mirror of
https://git.pleroma.social/pleroma/pleroma.git
synced 2025-01-11 01:35:24 +00:00
FrontStatic plug: excluded invalid url
This commit is contained in:
parent
5aff479951
commit
d28f72a55a
2 changed files with 36 additions and 11 deletions
|
@ -34,22 +34,26 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do
|
||||||
end
|
end
|
||||||
|
|
||||||
def call(conn, opts) do
|
def call(conn, opts) do
|
||||||
frontend_type = Map.get(opts, :frontend_type, :primary)
|
with false <- invalid_path?(conn.path_info),
|
||||||
path = file_path("", frontend_type)
|
frontend_type <- Map.get(opts, :frontend_type, :primary),
|
||||||
|
path when not is_nil(path) <- file_path("", frontend_type) do
|
||||||
if path do
|
call_static(conn, opts, path)
|
||||||
conn
|
|
||||||
|> call_static(opts, path)
|
|
||||||
else
|
else
|
||||||
conn
|
_ ->
|
||||||
|
conn
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
defp call_static(conn, opts, from) do
|
defp invalid_path?(list) do
|
||||||
opts =
|
invalid_path?(list, :binary.compile_pattern(["/", "\\", ":", "\0"]))
|
||||||
opts
|
end
|
||||||
|> Map.put(:from, from)
|
|
||||||
|
|
||||||
|
defp invalid_path?([h | _], _match) when h in [".", "..", ""], do: true
|
||||||
|
defp invalid_path?([h | t], match), do: String.contains?(h, match) or invalid_path?(t)
|
||||||
|
defp invalid_path?([], _match), do: false
|
||||||
|
|
||||||
|
defp call_static(conn, opts, from) do
|
||||||
|
opts = Map.put(opts, :from, from)
|
||||||
Plug.Static.call(conn, opts)
|
Plug.Static.call(conn, opts)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
|
|
||||||
defmodule Pleroma.Web.Plugs.FrontendStaticPlugTest do
|
defmodule Pleroma.Web.Plugs.FrontendStaticPlugTest do
|
||||||
use Pleroma.Web.ConnCase
|
use Pleroma.Web.ConnCase
|
||||||
|
import Mock
|
||||||
|
|
||||||
@dir "test/tmp/instance_static"
|
@dir "test/tmp/instance_static"
|
||||||
|
|
||||||
|
@ -53,4 +54,24 @@ defmodule Pleroma.Web.Plugs.FrontendStaticPlugTest do
|
||||||
index = get(conn, "/pleroma/admin/")
|
index = get(conn, "/pleroma/admin/")
|
||||||
assert html_response(index, 200) == "from frontend plug"
|
assert html_response(index, 200) == "from frontend plug"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "exclude invalid path", %{conn: conn} do
|
||||||
|
name = "pleroma-fe"
|
||||||
|
ref = "dist"
|
||||||
|
clear_config([:media_proxy, :enabled], true)
|
||||||
|
clear_config([Pleroma.Web.Endpoint, :secret_key_base], "00000000000")
|
||||||
|
clear_config([:frontends, :primary], %{"name" => name, "ref" => ref})
|
||||||
|
path = "#{@dir}/frontends/#{name}/#{ref}"
|
||||||
|
|
||||||
|
File.mkdir_p!("#{path}/proxy/rr/ss")
|
||||||
|
File.write!("#{path}/proxy/rr/ss/Ek7w8WPVcAApOvN.jpg:large", "FB image")
|
||||||
|
|
||||||
|
url =
|
||||||
|
Pleroma.Web.MediaProxy.encode_url("https://pbs.twimg.com/media/Ek7w8WPVcAApOvN.jpg:large")
|
||||||
|
|
||||||
|
with_mock Pleroma.ReverseProxy,
|
||||||
|
call: fn _conn, _url, _opts -> %Plug.Conn{status: :success} end do
|
||||||
|
assert %Plug.Conn{status: :success} = get(conn, url)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue