Oneric
0ec62acb9d
Always insert Dedupe upload filter
...
This actually was already intended before to eradict all future
path-traversal-style exploits and to fix issues with some
characters like akkoma#610 in 0b2ec0ccee
. However, Dedupe and
AnonymizeFilename got mixed up. The latter only anonymises the name
in Content-Disposition headers GET parameters (with link_name),
_not_ the upload path.
Even without Dedupe, the upload path is prefixed by an UUID,
so it _should_ already be hard to guess for attackers. But now
we actually can be sure no path shenanigangs occur, uploads
reliably work and save some disk space.
While this makes the final path predictable, this prediction is
not exploitable. Insertion of a back-reference to the upload
itself requires pulling off a successfull preimage attack against
SHA-256, which is deemed infeasible for the foreseeable futures.
Dedupe was already included in the default list in config.exs
since 28cfb2c37a
, but this will get overridde by whatever the
config generated by the "pleroma.instance gen" task chose.
Upload+delete tests running in parallel using Dedupe might be flaky, but
this was already true before and needs its own commit to fix eventually.
2024-03-18 22:33:10 -01:00
Oneric
fef773ca35
Drop media base_url default and recommend different domain
...
Same-domain setups enabled now at least two exploits,
so they ought to be discouraged and definitely not be the default.
2024-03-18 22:33:10 -01:00
FloatingGhost
0b2ec0ccee
Enable AnonymizeFilenames on all uploads
2023-08-04 15:37:15 +01:00
ilja
6c396fcab4
Remove "default" image description
...
When no image description is filled in, Pleroma allowed fallbacks.
Those were (based on a setting) either the filename, or a fixed description.
Neither are good options for image descriptions imo, so here we remove this.
Note that there's two tests removed who supposedly tested something else.
But examining closer, they didn't seem to test what they claimed to test,
so I removed them rather than try to "fix" them.
2023-03-12 08:42:33 +01:00
floatingghost
07a48b9293
giant massive dep upgrade and dialyxir-found error emporium ( #371 )
...
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/371
2022-12-14 12:38:48 +00:00
floatingghost
2641dcdd15
Post editing ( #202 )
...
Rebased from #103
Co-authored-by: Tusooa Zhu <tusooa@kazv.moe>
Co-authored-by: FloatingGhost <hannah@coffee-and-dreams.uk>
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/202
2022-09-06 19:24:02 +00:00
Alex Gleason
f2134e605b
Merge remote-tracking branch 'pleroma/develop' into cycles-base-url
2021-05-31 16:49:46 -05:00
Alex Gleason
51a9f97e87
Deprecate Pleroma.Web.base_url/0
...
Use Pleroma.Web.Endpoint.url/0 directly instead. Reduces compiler cycles.
2021-05-31 16:48:03 -05:00
Alex Gleason
543e9402d6
Support blurhash
2021-05-14 09:07:16 -05:00
Alex Gleason
ab9eabdf20
Add SetMeta filter to store uploaded image sizes
2021-05-12 15:07:31 -05:00
feld
2926713fe5
Merge branch 'deprecate-public_endpoint' into 'develop'
...
Deprecate Uploaders.S3, :public_endpoint
See merge request pleroma/pleroma!3251
2021-01-20 22:48:48 +00:00
Mark Felder
f0ab60189e
truncated_namespace should default to nil
2021-01-13 11:54:00 -06:00
Haelwenn (lanodan) Monnier
c4439c630f
Bump Copyright to 2021
...
grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/ >;'
2021-01-13 07:49:50 +01:00
Mark Felder
c35e6fb516
Provide a non-nil fallback for Upload.base_url/0 for tests using TestUploaderSuccess as the uploader
2021-01-12 16:34:24 -06:00
Mark Felder
12528edc34
Fix another ad-hoc construction of the upload base_url
2021-01-12 16:32:52 -06:00
feld
fa63f1b55b
Apply 4 suggestion(s) to 2 file(s)
2021-01-10 01:34:54 +00:00
Mark Felder
e8bf060e6e
Move construction of S3 base URL with optional namespace and bucket to Upload.base_url/0
...
Now we should have a correct base URL for S3 hosted objects throughout the codebase.
2021-01-08 17:32:42 -06:00
Mark Felder
530fb5b29e
Avoid duplicate Config calls
2021-01-08 17:32:42 -06:00
Mark Felder
ad79983614
Fix URL generated for backup files, try to create a source of truth we can reuse throughout the codebase
2021-01-08 17:32:42 -06:00
Mark Felder
55562ca936
Merge branch 'develop' into feature/gen-magic
2020-09-10 16:05:22 -05:00
lain
aabc26a573
Pleroma.Upload: Set default upload name / description based on config.
2020-08-18 13:21:30 +02:00
lain
af7720237b
Upload: Restrict description length
2020-07-06 11:08:13 +02:00
href
f124f68205
Switch from gen_magic to majic, use Majic.Plug, remove Pleroma.MIME
2020-06-16 15:27:27 +02:00
lain
cc0d462e91
Attachments: Have the mediaType on the root, too.
2020-05-21 15:08:56 +02:00
Egor Kislitsyn
6802dc28ba
Add OpenAPI spec for PleromaAPI.AccountController
2020-05-13 19:06:46 +04:00
Mark Felder
05da5f5cca
Update Copyrights
2020-03-03 16:44:49 -06:00
Alexander Strizhakov
32d1e04817
ActivityPub actions & side-effects in transaction
2020-03-01 12:01:39 +03:00
Haelwenn (lanodan) Monnier
3c6fd0bb99
upload.ex: Remove deprecated configuration
2019-10-18 12:34:09 +02:00
feld
84fca14c3c
Do not prepend /media/ when using base_url
...
This ensures admin has full control over the path where media resides.
2019-07-24 15:35:25 +00:00
Haelwenn (lanodan) Monnier
69a5074893
Remove H1 in @moduledoc
2019-05-06 04:53:12 +02:00
rinpatch
e2fe796c63
Add some tests
2019-03-14 22:02:48 +03:00
rinpatch
5a73cae2be
WIP: Stop mangling filenames
2019-03-12 09:10:19 +03:00
rinpatch
4263edc9c9
Properly escape reserved URI charachters in upload urls
2019-03-05 18:09:23 +03:00
Haelwenn (lanodan) Monnier
106f4e7a0f
Credo fixes: parameter consistency
2019-02-09 14:59:20 +01:00
Mark Felder
0c08bd4181
Update Mogrify docs and warning for deprecated syntax to encourage
...
users to enable both strip and auto-orient
2019-02-03 16:39:42 +00:00
lambda
646bb87816
Merge branch 'fix/elixir-1-8-type-annotation' into 'develop'
...
Fix Elixir 1.8 type annotation issue
Closes #523
See merge request pleroma/pleroma!668
2019-01-15 08:51:59 +00:00
Haelwenn (lanodan) Monnier
9fcdca1bdc
Upload: Fix uploading with a : in the filename
2019-01-15 07:57:48 +01:00
Haelwenn (lanodan) Monnier
e3eb75bd23
Upload: Fix uploading with a ? in the filename
2019-01-15 07:40:39 +01:00
Maxim Filippov
e8eff9fe03
Fix Elixir 1.8 type annotation issue
2019-01-15 02:58:48 +02:00
Shadowfacts
42b7584068
URI escape file upload URLs
2019-01-14 11:31:44 -05:00
William Pitcock
980b5288ed
update copyright years to 2019
2018-12-31 15:41:47 +00:00
William Pitcock
2791ce9a1f
add license boilerplate to pleroma core
2018-12-23 20:56:42 +00:00
Maksim Pechnikov
e94c3442f4
updates
2018-12-10 13:27:37 +03:00
Maksim Pechnikov
074fa790ba
fix compile warnings
2018-12-09 20:50:08 +03:00
href
65e7307d68
Upload: bring back base_url
2018-11-30 18:02:50 +01:00
href
5d92431350
Fix deprecation warnings
2018-11-30 18:02:50 +01:00
href
02d3dc6869
Uploads fun, part. 2
2018-11-30 18:02:37 +01:00
href
b19597f602
reverse proxy / uploads
2018-11-30 18:00:47 +01:00
rinpatch
0d229613df
Fix lint error
2018-11-27 19:07:58 +03:00
rinpatch
7f20a3cf1f
Add Theora detection to upload.ex
2018-11-27 17:51:02 +03:00