hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

StealEmojiPolicy: Sanitize shortcodes

Browse source 
Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/3245
This commit is contained in:
Haelwenn (lanodan) Monnier 2024-02-20 08:45:48 +01:00
commit ac977bdb1c
No known key found for this signature in database
2 changed files with 28 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex
View file

@ -34,6 +34,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
|> Path.basename()
|> Path.extname()
shortcode = Path.basename(shortcode)
file_path = Path.join(emoji_dir_path, shortcode <> (extension || ".png"))
case File.write(file_path, response.body) do
@ -76,6 +77,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
new_emojis =
foreign_emojis
|> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end)
|> Enum.reject(fn {shortcode, _url} -> String.contains?(shortcode, ["/", "\\"]) end)
|> Enum.filter(fn {shortcode, _url} ->
reject_emoji? =
[:mrf_steal_emoji, :rejected_shortcodes]