forked from treehouse/mastodon
Merge pull request #242 from TazeTSchnitzel/media_uri_obfuscation
Rename media to avoid exposing filename (fixes #207)signup-info-prompt
commit
7baca3fe4d
|
@ -4,6 +4,9 @@ class Api::V1::MediaController < ApiController
|
||||||
before_action -> { doorkeeper_authorize! :write }
|
before_action -> { doorkeeper_authorize! :write }
|
||||||
before_action :require_user!
|
before_action :require_user!
|
||||||
|
|
||||||
|
include ObfuscateFilename
|
||||||
|
obfuscate_filename :file
|
||||||
|
|
||||||
respond_to :json
|
respond_to :json
|
||||||
|
|
||||||
def create
|
def create
|
||||||
|
|
|
@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
|
||||||
before_action :authenticate_user!
|
before_action :authenticate_user!
|
||||||
before_action :set_account
|
before_action :set_account
|
||||||
|
|
||||||
|
include ObfuscateFilename
|
||||||
|
obfuscate_filename [:account, :avatar]
|
||||||
|
obfuscate_filename [:account, :header]
|
||||||
|
|
||||||
def show
|
def show
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
module ObfuscateFilename
|
||||||
|
extend ActiveSupport::Concern
|
||||||
|
|
||||||
|
class_methods do
|
||||||
|
def obfuscate_filename(*args)
|
||||||
|
before_action { obfuscate_filename(*args) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def obfuscate_filename(path)
|
||||||
|
file = params.dig(*path)
|
||||||
|
return if file.nil?
|
||||||
|
|
||||||
|
file.original_filename = "media" + File.extname(file.original_filename)
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue