_images_spec.rb | 22 +++++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/app/jobs/regular/pull_hotlinked_images.rb b/app/jobs/regular/pull_hotlinked_images.rb index cb0fee6062a..80367f4f51c 100644 --- a/app/jobs/regular/pull_hotlinked_images.rb +++ b/app/jobs/regular/pull_hotlinked_images.rb @@ -173,7 +173,7 @@ module Jobs # If file is on the forum or CDN domain or already has the # secure media url - if Discourse.store.has_been_uploaded?(src) || src =~ /\A\/[^\/]/i || Upload.secure_media_url?(src) + if UrlHelper.is_local(src) || Upload.secure_media_url?(src) return false if src =~ /\/images\/emoji\// # Someone could hotlink a file from a different site on the same CDN, diff --git a/spec/jobs/pull_hotlinked_images_spec.rb b/spec/jobs/pull_hotlinked_images_spec.rb index 5e6003d0b71..37499a81e0f 100644 --- a/spec/jobs/pull_hotlinked_images_spec.rb +++ b/spec/jobs/pull_hotlinked_images_spec.rb @@ -350,6 +350,23 @@ describe Jobs::PullHotlinkedImages do end end + it "returns false for emoji" do + src = Emoji.url_for("testemoji.png") + expect(subject.should_download_image?(src)).to eq(false) + end + + it "returns false for emoji when app and S3 CDNs configured" do + set_cdn_url "https://mydomain.cdn/test" + SiteSetting.s3_upload_bucket = "some-bucket-on-s3" + SiteSetting.s3_access_key_id = "s3-access-key-id" + SiteSetting.s3_secret_access_key = "s3-secret-access-key" + SiteSetting.s3_cdn_url = "https://s3.cdn.com" + SiteSetting.enable_s3_uploads = true + + src = UrlHelper.cook_url(Emoji.url_for("testemoji.png")) + expect(subject.should_download_image?(src)).to eq(false) + end + context "when download_remote_images_to_local? is false" do before do SiteSetting.download_remote_images_to_local = false @@ -360,11 +377,6 @@ describe Jobs::PullHotlinkedImages do expect(subject.should_download_image?(src)).to eq(true) end - it "returns false for emoji" do - src = Emoji.url_for("testemoji.png") - expect(subject.should_download_image?(src)).to eq(false) - end - it 'returns false for valid remote URLs' do expect(subject.should_download_image?("http://meta.discourse.org")).to eq(false) end