Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-06 09:10:25 +08:00
Code Packages Activity Actions 11

SECURITY: correct local onebox category checks

Browse source 
Also removes ugly "source_topic_id" from cooked posts

Patch was authored by @zogstrip

Signed-off-by: Sam <sam.saffron@gmail.com>
This commit is contained in:
Sam 2018-02-14 10:39:44 +11:00
parent 548db91c76
commit f028ffaf29
14 changed files with 251 additions and 361 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/discourse.rb
View file

@ -236,15 +236,11 @@ module Discourse
end
def self.route_for(uri)
uri = URI(uri) rescue nil unless (uri.is_a?(URI))
uri = URI(uri) rescue nil unless uri.is_a?(URI)
return unless uri
path = uri.path || ""
if (uri.host == Discourse.current_hostname &&
path.start_with?(Discourse.base_uri)) ||
!uri.host
if !uri.host || (uri.host == Discourse.current_hostname && path.start_with?(Discourse.base_uri))
path.slice!(Discourse.base_uri)
return Rails.application.routes.recognize_path(path)
end