Merge branch 'bugfix/mediaproxy-leaks-2-electric-boogaloo' into 'develop' - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: f61acdc5b41a8d05401c5d24d589f35ba1b573de
parent: fbbc5fc91970b2dccb2888e343cad42de8a157bb
Author: kaniini <nenolod@gmail.com>
Date:   Mon, 29 Oct 2018 17:33:20 +0000

Merge branch 'bugfix/mediaproxy-leaks-2-electric-boogaloo' into 'develop'

utils: fix another possible leak with private S3 backends using mediaproxy

See merge request pleroma/pleroma!402
Diffstat:
M lib/pleroma/web/common_api/utils.ex 2 ++

1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
   alias Pleroma.{Repo, Object, Formatter, Activity}
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.Endpoint
+  alias Pleroma.Web.MediaProxy
   alias Pleroma.User
   alias Calendar.Strftime
   alias Comeonin.Pbkdf2
@@ -90,6 +91,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       Enum.map(attachments, fn
         %{"url" => [%{"href" => href} | _]} ->
           name = URI.decode(Path.basename(href))
+          href = MediaProxy.url(href)
           "<a href=\"#{href}\" class='attachment'>#{shortname(name)}</a>"
 
         _ ->