Merge pull request #6554 from pixelfed/w4

API: Media uploads creates orphaned files after status creation validation
2 months ago · 3723f796a1
parent d8c9cece15 b329ee9edc
commit 3723f796a1
2 changed files with 13 additions and 13 deletions
--- a/app/Http/Controllers/Api/ApiV1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Controller.php
@ -1974,9 +1974,11 @@ class ApiV1Controller extends Controller
            abort(403, 'Invalid or unsupported mime type.');
        }

+        $hash = \hash_file('sha256', $photo->getRealPath());
+        abort_if(MediaBlocklistService::exists($hash) == true, 451);
+
        $storagePath = MediaPathService::get($user, 2);
        $path = $photo->storePublicly($storagePath);
-        $hash = \hash_file('sha256', $photo);
        $license = null;
        $mime = $photo->getMimeType();

@ -2000,8 +2002,6 @@ class ApiV1Controller extends Controller
            }
        }

-        abort_if(MediaBlocklistService::exists($hash) == true, 451);
-
        $media = new Media;
        $media->status_id = null;
        $media->profile_id = $profile->id;
@ -2201,9 +2201,11 @@ class ApiV1Controller extends Controller
            abort(403, 'Invalid or unsupported mime type.');
        }

+        $hash = \hash_file('sha256', $photo->getRealPath());
+        abort_if(MediaBlocklistService::exists($hash) == true, 451);
+
        $storagePath = MediaPathService::get($user, 2);
        $path = $photo->storePublicly($storagePath);
-        $hash = \hash_file('sha256', $photo);
        $license = null;
        $mime = $photo->getMimeType();

@ -2217,8 +2219,6 @@ class ApiV1Controller extends Controller
            }
        }

-        abort_if(MediaBlocklistService::exists($hash) == true, 451);
-
        if ($request->has('replace_id')) {
            $rpid = $request->input('replace_id');
            $removeMedia = Media::whereNull('status_id')
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
@ -1266,9 +1266,15 @@ class ApiV1Dot1Controller extends Controller
            abort(403, 'Invalid or unsupported mime type.');
        }

+        if ($user->last_active_at == null) {
+            return [];
+        }
+
+        $hash = \hash_file('sha256', $photo->getRealPath());
+        abort_if(MediaBlocklistService::exists($hash) == true, 451);
+
        $storagePath = MediaPathService::get($user, 2);
        $path = $photo->storePublicly($storagePath);
-        $hash = \hash_file('sha256', $photo);
        $license = null;
        $mime = $photo->getMimeType();

@ -1282,17 +1288,11 @@ class ApiV1Dot1Controller extends Controller
            }
        }

-        abort_if(MediaBlocklistService::exists($hash) == true, 451);
-
        $visibility = $profile->is_private ? 'private' : (
            $profile->unlisted == true &&
            $request->input('visibility', 'public') == 'public' ?
            'unlisted' :
            $request->input('visibility', 'public'));
-
-        if ($user->last_active_at == null) {
-            return [];
-        }
        $defaultCaption = '';
        $cleanedStatus = app(SanitizeService::class)->html($request->input('status', ''));
        $content = $request->filled('status') ? strip_tags($cleanedStatus) : $defaultCaption;