AkkomaGang/akkoma
AkkomaGang/akkoma
13
63
Fork 84
Code Issues 162 Pull requests 12 Packages Projects 2 Releases 14 Wiki Activity

[Security] StealEmojiPolicy: Sanitize shortcodes #701

Merged
floatingghost merged 2 commits from erincandescent/akkoma:stealemojipolicy-sanitize into develop 2024-02-20 15:08:55 +00:00
Conversation 3 Commits 2 Files changed 2 +1 -1
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit b387f4a1c1 - Show all commits

2
lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex
View file

@ -77,7 +77,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.StealEmojiPolicy do
new_emojis =
foreign_emojis
|> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end)
|> Enum.reject(fn {shortcode, _url} -> String.contains?(shortcode, ["/", "\\"]) end)
|> Enum.reject(fn {shortcode, _url} -> String.contains?(shortcode, ["/", "\\", ".", ":"]) end)
|> Enum.filter(fn {shortcode, _url} ->
reject_emoji? =
[:mrf_steal_emoji, :rejected_shortcodes]