diff options
| -rw-r--r-- | lib/pleroma/http/http.ex | 3 | ||||
| -rw-r--r-- | lib/pleroma/http/request_builder.ex | 7 | ||||
| -rw-r--r-- | lib/pleroma/upload.ex | 11 | ||||
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 10 | ||||
| -rw-r--r-- | lib/pleroma/web/websub/websub.ex | 6 | ||||
| -rw-r--r-- | lib/pleroma/web/websub/websub_controller.ex | 7 | ||||
| -rw-r--r-- | test/upload_test.exs | 30 |
7 files changed, 61 insertions, 13 deletions
diff --git a/lib/pleroma/http/http.ex b/lib/pleroma/http/http.ex index b8103cef6..75c58e6c9 100644 --- a/lib/pleroma/http/http.ex +++ b/lib/pleroma/http/http.ex @@ -31,12 +31,15 @@ defmodule Pleroma.HTTP do process_request_options(options) |> process_sni_options(url) + params = Keyword.get(options, :params, []) + %{} |> Builder.method(method) |> Builder.headers(headers) |> Builder.opts(options) |> Builder.url(url) |> Builder.add_param(:body, :body, body) + |> Builder.add_param(:query, :query, params) |> Enum.into([]) |> (&Tesla.request(Connection.new(), &1)).() end diff --git a/lib/pleroma/http/request_builder.ex b/lib/pleroma/http/request_builder.ex index bffc7c6fe..5f2cff2c0 100644 --- a/lib/pleroma/http/request_builder.ex +++ b/lib/pleroma/http/request_builder.ex @@ -100,6 +100,8 @@ defmodule Pleroma.HTTP.RequestBuilder do Map """ @spec add_param(map(), atom, atom, any()) :: map() + def add_param(request, :query, :query, values), do: Map.put(request, :query, values) + def add_param(request, :body, :body, value), do: Map.put(request, :body, value) def add_param(request, :body, key, value) do @@ -107,7 +109,10 @@ defmodule Pleroma.HTTP.RequestBuilder do |> Map.put_new_lazy(:body, &Tesla.Multipart.new/0) |> Map.update!( :body, - &Tesla.Multipart.add_field(&1, key, Poison.encode!(value), + &Tesla.Multipart.add_field( + &1, + key, + Jason.encode!(value), headers: [{:"Content-Type", "application/json"}] ) ) diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex index 0b1bdeec4..0a19e737b 100644 --- a/lib/pleroma/upload.ex +++ b/lib/pleroma/upload.ex @@ -34,8 +34,9 @@ defmodule Pleroma.Upload do require Logger @type source :: - Plug.Upload.t() | data_uri_string :: - String.t() | {:from_local, name :: String.t(), id :: String.t(), path :: String.t()} + Plug.Upload.t() + | (data_uri_string :: String.t()) + | {:from_local, name :: String.t(), id :: String.t(), path :: String.t()} @type option :: {:type, :avatar | :banner | :background} @@ -215,6 +216,12 @@ defmodule Pleroma.Upload do end defp url_from_spec(base_url, {:file, path}) do + path = + path + |> URI.encode() + |> String.replace("?", "%3F") + |> String.replace(":", "%3A") + [base_url, "media", path] |> Path.join() end diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index 9c1eb377f..5b87f7462 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -515,15 +515,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_reblogs(query, _), do: query - # Only search through last 100_000 activities by default - defp restrict_recent(query, %{"whole_db" => true}), do: query - - defp restrict_recent(query, _) do - since = (Repo.aggregate(Activity, :max, :id) || 0) - 100_000 - - from(activity in query, where: activity.id > ^since) - end - defp restrict_blocked(query, %{"blocking_user" => %User{info: info}}) do blocks = info.blocks || [] domain_blocks = info.domain_blocks || [] @@ -574,7 +565,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> restrict_actor(opts) |> restrict_type(opts) |> restrict_favorited_by(opts) - |> restrict_recent(opts) |> restrict_blocked(opts) |> restrict_media(opts) |> restrict_visibility(opts) diff --git a/lib/pleroma/web/websub/websub.ex b/lib/pleroma/web/websub/websub.ex index 3a287edd9..7ca62c83b 100644 --- a/lib/pleroma/web/websub/websub.ex +++ b/lib/pleroma/web/websub/websub.ex @@ -121,6 +121,12 @@ defmodule Pleroma.Web.Websub do end end + def incoming_subscription_request(user, params) do + Logger.info("Unhandled WebSub request for #{user.nickname}: #{inspect(params)}") + + {:error, "Invalid WebSub request"} + end + defp get_subscription(topic, callback) do Repo.get_by(WebsubServerSubscription, topic: topic, callback: callback) || %WebsubServerSubscription{} diff --git a/lib/pleroma/web/websub/websub_controller.ex b/lib/pleroma/web/websub/websub_controller.ex index 27304d988..e58f144e5 100644 --- a/lib/pleroma/web/websub/websub_controller.ex +++ b/lib/pleroma/web/websub/websub_controller.ex @@ -67,6 +67,13 @@ defmodule Pleroma.Web.Websub.WebsubController do end end + def websub_subscription_confirmation(conn, params) do + Logger.info("Invalid WebSub confirmation request: #{inspect(params)}") + + conn + |> send_resp(500, "Invalid parameters") + end + def websub_incoming(conn, %{"id" => id}) do with "sha1=" <> signature <- hd(get_req_header(conn, "x-hub-signature")), signature <- String.downcase(signature), diff --git a/test/upload_test.exs b/test/upload_test.exs index d4ea3a573..b2d9eca38 100644 --- a/test/upload_test.exs +++ b/test/upload_test.exs @@ -137,5 +137,35 @@ defmodule Pleroma.UploadTest do refute data["name"] == "an [image.jpg" end + + test "escapes invalid characters in url" do + File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image_tmp.jpg"), + filename: "an… image.jpg" + } + + {:ok, data} = Upload.store(file) + [attachment_url | _] = data["url"] + + assert Path.basename(attachment_url["href"]) == "an%E2%80%A6%20image.jpg" + end + + test "replaces : (colon) and ? (question-mark) to %3A and %3F (respectively)" do + File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg") + + file = %Plug.Upload{ + content_type: "image/jpg", + path: Path.absname("test/fixtures/image_tmp.jpg"), + filename: "is:an?image.jpg" + } + + {:ok, data} = Upload.store(file) + [attachment_url | _] = data["url"] + + assert Path.basename(attachment_url["href"]) == "is%3Aan%3Fimage.jpg" + end end end |