eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

[ATTACHMENTS] Restrict thumbnail generation to allowed sizes. Defaults to only configured sizes, but can be extended with the event 'GetAllowedThumbnailSizes'. The intention is to prevent DoS attacks, since handling a thumbnail request is a relatively slow process

Browse Source
This commit is contained in:
Hugo Sales
2021-04-28 21:53:02 +00:00
parent 4f6f1941da
commit aea8639d44
2 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
components/Posting/Posting.php
View File

@@ -145,9 +145,18 @@ END;
*
* This can be used in the future to deduplicate images by visual content
*/
public static function onHashFile(string $filename, ?string &$out_hash)
public function onHashFile(string $filename, ?string &$out_hash)
{
$out_hash = hash_file(Attachment::FILEHASH_ALGO, $filename);
return Event::stop;
}
/**
* Fill the list of allowed sizes for an attachment, to prevent potential DoS'ing by requesting thousands of different thumbnail sizes
*/
public function onGetAllowedThumbnailSizes(?array &$sizes)
{
$sizes[] = ['width' => Common::config('thumbnail', 'width'), 'height' => Common::config('thumbnail', 'height')];
return Event::next;
}
}