Merge branch 'bugfix/mediaproxy-leaks-2-electric-boogaloo' into 'develop'

utils: fix another possible leak with private S3 backends using mediaproxy

See merge request pleroma/pleroma!402
This commit is contained in:
kaniini 2018-10-29 17:33:20 +00:00
commit f61acdc5b4

View file

@ -2,6 +2,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
alias Pleroma.{Repo, Object, Formatter, Activity} alias Pleroma.{Repo, Object, Formatter, Activity}
alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.Endpoint alias Pleroma.Web.Endpoint
alias Pleroma.Web.MediaProxy
alias Pleroma.User alias Pleroma.User
alias Calendar.Strftime alias Calendar.Strftime
alias Comeonin.Pbkdf2 alias Comeonin.Pbkdf2
@ -90,6 +91,7 @@ def add_attachments(text, attachments) do
Enum.map(attachments, fn Enum.map(attachments, fn
%{"url" => [%{"href" => href} | _]} -> %{"url" => [%{"href" => href} | _]} ->
name = URI.decode(Path.basename(href)) name = URI.decode(Path.basename(href))
href = MediaProxy.url(href)
"<a href=\"#{href}\" class='attachment'>#{shortname(name)}</a>" "<a href=\"#{href}\" class='attachment'>#{shortname(name)}</a>"
_ -> _ ->