eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

StoreRemoteMedia now checks remote filesize before downloading

Browse Source
This commit is contained in:
Mikael Nordfeldth 2016-06-24 15:56:14 +02:00
parent 1dfac3ad63
commit af23c9f7cd
1 changed files with 17 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php
View File

@ -85,28 +85,33 @@ class StoreRemoteMediaPlugin extends Plugin
} }
try { try {
/*
$http = new HTTPClient(); $http = new HTTPClient();
common_debug(sprintf('Performing HEAD request for remote file id==%u to avoid unnecessarily downloading too large files. URL: %s', $file->getID(), $remoteUrl)); common_debug(sprintf('Performing HEAD request for remote file id==%u to avoid unnecessarily downloading too large files. URL: %s', $file->getID(), $remoteUrl));
$head = $http->head($remoteUrl); $head = $http->head($remoteUrl);
$headers = $head->getHeader();
if (!isset($headers['content-length'])) {
// file size not specified on remote server
common_debug(sprintf('%s: Ignoring remote media because we did not get a content length for file id==%u', __CLASS__, $file->getID()));
return true;
} elseif (intval($headers['content-length']) > common_config('attachments', 'file_quota')) {
// file too big
common_debug(sprintf('%s: Skipping remote media because content length (%u) is larger than file_quota (%u) for file id==%u', __CLASS__, intval($headers['content-length']), common_config('attachments', 'file_quota'), $file->getID()));
return true;
}
$remoteUrl = $head->effectiveUrl; // to avoid going through redirects again $remoteUrl = $head->effectiveUrl; // to avoid going through redirects again
if (!$this->checkBlackList($remoteUrl)) { if (!$this->checkBlackList($remoteUrl)) {
common_log(LOG_WARN, sprintf('%s: Non-blacklisted URL %s redirected to blacklisted URL %s', __CLASS__, $file->getUrl(), $remoteUrl)); common_log(LOG_WARN, sprintf('%s: Non-blacklisted URL %s redirected to blacklisted URL %s', __CLASS__, $file->getUrl(), $remoteUrl));
return true; return true;
} }
$headers = $head->getHeader();
$filesize = isset($headers['content-length']) ? $headers['content-length'] : null;
*/
$filesize = $file->getSize();
if (empty($filesize)) {
// file size not specified on remote server
common_debug(sprintf('%s: Ignoring remote media because we did not get a content length for file id==%u', __CLASS__, $file->getID()));
return true;
} elseif ($filesize > common_config('attachments', 'file_quota')) {
// file too big
common_debug(sprintf('%s: Skipping remote media because content length (%u) is larger than file_quota (%u) for file id==%u', __CLASS__, intval($filesize), common_config('attachments', 'file_quota'), $file->getID()));
return true;
}
$http = new HTTPClient();
// Then we download the file to memory and test whether it's actually an image file // Then we download the file to memory and test whether it's actually an image file
common_debug(sprintf('Downloading remote file id==%u with effective URL: %s', $file->getID(), _ve($remoteUrl))); common_debug(sprintf('Downloading remote file id==%u (should be size %u) with effective URL: %s', $file->getID(), $filesize, _ve($remoteUrl)));
$imgData = $http->get($remoteUrl); $imgData = $http->get($remoteUrl);
} catch (HTTP_Request2_ConnectionException $e) { } catch (HTTP_Request2_ConnectionException $e) {
common_log(LOG_ERR, __CLASS__.': quickGet on URL: '._ve($file->getUrl()).' threw exception: '.$e->getMessage()); common_log(LOG_ERR, __CLASS__.': quickGet on URL: '._ve($file->getUrl()).' threw exception: '.$e->getMessage());