hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

StealEmojiPolicy: Sanitize shortcodes

Browse source 
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245
This commit is contained in:
Haelwenn (lanodan) Monnier 2024-02-20 08:45:48 +01:00
commit 7d624c4750
No known key found for this signature in database
3 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex
View file

@ -36,6 +36,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
extension = if extension == "", do: ".png", else: extension
shortcode = Path.basename(shortcode)
file_path = Path.join(emoji_dir_path, shortcode <> extension)
case File.write(file_path, response.body) do
@ -78,6 +79,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
new_emojis =
foreign_emojis
|> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end)
|> Enum.reject(fn {shortcode, _url} -> String.contains?(shortcode, ["/", "\\"]) end)
|> Enum.filter(fn {shortcode, _url} ->
reject_emoji? =
[:mrf_steal_emoji, :rejected_shortcodes]