Merge branch 'bugfix/mediaproxy-leaks-2-electric-boogaloo' into 'develop'

utils: fix another possible leak with private S3 backends using mediaproxy See merge request pleroma/pleroma!402
author: kaniini <nenolod@gmail.com> 2018-10-29 17:33:20 +0000
committer: kaniini <nenolod@gmail.com> 2018-10-29 17:33:20 +0000
commit: f61acdc5b41a8d05401c5d24d589f35ba1b573de (patch)
tree: 3cb43d893b4d7c03363096eaf71ce2cec8f84a1f
parent: fbbc5fc91970b2dccb2888e343cad42de8a157bb (diff)
parent: 784b3a615d57e7b77b1ec2cafe27ae59281cbc6b (diff)
download: pleroma-f61acdc5b41a8d05401c5d24d589f35ba1b573de.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index 4cbbd0c7d..ed1fe1ad9 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
   alias Pleroma.{Repo, Object, Formatter, Activity}
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.MediaProxy
   alias Pleroma.User
   alias Calendar.Strftime
   alias Comeonin.Pbkdf2
@@ -90,6 +91,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       Enum.map(attachments, fn
         %{"url" => [%{"href" => href} | _]} ->
           name = URI.decode(Path.basename(href))
+          href = MediaProxy.url(href)
           "<a href=\"#{href}\" class='attachment'>#{shortname(name)}</a>"
 
         _ ->
author	kaniini <nenolod@gmail.com>	2018-10-29 17:33:20 +0000
committer	kaniini <nenolod@gmail.com>	2018-10-29 17:33:20 +0000
commit	f61acdc5b41a8d05401c5d24d589f35ba1b573de (patch)
tree	3cb43d893b4d7c03363096eaf71ce2cec8f84a1f
parent	fbbc5fc91970b2dccb2888e343cad42de8a157bb (diff)
parent	784b3a615d57e7b77b1ec2cafe27ae59281cbc6b (diff)
download	pleroma-f61acdc5b41a8d05401c5d24d589f35ba1b573de.tar.gz