FIX: do not store incoming links on avatars or uploads

app/controllers/static_controller.rb

@@ -62,7 +62,7 @@ class StaticController < ApplicationController
     )
   end
 
-  skip_before_filter :verify_authenticity_token, only: [:cdn_asset]
+  skip_before_filter :store_incoming_links, :verify_authenticity_token, only: [:cdn_asset]
   def cdn_asset
     path = File.expand_path(Rails.root + "public/assets/" + params[:path])
 

app/controllers/uploads_controller.rb

@@ -1,6 +1,6 @@
 class UploadsController < ApplicationController
   before_filter :ensure_logged_in, except: [:show]
-  skip_before_filter :check_xhr, only: [:show]
+  skip_before_filter :store_incoming_links, :check_xhr, only: [:show]
 
   def create
     file = params[:file] || params[:files].first

app/controllers/user_avatars_controller.rb

@@ -3,7 +3,7 @@ require_dependency 'letter_avatar'
 class UserAvatarsController < ApplicationController
   DOT = Base64.decode64("R0lGODlhAQABALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD//wBiZCH5BAEAAA8ALAAAAAABAAEAAAQC8EUAOw==")
 
-  skip_before_filter :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]
+  skip_before_filter :store_incoming_links, :redirect_to_login_if_required, :check_xhr, :verify_authenticity_token, only: [:show, :show_letter]
 
   def refresh_gravatar
     user = User.find_by(username_lower: params[:username].downcase)

db/migrate/20140725050636_remove_invalid_incoming_links.rb

@@ -0,0 +1,5 @@
+class RemoveInvalidIncomingLinks < ActiveRecord::Migration
+  def change
+    execute "DELETE FROM incoming_links WHERE url ILIKE '%avatar%.png'"
+  end
+end