Merge pull request #242 from TazeTSchnitzel/media_uri_obfuscation

Rename media to avoid exposing filename (fixes #207)
master
Eugen 8 years ago committed by GitHub
commit 7baca3fe4d
  1. 3
      app/controllers/api/v1/media_controller.rb
  2. 4
      app/controllers/settings/profiles_controller.rb
  3. 16
      app/models/concerns/obfuscate_filename.rb

@ -4,6 +4,9 @@ class Api::V1::MediaController < ApiController
before_action -> { doorkeeper_authorize! :write } before_action -> { doorkeeper_authorize! :write }
before_action :require_user! before_action :require_user!
include ObfuscateFilename
obfuscate_filename :file
respond_to :json respond_to :json
def create def create

@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
before_action :authenticate_user! before_action :authenticate_user!
before_action :set_account before_action :set_account
include ObfuscateFilename
obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header]
def show def show
end end

@ -0,0 +1,16 @@
module ObfuscateFilename
extend ActiveSupport::Concern
class_methods do
def obfuscate_filename(*args)
before_action { obfuscate_filename(*args) }
end
end
def obfuscate_filename(path)
file = params.dig(*path)
return if file.nil?
file.original_filename = "media" + File.extname(file.original_filename)
end
end
Loading…
Cancel
Save