Commit Graph

27 Commits

Author SHA1 Message Date
Arpit Jalan a2096a01fb add test case for handling uploads without extension 2016-12-20 00:46:47 +05:30
Sam 15b5fddd49 SECURITY: protect upload params, only allow very strict filenames 2016-12-19 10:16:18 +11:00
Arpit Jalan 74b3807f60 FEATURE: new bootstrap mode settings for brand new Discourse community (#4193)
* FEATURE: new bootstrap mode settings for brand new Discourse community

* new SiteSetting.set_and_log method
2016-04-26 13:08:19 -04:00
Régis Hanol a9099f9e23 SECURITY: ensure we never accept fake images 2015-12-21 16:08:14 +01:00
Andy Waite 3e50313fdc Prepare for separation of RSpec helper files
Since rspec-rails 3, the default installation creates two helper files:
* `spec_helper.rb`
* `rails_helper.rb`

`spec_helper.rb` is intended as a way of running specs that do not
require Rails, whereas `rails_helper.rb` loads Rails (as Discourse's
current `spec_helper.rb` does).

For more information:

https://www.relishapp.com/rspec/rspec-rails/docs/upgrade#default-helper-files

In this commit, I've simply replaced all instances of `spec_helper` with
`rails_helper`, and renamed the original `spec_helper.rb`.

This brings the Discourse project closer to the standard usage of RSpec
in a Rails app.

At present, every spec relies on loading Rails, but there are likely
many that don't need to. In a future pull request, I hope to introduce a
separate, minimal `spec_helper.rb` which can be used in tests which
don't rely on Rails.
2015-12-01 20:39:42 +00:00
Régis Hanol 16f509afb9 FIX: enforce 'allow_uploaded_avatars' & 'sso_overrides_avatar' server-side 2015-11-12 10:26:45 +01:00
Régis Hanol 4c2df814de FIX: ensure a file is present when creating an upload 2015-08-18 11:39:51 +02:00
Konstantin Ilchenko 131cf643ce FIX: Allow api to send uploads with :url 2015-06-21 14:54:59 +03:00
Régis Hanol bb0c2813ac FEATURE: generate (avatar) thumbnails in a background task
FIX: keep the "uploading..." indicator until the server replies via the MessageBus
FIX: text was disapearing when uploading an avatar

PERF: always use a region for S3 (defaults to 'us-east-1')
FEATURE: ApplyCDN middleware when using S3
FIX: use the same pattern to store files on S3 and locally
PERF: keep a local cache of uploads when generating thumbnails
FEATURE: migrate_to_s3 rake task
2015-05-25 17:59:00 +02:00
Régis Hanol 8d967d9065 FEATURE: move all uploads to a single endpoint + defer upload creation in a background thread 2015-05-20 16:45:48 +02:00
Régis Hanol 7d3b7a5657 fix the build 2015-05-20 15:32:31 +02:00
Régis Hanol 9ded21e4c6 FIX: consistent and future-proof upload storage pattern 2015-05-19 12:31:12 +02:00
Luciano Sousa bc73238c8f controllers with rspec3 syntax 2015-01-09 14:04:02 -03:00
Sam 58eabb03e5 FEATURE: api support for arbitrary unlinked assets
admins can set retain periods for assets
2014-09-23 16:50:17 +10:00
Régis Hanol eb34ecfc0c FEATURE: new 'prevent anons from download files' site setting 2014-09-09 18:41:13 +02:00
Régis Hanol b5c57fa947 FIX: don't mess with fixtures when running the specs 2014-07-14 17:34:23 +02:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Régis Hanol 4371374ba6 FEATURE: support for enabling all upload file types
BUGFIX: authorized extensions is now case insensitive
2014-04-29 19:12:35 +02:00
Régis Hanol 2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Régis Hanol 45b838009c proper content-disposition header when downloading attachments 2013-09-06 19:23:56 +02:00
Régis Hanol be9217d4c8 add server-side filesize check on uploads 2013-07-24 00:54:41 +02:00
Régis Hanol 5ce05ff5cb adds the `max_attachment_size_kb` setting
so that we can specify a different max upload size for attachments and images.
2013-07-16 02:01:36 +02:00
Régis Hanol b94d26d798 update back-end specs 2013-07-10 22:59:54 +02:00
Régis Hanol 6ea91b4416 remove useless upload topic direct association 2013-06-17 02:49:33 +02:00
Ian Christian Myers 41528f5d11 Implemented strong_parameters for Upload/UploadsController.
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
Régis Hanol 1692350336 added some tests for uploads 2013-04-07 17:52:46 +02:00
Régis Hanol 2b120ef886 add UploadsController specs 2013-04-03 01:17:17 +02:00