Commit Graph

22 Commits (09ab073f0cc5a8963c6d34fb76d3af84e0c0f40e)

Author SHA1 Message Date
Michael Stanclift 195b89d336
Fix .opus file uploads being misidentified by Paperclip (#28580) 1 year ago
Claire 3a24754229
Change GIF max matrix size error to explicitly mention GIF files (#27927) 1 year ago
Claire 94fbac77e7
Fix processing of media files with unusual names (#25788) 2 years ago
Claire dc8f1fbd97
Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
2 years ago
Matt Jankowski d902a707a3
Fix Rails/CompactBlank cop (#24690) 2 years ago
Eugen Rochko 9bda933740
Change media upload limits and remove client-side resizing (#23726) 2 years ago
Claire fc3ae1343d
Switch from unmaintained paperclip to kt-paperclip (#16724)
* Switch from unmaintained paperclip to kt-paperclip

* Drop some compatibility monkey-patches not required by kt-paperclip

* Drop media spoof check monkey-patching

It's broken with kt-paperclip and hopefully it won't be needed anymore

* Fix regression introduced by paperclip 6.1.0

* Do not rely on pathname to call FastImage

* Add test for ogg vorbis file with cover art

* Add audio/vorbis to the accepted content-types

This seems erroneous as this would be the content-type for a vorbis stream
without an ogg container, but that's what the `marcel` gem outputs, so…

* Restore missing for_as_default method

* Refactor Attachmentable concern and delay Paperclip's content-type spoof check

Check for content-type spoofing *after* setting the extension ourselves, this
fixes a regression with kt-paperclip's validations being more strict than
paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown
extensions.

* Please CodeClimate

* Add audio/vorbis to the unreliable set

It doesn't correspond to a file format and thus has no extension associated.
3 years ago
Eugen Rochko 7aaf2b44ec
Fix remote files not using Content-Type header, streaming (#14184) 5 years ago
Eugen Rochko 9660aa4543
Change local media attachments to perform heavy processing asynchronously (#13210)
Fix #9106
5 years ago
Eugen Rochko 3287ec8ca3
Fix file names being obfuscated on update when file didn't change (#12857)
Fix #12849
5 years ago
Eugen Rochko 49b2f7c0a2
Fix base64-encoded file uploads not being possible (#12748)
Fix #3804, Fix #5776
5 years ago
Eugen Rochko ca22a22d7f
Fix performance of GIF re-encoding (#12057)
* Change animated GIF detection to not shell out to ImageMagick

Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

* Change video encoding parameters to limit to 10800 video frames

Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

* Limit GIF image size further

Signed-off-by: Eugen Rochko <eugen@zeonfederated.com>

* Always strip metadata from video files

* Fix code style issues
5 years ago
Arnout Engelen d7bdddbeef Include max image dimensions in error (#11552) 6 years ago
Eugen Rochko 06424786a1
Fix support for MP4 files that are actually M4V files (#11210)
Resolve #11187
6 years ago
Eugen Rochko b927bb3f07
Fix audio-only OGG and WebM files not being processed as such (#11151)
Also, because Chrome sends audio/mp3 instead of audio/mpeg as it's
supposed to, we need to whitelist that mime type as well
6 years ago
Eugen Rochko 8f23726918
Fix converted media being saved with original extension and mime type (#11130) 6 years ago
Renato "Lond" Cerqueira 4045b50bd6 Restore support to ruby 2.3, add ruby 2.3 to circle ci (#7935)
This replace calls of String#match? with rails Regex#match?
This follows the same idea used to keep Rails 5.2 compatible with Ruby
2.2.2 in https://github.com/rails/rails/pull/32973
7 years ago
ThibG 50a2854f92 Fix jpeg files sometimes being returned with a .jpe extension (#7881)
While this isn't exactly *wrong*, files uploaded with a “.jpe” extension will
keep that extension, which will often cause them to be served with an
incorrect mimetype.
7 years ago
Eugen Rochko 50689f0d41
Create special case to prefer "jpeg" over "jpe" file extension (#7841) 7 years ago
Eugen Rochko 7db7d68136
Detect and prevent image bombs, max. processable dimension 4096^2 (#7229) 7 years ago
alpaca-tc ee3e0a93f4 Fixes unknown mime type (#2822) 8 years ago
Yamagishi Kazutoshi 1899cf5f04 Detect extension for preview card (#2679)
* Detect extension for preview card

* next
8 years ago