github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 07:53:49 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: only allow picking of avatars created by self (#6417)

Browse Source 
* SECURITY: only allow picking of avatars created by self

Also adds origin tracking to all uploads including de-duplicated uploads
This commit is contained in:
Sam
2018-09-20 15:33:10 +10:00
committed by Guo Xiang Tan
parent e0be5145cf
commit df45e82377
10 changed files with 196 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
spec/lib/upload_creator_spec.rb
View File

@ -22,6 +22,18 @@ RSpec.describe UploadCreator do
expect(upload.extension).to eq('txt')
expect(File.extname(upload.url)).to eq('.txt')
expect(upload.original_filename).to eq('utf-8.txt')
expect(user.user_uploads.count).to eq(1)
expect(upload.user_uploads.count).to eq(1)
user2 = Fabricate(:user)
expect do
UploadCreator.new(file, "utf-8\n.txt").create_for(user2.id)
end.to change { Upload.count }.by(0)
expect(user.user_uploads.count).to eq(1)
expect(user2.user_uploads.count).to eq(1)
expect(upload.user_uploads.count).to eq(2)
end
end