From f8e3ae61545de45ce4dd395471149ed1e71e0343 Mon Sep 17 00:00:00 2001 From: Sachin Joshi Date: Fri, 12 Jul 2019 22:19:30 +0545 Subject: [PATCH] try to always match the filename for proxy url --- lib/pleroma/web/media_proxy/controller.ex | 7 ++++++- test/media_proxy_test.exs | 11 +++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/media_proxy/controller.ex b/lib/pleroma/web/media_proxy/controller.ex index ea33d7685..a711b54e9 100644 --- a/lib/pleroma/web/media_proxy/controller.ex +++ b/lib/pleroma/web/media_proxy/controller.ex @@ -30,10 +30,15 @@ def remote(conn, %{"sig" => sig64, "url" => url64} = params) do def filename_matches(has_filename, path, url) do filename = url |> MediaProxy.filename() - if has_filename && filename && Path.basename(path) != filename do + if has_filename && filename && does_not_match(path, filename) do {:wrong_filename, filename} else :ok end end + + defp does_not_match(path, filename) do + basename = Path.basename(path) + basename != filename and URI.decode(basename) != filename and URI.encode(basename) != filename + end end diff --git a/test/media_proxy_test.exs b/test/media_proxy_test.exs index fbf200931..176b09914 100644 --- a/test/media_proxy_test.exs +++ b/test/media_proxy_test.exs @@ -108,6 +108,17 @@ test "filename_matches preserves the encoded or decoded path" do ) == :ok end + test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do + # conn.request_path will return encoded url + request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg" + + assert MediaProxyController.filename_matches( + true, + request_path, + "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg" + ) == :ok + end + test "uses the configured base_url" do base_url = Pleroma.Config.get([:media_proxy, :base_url])