don't crash on malformed avatar and banner values

weird values in href will cause base64 encoding to fail later down the
line, so let's make sure the value we're passing on is somewhat sane, or
at the very least a binary

this fixes #482
This commit is contained in:
flisk 2023-03-12 18:14:05 +01:00
parent 58f75ac062
commit 0c77be9308
2 changed files with 22 additions and 12 deletions

View file

@ -366,21 +366,21 @@ defmodule Pleroma.User do
def invisible?(_), do: false def invisible?(_), do: false
def avatar_url(user, options \\ []) do def avatar_url(user, options \\ []) do
case user.avatar do default = Config.get([:assets, :default_user_avatar], "#{Endpoint.url()}/images/avi.png")
%{"url" => [%{"href" => href} | _]} -> do_optional_url(user.avatar, default, options)
href
_ ->
unless options[:no_default] do
Config.get([:assets, :default_user_avatar], "#{Endpoint.url()}/images/avi.png")
end
end
end end
def banner_url(user, options \\ []) do def banner_url(user, options \\ []) do
case user.banner do do_optional_url(user.banner, "#{Endpoint.url()}/images/banner.png", options)
%{"url" => [%{"href" => href} | _]} -> href end
_ -> !options[:no_default] && "#{Endpoint.url()}/images/banner.png"
defp do_optional_url(field, default, options \\ []) do
case field do
%{"url" => [%{"href" => href} | _]} when is_binary(href) ->
href
_ ->
unless options[:no_default], do: default
end end
end end

View file

@ -2509,6 +2509,16 @@ defmodule Pleroma.UserTest do
assert User.avatar_url(user, no_default: true) == nil assert User.avatar_url(user, no_default: true) == nil
end end
test "avatar object with nil in href" do
user = insert(:user, avatar: %{"url" => [%{"href" => nil}]})
assert User.avatar_url(user) != nil
end
test "banner object with nil in href" do
user = insert(:user, banner: %{"url" => [%{"href" => nil}]})
assert User.banner_url(user) != nil
end
test "get_host/1" do test "get_host/1" do
user = insert(:user, ap_id: "https://lain.com/users/lain", nickname: "lain") user = insert(:user, ap_id: "https://lain.com/users/lain", nickname: "lain")
assert User.get_host(user) == "lain.com" assert User.get_host(user) == "lain.com"