mirror of https://github.com/tootsuite/mastodon
Merge pull request #242 from TazeTSchnitzel/media_uri_obfuscation
Rename media to avoid exposing filename (fixes #207)pull/261/head
commit
7baca3fe4d
|
@ -4,6 +4,9 @@ class Api::V1::MediaController < ApiController
|
|||
before_action -> { doorkeeper_authorize! :write }
|
||||
before_action :require_user!
|
||||
|
||||
include ObfuscateFilename
|
||||
obfuscate_filename :file
|
||||
|
||||
respond_to :json
|
||||
|
||||
def create
|
||||
|
|
|
@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
|
|||
before_action :authenticate_user!
|
||||
before_action :set_account
|
||||
|
||||
include ObfuscateFilename
|
||||
obfuscate_filename [:account, :avatar]
|
||||
obfuscate_filename [:account, :header]
|
||||
|
||||
def show
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
module ObfuscateFilename
|
||||
extend ActiveSupport::Concern
|
||||
|
||||
class_methods do
|
||||
def obfuscate_filename(*args)
|
||||
before_action { obfuscate_filename(*args) }
|
||||
end
|
||||
end
|
||||
|
||||
def obfuscate_filename(path)
|
||||
file = params.dig(*path)
|
||||
return if file.nil?
|
||||
|
||||
file.original_filename = "media" + File.extname(file.original_filename)
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue