5 Commits

Author	SHA1	Message	Date
Josh Qou	d939120421	Fix unsafe hotserving behaviour for non-multimedia uploads. (#15680) ... * Fix unsafe hotserving behaviour for non-multimedia uploads. * invert disposition assert * test_media_storage.py: run lint * test_base.py: /inline/attachment/s * Only return attachment for disposition type, update tests * Update synapse/media/_base.py Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * Update changelog.d/15680.bugfix Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> * add attribution * Update changelog. --------- Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>	2023-06-15 14:23:27 +01:00
Patrick Cloke	6f18812bb0	Add stubs package for lxml. (#15697) ... The stubs have some issues so this has some generous cast and ignores in it, but it is better than not having stubs. Note that confusing that Element is a function which creates _Element instances (and similarly for Comment).	2023-05-31 17:06:57 +00:00
Patrick Cloke	4ee82c0576	Apply url_preview_url_blacklist to oEmbed and pre-cached images (#15601) ... There are two situations which were previously not properly checked: 1. If the requested URL was replaced with an oEmbed URL, then the oEmbed URL was not checked against url_preview_url_blacklist. 2. Follow-up URLs (either via autodiscovery of oEmbed or to pre-cache images) were not checked against url_preview_url_blacklist.	2023-05-16 16:25:01 -04:00
Andrew Morgan	aec639e3e3	Move Spam Checker callbacks to a dedicated file (#15453)	2023-04-18 00:57:40 +00:00
Patrick Cloke	4fc8875876	Refactor media modules. (#15146) ... * Removes the `v1` directory from `test.rest.media.v1`. * Moves the non-REST code from `synapse.rest.media.v1` to `synapse.media`. * Flatten the `v1` directory from `synapse.rest.media`, but leave compatiblity with 3rd party media repositories and spam checkers.	2023-02-27 08:26:05 -05:00