closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9265 Commits
4 Branches
567 MiB
Tree: 6a96af4d20
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6a96af4d20'
${ noResults }
mastodon/app/models/concerns/attachmentable.rb

91 lines
3.3 KiB
Raw Normal View History

Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Fix converted media being saved with original extension and mime type (#11130)
5 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Fix performance of GIF re-encoding (#12057) * Change animated GIF detection to not shell out to ImageMagick Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Change video encoding parameters to limit to 10800 video frames Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Limit GIF image size further Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Always strip metadata from video files * Fix code style issues
4 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Fix remote files not using Content-Type header, streaming (#14184)
3 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Fix base64-encoded file uploads not being possible (#12748) Fix #3804, Fix #5776
4 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Fix audio-only OGG and WebM files not being processed as such (#11151) Also, because Chrome sends audio/mp3 instead of audio/mpeg as it's supposed to, we need to whitelist that mime type as well
5 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Fix audio-only OGG and WebM files not being processed as such (#11151) Also, because Chrome sends audio/mp3 instead of audio/mpeg as it's supposed to, we need to whitelist that mime type as well
5 years ago
Fix remote files not using Content-Type header, streaming (#14184)
3 years ago
Fix audio-only OGG and WebM files not being processed as such (#11151) Also, because Chrome sends audio/mp3 instead of audio/mpeg as it's supposed to, we need to whitelist that mime type as well
5 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Restore support to ruby 2.3, add ruby 2.3 to circle ci (#7935) This replace calls of String#match? with rails Regex#match? This follows the same idea used to keep Rails 5.2 compatible with Ruby 2.2.2 in https://github.com/rails/rails/pull/32973
6 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Fix performance of GIF re-encoding (#12057) * Change animated GIF detection to not shell out to ImageMagick Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Change video encoding parameters to limit to 10800 video frames Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Limit GIF image size further Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Always strip metadata from video files * Fix code style issues
4 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Fix performance of GIF re-encoding (#12057) * Change animated GIF detection to not shell out to ImageMagick Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Change video encoding parameters to limit to 10800 video frames Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Limit GIF image size further Signed-off-by: Eugen Rochko <eugen@zeonfederated.com> * Always strip metadata from video files * Fix code style issues
4 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Create special case to prefer "jpeg" over "jpe" file extension (#7841)
6 years ago
Fix jpeg files sometimes being returned with a .jpe extension (#7881) While this isn't exactly *wrong*, files uploaded with a “.jpe” extension will keep that extension, which will often cause them to be served with an incorrect mimetype.
6 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Fix jpeg files sometimes being returned with a .jpe extension (#7881) While this isn't exactly *wrong*, files uploaded with a “.jpe” extension will keep that extension, which will often cause them to be served with an incorrect mimetype.
6 years ago
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)
6 years ago
Fix audio-only OGG and WebM files not being processed as such (#11151) Also, because Chrome sends audio/mp3 instead of audio/mpeg as it's supposed to, we need to whitelist that mime type as well
5 years ago
Fix remote files not using Content-Type header, streaming (#14184)
3 years ago
Fix audio-only OGG and WebM files not being processed as such (#11151) Also, because Chrome sends audio/mp3 instead of audio/mpeg as it's supposed to, we need to whitelist that mime type as well
5 years ago
Fix base64-encoded file uploads not being possible (#12748) Fix #3804, Fix #5776
4 years ago
Change local media attachments to perform heavy processing asynchronously (#13210) Fix #9106
4 years ago
Fix base64-encoded file uploads not being possible (#12748) Fix #3804, Fix #5776
4 years ago
Detect extension for preview card (#2679) * Detect extension for preview card * next
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'mime/types/columnar'
  4. 

  5. module Attachmentable
  6.   extend ActiveSupport::Concern
  7. 

  8.   MAX_MATRIX_LIMIT = 16_777_216 # 4096x4096px or approx. 16MB
  9.   GIF_MATRIX_LIMIT = 921_600    # 1280x720px
  10. 

  11.   # For some file extensions, there exist different content
  12.   # type variants, and browsers often send the wrong one,
  13.   # for example, sending an audio .ogg file as video/ogg,
  14.   # likewise, MimeMagic also misreports them as such. For
  15.   # those files, it is necessary to use the output of the
  16.   # `file` utility instead
  17.   INCORRECT_CONTENT_TYPES = %w(

  18.     video/ogg
  19.     video/webm
  20.   ).freeze
  21. 

  22.   included do
  23.     before_post_process :obfuscate_file_name
  24.     before_post_process :set_file_extensions
  25.     before_post_process :check_image_dimensions
  26.     before_post_process :set_file_content_type
  27.   end
  28. 

  29.   private
  30. 

  31.   def set_file_content_type
  32.     self.class.attachment_definitions.each_key do |attachment_name|
  33.       attachment = send(attachment_name)
  34. 

  35.       next if attachment.blank? || attachment.queued_for_write[:original].blank? || !INCORRECT_CONTENT_TYPES.include?(attachment.instance_read(:content_type))
  36. 

  37.       attachment.instance_write :content_type, calculated_content_type(attachment)
  38.     end
  39.   end
  40. 

  41.   def set_file_extensions
  42.     self.class.attachment_definitions.each_key do |attachment_name|
  43.       attachment = send(attachment_name)
  44. 

  45.       next if attachment.blank?
  46. 

  47.       attachment.instance_write :file_name, [Paperclip::Interpolations.basename(attachment, :original), appropriate_extension(attachment)].delete_if(&:blank?).join('.')
  48.     end
  49.   end
  50. 

  51.   def check_image_dimensions
  52.     self.class.attachment_definitions.each_key do |attachment_name|
  53.       attachment = send(attachment_name)
  54. 

  55.       next if attachment.blank? || !/image.*/.match?(attachment.content_type) || attachment.queued_for_write[:original].blank?
  56. 

  57.       width, height = FastImage.size(attachment.queued_for_write[:original].path)
  58.       matrix_limit  = attachment.content_type == 'image/gif' ? GIF_MATRIX_LIMIT : MAX_MATRIX_LIMIT
  59. 

  60.       raise Mastodon::DimensionsValidationError, "#{width}x#{height} images are not supported" if width.present? && height.present? && (width * height > matrix_limit)
  61.     end
  62.   end
  63. 

  64.   def appropriate_extension(attachment)
  65.     mime_type = MIME::Types[attachment.content_type]
  66. 

  67.     extensions_for_mime_type = mime_type.empty? ? [] : mime_type.first.extensions
  68.     original_extension       = Paperclip::Interpolations.extension(attachment, :original)
  69.     proper_extension         = extensions_for_mime_type.first.to_s
  70.     extension                = extensions_for_mime_type.include?(original_extension) ? original_extension : proper_extension
  71.     extension                = 'jpeg' if extension == 'jpe'
  72. 

  73.     extension
  74.   end
  75. 

  76.   def calculated_content_type(attachment)
  77.     Paperclip.run('file', '-b --mime :file', file: attachment.queued_for_write[:original].path).split(/[:;\s]+/).first.chomp
  78.   rescue Terrapin::CommandLineError
  79.     ''
  80.   end
  81. 

  82.   def obfuscate_file_name
  83.     self.class.attachment_definitions.each_key do |attachment_name|
  84.       attachment = send(attachment_name)
  85. 

  86.       next if attachment.blank? || attachment.queued_for_write[:original].blank? || attachment.options[:preserve_files]
  87. 

  88.       attachment.instance_write :file_name, SecureRandom.hex(8) + File.extname(attachment.instance_read(:file_name))
  89.     end
  90.   end
  91. end