mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 15:25:35 +08:00
FIX: Don't blow up when trying to parse invalid or non-ASCII URLs (#9838)
* FIX: Don't blow up when trying to parseinvalid or non-ASCII URLs
Follow-up to 72f139191e
This commit is contained in:
parent
fb15da43da
commit
02f44def56
|
@ -79,7 +79,12 @@ module FileStore
|
|||
def has_been_uploaded?(url)
|
||||
return false if url.blank?
|
||||
|
||||
parsed_url = URI.parse(url)
|
||||
begin
|
||||
parsed_url = URI.parse(URI.encode(url))
|
||||
rescue URI::InvalidURIError
|
||||
return false
|
||||
end
|
||||
|
||||
base_hostname = URI.parse(absolute_base_url).hostname
|
||||
if url[base_hostname]
|
||||
# if the hostnames match it means the upload is in the same
|
||||
|
|
|
@ -304,6 +304,15 @@ describe FileStore::S3Store do
|
|||
|
||||
describe ".has_been_uploaded?" do
|
||||
|
||||
it "doesn't crash for invalid URLs" do
|
||||
expect(store.has_been_uploaded?("https://site.discourse.com/#bad#6")).to eq(false)
|
||||
end
|
||||
|
||||
it "doesn't crash if URL contains non-ascii characters" do
|
||||
expect(store.has_been_uploaded?("//s3-upload-bucket.s3.dualstack.us-east-1.amazonaws.com/漢1337.png")).to eq(true)
|
||||
expect(store.has_been_uploaded?("//s3-upload-bucket.s3.amazonaws.com/漢1337.png")).to eq(false)
|
||||
end
|
||||
|
||||
it "identifies S3 uploads" do
|
||||
expect(store.has_been_uploaded?("//s3-upload-bucket.s3.dualstack.us-east-1.amazonaws.com/1337.png")).to eq(true)
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user