Merge branch 'fix/escape-reserved-chars-in-filenames' into 'develop'

Properly escape reserved URI charachters in upload urls Closes #700 See merge request !905

Merge branch 'fix/escape-reserved-chars-in-filenames' into 'develop'
Properly escape reserved URI charachters in upload urls Closes #700 See merge request !905
96901b65 · Haelwenn · bcd8ef65 · 40ff8f59 · 96901b65 · 96901b65
Commit 96901b65 authored Mar 06, 2019 by Haelwenn
--- a/lib/pleroma/upload.ex
+++ b/lib/pleroma/upload.ex
@@ -85,6 +85,10 @@ def store(upload, opts \\ []) do
    end
  end

+  def char_unescaped?(char) do
+    URI.char_unreserved?(char) or char == ?/
+  end
+
  defp get_opts(opts) do
    {size_limit, activity_type} =
      case Keyword.get(opts, :type) do
@@ -218,9 +222,7 @@ defp tempfile_for_image(data) do
  defp url_from_spec(base_url, {:file, path}) do
    path =
      path
-      |> URI.encode()
-      |> String.replace("?", "%3F")
-      |> String.replace(":", "%3A")
+      |> URI.encode(&char_unescaped?/1)

    [base_url, "media", path]
    |> Path.join()

--- a/test/upload_test.exs
+++ b/test/upload_test.exs
@@ -153,19 +153,20 @@ test "escapes invalid characters in url" do
      assert Path.basename(attachment_url["href"]) == "an%E2%80%A6%20image.jpg"
    end

-    test "replaces : (colon) and ? (question-mark) to %3A and %3F (respectively)" do
+    test "escapes reserved uri characters" do
      File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg")

      file = %Plug.Upload{
        content_type: "image/jpg",
        path: Path.absname("test/fixtures/image_tmp.jpg"),
-        filename: "is:an?image.jpg"
+        filename: ":?#[]@!$&\\'()*+,;=.jpg"
      }

      {:ok, data} = Upload.store(file)
      [attachment_url | _] = data["url"]

-      assert Path.basename(attachment_url["href"]) == "is%3Aan%3Fimage.jpg"
+      assert Path.basename(attachment_url["href"]) ==
+               "%3A%3F%23%5B%5D%40%21%24%26%5C%27%28%29%2A%2B%2C%3B%3D.jpg"
    end
  end
 end