Commit Graph

36 Commits

Author SHA1 Message Date
Josh Qou
d939120421
Fix unsafe hotserving behaviour for non-multimedia uploads. (#15680)
* Fix unsafe hotserving behaviour for non-multimedia uploads.

* invert disposition assert

* test_media_storage.py: run lint

* test_base.py: /inline/attachment/s

* Only return attachment for disposition type, update tests

* Update synapse/media/_base.py

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Update changelog.d/15680.bugfix

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* add attribution

* Update changelog.

---------

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
2023-06-15 14:23:27 +01:00
Patrick Cloke
6f18812bb0
Add stubs package for lxml. (#15697)
The stubs have some issues so this has some generous cast
and ignores in it, but it is better than not having stubs.

Note that confusing that Element is a function which creates
_Element instances (and similarly for Comment).
2023-05-31 17:06:57 +00:00
Patrick Cloke
1e89976b26
Rename blacklist/whitelist internally. (#15620)
Avoid renaming configuration settings for now and rename internal code
to use blocklist and allowlist instead.
2023-05-19 12:25:25 +00:00
Patrick Cloke
4ee82c0576
Apply url_preview_url_blacklist to oEmbed and pre-cached images (#15601)
There are two situations which were previously not properly checked:

1. If the requested URL was replaced with an oEmbed URL, then the
   oEmbed URL was not checked against url_preview_url_blacklist.
2. Follow-up URLs (either via autodiscovery of oEmbed or to pre-cache
   images) were not checked against url_preview_url_blacklist.
2023-05-16 16:25:01 -04:00
Travis Ralston
ab4535b608
Add config option to prevent media downloads from listed domains. (#15197)
This stops media (and thumbnails) from being accessed from the
listed domains. It does not delete any already locally cached media,
but will prevent accessing it.

Note that admin APIs are unaffected by this change.
2023-05-09 14:08:51 -04:00
Andrew Morgan
aec639e3e3
Move Spam Checker callbacks to a dedicated file (#15453) 2023-04-18 00:57:40 +00:00
Patrick Cloke
a5fb382a29
Separate HTTP preview code and URL previewer. (#15269)
Separates REST layer code from the actual URL previewing.
2023-03-20 14:32:26 -04:00
Patrick Cloke
4fc8875876
Refactor media modules. (#15146)
* Removes the `v1` directory from `test.rest.media.v1`.
* Moves the non-REST code from `synapse.rest.media.v1` to `synapse.media`.
* Flatten the `v1` directory from `synapse.rest.media`,  but leave compatiblity
  with 3rd party media repositories and spam checkers.
2023-02-27 08:26:05 -05:00
Mark Haines
97c68c508d Move rest APIs back under the rest directory 2015-01-22 16:10:07 +00:00
Matthew Hodgson
7f83613733 make our JPEG thumbnail quality less horrifically ugly 2015-01-08 15:11:22 +00:00
Kegan Dougal
76e1565200 Change error message for missing pillow libs. 2015-01-07 17:11:19 +00:00
Mark Haines
5cf45c4319 Merge branch 'master' into develop 2015-01-06 19:48:53 +00:00
Mark Haines
bc2ec808f4 SYN-32 Use the ANTIALIAS resize method for thumbnailing images 2015-01-06 14:14:17 +00:00
Mark Haines
adb04b1e57 Update copyright notices 2015-01-06 13:21:39 +00:00
Kegan Dougal
78edb47cc5 SYN-208/SYN-228: Add runtime checks on startup to enforce that JPEG/PNG support is included when installing pillow. 2015-01-06 11:43:04 +00:00
Mark Haines
3c8c3bf3b7 SYN-229: Include Content-Length when downloading files 2015-01-06 11:32:36 +00:00
Mark Haines
af61c29527 Return the argument passed to the callback in a deferred callback, otherwise twisted will replace the deferred result with 'None' 2014-12-29 13:54:05 +00:00
Mark Haines
390e48a8b0 SYN-203: Handle requests for thunbnails for images that are small 2014-12-19 12:05:38 +00:00
Mark Haines
3c7857e49b clean up coding style a bit 2014-12-16 15:24:03 +00:00
Kegsay
67c9585656 Update media_repository.py
_ not -
2014-12-15 16:57:53 +00:00
Mark Haines
3610641a62 Update docs in media_repository 2014-12-15 13:56:43 +00:00
Mark Haines
58fa6d3fc6 return an mxc uri rather than a content_token. 2014-12-15 13:54:10 +00:00
Mark Haines
b3e34a5399 Fix typo in media repository doc string 2014-12-11 18:21:08 +00:00
Mark Haines
64bf9f54cc Fix media repository doc string to include server_name 2014-12-11 18:18:58 +00:00
Mark Haines
03d9024cbc Allow only one download for a given image at a time, so that we don't end up downloading the same image twice if two clients request a remote image at the same time 2014-12-11 16:48:11 +00:00
Mark Haines
d80d505b1f Limit the size of images that are thumbnailed serverside. Limit the size of file that a server will download from a remote server 2014-12-11 14:19:32 +00:00
Mark Haines
ead8fc5e38 doc the thumbnail methods 2014-12-11 10:41:43 +00:00
Mark Haines
b5eb9124f7 Make sure we pass a tuple to string '%' formatting 2014-12-11 10:08:09 +00:00
Mark Haines
2d265ef3bd import Image as PIL.Image. 2014-12-10 16:09:18 +00:00
Mark Haines
e5275d856e Get the code actually working 2014-12-10 15:46:18 +00:00
Mark Haines
cc84d3ea78 Thumbnail uploaded and cached images 2014-12-10 15:40:52 +00:00
Mark Haines
0363820122 Add a class for generating thumbnails using PIL 2014-12-05 16:12:37 +00:00
Mark Haines
c01fd5573c Implement download support for media_repository 2014-12-04 14:22:31 +00:00
Mark Haines
2f804a7072 Fix pyflakes and pep8 warnings 2014-12-02 19:55:18 +00:00
Mark Haines
5da65085d1 Get uploads working with new media repo 2014-12-02 19:51:47 +00:00
Mark Haines
279c48c8b4 Write the upload portion of version 1 of the media repository 2014-12-02 17:13:14 +00:00