diff --git a/app/models/upload.rb b/app/models/upload.rb
index 060cf187a..8d2c0ffeb 100644
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@@ -14,6 +14,8 @@ class Upload < ActiveRecord::Base
has_many :optimized_images, dependent: :destroy
+ attr_accessor :is_attachment_for_group_message
+
validates_presence_of :filesize
validates_presence_of :original_filename
@@ -62,8 +64,9 @@ class Upload < ActiveRecord::Base
# options
# - content_type
- # - origin
- # - image_type
+ # - origin (url)
+ # - image_type ("avatar", "profile_background", "card_background")
+ # - is_attachment_for_group_message (boolean)
def self.create_for(user_id, file, filename, filesize, options = {})
DistributedMutex.synchronize("upload_#{user_id}_#{filename}") do
# do some work on images
@@ -141,6 +144,10 @@ class Upload < ActiveRecord::Base
upload.height = height
upload.origin = options[:origin][0...1000] if options[:origin]
+ if options[:is_attachment_for_group_message]
+ upload.is_attachment_for_group_message = true
+ end
+
if is_dimensionless_image?(filename, upload.width, upload.height)
upload.errors.add(:base, I18n.t("upload.images.size_not_found"))
return upload
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 1a4fa4ec2..093fd5449 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -1001,6 +1001,8 @@ en:
default_opengraph_image_url: "URL of the default opengraph image."
+ allow_all_attachments_for_group_messages: "Allow all email attachments for group messages."
+
enable_flash_video_onebox: "Enable embedding of swf and flv (Adobe Flash) links in oneboxes. WARNING: may introduce security risks."
default_invitee_trust_level: "Default trust level (0-4) for invited users."
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 9657a8099..15e68c307 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -617,8 +617,8 @@ files:
client: true
regex: '^((https?:)?\/)?\/.+[^\/]'
shadowed_by_global: true
-
default_opengraph_image_url: ''
+ allow_all_attachments_for_group_messages: false
trust:
default_trust_level:
diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index f094631da..fa7f81b91 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -72,20 +72,35 @@ module Email
case destination[:type]
when :group
group = destination[:obj]
- create_topic(user: user, raw: body, title: subject, archetype: Archetype.private_message, target_group_names: [group.name], skip_validations: true)
+ create_topic(user: user,
+ raw: body,
+ title: subject,
+ archetype: Archetype.private_message,
+ target_group_names: [group.name],
+ is_group_message: true,
+ skip_validations: true)
+
when :category
category = destination[:obj]
raise StrangersNotAllowedError if user.staged? && !category.email_in_allow_strangers
raise InsufficientTrustLevelError if !user.has_trust_level?(SiteSetting.email_in_min_trust)
- create_topic(user: user, raw: body, title: subject, category: category.id, skip_validations: user.staged?)
+ create_topic(user: user,
+ raw: body,
+ title: subject,
+ category: category.id,
+ skip_validations: user.staged?)
+
when :reply
email_log = destination[:obj]
raise ReplyUserNotMatchingError if email_log.user_id != user.id
- create_reply(user: user, raw: body, post: email_log.post, topic: email_log.post.topic)
+ create_reply(user: user,
+ raw: body,
+ post: email_log.post,
+ topic: email_log.post.topic)
end
end
end
@@ -271,6 +286,7 @@ module Email
else
options[:topic_id] = options[:post].try(:topic_id)
options[:reply_to_post_number] = options[:post].try(:post_number)
+ options[:is_group_message] = options[:topic].private_message? && options[:topic].allowed_groups.exists?
create_post_with_attachments(options)
end
end
@@ -291,7 +307,8 @@ module Email
# read attachment
File.open(tmp.path, "w+b") { |f| f.write attachment.body.decoded }
# create the upload for the user
- upload = Upload.create_for(options[:user].id, tmp, attachment.filename, tmp.size)
+ opts = { is_attachment_for_group_message: options[:is_group_message] }
+ upload = Upload.create_for(options[:user].id, tmp, attachment.filename, tmp.size, opts)
if upload && upload.errors.empty?
# try to inline images
if attachment.content_type.start_with?("image/") && options[:raw][/\[image: .+ \d+\]/]
diff --git a/lib/validators/upload_validator.rb b/lib/validators/upload_validator.rb
index 985fe928d..b200fc16c 100644
--- a/lib/validators/upload_validator.rb
+++ b/lib/validators/upload_validator.rb
@@ -5,6 +5,8 @@ module Validators; end
class Validators::UploadValidator < ActiveModel::Validator
def validate(upload)
+ return true if upload.is_attachment_for_group_message && SiteSetting.allow_all_attachments_for_group_messages
+
extension = File.extname(upload.original_filename)[1..-1] || ""
if is_authorized?(upload, extension)
diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb
index bdb42a0a2..734276c6a 100644
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@@ -271,6 +271,12 @@ describe Email::Receiver do
expect { process(:email_reply_4) }.to change { topic.posts.count }
end
+ it "supports any kind of attachments when 'allow_all_attachments_for_group_messages' is enabled" do
+ SiteSetting.allow_all_attachments_for_group_messages = true
+ expect { process(:attached_rb_file) }.to change(Topic, :count)
+ expect(Post.last.raw).to match(/discourse\.rb/)
+ end
+
end
context "new topic in a category" do
diff --git a/spec/fixtures/emails/attached_rb_file.eml b/spec/fixtures/emails/attached_rb_file.eml
new file mode 100644
index 000000000..960b3e6d6
--- /dev/null
+++ b/spec/fixtures/emails/attached_rb_file.eml
@@ -0,0 +1,31 @@
+Return-Path: <discourse@bar.com>
+From: Foo Bar <discourse@bar.com>
+To: team@bar.com
+Date: Mon, 29 Feb 2016 21:54:01 +0100
+Message-ID: <56d4afe991ed0_3ab83fdf94441a20677f0@HAL.lan.mail>
+Subject: Email with .rb file attached
+Mime-Version: 1.0
+Content-Type: multipart/mixed;
+ boundary="--==_mimepart_56d4afe991d17_3ab83fdf94441a206765";
+ charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+
+----==_mimepart_56d4afe991d17_3ab83fdf94441a206765
+Content-Type: text/plain;
+ charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+Please find the source code of Discourse attached.
+----==_mimepart_56d4afe991d17_3ab83fdf94441a206765
+Content-Type: application/x-ruby;
+ charset=UTF-8;
+ filename=discourse.rb
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment;
+ filename=discourse.rb
+Content-ID: <56d4afe992cb6_3ab83fdf94441a20678c3@HAL.lan.mail>
+
+cHV0cyAiSGVsbG8gRGlzY291cnNlIgo=
+
+----==_mimepart_56d4afe991d17_3ab83fdf94441a206765--