Commit 70410d16 authored by Benjamin Neff's avatar Benjamin Neff

Ignore invalid diaspora:// links

Fixes #7651

closes #7652
parent 2ce7d59c
......@@ -3,6 +3,7 @@
## Refactor
## Bug fixes
* Ignore invalid `diaspora://` links [#7652](https://github.com/diaspora/diaspora/pull/7652)
## Features
......
......@@ -15,11 +15,19 @@ class Reference < ApplicationRecord
def create_references
text&.scan(DiasporaFederation::Federation::DiasporaUrlParser::DIASPORA_URL_REGEX)&.each do |author, type, guid|
class_name = DiasporaFederation::Entity.entity_class(type).to_s.rpartition("::").last
entity = Diaspora::Federation::Mappings.model_class_for(class_name).find_by(guid: guid)
references.find_or_create_by(target: entity) if entity.diaspora_handle == author
add_reference(author, type, guid)
end
end
private
def add_reference(author, type, guid)
class_name = DiasporaFederation::Entity.entity_class(type).to_s.rpartition("::").last
entity = Diaspora::Federation::Mappings.model_class_for(class_name).find_by(guid: guid)
references.find_or_create_by(target: entity) if entity&.diaspora_handle == author
rescue => e # rubocop:disable Lint/RescueWithoutErrorClass
logger.warn "ignoring invalid diaspora-url: diaspora://#{author}/#{type}/#{guid}: #{e.class}: #{e.message}"
end
end
module Target
......
......@@ -98,7 +98,8 @@ module Diaspora
def diaspora_links
@message = @message.gsub(DiasporaFederation::Federation::DiasporaUrlParser::DIASPORA_URL_REGEX) {|match_str|
Regexp.last_match(2) == "post" ? AppConfig.url_to("/posts/#{Regexp.last_match(3)}") : match_str
guid = Regexp.last_match(3)
Regexp.last_match(2) == "post" && Post.exists?(guid: guid) ? AppConfig.url_to("/posts/#{guid}") : match_str
}
end
end
......
......@@ -108,6 +108,17 @@ describe Diaspora::MessageRenderer do
text = "You can create diaspora://author/type/guid links!"
expect(message(text).html).to match(/#{text}/)
end
it "ignores a diaspora:// links with a unknown guid" do
text = "Try this: `diaspora://unknown@localhost:3000/post/thislookslikeavalidguid123456789`"
expect(message(text).html).to match(/#{text}/)
end
it "ignores a diaspora:// links with an invalid entity type" do
target = FactoryGirl.create(:status_message)
text = "Try this: `diaspora://#{target.diaspora_handle}/posts/#{target.guid}`"
expect(message(text).html).to match(/#{text}/)
end
end
end
......
......@@ -28,6 +28,26 @@ shared_examples_for "a reference source" do
expect(post.references.map(&:target).map(&:guid)).to match_array([target1, target2].map(&:guid))
end
it "ignores a reference with a unknown guid" do
text = "Try this: `diaspora://unknown@localhost:3000/post/thislookslikeavalidguid123456789`"
post = FactoryGirl.build(described_class.to_s.underscore.to_sym, text: text)
post.save
expect(post.references).to be_empty
end
it "ignores a reference with an invalid entity type" do
target = FactoryGirl.create(:status_message)
text = "Try this: `diaspora://#{target.diaspora_handle}/posts/#{target.guid}`"
post = FactoryGirl.build(described_class.to_s.underscore.to_sym, text: text)
post.save
expect(post.references).to be_empty
end
it "only creates one reference, even when it is referenced twice" do
target = FactoryGirl.create(:status_message)
text = "Have a look at [this post](diaspora://#{target.diaspora_handle}/post/#{target.guid}) and " \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment