1
0
Commit Graph

22 Commits

Author SHA1 Message Date
Michael Stanclift
195b89d336
Fix .opus file uploads being misidentified by Paperclip () 2024-01-03 19:02:53 +00:00
Claire
3a24754229
Change GIF max matrix size error to explicitly mention GIF files () 2023-11-24 09:31:28 +00:00
Claire
94fbac77e7
Fix processing of media files with unusual names () 2023-07-07 13:35:22 +02:00
Claire
dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2023-07-06 15:05:05 +02:00
Matt Jankowski
d902a707a3
Fix Rails/CompactBlank cop () 2023-04-30 14:07:21 +02:00
Eugen Rochko
9bda933740
Change media upload limits and remove client-side resizing () 2023-03-25 10:00:03 +01:00
Claire
fc3ae1343d
Switch from unmaintained paperclip to kt-paperclip ()
* Switch from unmaintained paperclip to kt-paperclip

* Drop some compatibility monkey-patches not required by kt-paperclip

* Drop media spoof check monkey-patching

It's broken with kt-paperclip and hopefully it won't be needed anymore

* Fix regression introduced by paperclip 6.1.0

* Do not rely on pathname to call FastImage

* Add test for ogg vorbis file with cover art

* Add audio/vorbis to the accepted content-types

This seems erroneous as this would be the content-type for a vorbis stream
without an ogg container, but that's what the `marcel` gem outputs, so…

* Restore missing for_as_default method

* Refactor Attachmentable concern and delay Paperclip's content-type spoof check

Check for content-type spoofing *after* setting the extension ourselves, this
fixes a regression with kt-paperclip's validations being more strict than
paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown
extensions.

* Please CodeClimate

* Add audio/vorbis to the unreliable set

It doesn't correspond to a file format and thus has no extension associated.
2021-09-29 23:52:36 +02:00
Eugen Rochko
7aaf2b44ec
Fix remote files not using Content-Type header, streaming () 2020-06-30 23:58:02 +02:00
Eugen Rochko
9660aa4543
Change local media attachments to perform heavy processing asynchronously ()
Fix 
2020-03-08 23:56:18 +01:00
Eugen Rochko
3287ec8ca3
Fix file names being obfuscated on update when file didn't change ()
Fix 
2020-01-13 12:54:33 +01:00
Eugen Rochko
49b2f7c0a2
Fix base64-encoded file uploads not being possible ()
Fix , Fix 
2020-01-04 01:54:07 +01:00
Eugen Rochko
ca22a22d7f
Fix performance of GIF re-encoding ()
* Change animated GIF detection to not shell out to ImageMagick

Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

* Change video encoding parameters to limit to 10800 video frames

Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

* Limit GIF image size further

Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

* Always strip metadata from video files

* Fix code style issues
2019-10-03 01:09:12 +02:00
Arnout Engelen
d7bdddbeef Include max image dimensions in error () 2019-08-15 20:20:20 +02:00
Eugen Rochko
06424786a1
Fix support for MP4 files that are actually M4V files ()
Resolve 
2019-06-30 16:10:43 +02:00
Eugen Rochko
b927bb3f07
Fix audio-only OGG and WebM files not being processed as such ()
Also, because Chrome sends audio/mp3 instead of audio/mpeg as it's
supposed to, we need to whitelist that mime type as well
2019-06-22 16:54:06 +02:00
Eugen Rochko
8f23726918
Fix converted media being saved with original extension and mime type () 2019-06-20 10:52:36 +02:00
Renato "Lond" Cerqueira
4045b50bd6 Restore support to ruby 2.3, add ruby 2.3 to circle ci ()
This replace calls of String#match? with rails Regex#match?
This follows the same idea used to keep Rails 5.2 compatible with Ruby
2.2.2 in https://github.com/rails/rails/pull/32973
2018-07-03 19:47:09 +02:00
ThibG
50a2854f92 Fix jpeg files sometimes being returned with a .jpe extension ()
While this isn't exactly *wrong*, files uploaded with a “.jpe” extension will
keep that extension, which will often cause them to be served with an
incorrect mimetype.
2018-06-24 13:33:06 +02:00
Eugen Rochko
50689f0d41
Create special case to prefer "jpeg" over "jpe" file extension () 2018-06-18 17:27:05 +02:00
Eugen Rochko
7db7d68136
Detect and prevent image bombs, max. processable dimension 4096^2 () 2018-04-23 09:16:38 +02:00
alpaca-tc
ee3e0a93f4 Fixes unknown mime type () 2017-05-05 21:32:14 +02:00
Yamagishi Kazutoshi
1899cf5f04 Detect extension for preview card ()
* Detect extension for preview card

* next
2017-05-01 16:20:57 +02:00