FIX - limit number of embedded media items in a post (#10391)

FIX - limit number of embedded media items in a post (#10391)

  • FIX - limit number of embedded media items in a post

  • Add renamed settings to DeprecatedSettings

diff --git a/app/models/post.rb b/app/models/post.rb
index 9a003d3..8bfe3cb 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -269,7 +269,7 @@ class Post < ActiveRecord::Base
 
   %w{raw_mentions
     linked_hosts
-    image_count
+    embedded_media_count
     attachment_count
     link_count
     raw_links
diff --git a/app/models/post_analyzer.rb b/app/models/post_analyzer.rb
index 941c7f5..e56d1f7 100644
--- a/app/models/post_analyzer.rb
+++ b/app/models/post_analyzer.rb
@@ -47,10 +47,11 @@ class PostAnalyzer
   end
 
   # How many images are present in the post
-  def image_count
+  def embedded_media_count
     return 0 unless @raw.present?
 
-    cooked_stripped.css("img").reject do |t|
+    # TODO - do we need to look for tags other than img, video and audio?
+    cooked_stripped.css("img", "video", "audio").reject do |t|
       if dom_class = t["class"]
         (Post.allowed_image_classes & dom_class.split).count > 0
       end
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 65afb84..bef10ef 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -306,11 +306,11 @@ en:
   too_many_mentions_newuser:
     one: "Sorry, new users can only mention one other user in a post."
     other: "Sorry, new users can only mention %{count} users in a post."
-  no_images_allowed_trust: "Sorry, you can't put images in a post"
-  no_images_allowed: "Sorry, new users can't put images in posts."
-  too_many_images:
-    one: "Sorry, new users can only put one image in a post."
-    other: "Sorry, new users can only put %{count} images in a post."
+  no_embedded_media_allowed_trust: "Sorry, you can't embed media items in a post."
+  no_embedded_media_allowed: "Sorry, new users can't embed media items in posts."
+  too_many_embedded_media:
+    one: "Sorry, new users can only put one embedded media item in a post."
+    other: "Sorry, new users can only put %{count} embedded media items in a post."
   no_attachments_allowed: "Sorry, new users can't put attachments in posts."
   too_many_attachments:
     one: "Sorry, new users can only put one attachment in a post."
@@ -1802,12 +1802,12 @@ en:
     min_trust_to_send_messages: "The minimum trust level required to create new personal messages."
     min_trust_to_flag_posts: "The minimum trust level required to flag posts"
     min_trust_to_post_links: "The minimum trust level required to include links in posts"
-    min_trust_to_post_images: "The minimum trust level required to include images in a post"
+    min_trust_to_post_embedded_media: "The minimum trust level required to embed media items in a post"
 
     allowed_link_domains: "Domains that users may link to even if they don't have the appropriate trust level to post links"
 
     newuser_max_links: "How many links a new user can add to a post."
-    newuser_max_images: "How many images a new user can add to a post."
+    newuser_max_embedded_media: "How many embedded media items a new user can add to a post."
     newuser_max_attachments: "How many attachments a new user can add to a post."
     newuser_max_mentions_per_post: "Maximum number of @name notifications a new user can use in a post."
     newuser_max_replies_per_topic: "Maximum number of replies a new user can make in a single topic until someone replies to them."
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 375834f..0ccf925 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -807,7 +807,7 @@ posting:
     default: ""
     type: list
   newuser_max_links: 2
-  newuser_max_images:
+  newuser_max_embedded_media:
     client: true
     default: 1
   newuser_max_attachments:
@@ -1359,7 +1359,7 @@ trust:
   min_trust_to_post_links:
     default: 0
     enum: "TrustLevelSetting"
-  min_trust_to_post_images:
+  min_trust_to_post_embedded_media:
     default: 0
     enum: "TrustLevelSetting"
   allow_flagging_staff: true
diff --git a/db/migrate/20200805163400_rename_post_image_site_settings.rb b/db/migrate/20200805163400_rename_post_image_site_settings.rb
new file mode 100644
index 0000000..d97752a
--- /dev/null
+++ b/db/migrate/20200805163400_rename_post_image_site_settings.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class RenamePostImageSiteSettings < ActiveRecord::Migration[6.0]
+  def up
+    execute "UPDATE site_settings SET name = 'newuser_max_embedded_media' WHERE name = 'newuser_max_images'"
+    execute "UPDATE user_histories SET subject = 'newuser_max_embedded_media' WHERE subject = 'newuser_max_images'"
+
+    execute "UPDATE site_settings SET name = 'min_trust_to_post_embedded_media' WHERE name = 'min_trust_to_post_images'"
+    execute "UPDATE user_histories SET subject = 'min_trust_to_post_embedded_media' WHERE subject = 'min_trust_to_post_images'"
+  end
+
+  def down
+    execute "UPDATE site_settings SET name = 'newuser_max_images' WHERE name = 'newuser_max_embedded_media'"
+    execute "UPDATE user_histories SET subject = 'newuser_max_images' WHERE subject = 'newuser_max_embedded_media'"
+
+    execute "UPDATE site_settings SET name = 'min_trust_to_post_images' WHERE name = 'min_trust_to_post_embedded_media'"
+    execute "UPDATE user_histories SET subject = 'min_trust_to_post_images' WHERE subject = 'min_trust_to_post_embedded_media'"
+  end
+end
diff --git a/lib/site_settings/deprecated_settings.rb b/lib/site_settings/deprecated_settings.rb
index a414c7e..a5bb6ed 100644
--- a/lib/site_settings/deprecated_settings.rb
+++ b/lib/site_settings/deprecated_settings.rb
@@ -6,7 +6,9 @@ module SiteSettings::DeprecatedSettings
   SETTINGS = [
     ['show_email_on_profile', 'moderators_view_emails', true, '2.4'],
     ['allow_moderators_to_create_categories', 'moderators_create_categories', true, '2.4'],
-    ['disable_edit_notifications', 'disable_system_edit_notifications', true, '2.4']
+    ['disable_edit_notifications', 'disable_system_edit_notifications', true, '2.4'],
+    ['newuser_max_images', 'newuser_max_embedded_media', true, '2.7'],
+    ['min_trust_to_post_images', 'min_trust_to_post_embedded_media', true, '2.7']
   ]
 
   def setup_deprecated_methods
diff --git a/lib/validators/post_validator.rb b/lib/validators/post_validator.rb
index 5b16002..8428bed 100644
--- a/lib/validators/post_validator.rb
+++ b/lib/validators/post_validator.rb
@@ -11,7 +11,7 @@ class PostValidator < ActiveModel::Validator
     post_body_validator(record)
     max_posts_validator(record)
     max_mention_validator(record)
-    max_images_validator(record)
+    max_embedded_media_validator(record)
     max_attachments_validator(record)
     can_post_links_validator(record)
     unique_post_validator(record)
@@ -72,25 +72,25 @@ class PostValidator < ActiveModel::Validator
     end
   end
 
-  # Ensure new users can not put too many images in a post
-  def max_images_validator(post)
+  # Ensure new users can not put too many media embeds (images, video, audio) in a post
+  def max_embedded_media_validator(post)
     return if post.acting_user.blank? || post.acting_user&.staff?
 
-    if post.acting_user.trust_level < TrustLevel[SiteSetting.min_trust_to_post_images]
+    if post.acting_user.trust_level < TrustLevel[SiteSetting.min_trust_to_post_embedded_media]
       add_error_if_count_exceeded(
         post,
-        :no_images_allowed_trust,
-        :no_images_allowed_trust,
-        post.image_count,
+        :no_embedded_media_allowed_trust,
+        :no_embedded_media_allowed_trust,
+        post.embedded_media_count,
         0
       )
     elsif post.acting_user.trust_level == TrustLevel[0]
       add_error_if_count_exceeded(
         post,
-        :no_images_allowed,
-        :too_many_images,
-        post.image_count,
-        SiteSetting.newuser_max_images
+        :no_embedded_media_allowed,
+        :too_many_embedded_media,
+        post.embedded_media_count,
+        SiteSetting.newuser_max_embedded_media
       )
     end
   end

[... diff too long, it was truncated ...]

GitHub sha: 3593e582

1 Like

This commit appears in #10391 which was approved by eviltrout. It was merged by jbrw.

This commit has been mentioned on Discourse Meta. There might be relevant details there:

https://meta.discourse.org/t/newuser-max-images-overrides-min-trust-post-images/156622/4