This fixes image links to /equation_images/X, among other things.
As part of this, I refactored the attachment.rb secure setting to be a
domain.yml (HostUrl) setting that can be used app-wide to determine
whether to use http or https when the code doesn't have access to a Request.
Fixes#8784
I also started down the road of having notification emails/sms/etc use
https links instead of http, but there is still work to do there, refs #9190
test plan: Use the rich text editor to post to a discussion or any other
rich text field that can be retrieved via the api, and include an
equation using the equation editor. Then retrieve that post through the
api, and verify that the url to the equation image includes the canvas
hostname and protocol (http://canvas.example.com/equation_images/X
instead of just /equation_images/X)
Change-Id: Iac28bf99d2d3b33c17d5b3eb128aa6d8488570fe
Reviewed-on: https://gerrit.instructure.com/11867
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
FileInContext (used by the zip importer) was bypassing the filename= setter
for Attachment, so when using attachment_fu, sanitize_filename was not getting
called on the filename. This resulted in us generating S3 urls with characters
in them like filename[0].txt. That normally worked fine. However, Firefox
would escape those characters when redirected to a URL like that, which would
cause a signature mismatch with S3.
This commit stops bypassing the filename= setter so files uploaded as zip
files and in migrations have escaped filenames. Because of difficulties
testing S3 attachments, the included spec is weak.
This also includes a migration that will rename attachments with []" in their
filenames, and make a copy of the S3 object to match.
There is also an unrelated spec refactor around faking out a portion of the
code about S3.
test plan:
* Enable S3
* Create a ZIP file with a file in it with a name like test[0].bin
* Upload that ZIP file to your files are, choosing to unpack the ZIP contents
* Verify that you can download the extracted file using firefox
* Also verify that the attachment's filename is escaped in the db
Change-Id: I54fc0682b64a9e0021b4b41236f8cab168a0e56e
Reviewed-on: https://gerrit.instructure.com/8875
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This doesn't play well with the selenium specs, which modify the test
env domain config when spawning a forked server.
This reverts the forced config, but keeps the domain_config refactoring.
Change-Id: I4ebf8983264adf99c37dd7097d28bdd1773bc2ec
Reviewed-on: https://gerrit.instructure.com/6169
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#5737
There is one situation where a session is still desireable -- if the
attachment data includes links, for instance a html file attachment,
then a session will be needed to view the links from that file. The
limited safefiles session will still be created when downloading the
file, so apps can optionally use the session to support that
functionality.
Change-Id: I48558c4a3217ebea92118f8f08d1254041bd65e5
Reviewed-on: https://gerrit.instructure.com/5860
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Brian Palmer