Limit emoji stealer to alphanum, dash, or underscore characters #703

Closed
norm wants to merge 1 commit from norm/akkoma:steal-emoji-validation into develop

View file

@ -20,6 +20,17 @@ defp shortcode_matches?(shortcode, pattern) do
String.match?(shortcode, pattern)
end
defp reject_emoji?({shortcode, _url}, installed_emoji) do
invalid_shortcode? = !String.match?(shortcode, ~r/^[a-zA-Z0-9_-]+$/)
rejected_shortcode? =
[:mrf_steal_emoji, :rejected_shortcodes]
|> Config.get([])
|> Enum.any?(fn pattern -> shortcode_matches?(shortcode, pattern) end)
shortcode in installed_emoji or invalid_shortcode? or rejected_shortcode?
end
defp steal_emoji({shortcode, url}, emoji_dir_path) do
url = Pleroma.Web.MediaProxy.url(url)
@ -76,18 +87,7 @@ def filter(%{"object" => %{"emoji" => foreign_emojis, "actor" => actor}} = messa
new_emojis =
foreign_emojis
|> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end)
|> Enum.reject(fn {shortcode, _url} ->
String.contains?(shortcode, ["/", "\\", ".", ":"])
end)
|> Enum.filter(fn {shortcode, _url} ->
reject_emoji? =
[:mrf_steal_emoji, :rejected_shortcodes]
|> Config.get([])
|> Enum.find(false, fn pattern -> shortcode_matches?(shortcode, pattern) end)
!reject_emoji?
end)
|> Enum.reject(&reject_emoji?(&1, installed_emoji))
|> Enum.map(&steal_emoji(&1, emoji_dir_path))
|> Enum.filter(& &1)