about summary refs log tree commit diff
diff options
context:
space:
mode:
authormultiple creatures <dev@multiple-creature.party>2019-08-30 20:29:42 -0500
committermultiple creatures <dev@multiple-creature.party>2019-08-30 20:29:42 -0500
commit60c449e1d77c6e11ced796a7e088038d80137de6 (patch)
tree0da0448cf75ceec7d52c94f93ce236742e307727
parent8a9c1b32dac14a8a39f4fb38db82d6487f84e294 (diff)
make sure media attachments are not from a blocked account, CDN, or their subdomains
Diffstat
-rw-r--r--app/controllers/media_proxy_controller.rb6


-rw-r--r--app/models/media_attachment.rb7


-rw-r--r--app/workers/fetch_media_worker.rb1


3 files changed, 9 insertions, 5 deletions
diff --git a/app/controllers/media_proxy_controller.rb b/app/controllers/media_proxy_controller.rb
index d820b257e..c46fc2124 100644
--- a/app/controllers/media_proxy_controller.rb
+++ b/app/controllers/media_proxy_controller.rb
@@ -7,7 +7,7 @@ class MediaProxyController < ApplicationController
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?
         @media_attachment = MediaAttachment.remote.find(params[:id])
-        redownload! if @media_attachment.needs_redownload? && !reject_media?
+        redownload! if !@media_attachment.blocked? && @media_attachment.needs_redownload?
       else
         raise Mastodon::RaceConditionError
       end
@@ -35,8 +35,4 @@ class MediaProxyController < ApplicationController
   def lock_options
     { redis: Redis.current, key: "media_download:#{params[:id]}" }
   end
-
-  def reject_media?
-    DomainBlock.find_by(domain: @media_attachment.account.domain)&.reject_media?
-  end
 end
diff --git a/app/models/media_attachment.rb b/app/models/media_attachment.rb
index 932632b20..f624e0721 100644
--- a/app/models/media_attachment.rb
+++ b/app/models/media_attachment.rb
@@ -161,6 +161,13 @@ class MediaAttachment < ApplicationRecord
     (file.blank? || (Paperclip::Attachment.default_options[:storage] == :filesystem && !File.exist?(file.path))) && remote_url.present?
   end
 
+  def blocked?
+    domains = Set[self.account.domain]
+    domains.add(remote_url.scan(/[\w\-]+\.[\w\-]+(?:\.[\w\-]+)*/).first) if remote_url.present?
+    blocks = DomainBlock.suspend.or(DomainBlock.where(reject_media: true))
+    domains.any? { |domain| blocks.where(domain: domain).or(blocks.where('domain LIKE ?', "%.#{domain}")).exists? }
+  end
+
   def video_or_audio?
     video? || gifv? || audio?
   end
diff --git a/app/workers/fetch_media_worker.rb b/app/workers/fetch_media_worker.rb
index 5dc8cc84b..8b17186a3 100644
--- a/app/workers/fetch_media_worker.rb
+++ b/app/workers/fetch_media_worker.rb
@@ -5,6 +5,7 @@ class FetchMediaWorker
 
   def perform(media_attachment_id, remote_url = nil)
     object = MediaAttachment.find(media_attachment_id.to_i)
+    return if object.blocked?
     if remote_url.nil?
       return if object.remote_url.nil?
     else

 

generated by cgit-pink  (git 2.37.1) at 2024-11-26 20:50:37 +0000