From cfd1549abe20d63f6c384d5d12d4b7e90357ca20 Mon Sep 17 00:00:00 2001 From: Vinoth Kannan Date: Fri, 3 Jan 2020 10:09:07 +0530 Subject: [PATCH] FIX: allow underscore in file extension while downloading the uploads. --- config/routes.rb | 10 +++++----- spec/fixtures/images/fake.not_image | 1 + spec/requests/uploads_controller_spec.rb | 7 +++++++ 3 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 spec/fixtures/images/fake.not_image diff --git a/config/routes.rb b/config/routes.rb index 4ec1b521630..02bcedc8663 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -503,16 +503,16 @@ Discourse::Application.routes.draw do post "uploads/lookup-urls" => "uploads#lookup_urls" # used to download original images - get "uploads/:site/:sha(.:extension)" => "uploads#show", constraints: { site: /\w+/, sha: /\h{40}/, extension: /[a-z0-9\.]+/i } - get "uploads/short-url/:base62(.:extension)" => "uploads#show_short", constraints: { site: /\w+/, base62: /[a-zA-Z0-9]+/, extension: /[a-z0-9\.]+/i }, as: :upload_short + get "uploads/:site/:sha(.:extension)" => "uploads#show", constraints: { site: /\w+/, sha: /\h{40}/, extension: /[a-z0-9\._]+/i } + get "uploads/short-url/:base62(.:extension)" => "uploads#show_short", constraints: { site: /\w+/, base62: /[a-zA-Z0-9]+/, extension: /[a-z0-9\._]+/i }, as: :upload_short # used to download attachments - get "uploads/:site/original/:tree:sha(.:extension)" => "uploads#show", constraints: { site: /\w+/, tree: /([a-z0-9]+\/)+/i, sha: /\h{40}/, extension: /[a-z0-9\.]+/i } + get "uploads/:site/original/:tree:sha(.:extension)" => "uploads#show", constraints: { site: /\w+/, tree: /([a-z0-9]+\/)+/i, sha: /\h{40}/, extension: /[a-z0-9\._]+/i } if Discourse.is_parallel_test? - get "uploads/:site/:index/original/:tree:sha(.:extension)" => "uploads#show", constraints: { site: /\w+/, index: /\d+/, tree: /([a-z0-9]+\/)+/i, sha: /\h{40}/, extension: /[a-z0-9\.]+/i } + get "uploads/:site/:index/original/:tree:sha(.:extension)" => "uploads#show", constraints: { site: /\w+/, index: /\d+/, tree: /([a-z0-9]+\/)+/i, sha: /\h{40}/, extension: /[a-z0-9\._]+/i } end # used to download attachments (old route) get "uploads/:site/:id/:sha" => "uploads#show", constraints: { site: /\w+/, id: /\d+/, sha: /\h{16}/, format: /.*/ } - get "secure-media-uploads/*path(.:extension)" => "uploads#show_secure", constraints: { extension: /[a-z0-9\.]+/i } + get "secure-media-uploads/*path(.:extension)" => "uploads#show_secure", constraints: { extension: /[a-z0-9\._]+/i } get "posts" => "posts#latest", id: "latest_posts", constraints: { format: /(json|rss)/ } get "private-posts" => "posts#latest", id: "private_posts", constraints: { format: /(json|rss)/ } diff --git a/spec/fixtures/images/fake.not_image b/spec/fixtures/images/fake.not_image new file mode 100644 index 00000000000..acbe86c7c89 --- /dev/null +++ b/spec/fixtures/images/fake.not_image @@ -0,0 +1 @@ +abcd diff --git a/spec/requests/uploads_controller_spec.rb b/spec/requests/uploads_controller_spec.rb index a8bc89cad79..88799306f52 100644 --- a/spec/requests/uploads_controller_spec.rb +++ b/spec/requests/uploads_controller_spec.rb @@ -344,6 +344,13 @@ describe UploadsController do expect(response.status).to eq(404) end + it "returns uploads with underscore in extension correctly" do + fake_upload = upload_file("fake.not_image") + get fake_upload.short_path + + expect(response.status).to eq(200) + end + it "returns the right response when anon tries to download a file " \ "when prevent_anons_from_downloading_files is true" do