hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'develop' into hellthread-filter-fix

Browse source
This commit is contained in:
Karen Konou 2019-02-13 00:04:26 +01:00
commit adcdd21f16
6 changed files with 178 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

23
lib/pleroma/plugs/http_security_plug.ex
View file

@ -33,7 +33,22 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
end
defp csp_string do
protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
websocket_url = String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws")
connect_src =
if Mix.env() == :dev do
"connect-src 'self' http://localhost:3035/ " <> websocket_url
else
"connect-src 'self' " <> websocket_url
end
script_src =
if Mix.env() == :dev do
"script-src 'self' 'unsafe-eval'"
else
"script-src 'self'"
end
[
"default-src 'none'",
@ -43,10 +58,10 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"media-src 'self' https:",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
"script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'",
if protocol == "https" do
connect_src,
script_src,
if scheme == "https" do
"upgrade-insecure-requests"
end
]

28
lib/pleroma/web/activity_pub/mrf/keyword_policy.ex
View file

@ -12,9 +12,9 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicy do
String.match?(string, pattern)
end
defp check_reject(%{"object" => %{"content" => content}} = message) do
defp check_reject(%{"object" => %{"content" => content, "summary" => summary}} = message) do
if Enum.any?(Pleroma.Config.get([:mrf_keyword, :reject]), fn pattern ->
string_matches?(content, pattern)
string_matches?(content, pattern) or string_matches?(summary, pattern)
end) do
{:reject, nil}
else
@ -22,10 +22,12 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicy do
end
end
defp check_ftl_removal(%{"to" => to, "object" => %{"content" => content}} = message) do
defp check_ftl_removal(
%{"to" => to, "object" => %{"content" => content, "summary" => summary}} = message
) do
if "https://www.w3.org/ns/activitystreams#Public" in to and
Enum.any?(Pleroma.Config.get([:mrf_keyword, :federated_timeline_removal]), fn pattern ->
string_matches?(content, pattern)
string_matches?(content, pattern) or string_matches?(summary, pattern)
end) do
to = List.delete(to, "https://www.w3.org/ns/activitystreams#Public")
cc = ["https://www.w3.org/ns/activitystreams#Public" | message["cc"] || []]
@ -41,14 +43,20 @@ defmodule Pleroma.Web.ActivityPub.MRF.KeywordPolicy do
end
end
defp check_replace(%{"object" => %{"content" => content}} = message) do
content =
Enum.reduce(Pleroma.Config.get([:mrf_keyword, :replace]), content, fn {pattern, replacement},
acc ->
String.replace(acc, pattern, replacement)
defp check_replace(%{"object" => %{"content" => content, "summary" => summary}} = message) do
{content, summary} =
Enum.reduce(Pleroma.Config.get([:mrf_keyword, :replace]), {content, summary}, fn {pattern,
replacement},
{content_acc,
summary_acc} ->
{String.replace(content_acc, pattern, replacement),
String.replace(summary_acc, pattern, replacement)}
end)
{:ok, put_in(message["object"]["content"], content)}
{:ok,
message
|> put_in(["object", "content"], content)
|> put_in(["object", "summary"], summary)}
end
@impl true

9
lib/pleroma/web/rich_media/parser.ex
View file

@ -9,6 +9,13 @@ defmodule Pleroma.Web.RichMedia.Parser do
Pleroma.Web.RichMedia.Parsers.OEmbed
]
@hackney_options [
pool: :media,
timeout: 2_000,
recv_timeout: 2_000,
max_body: 2_000_000
]
def parse(nil), do: {:error, "No URL provided"}
if Mix.env() == :test do
@ -28,7 +35,7 @@ defmodule Pleroma.Web.RichMedia.Parser do
defp parse_url(url) do
try do
{:ok, %Tesla.Env{body: html}} = Pleroma.HTTP.get(url, [], adapter: [pool: :media])
{:ok, %Tesla.Env{body: html}} = Pleroma.HTTP.get(url, [], adapter: @hackney_options)
html |> maybe_parse() |> clean_parsed_data() |> check_parsed_data()
rescue