Merge branch 'fix/escape-reserved-chars-in-filenames' into 'develop'

Properly escape reserved URI charachters in upload urls

Closes #700

See merge request pleroma/pleroma!905
This commit is contained in:
Haelwenn 2019-03-06 01:45:17 +00:00
commit 96901b6554
2 changed files with 9 additions and 6 deletions

View file

@ -85,6 +85,10 @@ defmodule Pleroma.Upload do
end end
end end
def char_unescaped?(char) do
URI.char_unreserved?(char) or char == ?/
end
defp get_opts(opts) do defp get_opts(opts) do
{size_limit, activity_type} = {size_limit, activity_type} =
case Keyword.get(opts, :type) do case Keyword.get(opts, :type) do
@ -218,9 +222,7 @@ defmodule Pleroma.Upload do
defp url_from_spec(base_url, {:file, path}) do defp url_from_spec(base_url, {:file, path}) do
path = path =
path path
|> URI.encode() |> URI.encode(&char_unescaped?/1)
|> String.replace("?", "%3F")
|> String.replace(":", "%3A")
[base_url, "media", path] [base_url, "media", path]
|> Path.join() |> Path.join()

View file

@ -153,19 +153,20 @@ defmodule Pleroma.UploadTest do
assert Path.basename(attachment_url["href"]) == "an%E2%80%A6%20image.jpg" assert Path.basename(attachment_url["href"]) == "an%E2%80%A6%20image.jpg"
end end
test "replaces : (colon) and ? (question-mark) to %3A and %3F (respectively)" do test "escapes reserved uri characters" do
File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg")
file = %Plug.Upload{ file = %Plug.Upload{
content_type: "image/jpg", content_type: "image/jpg",
path: Path.absname("test/fixtures/image_tmp.jpg"), path: Path.absname("test/fixtures/image_tmp.jpg"),
filename: "is:an?image.jpg" filename: ":?#[]@!$&\\'()*+,;=.jpg"
} }
{:ok, data} = Upload.store(file) {:ok, data} = Upload.store(file)
[attachment_url | _] = data["url"] [attachment_url | _] = data["url"]
assert Path.basename(attachment_url["href"]) == "is%3Aan%3Fimage.jpg" assert Path.basename(attachment_url["href"]) ==
"%3A%3F%23%5B%5D%40%21%24%26%5C%27%28%29%2A%2B%2C%3B%3D.jpg"
end end
end end
end end