mirror of
https://gh.wpcy.net/https://github.com/discourse/discourse.git
synced 2026-05-27 23:52:59 +08:00
eeaca70bc1
The AI bot reads upload contents from posts and chat messages and feeds
them into the LLM prompt. The lookup is gated by whether the requester
can see the post, but not whether they can see the upload's secure
access-control post, so an attacker can paste another user's secure
short URL into their own post, summon the bot, and have it disclose the
contents. The agent tool runner's `_upload_get_base64` has the same gap
with no ACL check at all.
This commit introduces `Guardian#can_see_upload?` so upload visibility
is checked in one place, and uses it from `PromptMessagesBuilder`,
`ToolRunner::Upload`, and
`SecureUploadEndpointHelpers#check_secure_upload_permission`.
Follow-up to
|
||
|---|---|---|
| .. | ||
| ai_tool_action.rb | ||
| llm_agent_triage.rb | ||
| llm_tagger.rb | ||
| llm_triage.rb | ||
| report_context_generator.rb | ||
| report_runner.rb | ||
