commit: f61acdc5b41a8d05401c5d24d589f35ba1b573de
parent: fbbc5fc91970b2dccb2888e343cad42de8a157bb
Author: kaniini <nenolod@gmail.com>
Date: Mon, 29 Oct 2018 17:33:20 +0000
Merge branch 'bugfix/mediaproxy-leaks-2-electric-boogaloo' into 'develop'
utils: fix another possible leak with private S3 backends using mediaproxy
See merge request pleroma/pleroma!402
Diffstat:
1 file changed, 2 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
@@ -2,6 +2,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
alias Pleroma.{Repo, Object, Formatter, Activity}
alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.Endpoint
+ alias Pleroma.Web.MediaProxy
alias Pleroma.User
alias Calendar.Strftime
alias Comeonin.Pbkdf2
@@ -90,6 +91,7 @@ defmodule Pleroma.Web.CommonAPI.Utils do
Enum.map(attachments, fn
%{"url" => [%{"href" => href} | _]} ->
name = URI.decode(Path.basename(href))
+ href = MediaProxy.url(href)
"<a href=\"#{href}\" class='attachment'>#{shortname(name)}</a>"
_ ->