Commit Graph

247 Commits

Author SHA1 Message Date
Guo Xiang Tan 3884e99e88 Add extra protection in `Upload#get_from_url`.
In case the extension goes missing from the URL.
2018-09-12 00:12:14 -07:00
Guo Xiang Tan b3469bea2d FIX: Uploads not being linked correctly to posts.
Regression due to 1f636c445b.
2018-09-11 23:50:23 -07:00
Guo Xiang Tan e1b16e445e Rename `FileHelper.is_image?` -> `FileHelper.is_supported_image?`. 2018-09-12 09:22:28 +08:00
Guo Xiang Tan 04d26c65e2 Refactor `Upload.get_from_url` to check length of sha1. 2018-09-10 10:10:39 +08:00
Guo Xiang Tan 1f636c445b PERF: Add fast path to find uploads before resorting to `LIKE` query.
For a normal upload url

Before

```
Warming up --------------------------------------
                       264.000  i/100ms
Calculating -------------------------------------
                          2.754k (± 8.4%) i/s -     13.728k in   5.022066s
```

After

```
Warming up --------------------------------------
                       341.000  i/100ms
Calculating -------------------------------------
                          3.435k (±11.6%) i/s -     17.050k in   5.045676s
```
2018-09-06 14:44:24 +08:00
Sam e1975e293f FIX: when uploads are destroyed clear up avatar refs in user table
This also auto corrects twice daily when we ensure consistency
2018-08-31 14:46:42 +10:00
Sam 9ab1fb7dfc FEATURE: correctly store width and height on uploads
Previously we used width and height for thumbnails, new code ensures

1. We auto correct width and height
2. We added extra columns for thumbnail_width and height, this is determined
 by actual upload and no longer passed in as a side effect
3. Optimized Image now stores filesize which can be used for analysis, decisions

Also

- fixes Android image manifest as a side effect
- fixes issue where a thumbnail generated that is smaller than the upload is no longer used
2018-08-28 12:59:22 +10:00
Sam 9628c3cf97 FEATURE: automatically correct extension for bad uploads
This fixes with post thumbnails on the fly
2018-08-17 14:00:27 +10:00
Sam 796164b58c FIX: automatically correct bad avatars on access
Also start relying on upload extension for optimized images
2018-08-16 16:32:56 +10:00
Régis Hanol de92913bf4 FIX: store the topic links using the cooked upload url 2018-08-14 12:23:32 +02:00
Régis Hanol 0cd9e2acb9 fix build 2018-08-04 01:56:26 +02:00
Régis Hanol bf4d98e89d FIX: always store topic links using the upload url 2018-08-04 01:29:32 +02:00
Guo Xiang Tan 875008522d FIX: `Discourse.S3BaseUrl` did not account for subfolder bucket names. 2018-07-06 15:53:57 +08:00
Guo Xiang Tan 7163bf9323 FIX: `Upload.get_from_url` not respective subfolder in s3 bucket names. 2018-07-06 11:37:11 +08:00
Maja Komel 6c9190357c fix get from url for external uploads without CDN 2018-06-13 16:21:28 +10:00
Arpit Jalan 290ee312e6 FIX: handle invalid mailto links 2018-05-18 18:02:52 +05:30
Arpit Jalan 539cf32f87 FIX: handle encoded mailto links when looking for upload record 2018-05-17 12:44:53 +05:30
Arpit Jalan 91bf10bd12 FIX: create upload record for exported csv files 2018-04-20 00:27:49 +05:30
Guo Xiang Tan 142571bba0 Remove use of `rescue nil`.
* `rescue nil` is a really bad pattern to use in our code base.
  We should rescue errors that we expect the code to throw and
  not rescue everything because we're unsure of what errors the
  code would throw. This would reduce the amount of pain we face
  when debugging why something isn't working as expexted. I've
  been bitten countless of times by errors being swallowed as a
  result during debugging sessions.
2018-04-02 13:52:51 +08:00
Guo Xiang Tan bfe38b2118 FIX: `limit` wasn't correctly applied to `Upload.migrate_to_new_scheme`. 2018-03-22 10:56:06 +08:00
Guo Xiang Tan 226ace1643 Update annotations. 2018-02-20 14:28:58 +08:00
Rafael dos Santos Silva b9a343afe7 FIX: Allow shared CDN for s3 and assets 2018-01-12 01:08:15 -02:00
Arpit Jalan daeb7694bc update annotations 2017-12-05 21:03:20 +05:30
Sam 4ea87b5ab8 Merge branch 's3_refactor' 2017-10-09 10:27:52 +11:00
Sam 70bb2aa426 FEATURE: allow specifying s3 config via globals
This refactors handling of s3 so it can be specified via GlobalSetting

This means that in a multisite environment you can configure s3 uploads
without actual sites knowing credentials in s3

It is a critical setting for situations where assets are mirrored to s3.
2017-10-06 16:20:01 +11:00
Guo Xiang Tan d67f0b39ae Update annotations. 2017-10-06 11:13:01 +08:00
Sam f766ea4257 Correct short url decoding for sha1s leading with zero
This was picked up cause we had a flaky test!
2017-08-23 11:08:18 -04:00
Sam bcf7dc38c2 FEATURE: server side support for upload:// markdown
This allows uploads to be specified using short sha1 hash instead of full
URL

Client side change is pending
2017-08-22 11:46:23 -04:00
Sam c68999e128 annotate models
WARNING annotators out there, be to run bin/annotate on RAILS_ENV=test on a clean db
2017-08-16 10:38:11 -04:00
Neil Lalonde 5d528f0d15 Merge pull request #4958 from dmacjam/search_posts_by_filetype
FEATURE: Search posts by filetype
2017-07-31 11:55:34 -04:00
Guo Xiang Tan 5012d46cbd Add rubocop to our build. (#5004) 2017-07-28 10:20:09 +09:00
Neil Lalonde d8c27e3871 Merge branch 'master' into search_posts_by_filetype 2017-07-25 14:41:20 -04:00
Régis Hanol c7c93e7159 FEATURE: new 'strip image metadata' site setting 2017-07-25 11:48:39 +02:00
Jakub Macina 8c445e9f17 Fix backend code for searching by a filetype as a combination of uploads and topic links. Add rspec test for extracting file extension in upload. 2017-07-06 19:19:31 +02:00
Régis Hanol 54e8fb0d89 FEATURE: new 'allow_staff_to_upload_any_file_in_pm' site setting 2017-06-12 22:41:29 +02:00
Robin Ward cdbe027c1c Refactor `FileHelper` to use keyword arguments. 2017-05-24 13:54:26 -04:00
Régis Hanol 13e489b4ca replace the upload type whitelist with a sanitizer 2017-05-18 12:13:13 +02:00
Arpit Jalan 8e5b0c79ae FIX: allow images to be uploaded in wizard 2017-05-18 13:53:23 +05:30
Arpit Jalan 8c337ecf82 FIX: allow uploading of category logo and background 2017-05-11 12:48:54 +05:30
Régis Hanol 214939bb87 freeze array constants 2017-05-11 09:08:59 +02:00
Régis Hanol 9641d2413d REFACTOR: upload workflow creation into UploadCreator
- Automatically convert large-ish PNG/BMP to JPEG
- Updated fast_image to latest version
2017-05-11 00:16:57 +02:00
Sam bc0b9af576 FEATURE: support uploads for themes
This allows themes to bundle various assets
2017-05-10 15:47:11 -04:00
Guo Xiang Tan 2af1b9e93c Add time out when optimizing images. 2017-04-20 15:21:43 +08:00
Guo Xiang Tan 60f1169077 REFACTOR: Reduce repetition in code. 2017-04-18 17:03:49 +08:00
Guo Xiang Tan e7c972ac89 FIX: Don't use backticks that take in inputs. 2017-03-17 15:33:51 +08:00
Guo Xiang Tan 1a7e954e09 FIX: Store custom emojis as uploads.
* Depending on a hardcoded directory was a flawed design
  which made it impossible to debug when custom emojis go
  missing.
2017-03-14 13:07:18 +08:00
Régis Hanol 887e9af84f FEATURE: new 'max_image_megapixels' site setting 2017-01-11 23:37:12 +01:00
Régis Hanol 8d48779b5c FIX: don't 💥 with an invalid URI 2016-10-20 12:34:42 +02:00
Guo Xiang Tan 7db33cc512 FIX: Videos and audio files were not associated to the post. 2016-10-18 16:13:39 +08:00
Guo Xiang Tan e4b75f604c FIX: Make clean up upload script a safer task to run. 2016-09-05 10:06:02 +08:00
Guo Xiang Tan 1a4a0d7e89 FIX: Don't fail silently. 2016-09-02 11:59:03 +08:00
Guo Xiang Tan 692ecff3eb Revert "FIX: Don't fail silently."
This reverts commit baa6af93a2.
2016-09-02 11:58:56 +08:00
Guo Xiang Tan baa6af93a2 FIX: Don't fail silently. 2016-09-02 11:53:53 +08:00
Guo Xiang Tan efd7cbd887 Remove limit default.
Having the limit makes it harder to migrate all `Upload`/`OptimizedImage`
since the count has to be figured out and passed to the method.
2016-09-02 10:55:11 +08:00
Régis Hanol 5169bcdb6e FIX: httpshttps ultra secure URLs 2016-06-30 16:55:01 +02:00
Régis Hanol 5e2545a578 FEATURE: improve support for (whitelisted) SVGs as images 2016-06-20 10:22:13 +02:00
Régis Hanol 32d253d484 remove 'crop_tall_images' site setting but keep the behavior 2016-05-23 16:42:19 +02:00
Régis Hanol 667dd54a23 FEATURE: new 'crop_tall_images' site setting 2016-05-23 16:18:30 +02:00
Guo Xiang Tan 0634834009 Some fixes related to optimized images (#4233)
* FIX: No need to manually include relation.

* FIX: OR instead of chaining relation.
2016-05-20 09:12:25 +02:00
Régis Hanol df14926e42 SECURITY: check magic bytes before using ImageMagick tools 2016-05-03 21:54:07 +02:00
Régis Hanol be5a54d67d FEATURE: new 'allow_all_attachments_for_group_messages' site setting 2016-02-29 22:39:24 +01:00
Sam 32c681c96b annotate models 2016-02-23 10:33:53 +11:00
Régis Hanol 4d981cec53 FIX: don't try to optimize large PNGs (takes too much time) 2016-02-22 12:57:24 +01:00
Régis Hanol a9099f9e23 SECURITY: ensure we never accept fake images 2015-12-21 16:08:14 +01:00
Régis Hanol 09bfe49254 FIX: don't automagically downsize uploaded images that are larger than 10MB
FIX: don't optimize GIFs since ImageOption was disabled for GIFs (too slow)
2015-11-26 18:16:47 +01:00
Régis Hanol fb62a7c0c3 FIX: only downsize user card & profile backgrounds 2015-09-24 21:04:06 +02:00
Régis Hanol a3831a7003 FIX: uploading an animated user card/profile background was converted to a still image 2015-09-20 22:01:03 +02:00
Régis Hanol 93f9dcfcec FIX: don't overwrite custom uploaded avatar when selecting gravatar
FIX: remove unecessary serialized fields
2015-09-11 15:10:56 +02:00
Sam cd8d82aa31 correct file size and add note about impending breakage of image_optim 2015-09-10 14:37:46 +10:00
Régis Hanol d456460d33 FIX: don't butcher GIFs
Use 'gifsicle' instead of 'convert' to resize & optimize GIFs

FIX: don't even try to fix GIFs orientation
FIX: use 'allow_animated_thumbnails' site setting for user profile backgrounds & user cards
2015-07-22 17:10:42 +02:00
Régis Hanol b0802abae2 FIX: crop & optimize user background profile/card images 2015-07-15 17:15:43 +02:00
Gerhard Schlager 2e8838a0cd FIX: Disable validation during thumbnail creation 2015-06-27 01:26:16 +02:00
Régis Hanol bc9fd2c46d don't silence these errors 2015-06-12 20:11:23 +02:00
Régis Hanol 189cb3ff12 FEATURE: move migrate_to_new_scheme into a background job
- new hidden site setting 'migrate_to_new_scheme' (defaults to false)
- new rake tasks to toggle migration to new scheme
- FIX: migrate_to_new_scheme also works with CDN
- PERF: improve perf of the DbHelper.remap method
- REFACTOR: UrlHelper is now a class
2015-06-12 12:07:57 +02:00
Régis Hanol 64e73e98fb FIX: allow the cooked_post_processor to download external uploads 2015-06-01 20:08:41 +02:00
Régis Hanol 61d85206ee FIX: optimize uploaded images using lossy but very fast compression 2015-05-29 15:57:24 +02:00
Régis Hanol e101396ea1 FEATURE: add support for device pixel ratio = 3 2015-05-28 01:48:07 +02:00
Régis Hanol 033c2e7140 FIX: respect the allow_animated_avatars site setting 2015-05-26 12:22:02 +02:00
Régis Hanol a797f7c664 FIX: properly handle images when using 's3_cdn_url' 2015-05-26 11:47:33 +02:00
Régis Hanol 6ae9bcab56 add DistributedMutex around uploads/optimized_images creation 2015-05-12 16:45:33 +02:00
Régis Hanol 0e5c9b2590 small upload code refactor 2015-02-03 18:44:18 +01:00
Jeff Atwood e45b3c15c3 Revert "FIX: auto orientation code causing grey images to appear blackish"
This reverts commit f680374820.
2015-02-02 01:27:52 -08:00
Sam f680374820 FIX: auto orientation code causing grey images to appear blackish 2015-01-31 18:05:50 +11:00
Régis Hanol cd2c9edb46 FIX: 🐛 upload on IE9 wasn't working :'(
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Sam 6bed4e1bf0 add allowed_ips to api_keys
update annotations
2014-11-20 14:53:15 +11:00
Régis Hanol bf666f8553 FEATURE: allow animated thumbnails 2014-11-13 23:30:34 +01:00
Régis Hanol bdb78ce76a FEATURE: consider SVG as an image when authorized 2014-11-03 19:54:10 +01:00
Sam 414c6d191f FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 15:19:25 +10:00
Régis Hanol c7330ed73f BUGFIX: errors when post-processing 'data images' 2014-07-18 17:54:18 +02:00
Régis Hanol a52c80e2a8 FEATURE: automatic image orientation fix 2014-07-09 23:59:57 +02:00
Sam b1d5f4440b Annotate models 2014-05-28 12:30:57 +10:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Régis Hanol 9cd8476453 REFACTOR: use an options hash instead of multiple nil-able parameters 2014-04-15 17:17:10 +02:00
Régis Hanol 542d54e6bf BUGFIX: uploads to S3 2014-04-15 13:04:14 +02:00
Sam 862a6696c0 Correct annotations
allow longer usernames (up to 60)
2014-04-15 15:53:48 +10:00
Régis Hanol 2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Régis Hanol 6373de550f update annotations 2014-04-08 17:35:44 +02:00
Sam 2db3cfb16b annotate models 2013-12-05 17:40:35 +11:00
Régis Hanol 37fd7ab574 pull hotlinked images 2013-11-05 19:07:29 +01:00
Sam 5bf26ec34e large refactor, ship a few columns from the user table into user_stats 2013-10-07 15:04:59 +11:00
Régis Hanol cd4cda5b4c allow users to specify thumbnail size 2013-09-27 10:57:31 +02:00
Régis Hanol c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Régis Hanol ed9417fa3b enable thumbnailing on S3
- added url to optimized image model
- refactored s3_store & local_store
2013-07-31 23:26:34 +02:00
Régis Hanol be9217d4c8 add server-side filesize check on uploads 2013-07-24 00:54:41 +02:00
Robin Ward ed745c3fdd Merge pull request #1222 from ZogStriP/fix-s3-related-issues
Fix s3 related issues
2013-07-22 07:30:41 -07:00
Régis Hanol 649ab85740 FIX: thumbnailing wasn't working with CDN enabled 2013-07-22 00:37:23 +02:00
Régis Hanol 33977252c9 rollback to previous s3 syntax (ie. subdomains) 2013-07-20 11:30:36 +02:00
Régis Hanol 8406a4230c FIX: click tracking on attachments wasn't working 2013-07-19 01:27:09 +02:00
Régis Hanol 5c27dd175a make sure we handle both s3 url formats 2013-07-17 00:32:09 +02:00
Régis Hanol 7ae2fe304d renamed s3 to s3_store 2013-07-17 00:27:52 +02:00
Régis Hanol 6f2ce93ab2 FIX: create an upload when FastImage throws an exception
FastImage might throw an exception when it isn't able to recognize a
file as being an image (ie. happens when users changes the extension
manually)

Also improved upload specs a lot
2013-07-13 23:42:19 +02:00
Régis Hanol 27ab5f471c support arbitrary attachments 2013-07-10 22:59:53 +02:00
Régis Hanol ac7253a938 refactor CookedPostProcessor & specs 2013-07-08 01:39:08 +02:00
Régis Hanol 6251935b1e removed auto_link_images_wider_than setting 2013-07-06 22:19:16 +02:00
Robin Ward 1c18490141 Revert "cheat to fix duplicate key on thumbnails"
This reverts commit 0c702522c4.
2013-07-05 16:09:43 -04:00
Sam 0c702522c4 cheat to fix duplicate key on thumbnails 2013-07-05 15:01:31 +10:00
Régis Hanol 6723ba6014 Add a list of for file uploads 2013-07-01 02:19:03 +02:00
Régis Hanol 08aa23f0ca FIX: lightbox wasn't working when using s3 upload 2013-06-22 13:38:42 +02:00
Régis Hanol 8a751e6e44 make sure we also delete optimized images 2013-06-21 09:34:02 +02:00
Régis Hanol 4a17d6dca6 added a rake task to clean orphan uploaded files 2013-06-19 21:51:41 +02:00
Régis Hanol ae3543872c renamed the `sha` column to the proper `sha1` 2013-06-17 22:16:14 +02:00
Régis Hanol 454636abf1 annotate models 2013-06-17 02:49:34 +02:00
Régis Hanol 510bac4b27 refactored a bit & tested thumbnails creation 2013-06-17 02:49:34 +02:00
Régis Hanol cc9e0ec80a create thumbnails when needed 2013-06-17 02:49:34 +02:00
Régis Hanol 5de03814fb created `optimized_image` model 2013-06-17 02:49:34 +02:00
Régis Hanol 2c3f757951 moved `has_been_uploaded` and `uploaded_regex` to the `Upload` model 2013-06-17 02:49:34 +02:00
Régis Hanol 8a98310cf9 make sure we only do the work once 2013-06-17 02:49:34 +02:00
Régis Hanol 6c4554b941 identifies all uploads with the SHA1 hash of the file content 2013-06-17 02:49:33 +02:00
Régis Hanol 6ea91b4416 remove useless upload topic direct association 2013-06-17 02:49:33 +02:00
Régis Hanol 037f62928b add proper post_uploads reverse index 2013-06-13 23:44:24 +02:00
Régis Hanol 770c1faeb1 added a reverse index of user uploads + rake task 2013-06-13 01:43:50 +02:00
Régis Hanol 8a2d635e62 removed imgur support 2013-06-11 21:51:41 +02:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Ian Christian Myers 41528f5d11 Implemented strong_parameters for Upload/UploadsController.
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
Régis Hanol e3e55d4dad fix image uploads on s3/imgur 2013-06-05 00:35:42 +02:00
Régis Hanol 6cc0f8f2d4 added more file uploads test for better coverage 2013-05-31 03:13:37 +02:00
Sam ca2dee52db moved comments to the bottom, they are way less intrusive there 2013-05-24 12:48:32 +10:00
Sam 2cd95bc649 lets try out annotations 2013-05-24 12:35:14 +10:00
Régis Hanol dca2fbcefc add meaningful error message on upload [fixes #773] 2013-04-27 20:26:17 +02:00
Shane Liesegang 42fdbe2fb6 Fixing Amazon uploads to not be hardcoded to https
Amazon S3 uploads are currently hardcoded to use https, where they should probably use whatever protocol the rest of the site is using. Removing the protocol and just using "//" links should accomplish that.
2013-04-19 22:05:51 -03:00
Régis Hanol 1692350336 added some tests for uploads 2013-04-07 17:52:46 +02:00
Wojciech Kocjan 0481fbae8c Fix for reply to user avatar and picture uploading not working when editing post with discourse running in a prefix 2013-04-05 12:46:14 +02:00
Régis Hanol 0aff5042e5 FIX: S3 image upload 2013-03-30 17:56:25 +01:00
Gosha Arinich 6e5399d544 minor cleanup, using AR querying DSL over raw SQL in some places 2013-02-28 21:54:12 +03:00
Neil Lalonde 68f32af240 User hashed name for local uploads instead of 'blob' 2013-02-14 12:08:37 -05:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00