hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Sanitize filenames when uploading

Browse source
This commit is contained in:
tusooa 2022-12-29 14:33:46 -05:00
commit e4925f813a
No known key found for this signature in database
GPG key ID: 7B467EDE43A08224
4 changed files with 63 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
test/pleroma/web/activity_pub/activity_pub_test.exs
View file

@ -1342,6 +1342,14 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubTest do
%{test_file: test_file}
end
test "strips / from filename", %{test_file: file} do
file = %Plug.Upload{file | filename: "../../../../../nested/bad.jpg"}
{:ok, %Object{} = object} = ActivityPub.upload(file)
[%{"href" => href}] = object.data["url"]
assert Regex.match?(~r"/bad.jpg$", href)
refute Regex.match?(~r"/nested/", href)
end
test "sets a description if given", %{test_file: file} do
{:ok, %Object{} = object} = ActivityPub.upload(file, description: "a cool file")
assert object.data["name"] == "a cool file"