discourse

History

Martin Brennan ab3bda6cd0 FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802 ) Basically, say you had already downloaded a certain image from a certain URL using pull_hotlinked_images and the onebox. The upload would be stored by its sha as an upload record. Whenever you linked to the same URL again in a post (e.g. in our case an og:image on review.discourse) we would would reuse the original upload record because of the sha1. However when you turned on secure media this could cause problems as the first post that uses that upload after secure media is enabled will set the access control post for the upload to the new post. Then if the post is deleted every single onebox/link to that same image URL will fail forever with 403 as the secure-media-uploads URL fails if the access control post has been deleted. To fix this when cooking posts and pulling hotlinked images, we only allow using an original upload by URL if its access control post matches the current post, and if the original_sha1 is filled in, meaning it was uploaded AFTER secure media was enabled. otherwise we just redownload the media again to be safe, as the URL will always be new then.		2020-01-29 10:11:38 +10:00
..
api_key_fabricator.rb	FEATURE: Hash API keys in the database (#8438 )	2019-12-12 11:45:00 +00:00
badge_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
bookmark_fabricator.rb	Improving bookmarks part 1 (#8466 )	2019-12-11 14:04:02 +10:00
category_fabricator.rb	DEV: Default to skipping creating a topic when fabricating categories (#7976 )	2019-08-06 11:26:54 +01:00
category_group_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
color_scheme_color_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
color_scheme_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
email_change_request_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
email_log_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
email_token_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
embeddable_host_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
flag_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
group_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
group_history_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
group_request_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
group_user_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
ignored_user.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
incoming_email_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
incoming_link_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
invite_fabricator.rb	FEATURE: send max 200 emails every minute for bulk invites (#7875 )	2019-07-19 11:29:12 +05:30
like_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
muted_user.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
notification_fabricator.rb	FIX: Don't update `watching_first_post` notifications when moving first post	2019-08-12 22:59:43 +02:00
optimized_image_fabricator.rb	Fix the build.	2019-05-23 16:11:50 +08:00
permalink_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
post_action_fabricator.rb	FIX: correct user serializer user method for extended serializer (#8590 )	2019-12-19 09:48:01 -08:00
post_custom_field_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
post_detail_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
post_fabricator.rb	FIX: parallel spec system needs a dedicated upload folder for each worker. (#8547 )	2019-12-18 11:21:57 +05:30
post_reply_key_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
post_revision_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
reviewable_claimed_topic_fabricator.rb	FEATURE: Claim Reviewables by Topic	2019-05-09 13:40:36 -04:00
reviewable_fabricator.rb	FIX: Granting staff status should auto-approve users waiting approval (#8533 )	2019-12-12 16:26:38 -03:00
screened_email_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
screened_ip_address_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
screened_url_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
search_log_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
shared_draft_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
single_sign_on_record_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
skipped_email_log_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
tag_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
tag_group_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
theme_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
topic_allowed_group_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
topic_allowed_user_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
topic_embed_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
topic_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
topic_tag_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
topic_timer_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
topic_user_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
upload_fabricator.rb	FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802 )	2020-01-29 10:11:38 +10:00
user_action_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_api_key_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_avatar_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_email_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_fabricator.rb	FEATURE: introduce dedicated storage and DB constraints for anon users	2019-05-29 14:26:24 +10:00
user_field_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_option_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_profile_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_second_factor_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
user_security_key_fabricator.rb	FEATURE: Webauthn authenticator management with 2FA login (Security Keys) (#8099 )	2019-10-01 19:08:41 -07:00
watched_word_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
web_crawler_request_fabricator.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
web_hook_fabricator.rb	FEATURE: Add a webhook for user notifications	2019-08-15 14:47:25 -04:00