utils: fix another possible leak with private S3 backends using mediaproxy

author William Pitcock <nenolod@dereferenced.org>

Mon, 29 Oct 2018 17:26:15 +0000 (17:26 +0000)

committer William Pitcock <nenolod@dereferenced.org>

Mon, 29 Oct 2018 17:26:15 +0000 (17:26 +0000)
author William Pitcock <nenolod@dereferenced.org>
Mon, 29 Oct 2018 17:26:15 +0000 (17:26 +0000)
committer William Pitcock <nenolod@dereferenced.org>
Mon, 29 Oct 2018 17:26:15 +0000 (17:26 +0000)
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex

index 4cbbd0c7df6bee3a229f23ab7b15200833125b70..ed1fe1ad9dda979d1ba9098eb128c6b4c805239f 100644 (file)
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
    alias Pleroma.{Repo, Object, Formatter, Activity}
    alias Pleroma.Web.ActivityPub.Utils
    alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.MediaProxy
    alias Pleroma.User
    alias Calendar.Strftime
    alias Comeonin.Pbkdf2
@@ -90,6 +91,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
        Enum.map(attachments, fn
          %{"url" => [%{"href" => href} | _]} ->
            name = URI.decode(Path.basename(href))
+          href = MediaProxy.url(href)
            "<a href=\"#{href}\" class='attachment'>#{shortname(name)}</a>"
  
          _ ->
author	William Pitcock <nenolod@dereferenced.org>
	Mon, 29 Oct 2018 17:26:15 +0000 (17:26 +0000)
committer	William Pitcock <nenolod@dereferenced.org>
	Mon, 29 Oct 2018 17:26:15 +0000 (17:26 +0000)