end
def filename_matches(has_filename, path, url) do
- filename = MediaProxy.filename(url)
+ filename =
+ url
+ |> MediaProxy.filename()
+ |> URI.decode()
+
+ path = URI.decode(path)
cond do
has_filename && filename && Path.basename(path) != filename -> {:wrong_filename, filename}
url
else
secret = Application.get_env(:pleroma, Pleroma.Web.Endpoint)[:secret_key_base]
- base64 = Base.url_encode64(url, @base64_opts)
+
+ # The URL is url-decoded and encoded again to ensure it is correctly encoded and not twice.
+ base64 =
+ url
+ |> URI.decode()
+ |> URI.encode()
+ |> Base.url_encode64(@base64_opts)
+
sig = :crypto.hmac(:sha, secret, base64)
sig64 = sig |> Base.url_encode64(@base64_opts)
defmodule Pleroma.MediaProxyTest do
use ExUnit.Case
import Pleroma.Web.MediaProxy
+ alias Pleroma.Web.MediaProxy.MediaProxyController
describe "when enabled" do
setup do
assert decode_result(encoded) == url
end
+ test "ensures urls are url-encoded" do
+ assert decode_result(url("https://pleroma.social/Hello world.jpg")) ==
+ "https://pleroma.social/Hello%20world.jpg"
+
+ assert decode_result(url("https://pleroma.social/Hello%20world.jpg")) ==
+ "https://pleroma.social/Hello%20world.jpg"
+ end
+
test "validates signature" do
secret_key_base = Pleroma.Config.get([Pleroma.Web.Endpoint, :secret_key_base])
assert decode_url(sig, base64) == {:error, :invalid_signature}
end
+ test "filename_matches matches url encoded paths" do
+ assert MediaProxyController.filename_matches(
+ true,
+ "/Hello%20world.jpg",
+ "http://pleroma.social/Hello world.jpg"
+ ) == :ok
+
+ assert MediaProxyController.filename_matches(
+ true,
+ "/Hello%20world.jpg",
+ "http://pleroma.social/Hello%20world.jpg"
+ ) == :ok
+ end
+
+ test "filename_matches matches non-url encoded paths" do
+ assert MediaProxyController.filename_matches(
+ true,
+ "/Hello world.jpg",
+ "http://pleroma.social/Hello%20world.jpg"
+ ) == :ok
+
+ assert MediaProxyController.filename_matches(
+ true,
+ "/Hello world.jpg",
+ "http://pleroma.social/Hello world.jpg"
+ ) == :ok
+ end
+
test "uses the configured base_url" do
base_url = Pleroma.Config.get([:media_proxy, :base_url])
projects / akkoma / commitdiff