Commit Graph

188 Commits

Author SHA1 Message Date
Régis Hanol df14926e42 SECURITY: check magic bytes before using ImageMagick tools 2016-05-03 21:54:07 +02:00
Régis Hanol be5a54d67d FEATURE: new 'allow_all_attachments_for_group_messages' site setting 2016-02-29 22:39:24 +01:00
Sam 32c681c96b annotate models 2016-02-23 10:33:53 +11:00
Régis Hanol 4d981cec53 FIX: don't try to optimize large PNGs (takes too much time) 2016-02-22 12:57:24 +01:00
Régis Hanol a9099f9e23 SECURITY: ensure we never accept fake images 2015-12-21 16:08:14 +01:00
Régis Hanol 09bfe49254 FIX: don't automagically downsize uploaded images that are larger than 10MB
FIX: don't optimize GIFs since ImageOption was disabled for GIFs (too slow)
2015-11-26 18:16:47 +01:00
Régis Hanol fb62a7c0c3 FIX: only downsize user card & profile backgrounds 2015-09-24 21:04:06 +02:00
Régis Hanol a3831a7003 FIX: uploading an animated user card/profile background was converted to a still image 2015-09-20 22:01:03 +02:00
Régis Hanol 93f9dcfcec FIX: don't overwrite custom uploaded avatar when selecting gravatar
FIX: remove unecessary serialized fields
2015-09-11 15:10:56 +02:00
Sam cd8d82aa31 correct file size and add note about impending breakage of image_optim 2015-09-10 14:37:46 +10:00
Régis Hanol d456460d33 FIX: don't butcher GIFs
Use 'gifsicle' instead of 'convert' to resize & optimize GIFs

FIX: don't even try to fix GIFs orientation
FIX: use 'allow_animated_thumbnails' site setting for user profile backgrounds & user cards
2015-07-22 17:10:42 +02:00
Régis Hanol b0802abae2 FIX: crop & optimize user background profile/card images 2015-07-15 17:15:43 +02:00
Gerhard Schlager 2e8838a0cd FIX: Disable validation during thumbnail creation 2015-06-27 01:26:16 +02:00
Régis Hanol bc9fd2c46d don't silence these errors 2015-06-12 20:11:23 +02:00
Régis Hanol 189cb3ff12 FEATURE: move migrate_to_new_scheme into a background job
- new hidden site setting 'migrate_to_new_scheme' (defaults to false)
- new rake tasks to toggle migration to new scheme
- FIX: migrate_to_new_scheme also works with CDN
- PERF: improve perf of the DbHelper.remap method
- REFACTOR: UrlHelper is now a class
2015-06-12 12:07:57 +02:00
Régis Hanol 64e73e98fb FIX: allow the cooked_post_processor to download external uploads 2015-06-01 20:08:41 +02:00
Régis Hanol 61d85206ee FIX: optimize uploaded images using lossy but very fast compression 2015-05-29 15:57:24 +02:00
Régis Hanol e101396ea1 FEATURE: add support for device pixel ratio = 3 2015-05-28 01:48:07 +02:00
Régis Hanol 033c2e7140 FIX: respect the allow_animated_avatars site setting 2015-05-26 12:22:02 +02:00
Régis Hanol a797f7c664 FIX: properly handle images when using 's3_cdn_url' 2015-05-26 11:47:33 +02:00
Régis Hanol 6ae9bcab56 add DistributedMutex around uploads/optimized_images creation 2015-05-12 16:45:33 +02:00
Régis Hanol 0e5c9b2590 small upload code refactor 2015-02-03 18:44:18 +01:00
Jeff Atwood e45b3c15c3 Revert "FIX: auto orientation code causing grey images to appear blackish"
This reverts commit f680374820.
2015-02-02 01:27:52 -08:00
Sam f680374820 FIX: auto orientation code causing grey images to appear blackish 2015-01-31 18:05:50 +11:00
Régis Hanol cd2c9edb46 FIX: 🐛 upload on IE9 wasn't working :'(
- FIX: make sure we set a default name to a pasted image only on Chrome (the only browser that supports it)
- FIX: use ".json" extension to uploads endpoints since IE9 doesn't pass the correct header
- FIX: pass the CSRF token in a query parameter since IE9 doesn't pass it in the headers
- FIX: display error messages comming from the server when there is one over the default error message
- FIX: HACK around IE9 security issue when clicking a file input via JavaScript (use a label and set `visibility:hidden` on the input)
- FIX: hide the "cancel" upload on IE9 since it's not supported
- FIX: return "text/plain" content-type when uploading a file for IE9 in order to prevent it from displaying the save dialog
- FIX: check the maximum file size on the server 💥
- update jQuery File Upload Plugin to v. 5.42.2
- update JQuery IFram Transport Plugin to v. 1.8.5
- update jQuery UI Widget to v. 1.11.1
2015-01-28 19:43:20 +01:00
Sam 6bed4e1bf0 add allowed_ips to api_keys
update annotations
2014-11-20 14:53:15 +11:00
Régis Hanol bf666f8553 FEATURE: allow animated thumbnails 2014-11-13 23:30:34 +01:00
Régis Hanol bdb78ce76a FEATURE: consider SVG as an image when authorized 2014-11-03 19:54:10 +01:00
Sam 414c6d191f FIX: remove nullable dates post upgrade to Rails 4 2014-08-27 15:19:25 +10:00
Régis Hanol c7330ed73f BUGFIX: errors when post-processing 'data images' 2014-07-18 17:54:18 +02:00
Régis Hanol a52c80e2a8 FEATURE: automatic image orientation fix 2014-07-09 23:59:57 +02:00
Sam b1d5f4440b Annotate models 2014-05-28 12:30:57 +10:00
Louis Rose 1574485443 Perform the where(...).first to find_by(...) refactoring.
This refactoring was automated using the command: bundle exec "ruby refactorings/where_dot_first_to_find_by/app.rb"
2014-05-06 14:41:59 +01:00
Régis Hanol 9cd8476453 REFACTOR: use an options hash instead of multiple nil-able parameters 2014-04-15 17:17:10 +02:00
Régis Hanol 542d54e6bf BUGFIX: uploads to S3 2014-04-15 13:04:14 +02:00
Sam 862a6696c0 Correct annotations
allow longer usernames (up to 60)
2014-04-15 15:53:48 +10:00
Régis Hanol 2505d18aa9 FEATURE: support email attachments 2014-04-14 22:55:57 +02:00
Régis Hanol 6373de550f update annotations 2014-04-08 17:35:44 +02:00
Sam 2db3cfb16b annotate models 2013-12-05 17:40:35 +11:00
Régis Hanol 37fd7ab574 pull hotlinked images 2013-11-05 19:07:29 +01:00
Sam 5bf26ec34e large refactor, ship a few columns from the user table into user_stats 2013-10-07 15:04:59 +11:00
Régis Hanol cd4cda5b4c allow users to specify thumbnail size 2013-09-27 10:57:31 +02:00
Régis Hanol c867b67a0b custom avatar support 2013-08-13 22:08:29 +02:00
Régis Hanol ed9417fa3b enable thumbnailing on S3
- added url to optimized image model
- refactored s3_store & local_store
2013-07-31 23:26:34 +02:00
Régis Hanol be9217d4c8 add server-side filesize check on uploads 2013-07-24 00:54:41 +02:00
Robin Ward ed745c3fdd Merge pull request #1222 from ZogStriP/fix-s3-related-issues
Fix s3 related issues
2013-07-22 07:30:41 -07:00
Régis Hanol 649ab85740 FIX: thumbnailing wasn't working with CDN enabled 2013-07-22 00:37:23 +02:00
Régis Hanol 33977252c9 rollback to previous s3 syntax (ie. subdomains) 2013-07-20 11:30:36 +02:00
Régis Hanol 8406a4230c FIX: click tracking on attachments wasn't working 2013-07-19 01:27:09 +02:00
Régis Hanol 5c27dd175a make sure we handle both s3 url formats 2013-07-17 00:32:09 +02:00
Régis Hanol 7ae2fe304d renamed s3 to s3_store 2013-07-17 00:27:52 +02:00
Régis Hanol 6f2ce93ab2 FIX: create an upload when FastImage throws an exception
FastImage might throw an exception when it isn't able to recognize a
file as being an image (ie. happens when users changes the extension
manually)

Also improved upload specs a lot
2013-07-13 23:42:19 +02:00
Régis Hanol 27ab5f471c support arbitrary attachments 2013-07-10 22:59:53 +02:00
Régis Hanol ac7253a938 refactor CookedPostProcessor & specs 2013-07-08 01:39:08 +02:00
Régis Hanol 6251935b1e removed auto_link_images_wider_than setting 2013-07-06 22:19:16 +02:00
Robin Ward 1c18490141 Revert "cheat to fix duplicate key on thumbnails"
This reverts commit 0c702522c4.
2013-07-05 16:09:43 -04:00
Sam 0c702522c4 cheat to fix duplicate key on thumbnails 2013-07-05 15:01:31 +10:00
Régis Hanol 6723ba6014 Add a list of for file uploads 2013-07-01 02:19:03 +02:00
Régis Hanol 08aa23f0ca FIX: lightbox wasn't working when using s3 upload 2013-06-22 13:38:42 +02:00
Régis Hanol 8a751e6e44 make sure we also delete optimized images 2013-06-21 09:34:02 +02:00
Régis Hanol 4a17d6dca6 added a rake task to clean orphan uploaded files 2013-06-19 21:51:41 +02:00
Régis Hanol ae3543872c renamed the `sha` column to the proper `sha1` 2013-06-17 22:16:14 +02:00
Régis Hanol 454636abf1 annotate models 2013-06-17 02:49:34 +02:00
Régis Hanol 510bac4b27 refactored a bit & tested thumbnails creation 2013-06-17 02:49:34 +02:00
Régis Hanol cc9e0ec80a create thumbnails when needed 2013-06-17 02:49:34 +02:00
Régis Hanol 5de03814fb created `optimized_image` model 2013-06-17 02:49:34 +02:00
Régis Hanol 2c3f757951 moved `has_been_uploaded` and `uploaded_regex` to the `Upload` model 2013-06-17 02:49:34 +02:00
Régis Hanol 8a98310cf9 make sure we only do the work once 2013-06-17 02:49:34 +02:00
Régis Hanol 6c4554b941 identifies all uploads with the SHA1 hash of the file content 2013-06-17 02:49:33 +02:00
Régis Hanol 6ea91b4416 remove useless upload topic direct association 2013-06-17 02:49:33 +02:00
Régis Hanol 037f62928b add proper post_uploads reverse index 2013-06-13 23:44:24 +02:00
Régis Hanol 770c1faeb1 added a reverse index of user uploads + rake task 2013-06-13 01:43:50 +02:00
Régis Hanol 8a2d635e62 removed imgur support 2013-06-11 21:51:41 +02:00
Ian Christian Myers 0d01c33482 Enabled strong_parameters across all models/controllers.
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.
2013-06-06 00:30:59 -07:00
Ian Christian Myers 41528f5d11 Implemented strong_parameters for Upload/UploadsController.
The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
2013-06-05 00:55:55 -07:00
Régis Hanol e3e55d4dad fix image uploads on s3/imgur 2013-06-05 00:35:42 +02:00
Régis Hanol 6cc0f8f2d4 added more file uploads test for better coverage 2013-05-31 03:13:37 +02:00
Sam ca2dee52db moved comments to the bottom, they are way less intrusive there 2013-05-24 12:48:32 +10:00
Sam 2cd95bc649 lets try out annotations 2013-05-24 12:35:14 +10:00
Régis Hanol dca2fbcefc add meaningful error message on upload [fixes #773] 2013-04-27 20:26:17 +02:00
Shane Liesegang 42fdbe2fb6 Fixing Amazon uploads to not be hardcoded to https
Amazon S3 uploads are currently hardcoded to use https, where they should probably use whatever protocol the rest of the site is using. Removing the protocol and just using "//" links should accomplish that.
2013-04-19 22:05:51 -03:00
Régis Hanol 1692350336 added some tests for uploads 2013-04-07 17:52:46 +02:00
Wojciech Kocjan 0481fbae8c Fix for reply to user avatar and picture uploading not working when editing post with discourse running in a prefix 2013-04-05 12:46:14 +02:00
Régis Hanol 0aff5042e5 FIX: S3 image upload 2013-03-30 17:56:25 +01:00
Gosha Arinich 6e5399d544 minor cleanup, using AR querying DSL over raw SQL in some places 2013-02-28 21:54:12 +03:00
Neil Lalonde 68f32af240 User hashed name for local uploads instead of 'blob' 2013-02-14 12:08:37 -05:00
Jakub Arnold 61654ab8f0 Fix all the trailing whitespace 2013-02-07 16:45:24 +01:00
Robin Ward 21b5628528 Initial release of Discourse 2013-02-05 14:16:51 -05:00