Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
discourse/spec/models
History
Martin Brennan ab3bda6cd0
FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 
Basically, say you had already downloaded a certain image from a certain URL
using pull_hotlinked_images and the onebox. The upload would be stored
by its sha as an upload record. Whenever you linked to the same URL again
in a post (e.g. in our case an og:image on review.discourse) we would
would reuse the original upload record because of the sha1.

However when you turned on secure media this could cause problems as
the first post that uses that upload after secure media is enabled
will set the access control post for the upload to the new post.
Then if the post is deleted every single onebox/link to that same image
URL will fail forever with 403 as the secure-media-uploads URL fails
if the access control post has been deleted.

To fix this when cooking posts and pulling hotlinked images, we only
allow using an original upload by URL if its access control post
matches the current post, and if the original_sha1 is filled in,
meaning it was uploaded AFTER secure media was enabled. otherwise
we just redownload the media again to be safe, as the URL will always
be new then.
 		2020-01-29 10:11:38 +10:00
..
about_spec.rb PERF: speed up about page render time and limit category mods (#8112) 2019-10-03 21:48:56 +03:00
admin_dashboard_problem_spec.rb DEV: introduce new API to look up dynamic site setting 2019-05-07 11:00:30 +10:00
api_key_spec.rb FEATURE: Hash API keys in the database (#8438) 2019-12-12 11:45:00 +00:00
application_request_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
badge_spec.rb FIX: Badge and user title interaction fixes (#8282) 2019-11-08 15:34:24 +10:00
badge_type_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
category_featured_topic_spec.rb FEATURE: remove support for 'suppress_from_latest' category setting. (#8308) 2019-11-18 12:28:35 +05:30
category_group_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
category_list_spec.rb FEATURE: support to mute all categories by default. (#8295) 2019-11-08 08:28:11 +05:30
category_spec.rb FIX: Update topic/post counter correctly when category has zero topics (#8600) 2019-12-30 11:20:44 +00:00
category_user_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
child_theme_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_color_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
color_scheme_spec.rb DEV: update rubocop to version 0.77 2019-12-10 11:48:39 +11:00
developer_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
digest_email_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
directory_item_spec.rb DEV: improve flaky spec 2019-10-04 11:11:03 +10:00
discourse_single_sign_on_spec.rb FEATURE: ban any SSO attempts with invalid external id 2019-06-11 10:04:26 +10:00
draft_sequence_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
draft_spec.rb FIX: under some conditions draft would say it was saving when not 2019-10-31 17:15:58 +11:00
email_change_request_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
email_log_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
email_token_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
embeddable_host_spec.rb DEV: Remove RSS feed polling in favor of plugin (#8233) 2019-11-12 09:49:02 -06:00
emoji_spec.rb FIX: allows replacement of digits and symbols emojis (#7978) 2019-08-07 11:38:58 +02:00
given_daily_like_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
global_setting_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
group_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
group_spec.rb DEV: adds event hook when add/remove user to group (#8038) 2019-09-10 11:58:08 -05:00
group_user_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
incoming_link_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
incoming_links_report_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
invite_redeemer_spec.rb FIX: Use updated_at date to denote expired invites (#8521) 2019-12-17 10:13:49 -05:00
invite_spec.rb FIX: Use updated_at date to denote expired invites (#8521) 2019-12-17 10:13:49 -05:00
javascript_cache_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
locale_site_setting_spec.rb DEV: clean up potential locale leak 2019-06-03 12:42:29 +10:00
mailing_list_mode_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
notification_spec.rb DEV: handle all notification consolidations in new 'NotificationConsolidator' class. 2019-12-05 14:36:06 +05:30
optimized_image_spec.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
permalink_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
plugin_store_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
post_action_spec.rb DEV: handle all notification consolidations in new 'NotificationConsolidator' class. 2019-12-05 14:36:06 +05:30
post_action_type_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_analyzer_spec.rb FIX: Improve Onebox detection (#8019) 2019-09-10 13:59:48 +03:00
post_detail_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_mover_spec.rb Merge pull request #8736 from gschlager/rename_reply_id_column 2020-01-17 17:24:49 +01:00
post_reply_key_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
post_reply_spec.rb DEV: update dependencies and add notes about exceptions 2019-12-06 13:00:28 +11:00
post_spec.rb FEATURE: Secure media allowing duplicated uploads with category-level privacy and post-based access rules (#8664) 2020-01-16 13:50:27 +10:00
post_timing_spec.rb FIX: Decrement posts read count when destroying post timings (#8172) 2019-10-08 15:39:23 -03:00
post_upload_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
quoted_post_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
remote_theme_spec.rb FIX: Allow importing themes with subdirectories in extra_js 2019-11-13 23:45:09 +00:00
report_spec.rb DEV: Improved performance of report spec (#8642) 2020-01-06 17:17:07 +11:00
reviewable_claimed_topic_spec.rb FIX: Don't log a claimed topic database error during tests 2020-01-09 12:32:05 -05:00
reviewable_flagged_post_spec.rb Spec should not depend on aliases 2019-10-01 18:33:53 -03:00
reviewable_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
reviewable_queued_post_spec.rb DEV: Allow specifying button class in reviewable action definitions (#8093) 2019-09-18 11:28:59 +01:00
reviewable_score_spec.rb FIX: Bots accuracy should be zero (#8654) 2020-01-02 13:24:24 -03:00
reviewable_spec.rb FIX: The 'reviewed' status filter should include deleted elements (#8630) 2019-12-30 14:56:17 -03:00
reviewable_user_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
s3_region_site_setting_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
screened_email_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
screened_ip_address_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
screened_url_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
search_log_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
site_setting_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
site_spec.rb FEATURE: support to mute all categories by default. (#8295) 2019-11-08 08:28:11 +05:30
skipped_email_log_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
stylesheet_cache_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
tag_group_spec.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
tag_spec.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
tag_user_spec.rb FEATURE: Tag synonyms 2019-12-04 13:33:51 -05:00
theme_field_spec.rb DEV: Display a warning when themes hard-code optimized image links (#8304) 2019-11-12 14:30:19 +00:00
theme_spec.rb FEATURE: Ability to add components to all themes (#8404) 2019-11-28 16:19:01 +11:00
top_menu_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
top_topic_spec.rb DEV: correct spec failures in PG 12 2019-11-26 16:39:14 +11:00
topic_allowed_user_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_converter_spec.rb FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 2020-01-29 10:11:38 +10:00
topic_embed_spec.rb FIX: embedding topics would fail with some HTML 2019-08-07 12:45:55 +10:00
topic_featured_users_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_group_spec.rb FIX: Constraint error when inserting the same topic group twice 2019-12-12 13:10:46 -05:00
topic_invite_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
topic_link_click_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_link_spec.rb FIX: inbound link when the only slug available (#8457) 2019-12-04 17:13:20 +11:00
topic_list_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_participants_summary_spec.rb DEV: Better topic participants summary spec 2019-11-18 09:43:14 -05:00
topic_posters_summary_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_spec.rb FIX: correct notification when tag or category is added (#8801) 2020-01-29 11:03:47 +11:00
topic_tag_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_timer_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
topic_tracking_state_spec.rb FIX: topic_tracking_state when mute_all_categories_by_default is enabled 2020-01-06 18:22:42 +00:00
topic_user_spec.rb DEV: fix deprecation warnings in specs 2020-01-23 16:37:48 +01:00
topic_view_item_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
translation_override_spec.rb FIX: Display site text overrides for non '_MF' keys (#8189) 2019-10-17 18:34:07 +02:00
trust_level3_requirements_spec.rb FEATURE: allow TL3 promotions for overturned penalties 2019-12-20 15:25:21 -08:00
unsubscribe_key_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
upload_spec.rb FIX: Mitigate issue where legacy pre-secure hotlinked media would not be redownloaded (#8802) 2020-01-29 10:11:38 +10:00
user_action_spec.rb Fix broken spec in 405ba00c08. 2019-05-08 15:45:25 +08:00
user_api_key_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_archived_message_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_auth_token_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_avatar_spec.rb FIX: Gravatar uploads being dependent on authorized_extensions. 2019-08-01 16:24:09 +08:00
user_badge_spec.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_email_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_export_spec.rb REVERT: DEV: should ignore missing post uploads when a user export destroyed 2019-07-25 19:41:25 +05:30
user_field_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_history_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_open_id_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_option_spec.rb DEV: Upgrading Discourse to Zeitwerk (#8098) 2019-10-02 14:01:53 +10:00
user_profile_spec.rb Revert "FIX: Add missing unique index on user_id for user_profiles." 2019-05-24 12:58:36 +08:00
user_profile_view_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
user_search_spec.rb SECURITY: Check permissions when autocompleting mentions 2019-10-28 11:01:47 +00:00
user_second_factor_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_spec.rb PERF: Cache ranks for featured badges, to simplify user serialization (#8698) 2020-01-14 14:26:49 +00:00
user_stat_spec.rb PERF: Cache user badge count in user_stats table (#8610) 2019-12-30 11:19:59 +00:00
user_summary_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
user_visit_spec.rb DEV: Prefabrication (test optimization) (#7414) 2019-05-07 13:12:20 +10:00
username_validator_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
watched_word_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
web_crawler_request_spec.rb DEV: s/\$redis/Discourse\.redis (#8431) 2019-12-03 10:05:53 +01:00
web_hook_event_spec.rb DEV: use #frozen_string_literal: true on all spec 2019-04-30 10:27:42 +10:00
web_hook_spec.rb DEV: Remove code deprecated by the new Reviewable API (#8023) 2019-08-26 10:33:26 -03:00