diff options
| author | William Pitcock <nenolod@dereferenced.org> | 2018-10-29 16:36:51 +0000 |
|---|---|---|
| committer | William Pitcock <nenolod@dereferenced.org> | 2018-10-29 16:43:05 +0000 |
| commit | e12489e2fee6d757e432aadf2c49dbd10c70eef2 (patch) | |
| tree | d336809b0d7572a56f88f478694aa29004ac8a18 | |
| parent | 167d3789a5a334859dfb9bf1612bdfc993032667 (diff) | |
| download | pleroma-e12489e2fee6d757e432aadf2c49dbd10c70eef2.tar.gz | |
twitter api: enforce upload limits for avatars, banners and backgrounds
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api_controller.ex | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index 4fc32b50c..7153a2bd6 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -263,7 +263,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def update_avatar(%{assigns: %{user: user}} = conn, params) do - {:ok, object} = ActivityPub.upload(params) + upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:avatar_upload_limit) + + {:ok, object} = ActivityPub.upload(params, upload_limit) change = Changeset.change(user, %{avatar: object.data}) {:ok, user} = User.update_and_set_cache(change) CommonAPI.update(user) @@ -272,7 +276,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def update_banner(%{assigns: %{user: user}} = conn, params) do - with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}), + upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:banner_upload_limit) + + with {:ok, object} <- ActivityPub.upload(%{"img" => params["banner"]}, upload_limit), new_info <- Map.put(user.info, "banner", object.data), change <- User.info_changeset(user, %{info: new_info}), {:ok, user} <- User.update_and_set_cache(change) do @@ -286,7 +294,11 @@ defmodule Pleroma.Web.TwitterAPI.Controller do end def update_background(%{assigns: %{user: user}} = conn, params) do - with {:ok, object} <- ActivityPub.upload(params), + upload_limit = + Application.get_env(:pleroma, :instance) + |> Keyword.fetch(:background_upload_limit) + + with {:ok, object} <- ActivityPub.upload(params, upload_limit), new_info <- Map.put(user.info, "background", object.data), change <- User.info_changeset(user, %{info: new_info}), {:ok, _user} <- User.update_and_set_cache(change) do |