Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FIX: Only mark attachments as secure media if SiteSetting.secure_media? #9009

Merged
merged 2 commits into from Feb 20, 2020

Conversation

@martin-brennan
Copy link
Contributor

martin-brennan commented Feb 20, 2020

  • Attachments (non media files) were being marked as secure if just
    SiteSetting.prevent_anons_from_downloading_files was enabled. this
    was not correct as nothing should be marked as actually "secure" in
    the DB without that site setting enabled
  • Also add a proper standalone spec file for the upload security class
* attachments (non media files) were being marked as secure if just
  SiteSetting.prevent_anons_from_downloading_files was enabled. this
  was not correct as nothing should be marked as actually "secure" in
  the DB without that site setting enabled
* also add a proper standalone spec file for the upload security class
@discoursebot

This comment has been minimized.

Copy link

discoursebot commented Feb 20, 2020

This pull request has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/secure-media-uploads/140017/28

@SamSaffron

This comment has been minimized.

Copy link
Member

SamSaffron commented Feb 20, 2020

looks good to me

@martin-brennan martin-brennan merged commit 04df3bd into master Feb 20, 2020
7 checks passed
7 checks passed
PLUGINS-BACKEND
Details
CORE-BACKEND
Details
PLUGINS-FRONTEND
Details
CORE-FRONTEND
Details
PLUGINS-LINT
Details
CORE-LINT
Details
license/cla Contributor License Agreement is signed.
Details
@martin-brennan martin-brennan deleted the issue/fix-marking-attachments-as-secure-media branch Feb 20, 2020
nbianca added a commit to nbianca/discourse that referenced this pull request Mar 2, 2020
…a? (discourse#9009)

* Attachments (non media files) were being marked as secure if just
SiteSetting.prevent_anons_from_downloading_files was enabled. this
was not correct as nothing should be marked as actually "secure" in
the DB without that site setting enabled
* Also add a proper standalone spec file for the upload security class
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.