diff options
Diffstat (limited to 'lib/pleroma/web')
| -rw-r--r-- | lib/pleroma/web/activity_pub/transmogrifier.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/common_api/common_api.ex | 11 | ||||
| -rw-r--r-- | lib/pleroma/web/endpoint.ex | 12 | ||||
| -rw-r--r-- | lib/pleroma/web/metadata/utils.ex | 2 | ||||
| -rw-r--r-- | lib/pleroma/web/streamer/worker.ex | 3 |
5 files changed, 19 insertions, 11 deletions
diff --git a/lib/pleroma/web/activity_pub/transmogrifier.ex b/lib/pleroma/web/activity_pub/transmogrifier.ex index 1c67fee2e..e925aae2f 100644 --- a/lib/pleroma/web/activity_pub/transmogrifier.ex +++ b/lib/pleroma/web/activity_pub/transmogrifier.ex @@ -416,7 +416,7 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier do def handle_incoming(%{"id" => nil}, _options), do: :error def handle_incoming(%{"id" => ""}, _options), do: :error # length of https:// = 8, should validate better, but good enough for now. - def handle_incoming(%{"id" => id}, _options) when not (is_binary(id) and length(id) > 8), + def handle_incoming(%{"id" => id}, _options) when is_binary(id) and byte_size(id) < 8, do: :error # TODO: validate those with a Ecto scheme diff --git a/lib/pleroma/web/common_api/common_api.ex b/lib/pleroma/web/common_api/common_api.ex index 184ec6021..01ed7b16f 100644 --- a/lib/pleroma/web/common_api/common_api.ex +++ b/lib/pleroma/web/common_api/common_api.ex @@ -328,15 +328,10 @@ defmodule Pleroma.Web.CommonAPI do def pin(id_or_ap_id, %{ap_id: user_ap_id} = user) do with %Activity{ actor: ^user_ap_id, - data: %{ - "type" => "Create" - }, - object: %Object{ - data: %{ - "type" => "Note" - } - } + data: %{"type" => "Create"}, + object: %Object{data: %{"type" => object_type}} } = activity <- get_by_id_or_ap_id(id_or_ap_id), + true <- object_type in ["Note", "Article", "Question"], true <- Visibility.is_public?(activity), %{valid?: true} = info_changeset <- User.Info.add_pinnned_activity(user.info, activity), changeset <- diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex index f0abc8eb8..51c8401ae 100644 --- a/lib/pleroma/web/endpoint.ex +++ b/lib/pleroma/web/endpoint.ex @@ -61,7 +61,17 @@ defmodule Pleroma.Web.Endpoint do plug(Plug.RequestId) plug(Plug.Logger) - plug(Pleroma.Plugs.Parsers) + plug(Plug.Parsers, + parsers: [ + :urlencoded, + {:multipart, length: {Pleroma.Config, :get, [[:instance, :upload_limit]]}}, + :json + ], + pass: ["*/*"], + json_decoder: Jason, + length: Pleroma.Config.get([:instance, :upload_limit]), + body_reader: {Pleroma.Web.Plugs.DigestPlug, :read_body, []} + ) plug(Plug.MethodOverride) plug(Plug.Head) diff --git a/lib/pleroma/web/metadata/utils.ex b/lib/pleroma/web/metadata/utils.ex index 720bd4519..e1ad402bc 100644 --- a/lib/pleroma/web/metadata/utils.ex +++ b/lib/pleroma/web/metadata/utils.ex @@ -14,6 +14,7 @@ defmodule Pleroma.Web.Metadata.Utils do |> String.replace(~r/<br\s?\/?>/, " ") |> HTML.get_cached_stripped_html_for_activity(object, "metadata") |> Formatter.demojify() + |> HtmlEntities.decode() |> Formatter.truncate() end @@ -24,6 +25,7 @@ defmodule Pleroma.Web.Metadata.Utils do |> String.replace(~r/<br\s?\/?>/, " ") |> HTML.strip_tags() |> Formatter.demojify() + |> HtmlEntities.decode() |> Formatter.truncate(max_length) end diff --git a/lib/pleroma/web/streamer/worker.ex b/lib/pleroma/web/streamer/worker.ex index da7a5a6f2..1e7da4852 100644 --- a/lib/pleroma/web/streamer/worker.ex +++ b/lib/pleroma/web/streamer/worker.ex @@ -137,8 +137,9 @@ defmodule Pleroma.Web.Streamer.Worker do domain_blocks = Pleroma.Web.ActivityPub.MRF.subdomains_regex(user.info.domain_blocks) with parent <- Object.normalize(item) || item, - true <- Enum.all?([blocks, mutes, reblog_mutes], &(item.actor not in &1)), + true <- Enum.all?([blocks, mutes], &(item.actor not in &1)), true <- Enum.all?([blocks, mutes], &(parent.data["actor"] not in &1)), + true <- item.data["type"] != "Announce" || item.actor not in reblog_mutes, true <- MapSet.disjoint?(recipients, recipient_blocks), %{host: item_host} <- URI.parse(item.actor), %{host: parent_host} <- URI.parse(parent.data["actor"]), |