From 20cd8a0fc4a05b9b47059324e8444203c66efc33 Mon Sep 17 00:00:00 2001 From: sfr Date: Sun, 15 Jan 2023 18:14:04 +0000 Subject: [PATCH] URL encode remote emoji pack names (#362) fix #246 Co-authored-by: Sol Fisher Romanoff Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/362 Co-authored-by: sfr Co-committed-by: sfr --- lib/pleroma/emoji/pack.ex | 6 ++- .../emoji/test with spaces/blank.png | Bin 0 -> 95 bytes .../emoji/test with spaces/blank2.png | Bin 0 -> 95 bytes .../emoji/test with spaces/pack.json | 12 +++++ .../emoji_pack_controller_test.exs | 42 +++++++++++++++--- 5 files changed, 52 insertions(+), 8 deletions(-) create mode 100644 test/instance_static/emoji/test with spaces/blank.png create mode 100644 test/instance_static/emoji/test with spaces/blank2.png create mode 100644 test/instance_static/emoji/test with spaces/pack.json diff --git a/lib/pleroma/emoji/pack.ex b/lib/pleroma/emoji/pack.ex index 2ca174c1f..f9b47a26b 100644 --- a/lib/pleroma/emoji/pack.ex +++ b/lib/pleroma/emoji/pack.ex @@ -252,7 +252,7 @@ def download(name, url, as) do with :ok <- validate_shareable_packs_available(uri), {:ok, remote_pack} <- - uri |> URI.merge("/api/v1/pleroma/emoji/pack?name=#{name}") |> http_get(), + uri |> URI.merge("/api/v1/pleroma/emoji/pack?name=#{URI.encode(name)}") |> http_get(), {:ok, %{sha: sha, url: url} = pack_info} <- fetch_pack_info(remote_pack, uri, name), {:ok, archive} <- download_archive(url, sha), pack <- copy_as(remote_pack, as || name), @@ -593,7 +593,9 @@ defp fetch_pack_info(remote_pack, uri, name) do {:ok, %{ sha: sha, - url: URI.merge(uri, "/api/v1/pleroma/emoji/packs/archive?name=#{name}") |> to_string() + url: + URI.merge(uri, "/api/v1/pleroma/emoji/packs/archive?name=#{URI.encode(name)}") + |> to_string() }} %{"fallback-src" => src, "fallback-src-sha256" => sha} when is_binary(src) -> diff --git a/test/instance_static/emoji/test with spaces/blank.png b/test/instance_static/emoji/test with spaces/blank.png new file mode 100644 index 0000000000000000000000000000000000000000..8f50fa02340e7e09e562f86e00b6e4bd6ad1d565 GIT binary patch literal 95 zcmeAS@N?(olHy`uVBq!ia0vp^4Is=2Bp6=1#-sr$rjj7PU get("/api/v1/pleroma/emoji/packs") |> json_response_and_validate_schema(200) - assert resp["count"] == 4 + assert resp["count"] == 5 assert resp["packs"] |> Map.keys() - |> length() == 4 + |> length() == 5 shared = resp["packs"]["test_pack"] assert shared["files"] == %{"blank" => "blank.png", "blank2" => "blank2.png"} @@ -61,7 +61,7 @@ test "GET /api/v1/pleroma/emoji/packs", %{conn: conn} do |> get("/api/v1/pleroma/emoji/packs?page_size=1") |> json_response_and_validate_schema(200) - assert resp["count"] == 4 + assert resp["count"] == 5 packs = Map.keys(resp["packs"]) @@ -74,7 +74,7 @@ test "GET /api/v1/pleroma/emoji/packs", %{conn: conn} do |> get("/api/v1/pleroma/emoji/packs?page_size=1&page=2") |> json_response_and_validate_schema(200) - assert resp["count"] == 4 + assert resp["count"] == 5 packs = Map.keys(resp["packs"]) assert length(packs) == 1 [pack2] = packs @@ -84,7 +84,7 @@ test "GET /api/v1/pleroma/emoji/packs", %{conn: conn} do |> get("/api/v1/pleroma/emoji/packs?page_size=1&page=3") |> json_response_and_validate_schema(200) - assert resp["count"] == 4 + assert resp["count"] == 5 packs = Map.keys(resp["packs"]) assert length(packs) == 1 [pack3] = packs @@ -94,7 +94,7 @@ test "GET /api/v1/pleroma/emoji/packs", %{conn: conn} do |> get("/api/v1/pleroma/emoji/packs?page_size=1&page=4") |> json_response_and_validate_schema(200) - assert resp["count"] == 4 + assert resp["count"] == 5 packs = Map.keys(resp["packs"]) assert length(packs) == 1 [pack4] = packs @@ -221,6 +221,24 @@ test "shared pack from remote and non shared from fallback-src", %{ url: "https://nonshared-pack" } -> text(File.read!("#{@emoji_path}/test_pack_nonshared/nonshared.zip")) + + %{ + method: :get, + url: "https://example.com/api/v1/pleroma/emoji/pack?name=test%20with%20spaces" + } -> + conn + |> get("/api/v1/pleroma/emoji/pack?name=test%20with%20spaces") + |> json_response_and_validate_schema(200) + |> json() + + %{ + method: :get, + url: "https://example.com/api/v1/pleroma/emoji/packs/archive?name=test%20with%20spaces" + } -> + conn + |> get("/api/v1/pleroma/emoji/packs/archive?name=test%20with%20spaces") + |> response(200) + |> text() end) assert admin_conn @@ -261,6 +279,18 @@ test "shared pack from remote and non shared from fallback-src", %{ |> json_response_and_validate_schema(200) == "ok" refute File.exists?("#{@emoji_path}/test_pack_nonshared2") + + assert admin_conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/v1/pleroma/emoji/packs/download", %{ + url: "https://example.com", + name: "test with spaces", + as: "test with spaces" + }) + |> json_response_and_validate_schema(200) == "ok" + + assert File.exists?("#{@emoji_path}/test with spaces/pack.json") + assert File.exists?("#{@emoji_path}/test with spaces/blank.png") end test "nonshareable instance", %{admin_conn: admin_conn} do