Reject status creation with invalid media_ids parameter (#31681)

This commit is contained in:
Christian Schmidt 2024-09-02 17:30:48 +02:00 committed by GitHub
parent 40f993b3a0
commit 491033c86c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 16 additions and 6 deletions

View file

@ -134,6 +134,9 @@ class PostStatusService < BaseService
@media = @account.media_attachments.where(status_id: nil).where(id: @options[:media_ids].take(Status::MEDIA_ATTACHMENTS_LIMIT).map(&:to_i)) @media = @account.media_attachments.where(status_id: nil).where(id: @options[:media_ids].take(Status::MEDIA_ATTACHMENTS_LIMIT).map(&:to_i))
not_found_ids = @options[:media_ids] - @media.map(&:id)
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.not_found', ids: not_found_ids.join(', ')) if not_found_ids.any?
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if @media.size > 1 && @media.find(&:audio_or_video?) raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if @media.size > 1 && @media.find(&:audio_or_video?)
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.not_ready') if @media.any?(&:not_processed?) raise Mastodon::ValidationError, I18n.t('media_attachments.validations.not_ready') if @media.any?(&:not_processed?)
end end

View file

@ -73,6 +73,9 @@ class UpdateStatusService < BaseService
media_attachments = @status.account.media_attachments.where(status_id: [nil, @status.id]).where(scheduled_status_id: nil).where(id: @options[:media_ids].take(Status::MEDIA_ATTACHMENTS_LIMIT).map(&:to_i)).to_a media_attachments = @status.account.media_attachments.where(status_id: [nil, @status.id]).where(scheduled_status_id: nil).where(id: @options[:media_ids].take(Status::MEDIA_ATTACHMENTS_LIMIT).map(&:to_i)).to_a
not_found_ids = @options[:media_ids] - media_attachments.map(&:id)
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.not_found', ids: not_found_ids.join(', ')) if not_found_ids.any?
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if media_attachments.size > 1 && media_attachments.find(&:audio_or_video?) raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if media_attachments.size > 1 && media_attachments.find(&:audio_or_video?)
raise Mastodon::ValidationError, I18n.t('media_attachments.validations.not_ready') if media_attachments.any?(&:not_processed?) raise Mastodon::ValidationError, I18n.t('media_attachments.validations.not_ready') if media_attachments.any?(&:not_processed?)

View file

@ -1454,6 +1454,7 @@ en:
media_attachments: media_attachments:
validations: validations:
images_and_video: Cannot attach a video to a post that already contains images images_and_video: Cannot attach a video to a post that already contains images
not_found: Media %{ids} not found or already attached to another post
not_ready: Cannot attach files that have not finished processing. Try again in a moment! not_ready: Cannot attach files that have not finished processing. Try again in a moment!
too_many: Cannot attach more than 4 files too_many: Cannot attach more than 4 files
migrations: migrations:

View file

@ -229,13 +229,16 @@ RSpec.describe PostStatusService do
account = Fabricate(:account) account = Fabricate(:account)
media = Fabricate(:media_attachment, account: Fabricate(:account)) media = Fabricate(:media_attachment, account: Fabricate(:account))
subject.call( expect do
account, subject.call(
text: 'test status update', account,
media_ids: [media.id] text: 'test status update',
media_ids: [media.id]
)
end.to raise_error(
Mastodon::ValidationError,
I18n.t('media_attachments.validations.not_found', ids: media.id)
) )
expect(media.reload.status).to be_nil
end end
it 'does not allow attaching more files than configured limit' do it 'does not allow attaching more files than configured limit' do