From: Takeshi Umeda <noel.yoshiba@gmail.com>
Date: Mon, 9 Aug 2021 11:33:19 +0000 (+0900)
Subject: Fix invalid blurhash handling in Create activity (#16583)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=709876bd6c157cd62a1470aad3823f0cd18ca814;p=mastodon.git

Fix invalid blurhash handling in Create activity (#16583)
---

diff --git a/app/lib/activitypub/activity/create.rb b/app/lib/activitypub/activity/create.rb
index 504f10a67..4c13a80a6 100644
--- a/app/lib/activitypub/activity/create.rb
+++ b/app/lib/activitypub/activity/create.rb
@@ -446,10 +446,14 @@ class ActivityPub::Activity::Create < ActivityPub::Activity
   end
 
   def supported_blurhash?(blurhash)
-    components = blurhash.blank? ? nil : Blurhash.components(blurhash)
+    components = blurhash.blank? || !blurhash_valid_chars?(blurhash) ? nil : Blurhash.components(blurhash)
     components.present? && components.none? { |comp| comp > 5 }
   end
 
+  def blurhash_valid_chars?(blurhash)
+    /^[\w#$%*+-.:;=?@\[\]^{|}~]+$/.match?(blurhash)
+  end
+
   def skip_download?
     return @skip_download if defined?(@skip_download)