post/nas
1
0
Fork 0
forked from gitea/nas
Code Pull requests Activity

Fix emoji_reaction security problem

Browse source
This commit is contained in:
KMY 2023-05-27 13:24:03 +09:00
parent dee69e4f83
commit e9e229c18e
2 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
app/models/emoji_reaction.rb
View file

@ -30,6 +30,7 @@ class EmojiReaction < ApplicationRecord
validate :status_same_emoji_reaction validate :status_same_emoji_reaction
validate :status_emoji_reactions_count validate :status_emoji_reactions_count
validates_with EmojiReactionValidator
after_create :refresh_cache after_create :refresh_cache
after_destroy :refresh_cache after_destroy :refresh_cache

17
app/validators/emoji_reaction_validator.rb Normal file
View file

@ -0,0 +1,17 @@
# frozen_string_literal: true
class EmojiReactionValidator < ActiveModel::Validator
SUPPORTED_EMOJIS = Oj.load_file(Rails.root.join('app', 'javascript', 'mastodon', 'features', 'emoji', 'emoji_map.json').to_s).keys.freeze
def validate(emoji_reaction)
return if emoji_reaction.name.blank?
emoji_reaction.errors.add(:name, I18n.t('reactions.errors.unrecognized_emoji')) if emoji_reaction.custom_emoji_id.blank? && !unicode_emoji?(emoji_reaction.name)
end
private
def unicode_emoji?(name)
SUPPORTED_EMOJIS.include?(name)
end
end