Update whitelist for sytest media fix (#1137)

* Update sytest-whitelist, are-we-synapse-yet.list

* Update gomatrixserverlib

* Update gomatrixserverlib

* Loop avoidance

* Return UTF-8 filenames

* Replace quotes only, instead of using strconv.Quote

* Update sytest-whitelist

* Update sytest-whitelist
This commit is contained in:
Neil Alexander 2020-06-16 18:31:38 +01:00 committed by GitHub
parent e15a8042a1
commit 04c99092a4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 43 additions and 8 deletions

View file

@ -97,8 +97,8 @@ rst PUT power_levels should not explode if the old power levels were empty
rst Both GET and PUT work rst Both GET and PUT work
rct POST /rooms/:room_id/receipt can create receipts rct POST /rooms/:room_id/receipt can create receipts
red POST /rooms/:room_id/read_markers can create read marker red POST /rooms/:room_id/read_markers can create read marker
med POST /media/v1/upload can create an upload med POST /media/r0/upload can create an upload
med GET /media/v1/download can fetch the value again med GET /media/r0/download can fetch the value again
cap GET /capabilities is present and well formed for registered user cap GET /capabilities is present and well formed for registered user
cap GET /r0/capabilities is not public cap GET /r0/capabilities is not public
reg Register with a recaptcha reg Register with a recaptcha

2
go.mod
View file

@ -20,7 +20,7 @@ require (
github.com/matrix-org/go-http-js-libp2p v0.0.0-20200518170932-783164aeeda4 github.com/matrix-org/go-http-js-libp2p v0.0.0-20200518170932-783164aeeda4
github.com/matrix-org/go-sqlite3-js v0.0.0-20200522092705-bc8506ccbcf3 github.com/matrix-org/go-sqlite3-js v0.0.0-20200522092705-bc8506ccbcf3
github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26 github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26
github.com/matrix-org/gomatrixserverlib v0.0.0-20200615161710-f69539c86ea5 github.com/matrix-org/gomatrixserverlib v0.0.0-20200616150727-7ac22b6f8e65
github.com/matrix-org/naffka v0.0.0-20200422140631-181f1ee7401f github.com/matrix-org/naffka v0.0.0-20200422140631-181f1ee7401f
github.com/matrix-org/util v0.0.0-20190711121626-527ce5ddefc7 github.com/matrix-org/util v0.0.0-20190711121626-527ce5ddefc7
github.com/mattn/go-sqlite3 v2.0.2+incompatible github.com/mattn/go-sqlite3 v2.0.2+incompatible

4
go.sum
View file

@ -371,8 +371,8 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20200522092705-bc8506ccbcf3 h1:Yb+Wlf
github.com/matrix-org/go-sqlite3-js v0.0.0-20200522092705-bc8506ccbcf3/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo= github.com/matrix-org/go-sqlite3-js v0.0.0-20200522092705-bc8506ccbcf3/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26 h1:Hr3zjRsq2bhrnp3Ky1qgx/fzCtCALOoGYylh2tpS9K4= github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26 h1:Hr3zjRsq2bhrnp3Ky1qgx/fzCtCALOoGYylh2tpS9K4=
github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26/go.mod h1:3fxX6gUjWyI/2Bt7J1OLhpCzOfO/bB3AiX0cJtEKud0= github.com/matrix-org/gomatrix v0.0.0-20190528120928-7df988a63f26/go.mod h1:3fxX6gUjWyI/2Bt7J1OLhpCzOfO/bB3AiX0cJtEKud0=
github.com/matrix-org/gomatrixserverlib v0.0.0-20200615161710-f69539c86ea5 h1:VN7DoSFVkQF9Bv+TWuBWHLgAz9Nw9UiahFfe2oE6uiQ= github.com/matrix-org/gomatrixserverlib v0.0.0-20200616150727-7ac22b6f8e65 h1:2CcCcBnWdDPDOqFKiGOM+mi/KDDZXSTKmvFy/0/+ZJI=
github.com/matrix-org/gomatrixserverlib v0.0.0-20200615161710-f69539c86ea5/go.mod h1:JsAzE1Ll3+gDWS9JSUHPJiiyAksvOOnGWF2nXdg4ZzU= github.com/matrix-org/gomatrixserverlib v0.0.0-20200616150727-7ac22b6f8e65/go.mod h1:JsAzE1Ll3+gDWS9JSUHPJiiyAksvOOnGWF2nXdg4ZzU=
github.com/matrix-org/naffka v0.0.0-20200422140631-181f1ee7401f h1:pRz4VTiRCO4zPlEMc3ESdUOcW4PXHH4Kj+YDz1XyE+Y= github.com/matrix-org/naffka v0.0.0-20200422140631-181f1ee7401f h1:pRz4VTiRCO4zPlEMc3ESdUOcW4PXHH4Kj+YDz1XyE+Y=
github.com/matrix-org/naffka v0.0.0-20200422140631-181f1ee7401f/go.mod h1:y0oDTjZDv5SM9a2rp3bl+CU+bvTRINQsdb7YlDql5Go= github.com/matrix-org/naffka v0.0.0-20200422140631-181f1ee7401f/go.mod h1:y0oDTjZDv5SM9a2rp3bl+CU+bvTRINQsdb7YlDql5Go=
github.com/matrix-org/util v0.0.0-20190711121626-527ce5ddefc7 h1:ntrLa/8xVzeSs8vHFHK25k0C+NV74sYMJnNSg5NoSRo= github.com/matrix-org/util v0.0.0-20190711121626-527ce5ddefc7 h1:ntrLa/8xVzeSs8vHFHK25k0C+NV74sYMJnNSg5NoSRo=

View file

@ -21,6 +21,7 @@ import (
"io" "io"
"mime" "mime"
"net/http" "net/http"
"net/url"
"os" "os"
"path/filepath" "path/filepath"
"regexp" "regexp"
@ -302,7 +303,14 @@ func (r *downloadRequest) respondFromLocalFile(
responseMetadata = r.MediaMetadata responseMetadata = r.MediaMetadata
if len(responseMetadata.UploadName) > 0 { if len(responseMetadata.UploadName) > 0 {
w.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename*=utf-8"%s"`, responseMetadata.UploadName)) uploadName, err := url.PathUnescape(string(responseMetadata.UploadName))
if err != nil {
return nil, fmt.Errorf("url.PathUnescape: %w", err)
}
w.Header().Set("Content-Disposition", fmt.Sprintf(
`inline; filename=utf-8"%s"`,
strings.ReplaceAll(uploadName, `"`, `\"`), // escape quote marks only, as per RFC6266
))
} }
} }

View file

@ -16,6 +16,7 @@ package routing
import ( import (
"net/http" "net/http"
"strings"
userapi "github.com/matrix-org/dendrite/userapi/api" userapi "github.com/matrix-org/dendrite/userapi/api"
@ -94,11 +95,24 @@ func makeDownloadAPI(
util.SetCORSHeaders(w) util.SetCORSHeaders(w)
// Content-Type will be overridden in case of returning file data, else we respond with JSON-formatted errors // Content-Type will be overridden in case of returning file data, else we respond with JSON-formatted errors
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
vars, _ := httputil.URLDecodeMapValues(mux.Vars(req)) vars, _ := httputil.URLDecodeMapValues(mux.Vars(req))
serverName := gomatrixserverlib.ServerName(vars["serverName"])
// For the purposes of loop avoidance, we will return a 404 if allow_remote is set to
// false in the query string and the target server name isn't our own.
// https://github.com/matrix-org/matrix-doc/pull/1265
if allowRemote := req.URL.Query().Get("allow_remote"); strings.ToLower(allowRemote) == "false" {
if serverName != cfg.Matrix.ServerName {
w.WriteHeader(http.StatusNotFound)
return
}
}
Download( Download(
w, w,
req, req,
gomatrixserverlib.ServerName(vars["serverName"]), serverName,
types.MediaID(vars["mediaId"]), types.MediaID(vars["mediaId"]),
cfg, cfg,
db, db,

View file

@ -128,7 +128,7 @@ Outbound federation can send events
# test for now. # test for now.
#Backfill checks the events requested belong to the room #Backfill checks the events requested belong to the room
Can upload without a file name Can upload without a file name
Can download without a file name locally #Can download without a file name locally
Can upload with ASCII file name Can upload with ASCII file name
Can send image in room message Can send image in room message
AS cannot create users outside its own namespace AS cannot create users outside its own namespace
@ -314,3 +314,16 @@ Invalid JSON special values
Invalid JSON floats Invalid JSON floats
Outbound federation will ignore a missing event with bad JSON for room version 6 Outbound federation will ignore a missing event with bad JSON for room version 6
Can download without a file name over federation Can download without a file name over federation
POST /media/r0/upload can create an upload
GET /media/r0/download can fetch the value again
Remote users can join room by alias
Alias creators can delete alias with no ops
Alias creators can delete canonical alias with no ops
Room members can override their displayname on a room-specific basis
displayname updates affect room member events
avatar_url updates affect room member events
Real non-joined users can get individual state for world_readable rooms after leaving
Can upload with Unicode file name
POSTed media can be thumbnailed
Remote media can be thumbnailed
Can download with Unicode file name locally