mirror of
https://github.com/discourse/discourse.git
synced 2025-05-30 04:18:27 +08:00
Revert "Revert "Merge branch 'master' of https://github.com/discourse/discourse""
This reverts commit 20780a1eeed56b321daf18ee6bbfe681a51d1bf4. * SECURITY: re-adds accidentally reverted commit: 03d26cd6: ensure embed_url contains valid http(s) uri * when the merge commit e62a85cf was reverted, git chose the 2660c2e2 parent to land on instead of the 03d26cd6 parent (which contains security fixes)
This commit is contained in:
@ -79,12 +79,35 @@ module FileStore
|
||||
def has_been_uploaded?(url)
|
||||
return false if url.blank?
|
||||
|
||||
begin
|
||||
parsed_url = URI.parse(URI.encode(url))
|
||||
rescue URI::InvalidURIError
|
||||
return false
|
||||
end
|
||||
|
||||
base_hostname = URI.parse(absolute_base_url).hostname
|
||||
return true if url[base_hostname]
|
||||
if url[base_hostname]
|
||||
# if the hostnames match it means the upload is in the same
|
||||
# bucket on s3. however, the bucket folder path may differ in
|
||||
# some cases, and we do not want to assume the url is uploaded
|
||||
# here. e.g. the path of the current site could be /prod and the
|
||||
# other site could be /staging
|
||||
if s3_bucket_folder_path.present?
|
||||
return parsed_url.path.starts_with?("/#{s3_bucket_folder_path}")
|
||||
else
|
||||
return true
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
return false if SiteSetting.Upload.s3_cdn_url.blank?
|
||||
cdn_hostname = URI.parse(SiteSetting.Upload.s3_cdn_url || "").hostname
|
||||
cdn_hostname.presence && url[cdn_hostname]
|
||||
return true if cdn_hostname.presence && url[cdn_hostname]
|
||||
false
|
||||
end
|
||||
|
||||
def s3_bucket_folder_path
|
||||
@s3_helper.s3_bucket_folder_path
|
||||
end
|
||||
|
||||
def s3_bucket_name
|
||||
|
Reference in New Issue
Block a user