Commit Graph

36 Commits (861752b3aa92e71422a3abbb3af34811d6bd3ba6)

Author SHA1 Message Date
Josh Qou d939120421
Fix unsafe hotserving behaviour for non-multimedia uploads. (#15680)
* Fix unsafe hotserving behaviour for non-multimedia uploads.

* invert disposition assert

* test_media_storage.py: run lint

* test_base.py: /inline/attachment/s

* Only return attachment for disposition type, update tests

* Update synapse/media/_base.py

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Update changelog.d/15680.bugfix

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* add attribution

* Update changelog.

---------

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
2023-06-15 14:23:27 +01:00
Patrick Cloke 6f18812bb0
Add stubs package for lxml. (#15697)
The stubs have some issues so this has some generous cast
and ignores in it, but it is better than not having stubs.

Note that confusing that Element is a function which creates
_Element instances (and similarly for Comment).
2023-05-31 17:06:57 +00:00
Patrick Cloke 1e89976b26
Rename blacklist/whitelist internally. (#15620)
Avoid renaming configuration settings for now and rename internal code
to use blocklist and allowlist instead.
2023-05-19 12:25:25 +00:00
Patrick Cloke 4ee82c0576
Apply url_preview_url_blacklist to oEmbed and pre-cached images (#15601)
There are two situations which were previously not properly checked:

1. If the requested URL was replaced with an oEmbed URL, then the
   oEmbed URL was not checked against url_preview_url_blacklist.
2. Follow-up URLs (either via autodiscovery of oEmbed or to pre-cache
   images) were not checked against url_preview_url_blacklist.
2023-05-16 16:25:01 -04:00
Travis Ralston ab4535b608
Add config option to prevent media downloads from listed domains. (#15197)
This stops media (and thumbnails) from being accessed from the
listed domains. It does not delete any already locally cached media,
but will prevent accessing it.

Note that admin APIs are unaffected by this change.
2023-05-09 14:08:51 -04:00
Andrew Morgan aec639e3e3
Move Spam Checker callbacks to a dedicated file (#15453) 2023-04-18 00:57:40 +00:00
Patrick Cloke a5fb382a29
Separate HTTP preview code and URL previewer. (#15269)
Separates REST layer code from the actual URL previewing.
2023-03-20 14:32:26 -04:00
Patrick Cloke 4fc8875876
Refactor media modules. (#15146)
* Removes the `v1` directory from `test.rest.media.v1`.
* Moves the non-REST code from `synapse.rest.media.v1` to `synapse.media`.
* Flatten the `v1` directory from `synapse.rest.media`,  but leave compatiblity
  with 3rd party media repositories and spam checkers.
2023-02-27 08:26:05 -05:00
Mark Haines 97c68c508d Move rest APIs back under the rest directory 2015-01-22 16:10:07 +00:00
Matthew Hodgson 7f83613733 make our JPEG thumbnail quality less horrifically ugly 2015-01-08 15:11:22 +00:00
Kegan Dougal 76e1565200 Change error message for missing pillow libs. 2015-01-07 17:11:19 +00:00
Mark Haines 5cf45c4319 Merge branch 'master' into develop 2015-01-06 19:48:53 +00:00
Mark Haines bc2ec808f4 SYN-32 Use the ANTIALIAS resize method for thumbnailing images 2015-01-06 14:14:17 +00:00
Mark Haines adb04b1e57 Update copyright notices 2015-01-06 13:21:39 +00:00
Kegan Dougal 78edb47cc5 SYN-208/SYN-228: Add runtime checks on startup to enforce that JPEG/PNG support is included when installing pillow. 2015-01-06 11:43:04 +00:00
Mark Haines 3c8c3bf3b7 SYN-229: Include Content-Length when downloading files 2015-01-06 11:32:36 +00:00
Mark Haines af61c29527 Return the argument passed to the callback in a deferred callback, otherwise twisted will replace the deferred result with 'None' 2014-12-29 13:54:05 +00:00
Mark Haines 390e48a8b0 SYN-203: Handle requests for thunbnails for images that are small 2014-12-19 12:05:38 +00:00
Mark Haines 3c7857e49b clean up coding style a bit 2014-12-16 15:24:03 +00:00
Kegsay 67c9585656 Update media_repository.py
_ not -
2014-12-15 16:57:53 +00:00
Mark Haines 3610641a62 Update docs in media_repository 2014-12-15 13:56:43 +00:00
Mark Haines 58fa6d3fc6 return an mxc uri rather than a content_token. 2014-12-15 13:54:10 +00:00
Mark Haines b3e34a5399 Fix typo in media repository doc string 2014-12-11 18:21:08 +00:00
Mark Haines 64bf9f54cc Fix media repository doc string to include server_name 2014-12-11 18:18:58 +00:00
Mark Haines 03d9024cbc Allow only one download for a given image at a time, so that we don't end up downloading the same image twice if two clients request a remote image at the same time 2014-12-11 16:48:11 +00:00
Mark Haines d80d505b1f Limit the size of images that are thumbnailed serverside. Limit the size of file that a server will download from a remote server 2014-12-11 14:19:32 +00:00
Mark Haines ead8fc5e38 doc the thumbnail methods 2014-12-11 10:41:43 +00:00
Mark Haines b5eb9124f7 Make sure we pass a tuple to string '%' formatting 2014-12-11 10:08:09 +00:00
Mark Haines 2d265ef3bd import Image as PIL.Image. 2014-12-10 16:09:18 +00:00
Mark Haines e5275d856e Get the code actually working 2014-12-10 15:46:18 +00:00
Mark Haines cc84d3ea78 Thumbnail uploaded and cached images 2014-12-10 15:40:52 +00:00
Mark Haines 0363820122 Add a class for generating thumbnails using PIL 2014-12-05 16:12:37 +00:00
Mark Haines c01fd5573c Implement download support for media_repository 2014-12-04 14:22:31 +00:00
Mark Haines 2f804a7072 Fix pyflakes and pep8 warnings 2014-12-02 19:55:18 +00:00
Mark Haines 5da65085d1 Get uploads working with new media repo 2014-12-02 19:51:47 +00:00
Mark Haines 279c48c8b4 Write the upload portion of version 1 of the media repository 2014-12-02 17:13:14 +00:00