Merge pull request 'Fix StealEmoji’s max size check' (#793) from Oneric/akkoma:emojistealer_contentlength into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/793
This commit is contained in:
commit
b03edb4ff4
3 changed files with 21 additions and 6 deletions
|
@ -101,10 +101,19 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp get_int_header(headers, header_name, default \\ nil) do
|
||||||
|
with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers),
|
||||||
|
{int, ""} <- Integer.parse(rawval) do
|
||||||
|
int
|
||||||
|
else
|
||||||
|
_ -> default
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
defp is_remote_size_within_limit?(url) do
|
defp is_remote_size_within_limit?(url) do
|
||||||
with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <-
|
with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <-
|
||||||
Pleroma.HTTP.request(:head, url, nil, [], []) do
|
Pleroma.HTTP.request(:head, url, nil, [], []) do
|
||||||
content_length = :proplists.get_value("content-length", headers, nil)
|
content_length = get_int_header(headers, "content-length")
|
||||||
size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
|
size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit)
|
||||||
|
|
||||||
accept_unknown =
|
accept_unknown =
|
||||||
|
@ -172,7 +181,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
|
||||||
description: <<_::272, _::_*256>>,
|
description: <<_::272, _::_*256>>,
|
||||||
key: :hosts | :rejected_shortcodes | :size_limit,
|
key: :hosts | :rejected_shortcodes | :size_limit,
|
||||||
suggestions: [any(), ...],
|
suggestions: [any(), ...],
|
||||||
type: {:list, :string} | {:list, :string} | :integer
|
type: {:list, :string} | {:list, :string} | :integer | :boolean
|
||||||
},
|
},
|
||||||
...
|
...
|
||||||
],
|
],
|
||||||
|
@ -209,6 +218,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
|
||||||
type: :integer,
|
type: :integer,
|
||||||
description: "File size limit (in bytes), checked before an emoji is saved to the disk",
|
description: "File size limit (in bytes), checked before an emoji is saved to the disk",
|
||||||
suggestions: ["100000"]
|
suggestions: ["100000"]
|
||||||
|
},
|
||||||
|
%{
|
||||||
|
key: :download_unknown_size,
|
||||||
|
type: :boolean,
|
||||||
|
description: "Whether to download emoji if size can't be determined ahead of time",
|
||||||
|
suggestions: [false, true]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -110,7 +110,7 @@ defmodule Pleroma.SignatureTest do
|
||||||
|
|
||||||
headers = %{
|
headers = %{
|
||||||
host: "test.test",
|
host: "test.test",
|
||||||
"content-length": 100
|
"content-length": "100"
|
||||||
}
|
}
|
||||||
|
|
||||||
assert_signature_equal(
|
assert_signature_equal(
|
||||||
|
@ -127,7 +127,7 @@ defmodule Pleroma.SignatureTest do
|
||||||
|
|
||||||
assert Signature.sign(
|
assert Signature.sign(
|
||||||
user,
|
user,
|
||||||
%{host: "test.test", "content-length": 100}
|
%{host: "test.test", "content-length": "100"}
|
||||||
) == {:error, []}
|
) == {:error, []}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -202,7 +202,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
|
||||||
|
|
||||||
test "reject too large content-size before download", %{message: message} do
|
test "reject too large content-size before download", %{message: message} do
|
||||||
clear_config([:mrf_steal_emoji, :download_unknown_size], false)
|
clear_config([:mrf_steal_emoji, :download_unknown_size], false)
|
||||||
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2 ** 30}])
|
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "#{2 ** 30}"}])
|
||||||
|
|
||||||
refute "firedfox" in installed()
|
refute "firedfox" in installed()
|
||||||
|
|
||||||
|
@ -216,7 +216,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicyTest do
|
||||||
|
|
||||||
test "accepts content-size below limit", %{message: message} do
|
test "accepts content-size below limit", %{message: message} do
|
||||||
clear_config([:mrf_steal_emoji, :download_unknown_size], false)
|
clear_config([:mrf_steal_emoji, :download_unknown_size], false)
|
||||||
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2}])
|
mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "2"}])
|
||||||
|
|
||||||
refute "firedfox" in installed()
|
refute "firedfox" in installed()
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue