Discourse Signatures

プラグイン
,
187

Am I crazy here or is there no validation on the user input signature image URL at all?
Basically a user can input whatever they want and it will be pushed to other users?

Also, why is the URL signature db size set to 32_000?
Why would anyone need 32000 characters for a URL to an image?

Spooky :ghost:

I modified the css to this in order to hard code a max height and width;

.signature-img {
  max-width: 600px;
  max-height: 100px;
  width: auto;
  height: auto;
  display: block;
  margin: 5px 0;
}

I changed signature URL max size to 250 in plugin.rb

  register_user_custom_field_type("signature_url", :string, max_length: 250)
  register_user_custom_field_type("signature_raw", :string, max_length: 250)

I added this to the bottom of “on(:user_updated) do |user|” in plugin.rb (I won’t be using advanced mode)

    # Validate the URL if not in advanced mode
    if !SiteSetting.signatures_advanced_mode && user.custom_fields["signature_url"]
      url = user.custom_fields["signature_url"]

      # Strict validation: only HTTPS, only certain image file types
      unless url =~ /\Ahttps:\/\/[a-zA-Z0-9.\-\/_]+\.(png|jpe?g|gif|webp)(\?[a-zA-Z0-9=&]+)?\z/
        Rails.logger.warn("[discourse-signatures] Rejected invalid signature_url for user #{user.id}: #{url.inspect}")
        user.custom_fields["signature_url"] = nil
        user.save
      end
    end

If I’m doing anything wrong here (Never worked with Discourse before), please correct it and show me the right way to do it.

「いいね!」 1
188

Because 250 is not enough…

This is the whole idea of a signature. Same thing goes for a forum, people input stuff and other people get to see it. Crazy world huh?

「いいね!」 5
190

When Discourse is upgraded to 3.5.0.beta8 (3.5.0.beta9-dev is also a problem), it is found that the user edited the signature and cannot save it (although it shows saved but does not take effect), it is still normal on 3.5.0.beta7. Hope to fix it soon, as many plugins from beta7 to beta8 are built-in.

「いいね!」 2
192

We have a specific use case for signatures and I’m wondering if it would be relatively easy to make some changes.

  1. I agree that I’d like to see sigs for only specific groups in the UI, I’m not good with CSS.
  2. We are using our Discourse as both a community, and as a support ticket system. Is there any way that we could get a setting to “Only display signatures in X categories.”

We really only need them in our support section where most of our interactions are done via e-mail.

「いいね!」 2
193

Turns out this plugin doesn’t work for our need.

The signatures are appended in the post just fine, but they’re not sent as part of an e-mail reply and that’s the whole point of using it in our case.

Is this something that the plugin can be altered to do?

forum-sig
forum-sig666×468 39.8 KB

email-sig
email-sig556×380 35.5 KB

「いいね!」 1
194

I second that, Signatures are unable to be saved from user profile preferences in Discourse v.3.5.0. Does anyone experience the same behavior?

195

Do your emails send the full announcement or the truncated version?

Regardless, my hunch is that the signature injections are after the post is cooked, but the email only sends the raw content, so it doesn’t make it across.

196

Yes, the e-mails are the full posts.
I agree, the sig is outside of the post content itself.
That’s why when you change your sig it’s updated on existing posts.

I’d love it if that changed, but until then I just have to retype it on each post.