From 40af9ce61270bce7a1759c403614eb1035d66b28 Mon Sep 17 00:00:00 2001 From: Sam Date: Fri, 25 Jul 2014 15:10:06 +1000 Subject: [PATCH] FIX: do not store incoming links on avatars or uploads --- app/controllers/static_controller.rb | 2 +- app/controllers/uploads_controller.rb | 2 +- app/controllers/user_avatars_controller.rb | 2 +- db/migrate/20140725050636_remove_invalid_incoming_links.rb | 5 +++++ 4 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 db/migrate/20140725050636_remove_invalid_incoming_links.rb diff --git a/app/controllers/static_controller.rb b/app/controllers/static_controller.rb index 8953b256d..824282c26 100644 --- a/app/controllers/static_controller.rb +++ b/app/controllers/static_controller.rb @@ -62,7 +62,7 @@ class StaticController < ApplicationController ) end - skip_before_filter :verify_authenticity_token, only: [:cdn_asset] + skip_before_filter :store_incoming_links, :verify_authenticity_token, only: [:cdn_asset] def cdn_asset path = File.expand_path(Rails.root + "public/assets/" + params[:path]) diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index b380804d0..7a0917e6c 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -1,6 +1,6 @@ class UploadsController < ApplicationController before_filter :ensure_logged_in, except: [:show] - skip_before_filter :check_xhr, only: [:show] + skip_before_filter :store_incoming_links, :check_xhr, only: [:show] def create file = params[:file] || params[:files].first diff --git a/app/controllers/user_avatars_controller.rb b/app/controllers/user_avatars_controller.rb index e5ec30879..7e644e7bc 100644 --- a/app/controllers/user_avatars_controller.rb +++ b/app/controllers/user_avatars_controller.rb @@ -3,7 +3,7 @@ require_dependency 'letter_avatar' class UserAvatarsController < ApplicationController DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==") - skip_before_filter :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter] + skip_before_filter :store_incoming_links, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter] def refresh_gravatar user = User.find_by(username_lower: params[:username].downcase) diff --git a/db/migrate/20140725050636_remove_invalid_incoming_links.rb b/db/migrate/20140725050636_remove_invalid_incoming_links.rb new file mode 100644 index 000000000..ae6833ef3 --- /dev/null +++ b/db/migrate/20140725050636_remove_invalid_incoming_links.rb @@ -0,0 +1,5 @@ +class RemoveInvalidIncomingLinks < ActiveRecord::Migration + def change + execute "DELETE FROM incoming_links WHERE url ILIKE '%avatar%.png'" + end +end