X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmedia_proxy%2Fmedia_proxy_controller.ex;h=4657a4383563802f19fef4a25730ac6e121ebf82;hb=ae3b0b4c0d67753696f46c5a01ecdecb10104a4e;hp=1e9520d462c36fc29da22698e87fc533db0f237b;hpb=64a946643e6f9159a8029be8ec9e0b71b04906f3;p=akkoma
diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
index 1e9520d46..4657a4383 100644
--- a/lib/pleroma/web/media_proxy/media_proxy_controller.ex
+++ b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
@@ -1,9 +1,10 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MediaProxy.MediaProxyController do
use Pleroma.Web, :controller
+
alias Pleroma.ReverseProxy
alias Pleroma.Web.MediaProxy
@@ -30,7 +31,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
def filename_matches(%{"filename" => _} = _, path, url) do
filename = MediaProxy.filename(url)
- if filename && Path.basename(path) != filename do
+ if filename && does_not_match(path, filename) do
{:wrong_filename, filename}
else
:ok
@@ -38,4 +39,9 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
end
def filename_matches(_, _, _), do: :ok
+
+ defp does_not_match(path, filename) do
+ basename = Path.basename(path)
+ basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename
+ end
end