github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 07:53:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Cooking custom emojis should not use a secure URL (#15929)

Browse Source 
When a site has secure media enabled and a post is with secure
media, we were incorrectly cooking custom emoji URLs and using the
secure URL for those emojis, even though they should not be
considered secure (their corresponding upload records in the
database are _not_ secure). Now instead of the blanket
post.with_secure_media? boolean for the secure: param, we also
want to make sure the image whose URL is being cooked is also
_not_ a custom emoji.
This commit is contained in:
Martin Brennan
2022-02-14 13:02:42 +10:00
committed by GitHub
parent a34075d205
commit 88a8584348
2 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/cooked_post_processor.rb
View File

@ -415,7 +415,10 @@ class CookedPostProcessor
%w{src data-small-upload}.each do |selector|
@doc.css("img[#{selector}]").each do |img|
img[selector] = UrlHelper.cook_url(img[selector].to_s, secure: @post.with_secure_media?)
custom_emoji = img["class"]&.include?("emoji-custom") && Emoji.custom?(img["title"])
img[selector] = UrlHelper.cook_url(
img[selector].to_s, secure: @post.with_secure_media? && !custom_emoji
)
end
end
end