fix validate_url for private ip

author: Maksim Pechnikov <parallel588@gmail.com> 2019-06-25 15:52:53 +0300
committer: Maksim Pechnikov <parallel588@gmail.com> 2019-06-25 17:44:24 +0300
commit: 0276cf5a02f555938a7a3e71b6ab24228b1a5fda (patch)
tree: c0a070fc9789398de4852b5bf1471791b9734c84 /lib/pleroma/web
parent: d80859731e50393851e6026ad301ed20d2b0db2a (diff)
download: pleroma-0276cf5a02f555938a7a3e71b6ab24228b1a5fda.tar.gz
1 files changed, 12 insertions, 4 deletions
diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex
index 94f56f70d..473ff800f 100644
--- a/lib/pleroma/web/rich_media/helpers.ex
+++ b/lib/pleroma/web/rich_media/helpers.ex
@@ -8,13 +8,21 @@ defmodule Pleroma.Web.RichMedia.Helpers do
   alias Pleroma.Object
   alias Pleroma.Web.RichMedia.Parser
 
+  @private_ip_regexp ~r/(127\.)|(10\.\d+\.\d+.\d+)|(192\.168\.)
+  |(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(localhost)/
+
   defp validate_page_url(page_url) when is_binary(page_url) do
     validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld]
 
-    if AutoLinker.Parser.url?(page_url, scheme: true, validate_tld: validate_tld) do
-      URI.parse(page_url) |> validate_page_url
-    else
-      :error
+    cond do
+      Regex.match?(@private_ip_regexp, page_url) ->
+        :error
+
+      AutoLinker.Parser.url?(page_url, scheme: true, validate_tld: validate_tld) ->
+        URI.parse(page_url) |> validate_page_url
+
+      true ->
+        :error
     end
   end
author	Maksim Pechnikov <parallel588@gmail.com>	2019-06-25 15:52:53 +0300
committer	Maksim Pechnikov <parallel588@gmail.com>	2019-06-25 17:44:24 +0300
commit	0276cf5a02f555938a7a3e71b6ab24228b1a5fda (patch)
tree	c0a070fc9789398de4852b5bf1471791b9734c84 /lib/pleroma/web
parent	d80859731e50393851e6026ad301ed20d2b0db2a (diff)
download	pleroma-0276cf5a02f555938a7a3e71b6ab24228b1a5fda.tar.gz