Add size limit for link preview URLs (#30854)
This commit is contained in:
KMY
parent
e53f6a50d2
commit
0370a72dbd
3 changed files with 30 additions and 11 deletions
23
Gemfile.lock
23
Gemfile.lock
|
|
@ -76,6 +76,8 @@ GEM
|
||||||
marcel (~> 1.0)
|
marcel (~> 1.0)
|
||||||
mini_mime (>= 1.1.0)
|
mini_mime (>= 1.1.0)
|
||||||
activesupport (7.1.3.2)
|
activesupport (7.1.3.2)
|
||||||
|
base64
|
||||||
|
bigdecimal
|
||||||
concurrent-ruby (~> 1.0, >= 1.0.2)
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
||||||
connection_pool (>= 2.2.5)
|
connection_pool (>= 2.2.5)
|
||||||
drb
|
drb
|
||||||
|
|
@ -165,13 +167,13 @@ GEM
|
||||||
charlock_holmes (0.7.8)
|
charlock_holmes (0.7.8)
|
||||||
chewy (7.6.0)
|
chewy (7.6.0)
|
||||||
activesupport (>= 5.2)
|
activesupport (>= 5.2)
|
||||||
elasticsearch (>= 7.12.0, < 7.14.0)
|
elasticsearch (>= 7.14.0, < 8)
|
||||||
elasticsearch-dsl
|
elasticsearch-dsl
|
||||||
chunky_png (1.4.0)
|
chunky_png (1.4.0)
|
||||||
climate_control (1.2.0)
|
climate_control (1.2.0)
|
||||||
cocoon (1.2.15)
|
cocoon (1.2.15)
|
||||||
color_diff (0.1)
|
color_diff (0.1)
|
||||||
concurrent-ruby (1.2.3)
|
concurrent-ruby (1.3.3)
|
||||||
connection_pool (2.4.1)
|
connection_pool (2.4.1)
|
||||||
cose (1.3.0)
|
cose (1.3.0)
|
||||||
cbor (~> 0.5.9)
|
cbor (~> 0.5.9)
|
||||||
|
|
@ -217,14 +219,15 @@ GEM
|
||||||
dotenv (3.1.0)
|
dotenv (3.1.0)
|
||||||
drb (2.2.1)
|
drb (2.2.1)
|
||||||
ed25519 (1.3.0)
|
ed25519 (1.3.0)
|
||||||
elasticsearch (7.13.3)
|
elasticsearch (7.17.11)
|
||||||
elasticsearch-api (= 7.13.3)
|
elasticsearch-api (= 7.17.11)
|
||||||
elasticsearch-transport (= 7.13.3)
|
elasticsearch-transport (= 7.17.11)
|
||||||
elasticsearch-api (7.13.3)
|
elasticsearch-api (7.17.11)
|
||||||
multi_json
|
multi_json
|
||||||
elasticsearch-dsl (0.1.10)
|
elasticsearch-dsl (0.1.10)
|
||||||
elasticsearch-transport (7.13.3)
|
elasticsearch-transport (7.17.11)
|
||||||
faraday (~> 1)
|
base64
|
||||||
|
faraday (>= 1, < 3)
|
||||||
multi_json
|
multi_json
|
||||||
email_spec (2.2.2)
|
email_spec (2.2.2)
|
||||||
htmlentities (~> 4.3.3)
|
htmlentities (~> 4.3.3)
|
||||||
|
|
@ -427,10 +430,10 @@ GEM
|
||||||
mime-types-data (~> 3.2015)
|
mime-types-data (~> 3.2015)
|
||||||
mime-types-data (3.2024.0305)
|
mime-types-data (3.2024.0305)
|
||||||
mini_mime (1.1.5)
|
mini_mime (1.1.5)
|
||||||
minitest (5.22.3)
|
minitest (5.24.1)
|
||||||
msgpack (1.7.2)
|
msgpack (1.7.2)
|
||||||
multi_json (1.15.0)
|
multi_json (1.15.0)
|
||||||
multipart-post (2.4.0)
|
multipart-post (2.4.1)
|
||||||
mutex_m (0.2.0)
|
mutex_m (0.2.0)
|
||||||
net-http (0.4.1)
|
net-http (0.4.1)
|
||||||
uri
|
uri
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,9 @@ class FetchLinkCardService < BaseService
|
||||||
)
|
)
|
||||||
}iox
|
}iox
|
||||||
|
|
||||||
|
# URL size limit to safely store in PosgreSQL's unique indexes
|
||||||
|
BYTESIZE_LIMIT = 2692
|
||||||
|
|
||||||
def call(status)
|
def call(status)
|
||||||
@status = status
|
@status = status
|
||||||
@original_url = parse_urls
|
@original_url = parse_urls
|
||||||
|
|
@ -106,7 +109,7 @@ class FetchLinkCardService < BaseService
|
||||||
|
|
||||||
def bad_url?(uri)
|
def bad_url?(uri)
|
||||||
# Avoid local instance URLs and invalid URLs
|
# Avoid local instance URLs and invalid URLs
|
||||||
uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme) ||
|
uri.host.blank? || TagManager.instance.local_url?(uri.to_s) || !%w(http https).include?(uri.scheme) || uri.to_s.bytesize > BYTESIZE_LIMIT ||
|
||||||
referenced_urls.include?(uri.to_s) || Setting.stop_link_preview_domains&.include?(uri.host)
|
referenced_urls.include?(uri.to_s) || Setting.stop_link_preview_domains&.include?(uri.host)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -186,6 +186,19 @@ RSpec.describe FetchLinkCardService do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'with an URL too long for PostgreSQL unique indexes' do
|
||||||
|
let(:url) { "http://example.com/#{'a' * 2674}" }
|
||||||
|
let(:status) { Fabricate(:status, text: url) }
|
||||||
|
|
||||||
|
it 'does not fetch the URL' do
|
||||||
|
expect(a_request(:get, url)).to_not have_been_made
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not create a preview card' do
|
||||||
|
expect(status.preview_card).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'with a URL of a page with oEmbed support' do
|
context 'with a URL of a page with oEmbed support' do
|
||||||
let(:html) { '<!doctype html><title>Hello world</title><link rel="alternate" type="application/json+oembed" href="http://example.com/oembed?url=http://example.com/html">' }
|
let(:html) { '<!doctype html><title>Hello world</title><link rel="alternate" type="application/json+oembed" href="http://example.com/oembed?url=http://example.com/html">' }
|
||||||
let(:status) { Fabricate(:status, text: 'http://example.com/html') }
|
let(:status) { Fabricate(:status, text: 'http://example.com/html') }
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue