Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-11-13 16:40:56 -05:00
Code Issues Projects Releases Packages Wiki Activity

Configurable limits on avatars (#11846)

Browse source 
Only allow files which file size and content types match configured
limits to be set as avatar.

Most of the inspiration from the non-test code comes from matrix-org/synapse-dinsic#19
This commit is contained in:
Brendan Abolivier 2022-01-28 14:41:33 +00:00 committed by GitHub
parent 6d482ba259
commit bf60da1a60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 363 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
synapse/handlers/room_member.py
View file

@ -590,6 +590,12 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
errcode=Codes.BAD_JSON,
)
if "avatar_url" in content:
if not await self.profile_handler.check_avatar_size_and_mime_type(
content["avatar_url"],
):
raise SynapseError(403, "This avatar is not allowed", Codes.FORBIDDEN)
# The event content should *not* include the authorising user as
# it won't be properly signed. Strip it out since it might come
# back from a client updating a display name / avatar.