From 68fe0a96335778c017d58eae779a1970b7b73d8b Mon Sep 17 00:00:00 2001 From: Oneric Date: Wed, 5 Jun 2024 19:59:59 +0200 Subject: [PATCH 1/3] test: fix content-length value type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All headers are strings, always. In this case it didn't matter atm, but let’s not provide confusing examples. --- test/pleroma/signature_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/pleroma/signature_test.exs b/test/pleroma/signature_test.exs index b7c9bbb62..768c78f21 100644 --- a/test/pleroma/signature_test.exs +++ b/test/pleroma/signature_test.exs @@ -110,7 +110,7 @@ test "it returns signature headers" do headers = %{ host: "test.test", - "content-length": 100 + "content-length": "100" } assert_signature_equal( @@ -127,7 +127,7 @@ test "it returns error" do assert Signature.sign( user, - %{host: "test.test", "content-length": 100} + %{host: "test.test", "content-length": "100"} ) == {:error, []} end end -- 2.43.0 From be5440c5e81d2ffb7184edc0475479a5ea42e90f Mon Sep 17 00:00:00 2001 From: Oneric Date: Wed, 5 Jun 2024 20:03:29 +0200 Subject: [PATCH 2/3] mrf/steal_emoji: fix size limit check Headers are strings, but this expected to already get an int thus always failing the comparison if the header was set. Fixes mistake in d6d838cbe83e8caf3e1fc67a81c3943e880ab290 --- .../web/activity_pub/mrf/steal_emoji_policy.ex | 11 ++++++++++- .../web/activity_pub/mrf/steal_emoji_policy_test.exs | 4 ++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex index 26d3dc592..a4868f155 100644 --- a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex @@ -101,10 +101,19 @@ defp get_extension_if_safe(response) do end end + defp get_int_header(headers, header_name, default \\ nil) do + with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers), + {int, ""} <- Integer.parse(rawval) do + int + else + _ -> default + end + end + defp is_remote_size_within_limit?(url) do with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <- Pleroma.HTTP.request(:head, url, nil, [], []) do - content_length = :proplists.get_value("content-length", headers, nil) + content_length = get_int_header(headers, "content-length") size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit) accept_unknown = diff --git a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs index 932251389..45fe183a4 100644 --- a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs +++ b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs @@ -202,7 +202,7 @@ test "reject unknown size", %{message: message} do test "reject too large content-size before download", %{message: message} do clear_config([:mrf_steal_emoji, :download_unknown_size], false) - mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2 ** 30}]) + mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "#{2 ** 30}"}]) refute "firedfox" in installed() @@ -216,7 +216,7 @@ test "reject too large content-size before download", %{message: message} do test "accepts content-size below limit", %{message: message} do clear_config([:mrf_steal_emoji, :download_unknown_size], false) - mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2}]) + mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "2"}]) refute "firedfox" in installed() -- 2.43.0 From df27567d9915ccd8adde0355e9fe240fe0ec2c74 Mon Sep 17 00:00:00 2001 From: Oneric Date: Wed, 5 Jun 2024 20:09:52 +0200 Subject: [PATCH 3/3] mrf/steal_emoji: display download_unknown_size in admin-fe Fixes omission in d6d838cbe83e8caf3e1fc67a81c3943e880ab290 --- lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex index a4868f155..4649db2a1 100644 --- a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex @@ -181,7 +181,7 @@ def filter(message), do: {:ok, message} description: <<_::272, _::_*256>>, key: :hosts | :rejected_shortcodes | :size_limit, suggestions: [any(), ...], - type: {:list, :string} | {:list, :string} | :integer + type: {:list, :string} | {:list, :string} | :integer | :boolean }, ... ], @@ -218,6 +218,12 @@ def config_description do type: :integer, description: "File size limit (in bytes), checked before an emoji is saved to the disk", suggestions: ["100000"] + }, + %{ + key: :download_unknown_size, + type: :boolean, + description: "Whether to download emoji if size can't be determined ahead of time", + suggestions: [false, true] } ] } -- 2.43.0