# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MediaProxy.MediaProxyController do
use Pleroma.Web, :controller
+
alias Pleroma.ReverseProxy
alias Pleroma.Web.MediaProxy
def filename_matches(%{"filename" => _} = _, path, url) do
filename = MediaProxy.filename(url)
- if filename && Path.basename(path) != filename do
+ if filename && does_not_match(path, filename) do
{:wrong_filename, filename}
else
:ok
end
def filename_matches(_, _, _), do: :ok
+
+ defp does_not_match(path, filename) do
+ basename = Path.basename(path)
+ basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename
+ end
end