about summary refs log tree commit diff
path: root/app/lib/activitypub
diff options
context:
space:
mode:
authorTakeshi Umeda <noel.yoshiba@gmail.com>2021-08-09 20:33:19 +0900
committerGitHub <noreply@github.com>2021-08-09 13:33:19 +0200
commit709876bd6c157cd62a1470aad3823f0cd18ca814 (patch)
tree5ebba40a106e44f36e665832b6afdbf326290506 /app/lib/activitypub
parent590e1578bf67fc4defa326b01590f5b817b8818e (diff)
Fix invalid blurhash handling in Create activity (#16583)
Diffstat (limited to 'app/lib/activitypub')
-rw-r--r--app/lib/activitypub/activity/create.rb6
1 files changed, 5 insertions, 1 deletions
diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 504f10a67..4c13a80a6 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -446,10 +446,14 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
   end
 
   def supported_blurhash?(blurhash)
-    components = blurhash.blank? ? nil : Blurhash.components(blurhash)
+    components = blurhash.blank? || !blurhash_valid_chars?(blurhash) ? nil : Blurhash.components(blurhash)
     components.present? && components.none? { |comp| comp > 5 }
   end
 
+  def blurhash_valid_chars?(blurhash)
+    /^[\w#$%*+-.:;=?@\[\]^{|}~]+$/.match?(blurhash)
+  end
+
   def skip_download?
     return @skip_download if defined?(@skip_download)