mirrors/pleroma
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2024-11-11 11:31:32 +00:00
Code Issues Projects Releases Wiki Activity

Validate media description length

Browse source 
Signed-off-by: marcin mikołajczak <git@mkljczk.pl>
This commit is contained in:
marcin mikołajczak 2024-08-17 19:58:32 +02:00
parent 855c5a234f
commit c802f3b7f6
3 changed files with 54 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
lib/pleroma/user.ex
View file

@ -586,16 +586,18 @@ defmodule Pleroma.User do
|> validate_length(:bio, max: bio_limit) |> validate_length(:bio, max: bio_limit)
|> validate_length(:name, min: 1, max: name_limit) |> validate_length(:name, min: 1, max: name_limit)
|> validate_inclusion(:actor_type, Pleroma.Constants.allowed_user_actor_types()) |> validate_inclusion(:actor_type, Pleroma.Constants.allowed_user_actor_types())
|> validate_image_description(:avatar_description, params)
|> validate_image_description(:header_description, params)
|> put_fields() |> put_fields()
|> put_emoji() |> put_emoji()
|> put_change_if_present(:bio, &{:ok, parse_bio(&1, struct)}) |> put_change_if_present(:bio, &{:ok, parse_bio(&1, struct)})
|> put_change_if_present( |> put_change_if_present(
:avatar, :avatar,
&put_upload(&1, :avatar, Map.get(params, :avatar_description, nil)) &put_upload(&1, :avatar, Map.get(params, :avatar_description))
) )
|> put_change_if_present( |> put_change_if_present(
:banner, :banner,
&put_upload(&1, :banner, Map.get(params, :header_description, nil)) &put_upload(&1, :banner, Map.get(params, :header_description))
) )
|> put_change_if_present(:background, &put_upload(&1, :background)) |> put_change_if_present(:background, &put_upload(&1, :background))
|> put_change_if_present( |> put_change_if_present(
@ -689,7 +691,20 @@ defmodule Pleroma.User do
end end
end end
defp maybe_update_image_description(changeset, image_field, description) do defp validate_image_description(changeset, key, params) do
description_limit = Config.get([:instance, :description_limit], 5_000)
description = Map.get(params, key)
if is_binary(description) and String.length(description) > description_limit do
changeset
|> add_error(key, "#{key} is too long")
else
changeset
end
end
defp maybe_update_image_description(changeset, image_field, description)
when is_binary(description) do
with {:image_missing, true} <- {:image_missing, not changed?(changeset, image_field)}, with {:image_missing, true} <- {:image_missing, not changed?(changeset, image_field)},
{:existing_image, %{"id" => id}} <- {:existing_image, %{"id" => id}} <-
{:existing_image, Map.get(changeset.data, image_field)}, {:existing_image, Map.get(changeset.data, image_field)},
@ -697,10 +712,13 @@ defmodule Pleroma.User do
{:ok, object} <- Object.update_data(object, %{"name" => description}) do {:ok, object} <- Object.update_data(object, %{"name" => description}) do
put_change(changeset, image_field, object.data) put_change(changeset, image_field, object.data)
else else
{:description_too_long, true} -> {:error}
_ -> changeset _ -> changeset
end end
end end
defp maybe_update_image_description(changeset, _, _), do: changeset
def update_as_admin_changeset(struct, params) do def update_as_admin_changeset(struct, params) do
struct struct
|> update_changeset(params) |> update_changeset(params)

6
lib/pleroma/web/mastodon_api/controllers/account_controller.ex
View file

@ -279,6 +279,12 @@ defmodule Pleroma.Web.MastodonAPI.AccountController do
{:error, %Ecto.Changeset{errors: [{:name, {_, _}} | _]}} -> {:error, %Ecto.Changeset{errors: [{:name, {_, _}} | _]}} ->
render_error(conn, :request_entity_too_large, "Name is too long") render_error(conn, :request_entity_too_large, "Name is too long")
{:error, %Ecto.Changeset{errors: [{:avatar_description, {_, _}} | _]}} ->
render_error(conn, :request_entity_too_large, "Avatar description is too long")
{:error, %Ecto.Changeset{errors: [{:header_description, {_, _}} | _]}} ->
render_error(conn, :request_entity_too_large, "Banner description is too long")
{:error, %Ecto.Changeset{errors: [{:fields, {"invalid", _}} | _]}} -> {:error, %Ecto.Changeset{errors: [{:fields, {"invalid", _}} | _]}} ->
render_error(conn, :request_entity_too_large, "One or more field entries are too long") render_error(conn, :request_entity_too_large, "One or more field entries are too long")

27
test/pleroma/web/mastodon_api/update_credentials_test.exs
View file

@ -472,6 +472,33 @@ defmodule Pleroma.Web.MastodonAPI.UpdateCredentialsTest do
assert user.avatar["name"] == "me and pleroma tan" assert user.avatar["name"] == "me and pleroma tan"
end end
test "limit", %{user: user, conn: conn} do
new_header = %Plug.Upload{
content_type: "image/jpeg",
path: Path.absname("test/fixtures/image.jpg"),
filename: "an_image.jpg"
}
assert user.banner == %{}
conn
|> patch("/api/v1/accounts/update_credentials", %{"header" => new_header})
description_limit = Config.get([:instance, :description_limit], 100)
description = String.duplicate(".", description_limit + 1)
conn =
conn
|> assign(:user, User.get_by_id(user.id))
|> patch("/api/v1/accounts/update_credentials", %{
"header_description" => description
})
assert %{"error" => "Banner description is too long"} =
json_response_and_validate_schema(conn, 413)
end
test "Strip / from upload files", %{user: user, conn: conn} do test "Strip / from upload files", %{user: user, conn: conn} do
new_image = %Plug.Upload{ new_image = %Plug.Upload{
content_type: "image/jpeg", content_type: "image/jpeg",