about summary refs log tree commit diff
diff options
context:
space:
mode:
authorClaire <claire.github-309c@sitedethib.com>2021-04-25 12:02:41 +0200
committerClaire <claire.github-309c@sitedethib.com>2021-04-26 11:22:22 +0200
commita346912030012dc1451249373ff7ef1a61016517 (patch)
tree534d4177a35c0b0b9fe533cecdb91e07fa857cc8
parenta627e59116507eab6be07b3b3a49bfe4ca77385a (diff)
Add environment variables to control custom emoji size limits
Fixes #1524
-rw-r--r--.env.production.sample7
-rw-r--r--app/models/custom_emoji.rb7
2 files changed, 12 insertions, 2 deletions
diff --git a/.env.production.sample b/.env.production.sample
index 12ca64a06..65f3f9d1f 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -269,3 +269,10 @@ MAX_POLL_OPTION_CHARS=100
 # Maximum search results to display
 # Only relevant when elasticsearch is installed
 # MAX_SEARCH_RESULTS=20
+
+# Maximum custom emoji file sizes
+# If undefined or smaller than MAX_EMOJI_SIZE, the value
+# of MAX_EMOJI_SIZE will be used for MAX_REMOTE_EMOJI_SIZE
+# Units are in bytes
+MAX_EMOJI_SIZE=51200
+MAX_REMOTE_EMOJI_SIZE=204800
diff --git a/app/models/custom_emoji.rb b/app/models/custom_emoji.rb
index 7cb03b819..f14357932 100644
--- a/app/models/custom_emoji.rb
+++ b/app/models/custom_emoji.rb
@@ -21,7 +21,8 @@
 #
 
 class CustomEmoji < ApplicationRecord
-  LIMIT = 50.kilobytes
+  LOCAL_LIMIT = (ENV['MAX_EMOJI_SIZE'] || 50.kilobytes).to_i
+  LIMIT       = [LOCAL_LIMIT, (ENV['MAX_REMOTE_EMOJI_SIZE'] || 200.kilobytes).to_i].max
 
   SHORTCODE_RE_FRAGMENT = '[a-zA-Z0-9_]{2,}'
 
@@ -38,7 +39,9 @@ class CustomEmoji < ApplicationRecord
 
   before_validation :downcase_domain
 
-  validates_attachment :image, content_type: { content_type: IMAGE_MIME_TYPES }, presence: true, size: { less_than: LIMIT }
+  validates_attachment :image, content_type: { content_type: IMAGE_MIME_TYPES }, presence: true
+  validates_attachment_size :image, less_than: LIMIT, unless: :local?
+  validates_attachment_size :image, less_than: LOCAL_LIMIT, if: :local?
   validates :shortcode, uniqueness: { scope: :domain }, format: { with: /\A#{SHORTCODE_RE_FRAGMENT}\z/ }, length: { minimum: 2 }
 
   scope :local, -> { where(domain: nil) }