squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Browse Source

FrontStatic plug: excluded invalid url

2298-weird-follow-issue
Maksim Pechnikov 3 years ago
parent
5aff479951
commit
d28f72a55a
2 changed files with 36 additions and 11 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +15
    -11
      lib/pleroma/web/plugs/frontend_static.ex
  2. +21
    -0
      test/pleroma/web/plugs/frontend_static_plug_test.exs

+ 15
- 11
lib/pleroma/web/plugs/frontend_static.ex View File

@@ -34,22 +34,26 @@ defmodule Pleroma.Web.Plugs.FrontendStatic do
end

def call(conn, opts) do
frontend_type = Map.get(opts, :frontend_type, :primary)
path = file_path("", frontend_type)

if path do
conn
|> call_static(opts, path)
with false <- invalid_path?(conn.path_info),
frontend_type <- Map.get(opts, :frontend_type, :primary),
path when not is_nil(path) <- file_path("", frontend_type) do
call_static(conn, opts, path)
else
conn
_ ->
conn
end
end

defp call_static(conn, opts, from) do
opts =
opts
|> Map.put(:from, from)
defp invalid_path?(list) do
invalid_path?(list, :binary.compile_pattern(["/", "\\", ":", "\0"]))
end

defp invalid_path?([h | _], _match) when h in [".", "..", ""], do: true
defp invalid_path?([h | t], match), do: String.contains?(h, match) or invalid_path?(t)
defp invalid_path?([], _match), do: false

defp call_static(conn, opts, from) do
opts = Map.put(opts, :from, from)
Plug.Static.call(conn, opts)
end
end

+ 21
- 0
test/pleroma/web/plugs/frontend_static_plug_test.exs View File

@@ -4,6 +4,7 @@

defmodule Pleroma.Web.Plugs.FrontendStaticPlugTest do
use Pleroma.Web.ConnCase
import Mock

@dir "test/tmp/instance_static"

@@ -53,4 +54,24 @@ defmodule Pleroma.Web.Plugs.FrontendStaticPlugTest do
index = get(conn, "/pleroma/admin/")
assert html_response(index, 200) == "from frontend plug"
end

test "exclude invalid path", %{conn: conn} do
name = "pleroma-fe"
ref = "dist"
clear_config([:media_proxy, :enabled], true)
clear_config([Pleroma.Web.Endpoint, :secret_key_base], "00000000000")
clear_config([:frontends, :primary], %{"name" => name, "ref" => ref})
path = "#{@dir}/frontends/#{name}/#{ref}"

File.mkdir_p!("#{path}/proxy/rr/ss")
File.write!("#{path}/proxy/rr/ss/Ek7w8WPVcAApOvN.jpg:large", "FB image")

url =
Pleroma.Web.MediaProxy.encode_url("https://pbs.twimg.com/media/Ek7w8WPVcAApOvN.jpg:large")

with_mock Pleroma.ReverseProxy,
call: fn _conn, _url, _opts -> %Plug.Conn{status: :success} end do
assert %Plug.Conn{status: :success} = get(conn, url)
end
end
end

Write Preview
Loading…
Cancel
Save