Skip to content
Extraits de code Groupes Projets
Non vérifiée Valider d765b340 rédigé par Benjamin Neff's avatar Benjamin Neff Validation de Dennis Schubert
Parcourir les fichiers

Make sure URLs are encoded before sending them to camo 

Otherwise camo crashes with:
TypeError [ERR_UNESCAPED_CHARACTERS]: Request path contains unescaped characters

closes #7871
parent b6333e0b
Aucune branche associée trouvée
Aucune étiquette associée trouvée
Aucune requête de fusion associée trouvée
Masquer les modifications d'espaces
En ligne Côte à côte
Changelog.md
+ 1
0
Voir le fichier @ d765b340
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
* Add compatibility with macOS to `script/configure_bundler` [#7830](https://github.com/diaspora/diaspora/pull/7830) * Add compatibility with macOS to `script/configure_bundler` [#7830](https://github.com/diaspora/diaspora/pull/7830)
* Fix comment and like notifications on posts without text [#7857](https://github.com/diaspora/diaspora/pull/7857) [#7853](https://github.com/diaspora/diaspora/pull/7853) * Fix comment and like notifications on posts without text [#7857](https://github.com/diaspora/diaspora/pull/7857) [#7853](https://github.com/diaspora/diaspora/pull/7853)
* Fix issue with some language fallbacks not working correctly [#7861](https://github.com/diaspora/diaspora/pull/7861) * Fix issue with some language fallbacks not working correctly [#7861](https://github.com/diaspora/diaspora/pull/7861)
* Make sure URLs are encoded before sending them to camo [#7871](https://github.com/diaspora/diaspora/pull/7871)
## Features ## Features
* Add `web+diaspora://` link handler [#7826](https://github.com/diaspora/diaspora/pull/7826) * Add `web+diaspora://` link handler [#7826](https://github.com/diaspora/diaspora/pull/7826)
......
lib/diaspora/camo.rb
+ 2
0
Voir le fichier @ d765b340
...@@ -17,6 +17,8 @@ module Diaspora ...@@ -17,6 +17,8 @@ module Diaspora
return unless url return unless url
return url unless self.url_eligible?(url) return url unless self.url_eligible?(url)
url = Addressable::URI.encode(Addressable::URI.unencode(url))
digest = OpenSSL::HMAC.hexdigest( digest = OpenSSL::HMAC.hexdigest(
OpenSSL::Digest.new('sha1'), OpenSSL::Digest.new('sha1'),
AppConfig.privacy.camo.key, AppConfig.privacy.camo.key,
......
spec/lib/diaspora/camo_spec.rb
+ 17
0
Voir le fichier @ d765b340
...@@ -32,6 +32,23 @@ describe Diaspora::Camo do ...@@ -32,6 +32,23 @@ describe Diaspora::Camo do
it 'should rewrite external URLs' do it 'should rewrite external URLs' do
expect(Diaspora::Camo.image_url(@raw_image_url)).to eq(@camo_image_url) expect(Diaspora::Camo.image_url(@raw_image_url)).to eq(@camo_image_url)
end end
context "URL encoding" do
let(:camo_image_url) {
AppConfig.privacy.camo.root +
"bbafe590034b976852f9a46dbcc7709e1a8e7dfb/68747470733a2f2f6578616d706c652e636f6d2f2543332541312543332541392" \
"543332542333f666f6f3d254333254134254333254243254333254236266261723d61254343253830"
}
it "should encode URLs before sending to camo" do
expect(Diaspora::Camo.image_url("https://example.com/áéó?foo=äüö&bar=à")).to eq(camo_image_url)
end
it "should not double encode already encoded URLs" do
expect(Diaspora::Camo.image_url("https://example.com/%C3%A1%C3%A9%C3%B3?foo=%C3%A4%C3%BC%C3%B6&bar=a%CC%80"))
.to eq(camo_image_url)
end
end
end end
describe '#from_markdown' do describe '#from_markdown' do
......
0% ou .
You are about to add 0 people to the discussion. Proceed with caution.
Terminez d'abord l'édition de ce message.
Veuillez vous inscrire ou vous pour commenter