github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-21 18:12:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

proper content-disposition header when downloading attachments

Browse Source
This commit is contained in:
Régis Hanol
2013-09-06 19:18:42 +02:00
parent eae7e75611
commit 45b838009c
8 changed files with 94 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/controllers/uploads_controller.rb
View File

@ -1,5 +1,6 @@
class UploadsController < ApplicationController
before_filter :ensure_logged_in
before_filter :ensure_logged_in, except: [:show]
skip_before_filter :check_xhr, only: [:show]
def create
file = params[:file] || params[:files].first
@ -28,4 +29,18 @@ class UploadsController < ApplicationController
render status: 422, text: I18n.t("upload.images.size_not_found")
end
def show
return render nothing: true, status: 404 unless Discourse.store.internal?
id = params[:id].to_i
url = request.fullpath
# the "url" parameter is here to prevent people from scanning the uploads using the id
upload = Upload.where(id: id, url: url).first
return render nothing: true, status: 404 unless upload
send_file(Discourse.store.path_for(upload), filename: upload.original_filename)
end
end