Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/app/models
History
Martin Brennan ab3bda6cd0
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 
Basically, say you had already downloaded a certain image from a certain URL
using pull_hotlinked_images and the onebox. The upload would be stored
by its sha as an upload record. Whenever you linked to the same URL again
in a post (e.g. in our case an og:image on review.discourse) we would
would reuse the original upload record because of the sha1.

However when you turned on secure media this could cause problems as
the first post that uses that upload after secure media is enabled
will set the access control post for the upload to the new post.
Then if the post is deleted every single onebox/link to that same image
URL will fail forever with 403 as the secure-media-uploads URL fails
if the access control post has been deleted.

To fix this when cooking posts and pulling hotlinked images, we only
allow using an original upload by URL if its access control post
matches the current post, and if the original_sha1 is filled in,
meaning it was uploaded AFTER secure media was enabled. otherwise
we just redownload the media again to be safe, as the URL will always
be new then.
 		2020-01-29 10:11:38 +10:00
..
concerns DEV: increase the length of backup codes 2020-01-21 15:32:06 +11:00
reports FIX: Correct ordering for post_edits report, and remove query limit 2019-08-13 16:53:16 +01:00
about.rb PERF: speed up about page render time and limit category mods (#8112) 2019-10-03 21:48:56 +03:00
admin_dashboard_data.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
admin_dashboard_general_data.rb FIX: Allow dashboard to load even when git version cannot be found 2019-08-28 12:37:42 +01:00
admin_dashboard_index_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
anonymous_user.rb FEATURE: introduce dedicated storage and DB constraints for anon users 2019-05-29 14:26:24 +10:00
api_key.rb FEATURE: Hash API keys in the database (#8438) 2019-12-12 11:45:00 +00:00
application_request.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
auto_track_duration_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
backup_draft_post.rb FEATURE: experimental hidden setting for draft backups 2019-10-17 16:58:21 +11:00
backup_draft_topic.rb FEATURE: experimental hidden setting for draft backups 2019-10-17 16:58:21 +11:00
backup_file.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
backup_location_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
backup_metadata.rb FEATURE: Drop "backup" schema 7 days after restore 2020-01-16 17:48:47 +01:00
badge.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
badge_grouping.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
badge_type.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
bookmark.rb Improving bookmarks part 1 (#8466) 2019-12-11 14:04:02 +10:00
category.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
category_and_topic_lists.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_custom_field.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_featured_topic.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
category_group.rb PERF: Add index on group to category_groups (#8231) 2019-10-23 10:30:43 +01:00
category_list.rb FEATURE: support to mute all categories by default. (#8295) 2019-11-08 08:28:11 +05:30
category_page_style.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_tag.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_tag_group.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_tag_stat.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
category_user.rb DEV: Update annotations 2019-11-19 10:21:06 +00:00
child_theme.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
color_scheme.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
color_scheme_color.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
custom_emoji.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
developer.rb DEV: Update annotations 2019-11-29 15:49:08 +00:00
digest_email_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
directory_item.rb FIX: user directory should not include unapproved users 2019-09-11 15:18:17 -04:00
discourse_single_sign_on.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
discourse_version_check.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
draft.rb FIX: under rare conditions saving a new draft could error temporarily 2020-01-02 11:38:14 +11:00
draft_sequence.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
email_change_request.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_level_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_log.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
email_style.rb FIX: backwards compatibility for uncompiled email style css 2019-10-23 19:22:33 -04:00
email_token.rb FIX: reload the user record instead of fetching via email 2019-05-13 15:16:53 +05:30
embeddable_host.rb FIX: Replace deprecated URI.encode, URI.escape, URI.unescape and URI.unencode (#8528) 2019-12-12 12:49:21 +10:00
embedding.rb DEV: Remove RSS feed polling in favor of plugin (#8233) 2019-11-12 09:49:02 -06:00
emoji.rb FEATURE: do not replace ↔ with an emoji 2019-08-30 15:06:23 +10:00
emoji_set_site_setting.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
github_user_info.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
given_daily_like.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
global_setting.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
group.rb FIX: group membership leak 2020-01-15 11:21:58 +01:00
group_archived_message.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_custom_field.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_history.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_manager.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_mention.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_request.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
group_user.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
ignored_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
incoming_domain.rb FIX: make frozen string mutable in incoming_domain 2019-05-14 17:44:53 +02:00
incoming_email.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
incoming_link.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
incoming_links_report.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
incoming_referer.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
invite.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
invite_redeemer.rb FIX: Use updated_at date to denote expired invites (#8521) 2019-12-17 10:13:49 -05:00
invited_group.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
javascript_cache.rb FEATURE: Multi-file javascript support for themes (#7526) 2019-06-03 10:41:00 +01:00
like_notification_frequency_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
locale_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
mailing_list_mode_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
muted_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
new_topic_duration_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
notification.rb Fix the build - take 3. 2019-12-05 20:35:39 +05:30
notification_level_when_replying_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
oauth2_user_info.rb FIX: allow storage of non unique rows in oauth2_user_infos 2019-10-25 11:57:34 +11:00
onceoff_log.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
optimized_image.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
permalink.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plugin_store.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
plugin_store_row.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post.rb FIX: Resolve pull hotlinked image and broken link issues for secure media URLs (#8777) 2020-01-24 11:59:30 +10:00
post_action.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
post_action_type.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_analyzer.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_custom_field.rb DEV: Update annotations 2019-05-13 15:24:24 +01:00
post_detail.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_mover.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
post_reply.rb Merge pull request #8736 from gschlager/rename_reply_id_column 2020-01-17 17:24:49 +01:00
post_reply_key.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_revision.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_stat.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
post_timing.rb FIX: Decrement posts read count when destroying post timings (#8172) 2019-10-08 15:39:23 -03:00
post_upload.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
previous_replies_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
push_subscription.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
quoted_post.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
remote_theme.rb DEV: correct a few Ruby 2.7 deprecations 2019-11-28 13:13:29 +11:00
remove_muted_tags_from_latest_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
report.rb DEV: Implement a faster Discourse.cache 2019-11-27 16:11:49 +11:00
reviewable.rb FIX: Stop logging errors in postgres on reviewable conflict 2020-01-09 12:04:17 -05:00
reviewable_claimed_topic.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post.rb FIX: Only agree with the first post when using the 'Delete post + replies and agree' option 2020-01-06 13:38:23 -03:00
reviewable_history.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
reviewable_priority_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_queued_post.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_score.rb FIX: Reload the ReviewableScore types when extending flags (#8740) 2020-01-17 11:59:38 -03:00
reviewable_sensitivity_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
reviewable_user.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
s3_region_site_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
screened_email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
screened_ip_address.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
screened_url.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
search_log.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
shared_draft.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
single_sign_on_record.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
site.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_setting.rb DEV: Remove SiteSetting.default_categories_selected (#8138) 2019-10-04 15:57:17 +10:00
skipped_email_log.rb FIX: Don't send notification email when user isn't allowed to see topic 2019-07-01 14:03:03 +02:00
slug_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
stylesheet_cache.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag.rb FIX: Use new tag routes (#8683) 2020-01-21 19:23:08 +02:00
tag_group.rb FEATURE: add support for tag group search 2019-06-27 17:53:26 +10:00
tag_group_membership.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag_group_permission.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
tag_user.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
theme.rb DEV: remove uneeded distinct from relation 2019-12-09 14:24:38 +11:00
theme_field.rb DEV: Display a warning when themes hard-code optimized image links (#8304) 2019-11-12 14:30:19 +00:00
theme_setting.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
theme_translation_override.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
top_lists.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
top_menu_item.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
top_topic.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
topic.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
topic_allowed_group.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_allowed_user.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_converter.rb FEATURE: Update upload security status on post move, topic conversion, category change (#8731) 2020-01-23 12:01:10 +10:00
topic_custom_field.rb annotate models 2019-05-29 14:26:24 +10:00
topic_embed.rb DEV: use Discourse.cache over Rails.cache 2019-11-27 12:36:19 +11:00
topic_featured_users.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_group.rb Changed `CONFLICT` to `SQL` for multiline strings 2019-12-13 11:51:40 -05:00
topic_invite.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_link.rb FIX: inbound link when the only slug available (#8457) 2019-12-04 17:13:20 +11:00
topic_link_click.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
topic_list.rb FEATURE: Dismiss new per category (#8330) 2019-11-14 11:16:13 +11:00
topic_notifier.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_participants_summary.rb FIX: Include 5 participants in topic summary 2019-11-15 15:11:09 -05:00
topic_poster.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_posters_summary.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
topic_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_tag.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
topic_timer.rb DEV: Use enum instead of id for topic timer query 2019-11-19 10:10:14 -07:00
topic_tracking_state.rb FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
topic_user.rb DEV: pluck_first 2019-10-21 12:08:20 +01:00
topic_view_item.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
translation_override.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
trust_level3_requirements.rb FEATURE: allow TL3 promotions for overturned penalties 2019-12-20 15:25:21 -08:00
trust_level_and_staff_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
trust_level_setting.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
unsubscribe_key.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
upload.rb FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 2020-01-29 10:11:38 +10:00
user.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_action.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
user_api_key.rb DEV: Apply Rubocop redundant return style 2019-11-14 15:10:51 -05:00
user_archived_message.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_associated_account.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_auth_token.rb FEATURE: Limit the number of active sessions for a user (#8411) 2019-11-27 12:39:31 +00:00
user_auth_token_log.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_avatar.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_badge.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_badges.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_custom_field.rb DEV: Add missing indexes to user_profiles (#8691) 2020-01-09 17:08:55 +01:00
user_email.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_export.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_field_option.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_history.rb FIX: Mark secure media upload insecure automatically if used for theme component (#8413) 2019-11-28 07:32:17 +10:00
user_open_id.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_option.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
user_profile.rb DEV: Drop unused columns 2020-01-27 15:28:56 +01:00
user_profile_view.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
user_search.rb SECURITY: Check permissions when autocompleting mentions 2019-10-28 11:01:47 +00:00
user_search_data.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_second_factor.rb SECURITY: Improve second factor auth logic 2020-01-10 10:45:56 +10:00
user_security_key.rb DEV: annotate models 2019-10-17 16:58:22 +11:00
user_stat.rb DEV: Add missing indexes to user_profiles (#8691) 2020-01-09 17:08:55 +01:00
user_summary.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_upload.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_visit.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
user_warning.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
username_validator.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
watched_word.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
web_crawler_request.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook.rb DEV: Remove code deprecated by the new Reviewable API (#8023) 2019-08-26 10:33:26 -03:00
web_hook_event.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
web_hook_event_type.rb FEATURE: Add a webhook for user notifications 2019-08-15 14:47:25 -04:00