Do not run FetchLinkCardService on local URLs, increase file size limit to 8MB,

fix ProcessFeedService pushing status into distribution if called a second time
while the first is still running (i.e. when a PuSH comes after a Salmon slap),
fix not running escape on spoiler text before emojify

5 files changed, 21 insertions, 13 deletions

diff --git a/app/assets/javascripts/components/components/status_content.jsx b/app/assets/javascripts/components/components/status_content.jsx
index d6d7a5721..44346fabc 100644
--- a/app/assets/javascripts/components/components/status_content.jsx
+++ b/app/assets/javascripts/components/components/status_content.jsx
@@ -1,5 +1,6 @@
 import ImmutablePropTypes from 'react-immutable-proptypes';
 import PureRenderMixin from 'react-addons-pure-render-mixin';
+import escapeTextContentForBrowser from 'react/lib/escapeTextContentForBrowser';
 import emojify from '../emoji';
 import { FormattedMessage } from 'react-intl';
 
@@ -96,7 +97,7 @@ const StatusContent = React.createClass({
     const { hidden } = this.state;
 
     const content = { __html: emojify(status.get('content')) };
-    const spoilerContent = { __html: emojify(status.get('spoiler_text', '')) };
+    const spoilerContent = { __html: emojify(escapeTextContentForBrowser(status.get('spoiler_text', ''))) };
 
     if (status.get('spoiler_text').length > 0) {
       const toggleText = hidden ? <FormattedMessage id='status.show_more' defaultMessage='Show more' /> : <FormattedMessage id='status.show_less' defaultMessage='Show less' />;
diff --git a/app/lib/tag_manager.rb b/app/lib/tag_manager.rb
index 4af433200..2508eea97 100644
--- a/app/lib/tag_manager.rb
+++ b/app/lib/tag_manager.rb
@@ -56,6 +56,12 @@ class TagManager
     domain.nil? || domain.gsub(/[\/]/, '').casecmp(Rails.configuration.x.local_domain).zero?
   end
 
+  def local_url?(url)
+    uri    = Addressable::URI.parse(url)
+    domain = uri.host + (uri.port ? ":#{uri.port}" : '')
+    TagManager.instance.local_domain?(domain)
+  end
+
   def uri_for(target)
     return target.uri if target.respond_to?(:local?) && !target.local?
 
diff --git a/app/models/media_attachment.rb b/app/models/media_attachment.rb
index ecbed03e3..6925f9b0d 100644
--- a/app/models/media_attachment.rb
+++ b/app/models/media_attachment.rb
@@ -12,7 +12,7 @@ class MediaAttachment < ApplicationRecord
                     processors: -> (f) { f.video? ? [:transcoder] : [:thumbnail] },
                     convert_options: { all: '-quality 90 -strip' }
   validates_attachment_content_type :file, content_type: IMAGE_MIME_TYPES + VIDEO_MIME_TYPES
-  validates_attachment_size :file, less_than: 4.megabytes
+  validates_attachment_size :file, less_than: 8.megabytes
 
   validates :account, presence: true
 
diff --git a/app/services/fetch_link_card_service.rb b/app/services/fetch_link_card_service.rb
index 005e5acea..1b94dfe0c 100644
--- a/app/services/fetch_link_card_service.rb
+++ b/app/services/fetch_link_card_service.rb
@@ -2,8 +2,8 @@
 
 class FetchLinkCardService < BaseService
   def call(status)
-    # Get first URL
-    url = URI.extract(status.text).reject { |uri| (uri =~ /\Ahttps?:\/\//).nil? }.first
+    # Get first http/https URL that isn't local
+    url = URI.extract(status.text).reject { |uri| (uri =~ /\Ahttps?:\/\//).nil? || TagManager.instance.local_url?(uri) }.first
 
     return if url.nil?
 
diff --git a/app/services/process_feed_service.rb b/app/services/process_feed_service.rb
index 626534176..46656de3d 100644
--- a/app/services/process_feed_service.rb
+++ b/app/services/process_feed_service.rb
@@ -42,13 +42,14 @@ class ProcessFeedService < BaseService
 
     def create_status
       Rails.logger.debug "Creating remote status #{id}"
-      status = status_from_xml(@xml)
+      status, just_created = status_from_xml(@xml)
 
       return if status.nil?
+      return status unless just_created
 
       if verb == :share
-        original_status = status_from_xml(@xml.at_xpath('.//activity:object', activity: TagManager::AS_XMLNS))
-        status.reblog   = original_status
+        original_status, = status_from_xml(@xml.at_xpath('.//activity:object', activity: TagManager::AS_XMLNS))
+        status.reblog    = original_status
 
         if original_status.nil?
           status.destroy
@@ -61,7 +62,6 @@ class ProcessFeedService < BaseService
       status.save!
 
       NotifyService.new.call(status.reblog.account, status) if status.reblog? && status.reblog.account.local?
-      # LinkCrawlWorker.perform_async(status.reblog? ? status.reblog_of_id : status.id)
       Rails.logger.debug "Queuing remote status #{status.id} (#{id}) for distribution"
       DistributionWorker.perform_async(status.id)
       status
@@ -81,22 +81,23 @@ class ProcessFeedService < BaseService
     def status_from_xml(entry)
       # Return early if status already exists in db
       status = find_status(id(entry))
-      return status unless status.nil?
+
+      return [status, false] unless status.nil?
 
       # If status embeds an author, find that author
       # If that author cannot be found, don't record the status (do not misattribute)
       if account?(entry)
         begin
           account = find_or_resolve_account(acct(entry))
-          return nil if account.nil?
+          return [nil, false] if account.nil?
         rescue Goldfinger::Error
-          return nil
+          return [nil, false]
         end
       else
         account = @account
       end
 
-      return if account.suspended?
+      return [nil, false] if account.suspended?
 
       status = Status.create!(
         uri: id(entry),
@@ -116,7 +117,7 @@ class ProcessFeedService < BaseService
       hashtags_from_xml(status, entry)
       media_from_xml(status, entry)
 
-      status
+      [status, true]
     end
 
     def find_or_resolve_account(acct)