From bd77216d06518ace2ec6213aa0ac0c834e923456 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Thu, 14 Apr 2016 14:39:24 +0100 Subject: [PATCH] comment out 2c838f6459db35ad9812a83184d85a06ca5d940a due to risk of https://en.wikipedia.org/wiki/Billion_laughs attacks - thanks @torhve --- synapse/rest/media/v1/thumbnail_resource.py | 32 ++++++++++----------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/synapse/rest/media/v1/thumbnail_resource.py b/synapse/rest/media/v1/thumbnail_resource.py index 513b44568..40ef22459 100644 --- a/synapse/rest/media/v1/thumbnail_resource.py +++ b/synapse/rest/media/v1/thumbnail_resource.py @@ -72,10 +72,10 @@ class ThumbnailResource(BaseMediaResource): self._respond_404(request) return - if media_info["media_type"] == "image/svg+xml": - file_path = self.filepaths.local_media_filepath(media_id) - yield self._respond_with_file(request, media_info["media_type"], file_path) - return + # if media_info["media_type"] == "image/svg+xml": + # file_path = self.filepaths.local_media_filepath(media_id) + # yield self._respond_with_file(request, media_info["media_type"], file_path) + # return thumbnail_infos = yield self.store.get_local_media_thumbnails(media_id) @@ -108,10 +108,10 @@ class ThumbnailResource(BaseMediaResource): self._respond_404(request) return - if media_info["media_type"] == "image/svg+xml": - file_path = self.filepaths.local_media_filepath(media_id) - yield self._respond_with_file(request, media_info["media_type"], file_path) - return + # if media_info["media_type"] == "image/svg+xml": + # file_path = self.filepaths.local_media_filepath(media_id) + # yield self._respond_with_file(request, media_info["media_type"], file_path) + # return thumbnail_infos = yield self.store.get_local_media_thumbnails(media_id) for info in thumbnail_infos: @@ -148,10 +148,10 @@ class ThumbnailResource(BaseMediaResource): desired_method, desired_type): media_info = yield self._get_remote_media(server_name, media_id) - if media_info["media_type"] == "image/svg+xml": - file_path = self.filepaths.remote_media_filepath(server_name, media_id) - yield self._respond_with_file(request, media_info["media_type"], file_path) - return + # if media_info["media_type"] == "image/svg+xml": + # file_path = self.filepaths.remote_media_filepath(server_name, media_id) + # yield self._respond_with_file(request, media_info["media_type"], file_path) + # return thumbnail_infos = yield self.store.get_remote_media_thumbnails( server_name, media_id, @@ -196,10 +196,10 @@ class ThumbnailResource(BaseMediaResource): # We should proxy the thumbnail from the remote server instead. media_info = yield self._get_remote_media(server_name, media_id) - if media_info["media_type"] == "image/svg+xml": - file_path = self.filepaths.remote_media_filepath(server_name, media_id) - yield self._respond_with_file(request, media_info["media_type"], file_path) - return + # if media_info["media_type"] == "image/svg+xml": + # file_path = self.filepaths.remote_media_filepath(server_name, media_id) + # yield self._respond_with_file(request, media_info["media_type"], file_path) + # return thumbnail_infos = yield self.store.get_remote_media_thumbnails( server_name, media_id,