indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Merge branch 'main' of gitlab.com:bashrc2/epicyon

merge-requests/30/head
Bob Mottram 2022-05-17 13:56:43 +01:00
parent b48458d5e6 ad3ad1b045
commit 8594b44936
3 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
content.py
View File

@ -59,6 +59,25 @@ INVALID_CONTENT_STRINGS = (
) )
def valid_url_lengths(content: str, max_url_length: int) -> bool:
"""Returns true if the given content contains urls which are too long
"""
if '://' not in content:
return True
sections = content.split('://')
ctr = 0
for text in sections:
if ctr == 0:
ctr += 1
continue
if '"' in text:
url = text.split('"')[0]
if '<' not in url and '>' not in url:
if len(url) > max_url_length:
return False
return True
def remove_html_tag(html_str: str, tag: str) -> str: def remove_html_tag(html_str: str, tag: str) -> str:
"""Removes a given tag from a html string """Removes a given tag from a html string
""" """

26
daemon.py
View File

@ -322,6 +322,7 @@ from utils import has_group_type
from manualapprove import manual_deny_follow_request_thread from manualapprove import manual_deny_follow_request_thread
from manualapprove import manual_approve_follow_request_thread from manualapprove import manual_approve_follow_request_thread
from announce import create_announce from announce import create_announce
from content import valid_url_lengths
from content import contains_invalid_local_links from content import contains_invalid_local_links
from content import get_price_from_string from content import get_price_from_string
from content import replace_emoji_from_tags from content import replace_emoji_from_tags
@ -1747,6 +1748,31 @@ class PubServer(BaseHTTPRequestHandler):
self._400() self._400()
self.server.postreq_busy = False self.server.postreq_busy = False
return 3 return 3
# check that the content does not contain impossibly long urls
if message_json['object'].get('content'):
content_str = message_json['object']['content']
if not valid_url_lengths(content_str, 2048):
print('INBOX: content contains urls which are too long ' +
message_json['actor'])
self._400()
self.server.postreq_busy = False
return 3
# check that the summary does not contain links
if message_json['object'].get('summary'):
if len(message_json['object']['summary']) > 1024:
print('INBOX: summary is too long ' +
message_json['actor'] + ' ' +
message_json['object']['summary'])
self._400()
self.server.postreq_busy = False
return 3
if '://' in message_json['object']['summary']:
print('INBOX: summary should not contain links ' +
message_json['actor'] + ' ' +
message_json['object']['summary'])
self._400()
self.server.postreq_busy = False
return 3
# actor should look like a url # actor should look like a url
if debug: if debug:

7
inbox.py
View File

@ -126,6 +126,7 @@ from conversation import update_conversation
from webapp_hashtagswarm import html_hash_tag_swarm from webapp_hashtagswarm import html_hash_tag_swarm
from person import valid_sending_actor from person import valid_sending_actor
from fitnessFunctions import fitness_performance from fitnessFunctions import fitness_performance
from content import valid_url_lengths
def _store_last_post_id(base_dir: str, nickname: str, domain: str, def _store_last_post_id(base_dir: str, nickname: str, domain: str,
@ -2586,6 +2587,12 @@ def _valid_post_content(base_dir: str, nickname: str, domain: str,
http_prefix, domain_full, http_prefix, domain_full,
person_cache): person_cache):
return False return False
# check for urls which are too long
if not valid_url_lengths(content_str, 2048):
print('REJECT: url within content too long')
return False
# check for filtered content # check for filtered content
if is_filtered(base_dir, nickname, domain, content_str): if is_filtered(base_dir, nickname, domain, content_str):
print('REJECT: content filtered') print('REJECT: content filtered')