forked from AkkomaGang/akkoma
Limit emoji stealer to alphanum, dash, or underscore characters
As suggested in b387f4a1c1
, only steal
emoji with alphanumerc, dash, or underscore characters.
Also consolidate all validation logic into a single function.
===
Taken from akkoma#703 with cosmetic tweaks
This matches our existing validation logic from Pleroma.Emoji,
and apart from excluding the dot also POSIX’s Portable Filename
Character Set making it always safe for use in filenames.
Mastodon is even stricter also disallowing U+002D HYPEN-MINUS
and requiring at least two characters.
Given both we and Mastodon reject shortcodes excluded
by this anyway, this doesn’t seem like a loss.
This commit is contained in:
parent
fb54c47f0b
commit
af041db6dc
1 changed files with 14 additions and 12 deletions
|
@ -20,6 +20,19 @@ defp shortcode_matches?(shortcode, pattern) do
|
||||||
String.match?(shortcode, pattern)
|
String.match?(shortcode, pattern)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp reject_emoji?({shortcode, _url}, installed_emoji) do
|
||||||
|
valid_shortcode? = String.match?(shortcode, ~r/^[a-zA-Z0-9_-]+$/)
|
||||||
|
|
||||||
|
rejected_shortcode? =
|
||||||
|
[:mrf_steal_emoji, :rejected_shortcodes]
|
||||||
|
|> Config.get([])
|
||||||
|
|> Enum.any?(fn pattern -> shortcode_matches?(shortcode, pattern) end)
|
||||||
|
|
||||||
|
emoji_installed? = Enum.member?(installed_emoji, shortcode)
|
||||||
|
|
||||||
|
!valid_shortcode? or rejected_shortcode? or emoji_installed?
|
||||||
|
end
|
||||||
|
|
||||||
defp steal_emoji({shortcode, url}, emoji_dir_path) do
|
defp steal_emoji({shortcode, url}, emoji_dir_path) do
|
||||||
url = Pleroma.Web.MediaProxy.url(url)
|
url = Pleroma.Web.MediaProxy.url(url)
|
||||||
|
|
||||||
|
@ -76,18 +89,7 @@ def filter(%{"object" => %{"emoji" => foreign_emojis, "actor" => actor}} = messa
|
||||||
|
|
||||||
new_emojis =
|
new_emojis =
|
||||||
foreign_emojis
|
foreign_emojis
|
||||||
|> Enum.reject(fn {shortcode, _url} -> shortcode in installed_emoji end)
|
|> Enum.reject(&reject_emoji?(&1, installed_emoji))
|
||||||
|> Enum.reject(fn {shortcode, _url} ->
|
|
||||||
String.contains?(shortcode, ["/", "\\", ".", ":"])
|
|
||||||
end)
|
|
||||||
|> Enum.filter(fn {shortcode, _url} ->
|
|
||||||
reject_emoji? =
|
|
||||||
[:mrf_steal_emoji, :rejected_shortcodes]
|
|
||||||
|> Config.get([])
|
|
||||||
|> Enum.find(false, fn pattern -> shortcode_matches?(shortcode, pattern) end)
|
|
||||||
|
|
||||||
!reject_emoji?
|
|
||||||
end)
|
|
||||||
|> Enum.map(&steal_emoji(&1, emoji_dir_path))
|
|> Enum.map(&steal_emoji(&1, emoji_dir_path))
|
||||||
|> Enum.filter(& &1)
|
|> Enum.filter(& &1)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue