indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Allow svg avatars if they're proven harmless

merge-requests/30/head
Bob Mottram 2021-09-13 20:34:38 +01:00
parent 932f94f72c
commit 7dd906da58
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
person.py
View File

@ -56,6 +56,7 @@ from utils import acctDir
from utils import getUserPaths from utils import getUserPaths
from utils import getGroupPaths from utils import getGroupPaths
from utils import localActorUrl from utils import localActorUrl
from utils import dangerousSVG
from session import createSession from session import createSession
from session import getJson from session import getJson
from webfinger import webfingerHandle from webfinger import webfingerHandle
@ -1426,14 +1427,22 @@ def getPersonAvatarUrl(baseDir: str, personUrl: str, personCache: {},
imageExtension = getImageExtensions() imageExtension = getImageExtensions()
for ext in imageExtension: for ext in imageExtension:
if ext == 'svg':
continue
if os.path.isfile(avatarImagePath + '.' + ext): if os.path.isfile(avatarImagePath + '.' + ext):
if ext == 'svg':
if not dangerousSVG(avatarImagePath + '.' + ext, False):
return '/avatars/' + actorStr + '.' + ext
else:
return '/avatars/' + actorStr + '.' + ext return '/avatars/' + actorStr + '.' + ext
elif os.path.isfile(avatarImagePath.lower() + '.' + ext): elif os.path.isfile(avatarImagePath.lower() + '.' + ext):
if ext == 'svg':
if not dangerousSVG(avatarImagePath.lower() + '.' + ext,
False):
return '/avatars/' + actorStr.lower() + '.' + ext
else:
return '/avatars/' + actorStr.lower() + '.' + ext return '/avatars/' + actorStr.lower() + '.' + ext
if personJson.get('icon'): if personJson.get('icon'):
if personJson['icon'].get('url'): if personJson['icon'].get('url'):
if '.svg' not in personJson['icon']['url'].lower():
return personJson['icon']['url'] return personJson['icon']['url']
return None return None