projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'develop' into stable
[akkoma]
/
lib
/
pleroma
/
web
/
plugs
/
uploaded_media.ex
diff --git
a/lib/pleroma/web/plugs/uploaded_media.ex
b/lib/pleroma/web/plugs/uploaded_media.ex
index 402a8bb34c3d4b71f2decde632902601227c7041..72f20e8de16a332c5efda0ae8c9cbe59340c49a8 100644
(file)
--- a/
lib/pleroma/web/plugs/uploaded_media.ex
+++ b/
lib/pleroma/web/plugs/uploaded_media.ex
@@
-1,5
+1,5
@@
# Pleroma: A lightweight social networking server
# Pleroma: A lightweight social networking server
-# Copyright © 2017-202
0
Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-202
1
Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.UploadedMedia do
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.UploadedMedia do
@@
-35,7
+35,7
@@
defmodule Pleroma.Web.Plugs.UploadedMedia do
conn =
case fetch_query_params(conn) do
%{query_params: %{"name" => name}} = conn ->
conn =
case fetch_query_params(conn) do
%{query_params: %{"name" => name}} = conn ->
- name =
String.replace(name, "\"", "\\\""
)
+ name =
escape_header_value(name
)
put_resp_header(conn, "content-disposition", "filename=\"#{name}\"")
put_resp_header(conn, "content-disposition", "filename=\"#{name}\"")
@@
-47,10
+47,9
@@
defmodule Pleroma.Web.Plugs.UploadedMedia do
config = Pleroma.Config.get(Pleroma.Upload)
with uploader <- Keyword.fetch!(config, :uploader),
config = Pleroma.Config.get(Pleroma.Upload)
with uploader <- Keyword.fetch!(config, :uploader),
- proxy_remote = Keyword.get(config, :proxy_remote, false),
{:ok, get_method} <- uploader.get_file(file),
false <- media_is_banned(conn, get_method) do
{:ok, get_method} <- uploader.get_file(file),
false <- media_is_banned(conn, get_method) do
- get_media(conn, get_method,
proxy_remote,
opts)
+ get_media(conn, get_method, opts)
else
_ ->
conn
else
_ ->
conn
@@
-62,14
+61,14
@@
defmodule Pleroma.Web.Plugs.UploadedMedia do
def call(conn, _opts), do: conn
defp media_is_banned(%{request_path: path} = _conn, {:static_dir, _}) do
def call(conn, _opts), do: conn
defp media_is_banned(%{request_path: path} = _conn, {:static_dir, _}) do
- MediaProxy.in_banned_urls(Pleroma.
Web
.base_url() <> path)
+ MediaProxy.in_banned_urls(Pleroma.
Upload
.base_url() <> path)
end
defp media_is_banned(_, {:url, url}), do: MediaProxy.in_banned_urls(url)
defp media_is_banned(_, _), do: false
end
defp media_is_banned(_, {:url, url}), do: MediaProxy.in_banned_urls(url)
defp media_is_banned(_, _), do: false
- defp get_media(conn, {:static_dir, directory},
_,
opts) do
+ defp get_media(conn, {:static_dir, directory}, opts) do
static_opts =
Map.get(opts, :static_plug_opts)
|> Map.put(:at, [@path])
static_opts =
Map.get(opts, :static_plug_opts)
|> Map.put(:at, [@path])
@@
-86,22
+85,24
@@
defmodule Pleroma.Web.Plugs.UploadedMedia do
end
end
end
end
- defp get_media(conn, {:url, url}, true, _) do
- conn
- |> Pleroma.ReverseProxy.call(url, Pleroma.Config.get([Pleroma.Upload, :proxy_opts], []))
- end
-
- defp get_media(conn, {:url, url}, _, _) do
+ defp get_media(conn, {:url, url}, _) do
conn
|> Phoenix.Controller.redirect(external: url)
|> halt()
end
conn
|> Phoenix.Controller.redirect(external: url)
|> halt()
end
- defp get_media(conn, unknown, _
, _
) do
+ defp get_media(conn, unknown, _) do
Logger.error("#{__MODULE__}: Unknown get startegy: #{inspect(unknown)}")
conn
|> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
|> halt()
end
Logger.error("#{__MODULE__}: Unknown get startegy: #{inspect(unknown)}")
conn
|> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
|> halt()
end
+
+ defp escape_header_value(value) do
+ value
+ |> String.replace("\"", "\\\"")
+ |> String.replace("\\r", "")
+ |> String.replace("\\n", "")
+ end
end
end