From be5440c5e81d2ffb7184edc0475479a5ea42e90f Mon Sep 17 00:00:00 2001 From: Oneric Date: Wed, 5 Jun 2024 20:03:29 +0200 Subject: [PATCH] mrf/steal_emoji: fix size limit check Headers are strings, but this expected to already get an int thus always failing the comparison if the header was set. Fixes mistake in d6d838cbe83e8caf3e1fc67a81c3943e880ab290 --- .../web/activity_pub/mrf/steal_emoji_policy.ex | 11 ++++++++++- .../web/activity_pub/mrf/steal_emoji_policy_test.exs | 4 ++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex index 26d3dc592..a4868f155 100644 --- a/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/steal_emoji_policy.ex @@ -101,10 +101,19 @@ defp get_extension_if_safe(response) do end end + defp get_int_header(headers, header_name, default \\ nil) do + with rawval when rawval != :undefined <- :proplists.get_value(header_name, headers), + {int, ""} <- Integer.parse(rawval) do + int + else + _ -> default + end + end + defp is_remote_size_within_limit?(url) do with {:ok, %{status: status, headers: headers} = _response} when status in 200..299 <- Pleroma.HTTP.request(:head, url, nil, [], []) do - content_length = :proplists.get_value("content-length", headers, nil) + content_length = get_int_header(headers, "content-length") size_limit = Config.get([:mrf_steal_emoji, :size_limit], @size_limit) accept_unknown = diff --git a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs index 932251389..45fe183a4 100644 --- a/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs +++ b/test/pleroma/web/activity_pub/mrf/steal_emoji_policy_test.exs @@ -202,7 +202,7 @@ test "reject unknown size", %{message: message} do test "reject too large content-size before download", %{message: message} do clear_config([:mrf_steal_emoji, :download_unknown_size], false) - mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2 ** 30}]) + mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "#{2 ** 30}"}]) refute "firedfox" in installed() @@ -216,7 +216,7 @@ test "reject too large content-size before download", %{message: message} do test "accepts content-size below limit", %{message: message} do clear_config([:mrf_steal_emoji, :download_unknown_size], false) - mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", 2}]) + mock_tesla("https://example.org/emoji/firedfox.png", 200, [{"content-length", "2"}]) refute "firedfox" in installed()