From 15a56e3717d6c32d6c0bea627971b04a460479c3 Mon Sep 17 00:00:00 2001 From: Takeshi Umeda Date: Mon, 9 Aug 2021 20:33:19 +0900 Subject: [PATCH] Fix invalid blurhash handling in Create activity (#16583) --- app/lib/activitypub/activity/create.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb index 504f10a67e..4c13a80a67 100644 --- a/app/lib/activitypub/activity/create.rb +++ b/app/lib/activitypub/activity/create.rb @@ -446,10 +446,14 @@ class ActivityPub::Activity::Create < ActivityPub::Activity end def supported_blurhash?(blurhash) - components = blurhash.blank? ? nil : Blurhash.components(blurhash) + components = blurhash.blank? || !blurhash_valid_chars?(blurhash) ? nil : Blurhash.components(blurhash) components.present? && components.none? { |comp| comp > 5 } end + def blurhash_valid_chars?(blurhash) + /^[\w#$%*+-.:;=?@\[\]^{|}~]+$/.match?(blurhash) + end + def skip_download? return @skip_download if defined?(@skip_download)