From 7632765b4365511bfde1797f4eb81cf5b45628d0 Mon Sep 17 00:00:00 2001 From: nopjmp Date: Sun, 15 Dec 2024 16:12:37 -0600 Subject: [PATCH] Only proxy HTTP and HTTP urls via Media Proxy We make an assumption that we are only proxying HTTP/HTTPS hosted media through the media proxy endpoint. Fixes: #859 --- lib/pleroma/web/media_proxy.ex | 6 ++++-- test/pleroma/web/media_proxy_test.exs | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/media_proxy.ex b/lib/pleroma/web/media_proxy.ex index 61b6f2a62..9e48dda74 100644 --- a/lib/pleroma/web/media_proxy.ex +++ b/lib/pleroma/web/media_proxy.ex @@ -52,11 +52,11 @@ def url(url) do @spec url_proxiable?(String.t()) :: boolean() def url_proxiable?(url) do - not local?(url) and not whitelisted?(url) and not blocked?(url) + not local?(url) and not whitelisted?(url) and not blocked?(url) and http_scheme?(url) end def preview_url(url, preview_params \\ []) do - if preview_enabled?() do + if preview_enabled?() and url_proxiable?(url) do encode_preview_url(url, preview_params) else url(url) @@ -71,6 +71,8 @@ def preview_enabled?, do: enabled?() and !!Config.get([:media_preview_proxy, :en def local?(url), do: String.starts_with?(url, Endpoint.url()) + def http_scheme?(url), do: String.starts_with?(url, ["http:", "https:"]) + def whitelisted?(url) do %{host: domain} = URI.parse(url) diff --git a/test/pleroma/web/media_proxy_test.exs b/test/pleroma/web/media_proxy_test.exs index bd5efe4c9..1a6e9a521 100644 --- a/test/pleroma/web/media_proxy_test.exs +++ b/test/pleroma/web/media_proxy_test.exs @@ -37,6 +37,10 @@ test "ignores local url" do assert MediaProxy.url(local_root) == local_root end + test "ignores data url" do + assert MediaProxy.url("data:image/png;base64,") == "data:image/png;base64," + end + test "encodes and decodes URL" do url = "https://pleroma.soykaf.com/static/logo.png" encoded = MediaProxy.url(url)