Merge branch 'tusooa/3154-attachment-type-check' into 'develop'
Restrict attachments to only uploaded files only Closes #3154 See merge request pleroma/pleroma!3923
This commit is contained in:
commit
819fccb7d1
1
changelog.d/attachment-type-check.fix
Normal file
1
changelog.d/attachment-type-check.fix
Normal file
@ -0,0 +1 @@
|
|||||||
|
Restrict attachments to only uploaded files only
|
@ -81,4 +81,6 @@ defmodule Pleroma.Constants do
|
|||||||
const(mime_regex,
|
const(mime_regex,
|
||||||
do: ~r/^[^[:cntrl:] ()<>@,;:\\"\/\[\]?=]+\/[^[:cntrl:] ()<>@,;:\\"\/\[\]?=]+(; .*)?$/
|
do: ~r/^[^[:cntrl:] ()<>@,;:\\"\/\[\]?=]+\/[^[:cntrl:] ()<>@,;:\\"\/\[\]?=]+(; .*)?$/
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const(upload_object_types, do: ["Document", "Image"])
|
||||||
end
|
end
|
||||||
|
@ -59,7 +59,12 @@ defmodule Pleroma.Web.CommonAPI.Utils do
|
|||||||
end
|
end
|
||||||
|
|
||||||
defp get_attachment(media_id) do
|
defp get_attachment(media_id) do
|
||||||
Repo.get(Object, media_id)
|
with %Object{data: data} = object <- Repo.get(Object, media_id),
|
||||||
|
%{"type" => type} when type in Pleroma.Constants.upload_object_types() <- data do
|
||||||
|
object
|
||||||
|
else
|
||||||
|
_ -> nil
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@spec get_to_and_cc(ActivityDraft.t()) :: {list(String.t()), list(String.t())}
|
@spec get_to_and_cc(ActivityDraft.t()) :: {list(String.t()), list(String.t())}
|
||||||
|
@ -592,7 +592,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
test "returns list attachments with desc" do
|
test "returns list attachments with desc" do
|
||||||
object = insert(:note)
|
object = insert(:attachment)
|
||||||
desc = Jason.encode!(%{object.id => "test-desc"})
|
desc = Jason.encode!(%{object.id => "test-desc"})
|
||||||
|
|
||||||
assert Utils.attachments_from_ids_descs(["#{object.id}", "34"], desc) == [
|
assert Utils.attachments_from_ids_descs(["#{object.id}", "34"], desc) == [
|
||||||
@ -603,7 +603,7 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
|
|||||||
|
|
||||||
describe "attachments_from_ids/1" do
|
describe "attachments_from_ids/1" do
|
||||||
test "returns attachments with descs" do
|
test "returns attachments with descs" do
|
||||||
object = insert(:note)
|
object = insert(:attachment)
|
||||||
desc = Jason.encode!(%{object.id => "test-desc"})
|
desc = Jason.encode!(%{object.id => "test-desc"})
|
||||||
|
|
||||||
assert Utils.attachments_from_ids(%{
|
assert Utils.attachments_from_ids(%{
|
||||||
@ -615,13 +615,18 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
|
|||||||
end
|
end
|
||||||
|
|
||||||
test "returns attachments without descs" do
|
test "returns attachments without descs" do
|
||||||
object = insert(:note)
|
object = insert(:attachment)
|
||||||
assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}) == [object.data]
|
assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}) == [object.data]
|
||||||
end
|
end
|
||||||
|
|
||||||
test "returns [] when not pass media_ids" do
|
test "returns [] when not pass media_ids" do
|
||||||
assert Utils.attachments_from_ids(%{}) == []
|
assert Utils.attachments_from_ids(%{}) == []
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "checks that the object is of upload type" do
|
||||||
|
object = insert(:note)
|
||||||
|
assert Utils.attachments_from_ids(%{media_ids: ["#{object.id}"]}) == []
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "maybe_add_list_data/3" do
|
describe "maybe_add_list_data/3" do
|
||||||
|
Loading…
Reference in New Issue
Block a user